diff --git a/composer.lock b/composer.lock
index 9f6f6849c5eb31f7bc2b256c666805b9c2593ced..8e1fa17708740127247facdc73ec45cc24f3023a 100644
--- a/composer.lock
+++ b/composer.lock
@@ -237,16 +237,16 @@
},
{
"name": "phpseclib/phpseclib",
- "version": "2.0.10",
+ "version": "2.0.11",
"source": {
"type": "git",
"url": "https://github.com/phpseclib/phpseclib.git",
- "reference": "d305b780829ea4252ed9400b3f5937c2c99b51d4"
+ "reference": "7053f06f91b3de78e143d430e55a8f7889efc08b"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/d305b780829ea4252ed9400b3f5937c2c99b51d4",
- "reference": "d305b780829ea4252ed9400b3f5937c2c99b51d4",
+ "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/7053f06f91b3de78e143d430e55a8f7889efc08b",
+ "reference": "7053f06f91b3de78e143d430e55a8f7889efc08b",
"shasum": ""
},
"require": {
@@ -325,7 +325,7 @@
"x.509",
"x509"
],
- "time": "2018-02-19T04:29:13+00:00"
+ "time": "2018-04-15T16:55:05+00:00"
},
{
"name": "simplepie/simplepie",
diff --git a/vendor/composer/autoload_files.php b/vendor/composer/autoload_files.php
index 0f99dcf870f1f4510b0b60692dca0443d33fcd8c..55787b617c12cf4273b4fe261cdee98160ee976b 100644
--- a/vendor/composer/autoload_files.php
+++ b/vendor/composer/autoload_files.php
@@ -6,6 +6,6 @@ $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
- 'decc78cc4436b1292c6c0d151b19445c' => $vendorDir . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
'5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
+ 'decc78cc4436b1292c6c0d151b19445c' => $vendorDir . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
);
diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php
index ee9e282754381388861ccf780c46165e7b05e72b..3f7b01e01731d7bfd31a5505dfd5af0181022e78 100644
--- a/vendor/composer/autoload_static.php
+++ b/vendor/composer/autoload_static.php
@@ -7,8 +7,8 @@ namespace Composer\Autoload;
class ComposerStaticInita19a915ee98347a0c787119619d2ff9b
{
public static $files = array (
- 'decc78cc4436b1292c6c0d151b19445c' => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
'5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
+ 'decc78cc4436b1292c6c0d151b19445c' => __DIR__ . '/..' . '/phpseclib/phpseclib/phpseclib/bootstrap.php',
);
public static $prefixLengthsPsr4 = array (
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 9c444bb55e3fe8ec8b61b9b255706433286ec384..eee3a022566e4dfd0bd1316311c70a0da98dfab3 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -241,100 +241,6 @@
"zip"
]
},
- {
- "name": "phpseclib/phpseclib",
- "version": "2.0.10",
- "version_normalized": "2.0.10.0",
- "source": {
- "type": "git",
- "url": "https://github.com/phpseclib/phpseclib.git",
- "reference": "d305b780829ea4252ed9400b3f5937c2c99b51d4"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/d305b780829ea4252ed9400b3f5937c2c99b51d4",
- "reference": "d305b780829ea4252ed9400b3f5937c2c99b51d4",
- "shasum": ""
- },
- "require": {
- "php": ">=5.3.3"
- },
- "require-dev": {
- "phing/phing": "~2.7",
- "phpunit/phpunit": "^4.8.35|^5.7|^6.0",
- "sami/sami": "~2.0",
- "squizlabs/php_codesniffer": "~2.0"
- },
- "suggest": {
- "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.",
- "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.",
- "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
- "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
- },
- "time": "2018-02-19T04:29:13+00:00",
- "type": "library",
- "installation-source": "dist",
- "autoload": {
- "files": [
- "phpseclib/bootstrap.php"
- ],
- "psr-4": {
- "phpseclib\\": "phpseclib/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Jim Wigginton",
- "email": "terrafrost@php.net",
- "role": "Lead Developer"
- },
- {
- "name": "Patrick Monnerat",
- "email": "pm@datasphere.ch",
- "role": "Developer"
- },
- {
- "name": "Andreas Fischer",
- "email": "bantu@phpbb.com",
- "role": "Developer"
- },
- {
- "name": "Hans-Jürgen Petrich",
- "email": "petrich@tronic-media.com",
- "role": "Developer"
- },
- {
- "name": "Graham Campbell",
- "email": "graham@alt-three.com",
- "role": "Developer"
- }
- ],
- "description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.",
- "homepage": "http://phpseclib.sourceforge.net",
- "keywords": [
- "BigInteger",
- "aes",
- "asn.1",
- "asn1",
- "blowfish",
- "crypto",
- "cryptography",
- "encryption",
- "rsa",
- "security",
- "sftp",
- "signature",
- "signing",
- "ssh",
- "twofish",
- "x.509",
- "x509"
- ]
- },
{
"name": "paragonie/random_compat",
"version": "v2.0.12",
@@ -499,5 +405,99 @@
"optparse",
"terminal"
]
+ },
+ {
+ "name": "phpseclib/phpseclib",
+ "version": "2.0.11",
+ "version_normalized": "2.0.11.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/phpseclib/phpseclib.git",
+ "reference": "7053f06f91b3de78e143d430e55a8f7889efc08b"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/7053f06f91b3de78e143d430e55a8f7889efc08b",
+ "reference": "7053f06f91b3de78e143d430e55a8f7889efc08b",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.3.3"
+ },
+ "require-dev": {
+ "phing/phing": "~2.7",
+ "phpunit/phpunit": "^4.8.35|^5.7|^6.0",
+ "sami/sami": "~2.0",
+ "squizlabs/php_codesniffer": "~2.0"
+ },
+ "suggest": {
+ "ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.",
+ "ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.",
+ "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
+ "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
+ },
+ "time": "2018-04-15T16:55:05+00:00",
+ "type": "library",
+ "installation-source": "dist",
+ "autoload": {
+ "files": [
+ "phpseclib/bootstrap.php"
+ ],
+ "psr-4": {
+ "phpseclib\\": "phpseclib/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Jim Wigginton",
+ "email": "terrafrost@php.net",
+ "role": "Lead Developer"
+ },
+ {
+ "name": "Patrick Monnerat",
+ "email": "pm@datasphere.ch",
+ "role": "Developer"
+ },
+ {
+ "name": "Andreas Fischer",
+ "email": "bantu@phpbb.com",
+ "role": "Developer"
+ },
+ {
+ "name": "Hans-Jürgen Petrich",
+ "email": "petrich@tronic-media.com",
+ "role": "Developer"
+ },
+ {
+ "name": "Graham Campbell",
+ "email": "graham@alt-three.com",
+ "role": "Developer"
+ }
+ ],
+ "description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.",
+ "homepage": "http://phpseclib.sourceforge.net",
+ "keywords": [
+ "BigInteger",
+ "aes",
+ "asn.1",
+ "asn1",
+ "blowfish",
+ "crypto",
+ "cryptography",
+ "encryption",
+ "rsa",
+ "security",
+ "sftp",
+ "signature",
+ "signing",
+ "ssh",
+ "twofish",
+ "x.509",
+ "x509"
+ ]
}
]
diff --git a/vendor/phpseclib/phpseclib/README.md b/vendor/phpseclib/phpseclib/README.md
index 94402bee0dc48b41bd6149a5c89a50d52c7b15d3..53f58db1e4bdf62710e89a6b89858f59cc6db3df 100644
--- a/vendor/phpseclib/phpseclib/README.md
+++ b/vendor/phpseclib/phpseclib/README.md
@@ -36,7 +36,7 @@ AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509
* Composer compatible (PSR-0 autoloading)
* Install using Composer: `composer require phpseclib/phpseclib ~1.0`
* Install using PEAR: See [phpseclib PEAR Channel Documentation](http://phpseclib.sourceforge.net/pear.htm)
-* [Download 1.0.10 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.10.zip/download)
+* [Download 1.0.11 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.11.zip/download)
## Support
diff --git a/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php b/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
index 54a8997ed8efd6e8455d7f3edd618ccd22803c8f..7c9032f0d822654de021a816e45db93b5e4f5e1a 100644
--- a/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
+++ b/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
@@ -76,6 +76,10 @@ abstract class Base
* @link http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29
*/
const MODE_CFB = 3;
+ /**
+ * Encrypt / decrypt using the Cipher Feedback mode (8bit)
+ */
+ const MODE_CFB8 = 38;
/**
* Encrypt / decrypt using the Output Feedback mode.
*
@@ -479,6 +483,7 @@ abstract class Base
break;
case self::MODE_CTR:
case self::MODE_CFB:
+ case self::MODE_CFB8:
case self::MODE_OFB:
case self::MODE_STREAM:
$this->mode = $mode;
@@ -762,6 +767,16 @@ abstract class Base
$iv = substr($ciphertext, -$this->block_size);
}
+ return $ciphertext;
+ case self::MODE_CFB8:
+ $ciphertext = openssl_encrypt($plaintext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->encryptIV);
+ if ($this->continuousBuffer) {
+ if (($len = strlen($ciphertext)) >= $this->block_size) {
+ $this->encryptIV = substr($ciphertext, -$this->block_size);
+ } else {
+ $this->encryptIV = substr($this->encryptIV, $len - $this->block_size) . substr($ciphertext, -$len);
+ }
+ }
return $ciphertext;
case self::MODE_OFB:
return $this->_openssl_ofb_process($plaintext, $this->encryptIV, $this->enbuffer);
@@ -942,6 +957,24 @@ abstract class Base
$pos = $len;
}
break;
+ case self::MODE_CFB8:
+ $ciphertext = '';
+ $len = strlen($plaintext);
+ $iv = $this->encryptIV;
+
+ for ($i = 0; $i < $len; ++$i) {
+ $ciphertext .= ($c = $plaintext[$i] ^ $this->_encryptBlock($iv));
+ $iv = substr($iv, 1) . $c;
+ }
+
+ if ($this->continuousBuffer) {
+ if ($len >= $block_size) {
+ $this->encryptIV = substr($ciphertext, -$block_size);
+ } else {
+ $this->encryptIV = substr($this->encryptIV, $len - $block_size) . substr($ciphertext, -$len);
+ }
+ }
+ break;
case self::MODE_OFB:
$xor = $this->encryptIV;
if (strlen($buffer['xor'])) {
@@ -1072,6 +1105,16 @@ abstract class Base
$iv = substr($ciphertext, -$this->block_size);
}
break;
+ case self::MODE_CFB8:
+ $plaintext = openssl_decrypt($ciphertext, $this->cipher_name_openssl, $this->key, $this->openssl_options, $this->decryptIV);
+ if ($this->continuousBuffer) {
+ if (($len = strlen($ciphertext)) >= $this->block_size) {
+ $this->decryptIV = substr($ciphertext, -$this->block_size);
+ } else {
+ $this->decryptIV = substr($this->decryptIV, $len - $this->block_size) . substr($ciphertext, -$len);
+ }
+ }
+ break;
case self::MODE_OFB:
$plaintext = $this->_openssl_ofb_process($ciphertext, $this->decryptIV, $this->debuffer);
}
@@ -1235,6 +1278,24 @@ abstract class Base
$pos = $len;
}
break;
+ case self::MODE_CFB8:
+ $plaintext = '';
+ $len = strlen($ciphertext);
+ $iv = $this->decryptIV;
+
+ for ($i = 0; $i < $len; ++$i) {
+ $plaintext .= $ciphertext[$i] ^ $this->_encryptBlock($iv);
+ $iv = substr($iv, 1) . $ciphertext[$i];
+ }
+
+ if ($this->continuousBuffer) {
+ if ($len >= $block_size) {
+ $this->decryptIV = substr($ciphertext, -$block_size);
+ } else {
+ $this->decryptIV = substr($this->decryptIV, $len - $block_size) . substr($ciphertext, -$len);
+ }
+ }
+ break;
case self::MODE_OFB:
$xor = $this->decryptIV;
if (strlen($buffer['xor'])) {
@@ -1435,6 +1496,8 @@ abstract class Base
return 'ctr';
case self::MODE_CFB:
return 'cfb';
+ case self::MODE_CFB8:
+ return 'cfb8';
case self::MODE_OFB:
return 'ofb';
}
@@ -1788,6 +1851,7 @@ abstract class Base
self::MODE_ECB => MCRYPT_MODE_ECB,
self::MODE_CBC => MCRYPT_MODE_CBC,
self::MODE_CFB => 'ncfb',
+ self::MODE_CFB8 => MCRYPT_MODE_CFB,
self::MODE_OFB => MCRYPT_MODE_NOFB,
self::MODE_STREAM => MCRYPT_MODE_STREAM,
);
@@ -2359,6 +2423,52 @@ abstract class Base
$_pos = $_len;
}
+ return $_plaintext;
+ ';
+ break;
+ case self::MODE_CFB8:
+ $encrypt = $init_encrypt . '
+ $_ciphertext = "";
+ $_len = strlen($_text);
+ $_iv = $self->encryptIV;
+
+ for ($_i = 0; $_i < $_len; ++$_i) {
+ $in = $_iv;
+ '.$encrypt_block.'
+ $_ciphertext .= ($_c = $_text[$_i] ^ $in);
+ $_iv = substr($_iv, 1) . $_c;
+ }
+
+ if ($self->continuousBuffer) {
+ if ($_len >= '.$block_size.') {
+ $self->encryptIV = substr($_ciphertext, -'.$block_size.');
+ } else {
+ $self->encryptIV = substr($self->encryptIV, $_len - '.$block_size.') . substr($_ciphertext, -$_len);
+ }
+ }
+
+ return $_ciphertext;
+ ';
+ $decrypt = $init_encrypt . '
+ $_plaintext = "";
+ $_len = strlen($_text);
+ $_iv = $self->decryptIV;
+
+ for ($_i = 0; $_i < $_len; ++$_i) {
+ $in = $_iv;
+ '.$encrypt_block.'
+ $_plaintext .= $_text[$_i] ^ $in;
+ $_iv = substr($_iv, 1) . $_text[$_i];
+ }
+
+ if ($self->continuousBuffer) {
+ if ($_len >= '.$block_size.') {
+ $self->decryptIV = substr($_text, -'.$block_size.');
+ } else {
+ $self->decryptIV = substr($self->decryptIV, $_len - '.$block_size.') . substr($_text, -$_len);
+ }
+ }
+
return $_plaintext;
';
break;
diff --git a/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php b/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php
index cd116b56da8da9a1d2ef060accd5a0903e633fdd..c15e86d38644ee788e0a4127bb9ee7ee5ef0cf4c 100644
--- a/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php
+++ b/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php
@@ -468,23 +468,27 @@ class RSA
break;
case extension_loaded('openssl') && file_exists($this->configFile):
// some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work
- ob_start();
- @phpinfo();
- $content = ob_get_contents();
- ob_end_clean();
-
- preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches);
-
$versions = array();
- if (!empty($matches[1])) {
- for ($i = 0; $i < count($matches[1]); $i++) {
- $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i])));
-
- // Remove letter part in OpenSSL version
- if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) {
- $versions[$matches[1][$i]] = $fullVersion;
- } else {
- $versions[$matches[1][$i]] = $m[0];
+
+ // avoid generating errors (even with suppression) when phpinfo() is disabled (common in production systems)
+ if (strpos(ini_get('disable_functions'), 'phpinfo') === false) {
+ ob_start();
+ @phpinfo();
+ $content = ob_get_contents();
+ ob_end_clean();
+
+ preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches);
+
+ if (!empty($matches[1])) {
+ for ($i = 0; $i < count($matches[1]); $i++) {
+ $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i])));
+
+ // Remove letter part in OpenSSL version
+ if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) {
+ $versions[$matches[1][$i]] = $fullVersion;
+ } else {
+ $versions[$matches[1][$i]] = $m[0];
+ }
}
}
}
diff --git a/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php b/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php
index 1da046e826dcea740ee4bab299c9a202666137b5..76ff8e3acf699a68ed6f435503d86f7ccd881f68 100644
--- a/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php
+++ b/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php
@@ -582,7 +582,7 @@ class ASN1
$childClass = $tempClass = self::CLASS_UNIVERSAL;
$constant = null;
if (isset($temp['constant'])) {
- $tempClass = isset($temp['class']) ? $temp['class'] : self::CLASS_CONTEXT_SPECIFIC;
+ $tempClass = $temp['type'];
}
if (isset($child['class'])) {
$childClass = $child['class'];
@@ -645,7 +645,7 @@ class ASN1
$temp = $decoded['content'][$i];
$tempClass = self::CLASS_UNIVERSAL;
if (isset($temp['constant'])) {
- $tempClass = isset($temp['class']) ? $temp['class'] : self::CLASS_CONTEXT_SPECIFIC;
+ $tempClass = $temp['type'];
}
foreach ($mapping['children'] as $key => $child) {
diff --git a/vendor/phpseclib/phpseclib/phpseclib/File/X509.php b/vendor/phpseclib/phpseclib/phpseclib/File/X509.php
index 67317db23d22c057a784cacaa761336300202105..f3ee813773aab613a4c147914baf95e79c98cf27 100644
--- a/vendor/phpseclib/phpseclib/phpseclib/File/X509.php
+++ b/vendor/phpseclib/phpseclib/phpseclib/File/X509.php
@@ -305,6 +305,22 @@ class X509
*/
var $challenge;
+ /**
+ * Recursion Limit
+ *
+ * @var int
+ * @access private
+ */
+ static $recur_limit = 5;
+
+ /**
+ * URL fetch flag
+ *
+ * @var bool
+ * @access private
+ */
+ static $disable_url_fetch = false;
+
/**
* Default Constructor.
*
@@ -2104,6 +2120,117 @@ class X509
return true;
}
+ /**
+ * Fetches a URL
+ *
+ * @param string $url
+ * @access private
+ * @return bool|string
+ */
+ static function _fetchURL($url)
+ {
+ if (self::$disable_url_fetch) {
+ return false;
+ }
+
+ $parts = parse_url($url);
+ $data = '';
+ switch ($parts['scheme']) {
+ case 'http':
+ $fsock = @fsockopen($parts['host'], isset($parts['port']) ? $parts['port'] : 80);
+ if (!$fsock) {
+ return false;
+ }
+ fputs($fsock, "GET $parts[path] HTTP/1.0\r\n");
+ fputs($fsock, "Host: $parts[host]\r\n\r\n");
+ $line = fgets($fsock, 1024);
+ if (strlen($line) < 3) {
+ return false;
+ }
+ preg_match('#HTTP/1.\d (\d{3})#', $line, $temp);
+ if ($temp[1] != '200') {
+ return false;
+ }
+
+ // skip the rest of the headers in the http response
+ while (!feof($fsock) && fgets($fsock, 1024) != "\r\n") {
+ }
+
+ while (!feof($fsock)) {
+ $data.= fread($fsock, 1024);
+ }
+
+ break;
+ //case 'ftp':
+ //case 'ldap':
+ //default:
+ }
+
+ return $data;
+ }
+
+ /**
+ * Validates an intermediate cert as identified via authority info access extension
+ *
+ * See https://tools.ietf.org/html/rfc4325 for more info
+ *
+ * @param bool $caonly
+ * @param int $count
+ * @access private
+ * @return bool
+ */
+ function _testForIntermediate($caonly, $count)
+ {
+ $opts = $this->getExtension('id-pe-authorityInfoAccess');
+ if (!is_array($opts)) {
+ return false;
+ }
+ foreach ($opts as $opt) {
+ if ($opt['accessMethod'] == 'id-ad-caIssuers') {
+ // accessLocation is a GeneralName. GeneralName fields support stuff like email addresses, IP addresses, LDAP,
+ // etc, but we're only supporting URI's. URI's and LDAP are the only thing https://tools.ietf.org/html/rfc4325
+ // discusses
+ if (isset($opt['accessLocation']['uniformResourceIdentifier'])) {
+ $url = $opt['accessLocation']['uniformResourceIdentifier'];
+ break;
+ }
+ }
+ }
+
+ if (!isset($url)) {
+ return false;
+ }
+
+ $cert = static::_fetchURL($url);
+ if (!is_string($cert)) {
+ return false;
+ }
+
+ $parent = new static();
+ $parent->CAs = $this->CAs;
+ /*
+ "Conforming applications that support HTTP or FTP for accessing
+ certificates MUST be able to accept .cer files and SHOULD be able
+ to accept .p7c files." -- https://tools.ietf.org/html/rfc4325
+
+ A .p7c file is 'a "certs-only" CMS message as specified in RFC 2797"
+
+ These are currently unsupported
+ */
+ if (!is_array($parent->loadX509($cert))) {
+ return false;
+ }
+
+ if (!$parent->_validateSignatureCountable($caonly, ++$count)) {
+ return false;
+ }
+
+ $this->CAs[] = $parent->currentCert;
+ //$this->loadCA($cert);
+
+ return true;
+ }
+
/**
* Validate a signature
*
@@ -2120,11 +2247,30 @@ class X509
* @return mixed
*/
function validateSignature($caonly = true)
+ {
+ return $this->_validateSignatureCountable($caonly, 0);
+ }
+
+ /**
+ * Validate a signature
+ *
+ * Performs said validation whilst keeping track of how many times validation method is called
+ *
+ * @param bool $caonly
+ * @param int $count
+ * @access private
+ * @return mixed
+ */
+ function _validateSignatureCountable($caonly, $count)
{
if (!is_array($this->currentCert) || !isset($this->signatureSubject)) {
return null;
}
+ if ($count == self::$recur_limit) {
+ return false;
+ }
+
/* TODO:
"emailAddress attribute values are not case-sensitive (e.g., "subscriber@example.com" is the same as "SUBSCRIBER@EXAMPLE.COM")."
-- http://tools.ietf.org/html/rfc5280#section-4.1.2.6
@@ -2170,10 +2316,10 @@ class X509
}
}
if (count($this->CAs) == $i && $caonly) {
- return false;
+ return $this->_testForIntermediate($caonly, $count) && $this->validateSignature($caonly);
}
} elseif (!isset($signingCert) || $caonly) {
- return false;
+ return $this->_testForIntermediate($caonly, $count) && $this->validateSignature($caonly);
}
return $this->_validateSignature(
$signingCert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']['algorithm'],
@@ -2280,6 +2426,41 @@ class X509
return true;
}
+ /**
+ * Sets the recursion limit
+ *
+ * When validating a signature it may be necessary to download intermediate certs from URI's.
+ * An intermediate cert that linked to itself would result in an infinite loop so to prevent
+ * that we set a recursion limit. A negative number means that there is no recursion limit.
+ *
+ * @param int $count
+ * @access public
+ */
+ static function setRecurLimit($count)
+ {
+ self::$recur_limit = $count;
+ }
+
+ /**
+ * Prevents URIs from being automatically retrieved
+ *
+ * @access public
+ */
+ static function disableURLFetch()
+ {
+ self::$disable_url_fetch = true;
+ }
+
+ /**
+ * Allows URIs to be automatically retrieved
+ *
+ * @access public
+ */
+ static function enableURLFetch()
+ {
+ self::$disable_url_fetch = false;
+ }
+
/**
* Reformat public keys
*
@@ -3447,7 +3628,7 @@ class X509
'tbsCertificate' =>
array(
'version' => 'v3',
- 'serialNumber' => $serialNumber, // $this->setserialNumber()
+ 'serialNumber' => $serialNumber, // $this->setSerialNumber()
'signature' => array('algorithm' => $signatureAlgorithm),
'issuer' => false, // this is going to be overwritten later
'validity' => array(
diff --git a/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php b/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php
index 2aa39a50acd8d8061a1bdb8c1495e0e9d5b1c422..d82d123d8828d8ef1ecd187279eb9d2359f90ebf 100644
--- a/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php
+++ b/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php
@@ -266,23 +266,27 @@ class BigInteger
if (extension_loaded('openssl') && !defined('MATH_BIGINTEGER_OPENSSL_DISABLE') && !defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
// some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work
- ob_start();
- @phpinfo();
- $content = ob_get_contents();
- ob_end_clean();
+ $versions = array();
- preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches);
+ // avoid generating errors (even with suppression) when phpinfo() is disabled (common in production systems)
+ if (strpos(ini_get('disable_functions'), 'phpinfo') === false) {
+ ob_start();
+ @phpinfo();
+ $content = ob_get_contents();
+ ob_end_clean();
- $versions = array();
- if (!empty($matches[1])) {
- for ($i = 0; $i < count($matches[1]); $i++) {
- $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i])));
-
- // Remove letter part in OpenSSL version
- if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) {
- $versions[$matches[1][$i]] = $fullVersion;
- } else {
- $versions[$matches[1][$i]] = $m[0];
+ preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches);
+
+ if (!empty($matches[1])) {
+ for ($i = 0; $i < count($matches[1]); $i++) {
+ $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i])));
+
+ // Remove letter part in OpenSSL version
+ if (!preg_match('/(\d+\.\d+\.\d+)/i', $fullVersion, $m)) {
+ $versions[$matches[1][$i]] = $fullVersion;
+ } else {
+ $versions[$matches[1][$i]] = $m[0];
+ }
}
}
}
@@ -535,7 +539,7 @@ class BigInteger
$temp = $comparison < 0 ? $this->add(new static(1)) : $this->copy();
$bytes = $temp->toBytes();
- if (empty($bytes)) { // eg. if the number we're trying to convert is -1
+ if (!strlen($bytes)) { // eg. if the number we're trying to convert is -1
$bytes = chr(0);
}