diff --git a/docker/Dockerfile b/docker/Dockerfile index c9d49db..16c8c0d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,6 +2,7 @@ FROM alpine LABEL maintainer="Marc Mettke " ENV SYSTEM https://github.com/mettke/ssl-cert-authority.git +ENV TAG v0.3.1 ADD entrypoint.sh /entrypoint.sh ADD healthcheck.sh /healthcheck.sh ADD cron /var/spool/cron/crontabs/root @@ -27,6 +28,7 @@ RUN mkdir -p /var/log/cert/ /run/php/ /sca/ && \ ln -sf /dev/stderr /var/log/php7/error.log RUN apk add git && \ git clone ${SYSTEM} /sca && \ + git -C /sca checkout ${TAG} && \ apk del git && \ chown -R cert-sync:nogroup /sca/config diff --git a/scripts/phpseclib/Crypt/RSA.php b/scripts/phpseclib/Crypt/RSA.php index 0ff064e..b77fd44 100644 --- a/scripts/phpseclib/Crypt/RSA.php +++ b/scripts/phpseclib/Crypt/RSA.php @@ -81,7 +81,7 @@ /** * Include Crypt_Hash */ -if (!class_exists('Crypt_Hash', false)) { +if (!class_exists('Crypt_Hash')) { include_once 'Hash.php'; } @@ -210,6 +210,10 @@ * PKCS#8 formatted private key */ define('CRYPT_RSA_PRIVATE_FORMAT_PKCS8', 8); +/** + * OpenSSH formatted private key + */ +define('CRYPT_RSA_PRIVATE_FORMAT_OPENSSH', 9); /**#@-*/ /**#@+ @@ -493,7 +497,7 @@ class Crypt_RSA */ function __construct() { - if (!class_exists('Math_BigInteger', false)) { + if (!class_exists('Math_BigInteger')) { include_once 'Math/BigInteger.php'; } @@ -849,7 +853,7 @@ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) } else { $private.= crypt_random_string(16 - (strlen($private) & 15)); $source.= pack('Na*', strlen($private), $private); - if (!class_exists('Crypt_AES', false)) { + if (!class_exists('Crypt_AES')) { include_once 'Crypt/AES.php'; } $sequence = 0; @@ -870,7 +874,7 @@ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) $private = base64_encode($private); $key.= 'Private-Lines: ' . ((strlen($private) + 63) >> 6) . "\r\n"; $key.= chunk_split($private, 64); - if (!class_exists('Crypt_Hash', false)) { + if (!class_exists('Crypt_Hash')) { include_once 'Crypt/Hash.php'; } $hash = new Crypt_Hash('sha1'); @@ -878,6 +882,58 @@ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) $key.= 'Private-MAC: ' . bin2hex($hash->hash($source)) . "\r\n"; return $key; + case CRYPT_RSA_PRIVATE_FORMAT_OPENSSH: + if ($num_primes != 2) { + return false; + } + $publicKey = pack('Na*Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($raw['publicExponent']), $raw['publicExponent'], strlen($raw['modulus']), $raw['modulus']); + $privateKey = pack( + 'Na*Na*Na*Na*Na*Na*Na*', + strlen('ssh-rsa'), + 'ssh-rsa', + strlen($raw['modulus']), + $raw['modulus'], + strlen($raw['publicExponent']), + $raw['publicExponent'], + strlen($raw['privateExponent']), + $raw['privateExponent'], + strlen($raw['coefficient']), + $raw['coefficient'], + strlen($raw['prime1']), + $raw['prime1'], + strlen($raw['prime2']), + $raw['prime2'] + ); + $checkint = crypt_random_string(4); + $paddedKey = pack( + 'a*Na*', + $checkint . $checkint . $privateKey, + strlen($this->comment), + $this->comment + ); + $paddingLength = (7 * strlen($paddedKey)) % 8; + for ($i = 1; $i <= $paddingLength; $i++) { + $paddedKey.= chr($i); + } + $key = pack( + 'Na*Na*Na*NNa*Na*', + strlen('none'), + 'none', + strlen('none'), + 'none', + 0, + '', + 1, + strlen($publicKey), + $publicKey, + strlen($paddedKey), + $paddedKey + ); + $key = "openssh-key-v1\0$key"; + + return "-----BEGIN OPENSSH PRIVATE KEY-----\r\n" . + chunk_split(base64_encode($key), 70) . + "-----END OPENSSH PRIVATE KEY-----"; default: // eg. CRYPT_RSA_PRIVATE_FORMAT_PKCS1 $components = array(); foreach ($raw as $name => $value) { @@ -922,7 +978,7 @@ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) $salt = crypt_random_string(8); $iterationCount = 2048; - if (!class_exists('Crypt_DES', false)) { + if (!class_exists('Crypt_DES')) { include_once 'Crypt/DES.php'; } $crypto = new Crypt_DES(); @@ -977,7 +1033,7 @@ function _convertPrivateKey($n, $e, $d, $primes, $exponents, $coefficients) $iv = crypt_random_string(8); $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $des = new Crypt_TripleDES(); @@ -1157,33 +1213,33 @@ function. As is, the definitive authority on this encoding scheme isn't the IET } switch ($matches[1]) { case 'AES-256-CBC': - if (!class_exists('Crypt_AES', false)) { + if (!class_exists('Crypt_AES')) { include_once 'Crypt/AES.php'; } $crypto = new Crypt_AES(); break; case 'AES-128-CBC': - if (!class_exists('Crypt_AES', false)) { + if (!class_exists('Crypt_AES')) { include_once 'Crypt/AES.php'; } $symkey = substr($symkey, 0, 16); $crypto = new Crypt_AES(); break; case 'DES-EDE3-CFB': - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CFB); break; case 'DES-EDE3-CBC': - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $symkey = substr($symkey, 0, 24); $crypto = new Crypt_TripleDES(); break; case 'DES-CBC': - if (!class_exists('Crypt_DES', false)) { + if (!class_exists('Crypt_DES')) { include_once 'Crypt/DES.php'; } $crypto = new Crypt_DES(); @@ -1262,7 +1318,7 @@ function. As is, the definitive authority on this encoding scheme isn't the IET return false; } - if (!class_exists('Crypt_DES', false)) { + if (!class_exists('Crypt_DES')) { include_once 'Crypt/DES.php'; } $crypto = new Crypt_DES(); @@ -1448,7 +1504,7 @@ function. As is, the definitive authority on this encoding scheme isn't the IET switch ($encryption) { case 'aes256-cbc': - if (!class_exists('Crypt_AES', false)) { + if (!class_exists('Crypt_AES')) { include_once 'Crypt/AES.php'; } $symkey = ''; @@ -1497,6 +1553,75 @@ function. As is, the definitive authority on this encoding scheme isn't the IET } $components['coefficients'] = array(2 => new Math_BigInteger($this->_string_shift($private, $length), -256)); + return $components; + case CRYPT_RSA_PRIVATE_FORMAT_OPENSSH: + $components = array(); + $decoded = $this->_extractBER($key); + $magic = $this->_string_shift($decoded, 15); + if ($magic !== "openssh-key-v1\0") { + return false; + } + $options = $this->_string_shift($decoded, 24); + // \0\0\0\4none = ciphername + // \0\0\0\4none = kdfname + // \0\0\0\0 = kdfoptions + // \0\0\0\1 = numkeys + if ($options != "\0\0\0\4none\0\0\0\4none\0\0\0\0\0\0\0\1") { + return false; + } + extract(unpack('Nlength', $this->_string_shift($decoded, 4))); + if (strlen($decoded) < $length) { + return false; + } + $publicKey = $this->_string_shift($decoded, $length); + extract(unpack('Nlength', $this->_string_shift($decoded, 4))); + if (strlen($decoded) < $length) { + return false; + } + $paddedKey = $this->_string_shift($decoded, $length); + + if ($this->_string_shift($publicKey, 11) !== "\0\0\0\7ssh-rsa") { + return false; + } + + $checkint1 = $this->_string_shift($paddedKey, 4); + $checkint2 = $this->_string_shift($paddedKey, 4); + if (strlen($checkint1) != 4 || $checkint1 !== $checkint2) { + return false; + } + + if ($this->_string_shift($paddedKey, 11) !== "\0\0\0\7ssh-rsa") { + return false; + } + + $values = array( + &$components['modulus'], + &$components['publicExponent'], + &$components['privateExponent'], + &$components['coefficients'][2], + &$components['primes'][1], + &$components['primes'][2] + ); + + foreach ($values as &$value) { + extract(unpack('Nlength', $this->_string_shift($paddedKey, 4))); + if (strlen($paddedKey) < $length) { + return false; + } + $value = new Math_BigInteger($this->_string_shift($paddedKey, $length), -256); + } + + extract(unpack('Nlength', $this->_string_shift($paddedKey, 4))); + if (strlen($paddedKey) < $length) { + return false; + } + $components['comment'] = $this->_string_shift($decoded, $length); + + $temp = $components['primes'][1]->subtract($this->one); + $components['exponents'] = array(1 => $components['publicExponent']->modInverse($temp)); + $temp = $components['primes'][2]->subtract($this->one); + $components['exponents'][] = $components['publicExponent']->modInverse($temp); + return $components; } } @@ -1653,7 +1778,8 @@ function loadKey($key, $type = false) CRYPT_RSA_PRIVATE_FORMAT_PKCS1, CRYPT_RSA_PRIVATE_FORMAT_XML, CRYPT_RSA_PRIVATE_FORMAT_PUTTY, - CRYPT_RSA_PUBLIC_FORMAT_OPENSSH + CRYPT_RSA_PUBLIC_FORMAT_OPENSSH, + CRYPT_RSA_PRIVATE_FORMAT_OPENSSH ); foreach ($types as $type) { $components = $this->_parseKey($key, $type); @@ -2301,6 +2427,10 @@ function _blind($x, $r, $i) */ function _equals($x, $y) { + if (function_exists('hash_equals')) { + return hash_equals($x, $y); + } + if (strlen($x) != strlen($y)) { return false; } diff --git a/scripts/phpseclib/File/ASN1.php b/scripts/phpseclib/File/ASN1.php index 04287c4..abab574 100644 --- a/scripts/phpseclib/File/ASN1.php +++ b/scripts/phpseclib/File/ASN1.php @@ -326,9 +326,10 @@ function _decode_ber($encoded, $start = 0, $encoded_pos = 0) $tag = 0; // process septets (since the eighth bit is ignored, it's not an octet) do { - $loop = ord($encoded[0]) >> 7; + $temp = ord($encoded[$encoded_pos++]); + $loop = $temp >> 7; $tag <<= 7; - $tag |= ord($encoded[$encoded_pos++]) & 0x7F; + $tag |= $temp & 0x7F; $start++; } while ($loop); } @@ -515,24 +516,7 @@ function _decode_ber($encoded, $start = 0, $encoded_pos = 0) } break; case FILE_ASN1_TYPE_OBJECT_IDENTIFIER: - $temp = ord($content[$content_pos++]); - $current['content'] = sprintf('%d.%d', floor($temp / 40), $temp % 40); - $valuen = 0; - // process septets - $content_len = strlen($content); - while ($content_pos < $content_len) { - $temp = ord($content[$content_pos++]); - $valuen <<= 7; - $valuen |= $temp & 0x7F; - if (~$temp & 0x80) { - $current['content'].= ".$valuen"; - $valuen = 0; - } - } - // the eighth bit of the last byte should not be 1 - //if ($temp >> 7) { - // return false; - //} + $current['content'] = $this->_decodeOID(substr($content, $content_pos)); break; /* Each character string type shall be encoded as if it had been declared: [UNIVERSAL x] IMPLICIT OCTET STRING @@ -1111,27 +1095,7 @@ function _encode_der($source, $mapping, $idx = null, $special = array()) $value = base64_decode($source); break; case FILE_ASN1_TYPE_OBJECT_IDENTIFIER: - $oid = preg_match('#(?:\d+\.)+#', $source) ? $source : array_search($source, $this->oids); - if ($oid === false) { - user_error('Invalid OID'); - return false; - } - $value = ''; - $parts = explode('.', $oid); - $value = chr(40 * $parts[0] + $parts[1]); - for ($i = 2; $i < count($parts); $i++) { - $temp = ''; - if (!$parts[$i]) { - $temp = "\0"; - } else { - while ($parts[$i]) { - $temp = chr(0x80 | ($parts[$i] & 0x7F)) . $temp; - $parts[$i] >>= 7; - } - $temp[strlen($temp) - 1] = $temp[strlen($temp) - 1] & chr(0x7F); - } - $value.= $temp; - } + $value = $this->_encodeOID($source); break; case FILE_ASN1_TYPE_ANY: $loc = $this->location; @@ -1230,6 +1194,108 @@ function _encodeLength($length) return pack('Ca*', 0x80 | strlen($temp), $temp); } + /** + * BER-decode the OID + * + * Called by _decode_ber() + * + * @access private + * @param string $content + * @return string + */ + function _decodeOID($content) + { + static $eighty; + if (!$eighty) { + $eighty = new Math_BigInteger(80); + } + + $oid = array(); + $pos = 0; + $len = strlen($content); + $n = new Math_BigInteger(); + while ($pos < $len) { + $temp = ord($content[$pos++]); + $n = $n->bitwise_leftShift(7); + $n = $n->bitwise_or(new Math_BigInteger($temp & 0x7F)); + if (~$temp & 0x80) { + $oid[] = $n; + $n = new Math_BigInteger(); + } + } + $part1 = array_shift($oid); + $first = floor(ord($content[0]) / 40); + /* + "This packing of the first two object identifier components recognizes that only three values are allocated from the root + node, and at most 39 subsequent values from nodes reached by X = 0 and X = 1." + + -- https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#page=22 + */ + if ($first <= 2) { // ie. 0 <= ord($content[0]) < 120 (0x78) + array_unshift($oid, ord($content[0]) % 40); + array_unshift($oid, $first); + } else { + array_unshift($oid, $part1->subtract($eighty)); + array_unshift($oid, 2); + } + + return implode('.', $oid); + } + + /** + * DER-encode the OID + * + * Called by _encode_der() + * + * @access private + * @param string $content + * @return string + */ + function _encodeOID($source) + { + static $mask, $zero, $forty; + if (!$mask) { + $mask = new Math_BigInteger(0x7F); + $zero = new Math_BigInteger(); + $forty = new Math_BigInteger(40); + } + + $oid = preg_match('#(?:\d+\.)+#', $source) ? $source : array_search($source, $this->oids); + if ($oid === false) { + user_error('Invalid OID'); + return false; + } + $parts = explode('.', $oid); + $part1 = array_shift($parts); + $part2 = array_shift($parts); + + $first = new Math_BigInteger($part1); + $first = $first->multiply($forty); + $first = $first->add(new Math_BigInteger($part2)); + + array_unshift($parts, $first->toString()); + + $value = ''; + foreach ($parts as $part) { + if (!$part) { + $temp = "\0"; + } else { + $temp = ''; + $part = new Math_BigInteger($part); + while (!$part->equals($zero)) { + $submask = $part->bitwise_and($mask); + $submask->setPrecision(8); + $temp = (chr(0x80) | $submask->toBytes()) . $temp; + $part = $part->bitwise_rightShift(7); + } + $temp[strlen($temp) - 1] = $temp[strlen($temp) - 1] & chr(0x7F); + } + $value.= $temp; + } + + return $value; + } + /** * BER-decode the time (using UNIX time) * diff --git a/scripts/phpseclib/Math/BigInteger.php b/scripts/phpseclib/Math/BigInteger.php index 9082ad5..9d41a5c 100644 --- a/scripts/phpseclib/Math/BigInteger.php +++ b/scripts/phpseclib/Math/BigInteger.php @@ -441,6 +441,9 @@ function __construct($x = 0, $base = 10) // (?<=^|-)0*: find any 0's that are preceded by the start of the string or by a - (ie. octals) // [^-0-9].*: find any non-numeric characters and then any characters that follow that $x = preg_replace('#(?value, $y->value); + $r = gmp_cmp($this->value, $y->value); + if ($r < -1) { + $r = -1; + } + if ($r > 1) { + $r = 1; + } + return $r; case MATH_BIGINTEGER_MODE_BCMATH: return bccomp($this->value, $y->value, 0); } diff --git a/scripts/phpseclib/Net/SFTP.php b/scripts/phpseclib/Net/SFTP.php index 03262aa..a621628 100644 --- a/scripts/phpseclib/Net/SFTP.php +++ b/scripts/phpseclib/Net/SFTP.php @@ -3049,7 +3049,9 @@ function _get_sftp_packet($request_id = null) return $temp; } - $this->curTimeout = false; + // in SSH2.php the timeout is cumulative per function call. eg. exec() will + // timeout after 10s. but for SFTP.php it's cumulative per packet + $this->curTimeout = $this->timeout; $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838 @@ -3070,6 +3072,13 @@ function _get_sftp_packet($request_id = null) $tempLength = $length; $tempLength-= strlen($this->packet_buffer); + + // 256 * 1024 is what SFTP_MAX_MSG_LENGTH is set to in OpenSSH's sftp-common.h + if ($tempLength > 256 * 1024) { + user_error('Invalid SFTP packet size'); + return false; + } + // SFTP packet type and data payload while ($tempLength > 0) { $temp = $this->_get_channel_packet(NET_SFTP_CHANNEL, true); diff --git a/scripts/phpseclib/Net/SSH2.php b/scripts/phpseclib/Net/SSH2.php index 31cfbec..04e2542 100644 --- a/scripts/phpseclib/Net/SSH2.php +++ b/scripts/phpseclib/Net/SSH2.php @@ -142,7 +142,10 @@ */ define('NET_SSH2_READ_REGEX', 2); /** - * Returns when a string matching the regular expression $expect is found + * Returns whenever a data packet is received. + * + * Some data packets may only contain a single character so it may be necessary + * to call read() multiple times when using this option */ define('NET_SSH2_READ_NEXT', 3); /**#@-*/ @@ -956,7 +959,7 @@ function __construct($host, $port = 22, $timeout = 10) { // Include Math_BigInteger // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification. - if (!class_exists('Math_BigInteger', false)) { + if (!class_exists('Math_BigInteger')) { include_once 'Math/BigInteger.php'; } @@ -964,12 +967,12 @@ function __construct($host, $port = 22, $timeout = 10) include_once 'Crypt/Random.php'; } - if (!class_exists('Crypt_Hash', false)) { + if (!class_exists('Crypt_Hash')) { include_once 'Crypt/Hash.php'; } // include Crypt_Base so constants can be defined for setCryptoEngine() - if (!class_exists('Crypt_Base', false)) { + if (!class_exists('Crypt_Base')) { include_once 'Crypt/Base.php'; } @@ -1852,14 +1855,14 @@ function _key_exchange($kexinit_payload_server = false) switch ($encrypt) { case '3des-cbc': - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $this->encrypt = new Crypt_TripleDES(); // $this->encrypt_block_size = 64 / 8 == the default break; case '3des-ctr': - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $this->encrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); @@ -1868,7 +1871,7 @@ function _key_exchange($kexinit_payload_server = false) case 'aes256-cbc': case 'aes192-cbc': case 'aes128-cbc': - if (!class_exists('Crypt_Rijndael', false)) { + if (!class_exists('Crypt_Rijndael')) { include_once 'Crypt/Rijndael.php'; } $this->encrypt = new Crypt_Rijndael(); @@ -1877,21 +1880,21 @@ function _key_exchange($kexinit_payload_server = false) case 'aes256-ctr': case 'aes192-ctr': case 'aes128-ctr': - if (!class_exists('Crypt_Rijndael', false)) { + if (!class_exists('Crypt_Rijndael')) { include_once 'Crypt/Rijndael.php'; } $this->encrypt = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_CTR); $this->encrypt_block_size = 16; // eg. 128 / 8 break; case 'blowfish-cbc': - if (!class_exists('Crypt_Blowfish', false)) { + if (!class_exists('Crypt_Blowfish')) { include_once 'Crypt/Blowfish.php'; } $this->encrypt = new Crypt_Blowfish(); $this->encrypt_block_size = 8; break; case 'blowfish-ctr': - if (!class_exists('Crypt_Blowfish', false)) { + if (!class_exists('Crypt_Blowfish')) { include_once 'Crypt/Blowfish.php'; } $this->encrypt = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR); @@ -1901,7 +1904,7 @@ function _key_exchange($kexinit_payload_server = false) case 'twofish192-cbc': case 'twofish256-cbc': case 'twofish-cbc': - if (!class_exists('Crypt_Twofish', false)) { + if (!class_exists('Crypt_Twofish')) { include_once 'Crypt/Twofish.php'; } $this->encrypt = new Crypt_Twofish(); @@ -1910,7 +1913,7 @@ function _key_exchange($kexinit_payload_server = false) case 'twofish128-ctr': case 'twofish192-ctr': case 'twofish256-ctr': - if (!class_exists('Crypt_Twofish', false)) { + if (!class_exists('Crypt_Twofish')) { include_once 'Crypt/Twofish.php'; } $this->encrypt = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR); @@ -1919,7 +1922,7 @@ function _key_exchange($kexinit_payload_server = false) case 'arcfour': case 'arcfour128': case 'arcfour256': - if (!class_exists('Crypt_RC4', false)) { + if (!class_exists('Crypt_RC4')) { include_once 'Crypt/RC4.php'; } $this->encrypt = new Crypt_RC4(); @@ -1930,13 +1933,13 @@ function _key_exchange($kexinit_payload_server = false) switch ($decrypt) { case '3des-cbc': - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $this->decrypt = new Crypt_TripleDES(); break; case '3des-ctr': - if (!class_exists('Crypt_TripleDES', false)) { + if (!class_exists('Crypt_TripleDES')) { include_once 'Crypt/TripleDES.php'; } $this->decrypt = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); @@ -1944,7 +1947,7 @@ function _key_exchange($kexinit_payload_server = false) case 'aes256-cbc': case 'aes192-cbc': case 'aes128-cbc': - if (!class_exists('Crypt_Rijndael', false)) { + if (!class_exists('Crypt_Rijndael')) { include_once 'Crypt/Rijndael.php'; } $this->decrypt = new Crypt_Rijndael(); @@ -1953,21 +1956,21 @@ function _key_exchange($kexinit_payload_server = false) case 'aes256-ctr': case 'aes192-ctr': case 'aes128-ctr': - if (!class_exists('Crypt_Rijndael', false)) { + if (!class_exists('Crypt_Rijndael')) { include_once 'Crypt/Rijndael.php'; } $this->decrypt = new Crypt_Rijndael(CRYPT_RIJNDAEL_MODE_CTR); $this->decrypt_block_size = 16; break; case 'blowfish-cbc': - if (!class_exists('Crypt_Blowfish', false)) { + if (!class_exists('Crypt_Blowfish')) { include_once 'Crypt/Blowfish.php'; } $this->decrypt = new Crypt_Blowfish(); $this->decrypt_block_size = 8; break; case 'blowfish-ctr': - if (!class_exists('Crypt_Blowfish', false)) { + if (!class_exists('Crypt_Blowfish')) { include_once 'Crypt/Blowfish.php'; } $this->decrypt = new Crypt_Blowfish(CRYPT_BLOWFISH_MODE_CTR); @@ -1977,7 +1980,7 @@ function _key_exchange($kexinit_payload_server = false) case 'twofish192-cbc': case 'twofish256-cbc': case 'twofish-cbc': - if (!class_exists('Crypt_Twofish', false)) { + if (!class_exists('Crypt_Twofish')) { include_once 'Crypt/Twofish.php'; } $this->decrypt = new Crypt_Twofish(); @@ -1986,7 +1989,7 @@ function _key_exchange($kexinit_payload_server = false) case 'twofish128-ctr': case 'twofish192-ctr': case 'twofish256-ctr': - if (!class_exists('Crypt_Twofish', false)) { + if (!class_exists('Crypt_Twofish')) { include_once 'Crypt/Twofish.php'; } $this->decrypt = new Crypt_Twofish(CRYPT_TWOFISH_MODE_CTR); @@ -1995,7 +1998,7 @@ function _key_exchange($kexinit_payload_server = false) case 'arcfour': case 'arcfour128': case 'arcfour256': - if (!class_exists('Crypt_RC4', false)) { + if (!class_exists('Crypt_RC4')) { include_once 'Crypt/RC4.php'; } $this->decrypt = new Crypt_RC4(); @@ -3408,7 +3411,7 @@ function _reconnect() return false; } foreach ($this->auth as $auth) { - $result = call_user_func_array(array(&$this, 'parent::login'), $auth); + $result = call_user_func_array(array(&$this, 'login'), $auth); } return $result; } @@ -3812,6 +3815,7 @@ function _get_channel_packet($client_channel, $skip_extended = false) // on windows this returns a "Warning: Invalid CRT parameters detected" error if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) { $this->is_timeout = true; + $this->_close_channel($client_channel); return true; } $elapsed = strtok(microtime(), ' ') + strtok('') - $start; @@ -4736,7 +4740,7 @@ function getServerPublicHostKey() $temp = unpack('Nlength', $this->_string_shift($signature, 4)); $signature = $this->_string_shift($signature, $temp['length']); - if (!class_exists('Crypt_RSA', false)) { + if (!class_exists('Crypt_RSA')) { include_once 'Crypt/RSA.php'; } diff --git a/scripts/phpseclib/version b/scripts/phpseclib/version index c77d33d..79426c3 100644 --- a/scripts/phpseclib/version +++ b/scripts/phpseclib/version @@ -1 +1 @@ -Version: 1.0.15 +Version: 1.0.16 diff --git a/templates/base.php b/templates/base.php index bdffff5..69b0da8 100644 --- a/templates/base.php +++ b/templates/base.php @@ -52,7 +52,7 @@