Merge branch '3.0'

phpseclib/Crypt/Random.php

@@ -97,7 +97,10 @@ abstract class Random
                  (isset($_POST) ? self::safe_serialize($_POST) : '') .
                  (isset($_GET) ? self::safe_serialize($_GET) : '') .
                  (isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') .
-                 self::safe_serialize($GLOBALS) .
+                 // as of PHP 8.1 $GLOBALS cann't be accessed by reference, which eliminates
+                 // the need for phpseclib_safe_serialize. see https://wiki.php.net/rfc/restrict_globals_usage
+                 // for more info
+                 (version_compare(PHP_VERSION, '8.1.0', '>=') ? self::safe_serialize($GLOBALS) : self::safe_serialize($GLOBALS)) .
                  self::safe_serialize($_SESSION) .
                  self::safe_serialize($_OLD_SESSION);
             $v = $seed = $_SESSION['seed'] = sha1($v, true);

phpseclib/Math/BigInteger/Engines/BCMath.php

@@ -80,7 +80,7 @@ class BCMath extends Engine
         switch (abs($base)) {
             case 256:
                 // round $len to the nearest 4
-                $len = (strlen($this->value) + 3) & 0xFFFFFFFC;
+                $len = (strlen($this->value) + 3) & ~3;
 
                 $x = str_pad($this->value, $len, chr(0), STR_PAD_LEFT);
 

phpseclib/Net/SFTP/Attribute.php

@@ -32,7 +32,7 @@ abstract class Attribute
     // yields inconsistent behavior depending on how php is compiled.  so we left shift -1 (which, in
     // two's compliment, consists of all 1 bits) by 31.  on 64-bit systems this'll yield 0xFFFFFFFF80000000.
     // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored.
-    public const EXTENDED = (-1 << 31) & 0xFFFFFFFF;
+    public const EXTENDED = PHP_INT_SIZE == 4 ? -1 : 0xFFFFFFFF;
 
     /**
      */