Skip to content

Commit

Permalink
Merge pull request #646 from nextcloud/dependabot/composer/stable19/p…
Browse files Browse the repository at this point in the history 
…hpseclib/phpseclib-2.0.31

[Security] Bump phpseclib/phpseclib from 2.0.25 to 2.0.31
  • Loading branch information
@rullzer
rullzer committed Apr 8, 2021
2 parents a251481 + c673314 commit 7d96def
Show file tree
Hide file tree
Showing 15 changed files with 582 additions and 291 deletions.
2 changes: 1 addition & 1 deletion composer.json
View file
Expand Up @@ -30,7 +30,7 @@
"patchwork/utf8": "1.3.1",
"pear/archive_tar": "1.4.12",
"pear/pear-core-minimal": "^v1.10",
"phpseclib/phpseclib": "2.0.25",
"phpseclib/phpseclib": "2.0.31",
"php-opencloud/openstack": "3.0.7",
"pimple/pimple": "3.2.3",
"punic/punic": "^1.6",
Expand Down
29 changes: 21 additions & 8 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 21 additions & 8 deletions composer/installed.json
View file
Expand Up @@ -2932,26 +2932,25 @@
},
{
"name": "phpseclib/phpseclib",
"version": "2.0.25",
"version_normalized": "2.0.25.0",
"version": "2.0.31",
"version_normalized": "2.0.31.0",
"source": {
"type": "git",
"url": "https://github.com/phpseclib/phpseclib.git",
"reference": "c18159618ed7cd7ff721ac1a8fec7860a475d2f0"
"reference": "233a920cb38636a43b18d428f9a8db1f0a1a08f4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/c18159618ed7cd7ff721ac1a8fec7860a475d2f0",
"reference": "c18159618ed7cd7ff721ac1a8fec7860a475d2f0",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/233a920cb38636a43b18d428f9a8db1f0a1a08f4",
"reference": "233a920cb38636a43b18d428f9a8db1f0a1a08f4",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
},
"require-dev": {
"phing/phing": "~2.7",
"phpunit/phpunit": "^4.8.35|^5.7|^6.0",
"sami/sami": "~2.0",
"phpunit/phpunit": "^4.8.35|^5.7|^6.0|^9.4",
"squizlabs/php_codesniffer": "~2.0"
},
"suggest": {
Expand All @@ -2960,7 +2959,7 @@
"ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
"ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
},
"time": "2020-02-25T04:16:50+00:00",
"time": "2021-04-06T13:56:45+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
Expand Down Expand Up @@ -3022,6 +3021,20 @@
"twofish",
"x.509",
"x509"
],
"funding": [
{
"url": "https://github.com/terrafrost",
"type": "github"
},
{
"url": "https://www.patreon.com/phpseclib",
"type": "patreon"
},
{
"url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib",
"type": "tidelift"
}
]
},
{
Expand Down
84 changes: 50 additions & 34 deletions phpseclib/phpseclib/phpseclib/Crypt/Base.php
View file
Expand Up @@ -413,7 +413,7 @@ abstract class Base
* @var mixed
* @access private
*/
var $use_inline_crypt;
var $use_inline_crypt = true;

/**
* If OpenSSL can be used in ECB but not in CTR we can emulate CTR
Expand Down Expand Up @@ -495,11 +495,6 @@ function __construct($mode = self::MODE_CBC)
}

$this->_setEngine();

// Determining whether inline crypting can be used by the cipher
if ($this->use_inline_crypt !== false) {
$this->use_inline_crypt = version_compare(PHP_VERSION, '5.3.0') >= 0 || function_exists('create_function');
}
}

/**
Expand Down Expand Up @@ -784,12 +779,14 @@ function encrypt($plaintext)
}

if ($this->engine === self::ENGINE_MCRYPT) {
set_error_handler(array($this, 'do_nothing'));

if ($this->changed) {
$this->_setupMcrypt();
$this->changed = false;
}
if ($this->enchanged) {
@mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
$this->enchanged = false;
}

Expand Down Expand Up @@ -822,15 +819,15 @@ function encrypt($plaintext)
if ($len >= $block_size) {
if ($this->enbuffer['enmcrypt_init'] === false || $len > $this->cfb_init_len) {
if ($this->enbuffer['enmcrypt_init'] === true) {
@mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
$this->enbuffer['enmcrypt_init'] = false;
}
$ciphertext.= @mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % $block_size));
$ciphertext.= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % $block_size));
$iv = substr($ciphertext, -$block_size);
$len%= $block_size;
} else {
while ($len >= $block_size) {
$iv = @mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, $block_size);
$iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, $block_size);
$ciphertext.= $iv;
$len-= $block_size;
$i+= $block_size;
Expand All @@ -839,22 +836,26 @@ function encrypt($plaintext)
}

if ($len) {
$iv = @mcrypt_generic($this->ecb, $iv);
$iv = mcrypt_generic($this->ecb, $iv);
$block = $iv ^ substr($plaintext, -$len);
$iv = substr_replace($iv, $block, 0, $len);
$ciphertext.= $block;
$pos = $len;
}

restore_error_handler();

return $ciphertext;
}

$ciphertext = @mcrypt_generic($this->enmcrypt, $plaintext);
$ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);

if (!$this->continuousBuffer) {
@mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
}

restore_error_handler();

return $ciphertext;
}

Expand Down Expand Up @@ -1123,13 +1124,14 @@ function decrypt($ciphertext)
}

if ($this->engine === self::ENGINE_MCRYPT) {
set_error_handler(array($this, 'do_nothing'));
$block_size = $this->block_size;
if ($this->changed) {
$this->_setupMcrypt();
$this->changed = false;
}
if ($this->dechanged) {
@mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
$this->dechanged = false;
}

Expand Down Expand Up @@ -1157,26 +1159,30 @@ function decrypt($ciphertext)
}
if ($len >= $block_size) {
$cb = substr($ciphertext, $i, $len - $len % $block_size);
$plaintext.= @mcrypt_generic($this->ecb, $iv . $cb) ^ $cb;
$plaintext.= mcrypt_generic($this->ecb, $iv . $cb) ^ $cb;
$iv = substr($cb, -$block_size);
$len%= $block_size;
}
if ($len) {
$iv = @mcrypt_generic($this->ecb, $iv);
$iv = mcrypt_generic($this->ecb, $iv);
$plaintext.= $iv ^ substr($ciphertext, -$len);
$iv = substr_replace($iv, substr($ciphertext, -$len), 0, $len);
$pos = $len;
}

restore_error_handler();

return $plaintext;
}

$plaintext = @mdecrypt_generic($this->demcrypt, $ciphertext);
$plaintext = mdecrypt_generic($this->demcrypt, $ciphertext);

if (!$this->continuousBuffer) {
@mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
}

restore_error_handler();

return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
}

Expand Down Expand Up @@ -1654,9 +1660,12 @@ function isValidEngine($engine)
}
return false;
case self::ENGINE_MCRYPT:
return $this->cipher_name_mcrypt &&
set_error_handler(array($this, 'do_nothing'));
$result = $this->cipher_name_mcrypt &&
extension_loaded('mcrypt') &&
in_array($this->cipher_name_mcrypt, @mcrypt_list_algorithms());
in_array($this->cipher_name_mcrypt, mcrypt_list_algorithms());
restore_error_handler();
return $result;
case self::ENGINE_INTERNAL:
return true;
}
Expand Down Expand Up @@ -1733,17 +1742,19 @@ function _setEngine()
}

if ($this->engine != self::ENGINE_MCRYPT && $this->enmcrypt) {
set_error_handler(array($this, 'do_nothing'));
// Closing the current mcrypt resource(s). _mcryptSetup() will, if needed,
// (re)open them with the module named in $this->cipher_name_mcrypt
@mcrypt_module_close($this->enmcrypt);
@mcrypt_module_close($this->demcrypt);
mcrypt_module_close($this->enmcrypt);
mcrypt_module_close($this->demcrypt);
$this->enmcrypt = null;
$this->demcrypt = null;

if ($this->ecb) {
@mcrypt_module_close($this->ecb);
mcrypt_module_close($this->ecb);
$this->ecb = null;
}
restore_error_handler();
}

$this->changed = true;
Expand Down Expand Up @@ -1856,19 +1867,19 @@ function _setupMcrypt()
self::MODE_STREAM => MCRYPT_MODE_STREAM,
);

$this->demcrypt = @mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
$this->enmcrypt = @mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
$this->demcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
$this->enmcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');

// we need the $ecb mcrypt resource (only) in MODE_CFB with enableContinuousBuffer()
// to workaround mcrypt's broken ncfb implementation in buffered mode
// see: {@link http://phpseclib.sourceforge.net/cfb-demo.phps}
if ($this->mode == self::MODE_CFB) {
$this->ecb = @mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, '');
$this->ecb = mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, '');
}
} // else should mcrypt_generic_deinit be called?
if ($this->mode == self::MODE_CFB) {
@mcrypt_generic_init($this->ecb, $this->key, str_repeat("\0", $this->block_size));
mcrypt_generic_init($this->ecb, $this->key, str_repeat("\0", $this->block_size));
}
}

Expand Down Expand Up @@ -2602,12 +2613,8 @@ function _createInlineCryptFunction($cipher_code)
}

// Create the $inline function and return its name as string. Ready to run!
if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
eval('$func = function ($_action, &$self, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' } };');
return $func;
}

return create_function('$_action, &$self, $_text', $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' }');
eval('$func = function ($_action, &$self, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' } };');
return $func;
}

/**
Expand Down Expand Up @@ -2636,7 +2643,7 @@ function &_getLambdaFunctions()
*
* @see self::_setupInlineCrypt()
* @access private
* @param $bytes
* @param string $bytes
* @return string
*/
function _hashInlineCryptFunction($bytes)
Expand Down Expand Up @@ -2705,4 +2712,13 @@ function safe_intval_inline()
return $safeint . '((fmod(floor($temp / 0x80000000), 2) & 1) << 31))';
}
}

/**
* Dummy error handler to suppress mcrypt errors
*
* @access private
*/
function do_nothing()
{
}
}
1 change: 0 additions & 1 deletion phpseclib/phpseclib/phpseclib/Crypt/Hash.php
View file
Expand Up @@ -849,7 +849,6 @@ function _not($int)
* _sha256() adds multiple unsigned 32-bit integers. Since PHP doesn't support unsigned integers and since the
* possibility of overflow exists, care has to be taken. BigInteger could be used but this should be faster.
*
* @param int $...
* @return int
* @see self::_sha256()
* @access private
Expand Down

0 comments on commit 7d96def

Please sign in to comment.