From 05f4ec133c5ef1077101c2b3de96a9076bbd57c3 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 8 Feb 2015 09:31:31 -0600 Subject: [PATCH 1/8] CHANGELOG: add 0.3.10 release --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fd3ca09..06004752 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 0.3.10 - 2015-02-04 + +- simplify window size handling ([#538](https://github.com/phpseclib/phpseclib/pull/538)) +- slightly relax the conditions under which OpenSSL is used ([#598](https://github.com/phpseclib/phpseclib/pull/598)) +- fix issue with empty constructed context-specific tags in ASN1 ([#606](https://github.com/phpseclib/phpseclib/pull/606)) + ## 0.3.9 - 2014-11-09 - PHP 5.6 improvements ([#482](https://github.com/phpseclib/phpseclib/pull/482), [#491](https://github.com/phpseclib/phpseclib/issues/491)) From fd613e49cf130fb19c611eb5a5adec472b0d08f4 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 9 Feb 2015 07:56:10 -0600 Subject: [PATCH 2/8] CHANGELOG: add clarification --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06004752..2dd2c096 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## 0.3.10 - 2015-02-04 -- simplify window size handling ([#538](https://github.com/phpseclib/phpseclib/pull/538)) +- simplify SSH2 window size handling ([#538](https://github.com/phpseclib/phpseclib/pull/538)) - slightly relax the conditions under which OpenSSL is used ([#598](https://github.com/phpseclib/phpseclib/pull/598)) - fix issue with empty constructed context-specific tags in ASN1 ([#606](https://github.com/phpseclib/phpseclib/pull/606)) From 7e2dd901404cfdaf00b713071923821d5329d45c Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 1 Mar 2015 11:57:36 -0600 Subject: [PATCH 3/8] X509: make it so you can use File_ASN1_Element for custom X.509 extensions --- phpseclib/File/X509.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 36a6287b..75579b5d 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1612,6 +1612,10 @@ class File_X509 if (is_array($extensions)) { $size = count($extensions); for ($i = 0; $i < $size; $i++) { + if (is_object($extensions[$i]) && strtolower(get_class($extensions[$i])) == 'file_asn1_element') { + continue; + } + $id = $extensions[$i]['extnId']; $value = &$extensions[$i]['extnValue']; From e686c095b63eadfa3ed60b1cc4c01c7e17d30b77 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 1 Mar 2015 12:05:49 -0600 Subject: [PATCH 4/8] X509: always base64-encode extensions for which _getMapping returns a bool --- phpseclib/File/X509.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 36a6287b..eaba023e 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1589,7 +1589,7 @@ class File_X509 } } } - } elseif ($map) { + } else { $value = base64_encode($value); } } From 3e1aa8c213798c67d3616dde687d43ee5d6c7707 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 4 Mar 2015 08:03:02 -0600 Subject: [PATCH 5/8] Tests/X509: add unit test for unsupported extension encoding --- tests/Unit/File/X509/X509Test.php | 60 +++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 tests/Unit/File/X509/X509Test.php diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php new file mode 100644 index 00000000..4962976b --- /dev/null +++ b/tests/Unit/File/X509/X509Test.php @@ -0,0 +1,60 @@ + + * @copyright 2014 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +require_once 'File/X509.php'; + +class Unit_File_X509_X509Test extends PhpseclibTestCase +{ + public function testLoadUnsupportedExtension() + { + $test = '-----BEGIN CERTIFICATE----- +MIIG1jCCBL6gAwIBAgITUAAAAA0qg8bE6DhrLAAAAAAADTANBgkqhkiG9w0BAQsF +ADAiMSAwHgYDVQQDExcuU2VjdXJlIEVudGVycHJpc2UgQ0EgMTAeFw0xNTAyMjMx +NTE1MDdaFw0xNjAyMjMxNTE1MDdaMD8xFjAUBgoJkiaJk/IsZAEZFgZzZWN1cmUx +DjAMBgNVBAMTBVVzZXJzMRUwEwYDVQQDEwxtZXRhY2xhc3NpbmcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMdG1CzR/gTalbLN9J+2cvMGeD7wsR7S78 +HU5hdwE+kECROjRAcjFBOR57ezSDrkmhkTzo28tj0oAHjOh8N9vuXtASfZSCXugx +H+ImJ+E7PA4aXBp+0H2hohW9sXNNCFiVNmJLX66O4bxIeKtVRq/+eSNijV4OOEkC +zMyTHAUbOFP0t6KoJtM1syNoQ1+fKdfcjz5XtiEzSVcp2zf0MwNFSeZSgGQ0jh8A +Kd6YVKA8ZnrqOWZxKETT+bBNTjIT0ggjQfzcE4zW2RzrN7zWabUowoU92+DAp4s3 +sAEywX9ISSge62DEzTnZZSf9bpoScAfT8raRFA3BkoJ/s4c4CgfPAgMBAAGjggLm +MIIC4jAdBgNVHQ4EFgQULlIyJL9+ZwAI/SkVdsJMxFOVp+EwHwYDVR0jBBgwFoAU +5nEIMEUT5mMd1WepmviwgK7dIzwwggEKBgNVHR8EggEBMIH+MIH7oIH4oIH1hoG5 +bGRhcDovLy9DTj0uU2VjdXJlJTIwRW50ZXJwcmlzZSUyMENBJTIwMSxDTj1hdXRo +LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD +Tj1Db25maWd1cmF0aW9uLERDPXNlY3VyZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M +aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGN2h0dHA6 +Ly9jcmwuc2VjdXJlb2JzY3VyZS5jb20vP2FjdGlvbj1jcmwmY2E9ZW50ZXJwcmlz +ZTEwgccGCCsGAQUFBwEBBIG6MIG3MIG0BggrBgEFBQcwAoaBp2xkYXA6Ly8vQ049 +LlNlY3VyZSUyMEVudGVycHJpc2UlMjBDQSUyMDEsQ049QUlBLENOPVB1YmxpYyUy +MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9 +c2VjdXJlP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0 +aW9uQXV0aG9yaXR5MBcGCSsGAQQBgjcUAgQKHggAVQBzAGUAcjAOBgNVHQ8BAf8E +BAMCBaAwKQYDVR0lBCIwIAYKKwYBBAGCNwoDBAYIKwYBBQUHAwQGCCsGAQUFBwMC +MC4GA1UdEQQnMCWgIwYKKwYBBAGCNxQCA6AVDBNtZXRhY2xhc3NpbmdAc2VjdXJl +MEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIA +gDAHBgUrDgMCBzAKBggqhkiG9w0DBzANBgkqhkiG9w0BAQsFAAOCAgEAKNmjYh+h +cObJEM0CWgz50jOYKZ4M5iIxoAWgrYY9Pv+0O9aPjvPLzjd5bY322L8lxh5wy5my +DKmip+irzjdVdxzQfoyy+ceODmCbX9L6MfEDn0RBzdwjLe1/eOxE1na0sZztrVCc +yt5nI91NNGZJUcVqVQsIA/25FWlkvo/FTfuqTuXdQiEVM5MCKJI915anmTdugy+G +0CmBJALIxtyz5P7sZhaHZFNdpKnx82QsauErqjP9H0RXc6VXX5qt+tEDvYfSlFcc +0lv3aQnV/eIdfm7APJkQ3lmNWWQwdkVf7adXJ7KAAPHSt1yvSbVxThJR/jmIkyeQ +XW/TOP5m7JI/GrmvdlzI1AgwJ+zO8fOmCDuif99pDb1CvkzQ65RZ8p5J1ZV6hzlb +VvOhn4LDnT1jnTcEqigmx1gxM/5ifvMorXn/ItMjKPlb72vHpeF7OeKE8GHsvZAm +osHcKyJXbTIcXchmpZX1efbmCMJBqHgJ/qBTBMl9BX0+YqbTZyabRJSs9ezbTRn0 +oRYl21Q8EnvS71CemxEUkSsKJmfJKkQNCsOjc8AbX/V/X9R7LJkH3UEx6K2zQQKK +k6m17mi63YW/+iPCGOWZ2qXmY5HPEyyF2L4L4IDryFJ+8xLyw3pH9/yp5aHZDtp6 +833K6qyjgHJT+fUzSEYpiwF5rSBJIGClOCY= +-----END CERTIFICATE-----'; + + $x509 = new File_X509(); + + $spkac = $x509->loadX509($test); + + $this->assertEquals($a['tbsCertificate']['extensions'][8]['extnValue'], 'MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw=='); + } +} From cc08406a76734ece1a7f3c96eecc7869948aa8c8 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 4 Mar 2015 08:18:54 -0600 Subject: [PATCH 6/8] Tests/X509: fix unit test --- tests/Unit/File/X509/X509Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index 4962976b..b44f9b58 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -53,8 +53,8 @@ k6m17mi63YW/+iPCGOWZ2qXmY5HPEyyF2L4L4IDryFJ+8xLyw3pH9/yp5aHZDtp6 $x509 = new File_X509(); - $spkac = $x509->loadX509($test); + $cert = $x509->loadX509($test); - $this->assertEquals($a['tbsCertificate']['extensions'][8]['extnValue'], 'MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw=='); + $this->assertEquals($cert['tbsCertificate']['extensions'][8]['extnValue'], 'MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw=='); } } From 31e2308ea933bdd9890d0216e18a93682a150298 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 4 Mar 2015 23:37:33 -0600 Subject: [PATCH 7/8] Tests/X509: swap expected and actual value --- tests/Unit/File/X509/X509Test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index b44f9b58..03d37096 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -55,6 +55,6 @@ k6m17mi63YW/+iPCGOWZ2qXmY5HPEyyF2L4L4IDryFJ+8xLyw3pH9/yp5aHZDtp6 $cert = $x509->loadX509($test); - $this->assertEquals($cert['tbsCertificate']['extensions'][8]['extnValue'], 'MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw=='); + $this->assertEquals('MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw==', $cert['tbsCertificate']['extensions'][8]['extnValue']); } } From dad8a9ef37ace0867296ddbbdbc32cde672e9d11 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 10 Mar 2015 01:39:13 -0500 Subject: [PATCH 8/8] Tests/X509: add unit test --- tests/Unit/File/X509/X509Test.php | 63 +++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index 03d37096..ff53001c 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -57,4 +57,67 @@ k6m17mi63YW/+iPCGOWZ2qXmY5HPEyyF2L4L4IDryFJ+8xLyw3pH9/yp5aHZDtp6 $this->assertEquals('MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBw==', $cert['tbsCertificate']['extensions'][8]['extnValue']); } + + public function testSaveUnsupportedExtension() + { + $x509 = new File_X509(); + $cert = $x509->loadX509('-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM +MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg +THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x +MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw +FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy +wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B +d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM +BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl +LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF +BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw +Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0 +ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF +AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp +ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le +IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q== +-----END CERTIFICATE-----'); + + $asn1 = new File_ASN1(); + + $value = $this->encodeOID('1.2.3.4'); + $ext = chr(FILE_ASN1_TYPE_OBJECT_IDENTIFIER) . $asn1->_encodeLength(strlen($value)) . $value; + $value = 'zzzzzzzzz'; + $ext.= chr(FILE_ASN1_TYPE_OCTET_STRING) . $asn1->_encodeLength(strlen($value)) . $value; + $ext = chr(FILE_ASN1_TYPE_SEQUENCE | 0x20) . $asn1->_encodeLength(strlen($ext)) . $ext; + + $cert['tbsCertificate']['extensions'][4] = new File_ASN1_Element($ext); + + $result = $x509->loadX509($x509->saveX509($cert)); + + $this->assertCount(5, $result['tbsCertificate']['extensions']); + } + + function encodeOID($oid) + { + if ($oid === false) { + user_error('Invalid OID'); + return false; + } + $value = ''; + $parts = explode('.', $oid); + $value = chr(40 * $parts[0] + $parts[1]); + for ($i = 2; $i < count($parts); $i++) { + $temp = ''; + if (!$parts[$i]) { + $temp = "\0"; + } else { + while ($parts[$i]) { + $temp = chr(0x80 | ($parts[$i] & 0x7F)) . $temp; + $parts[$i] >>= 7; + } + $temp[strlen($temp) - 1] = $temp[strlen($temp) - 1] & chr(0x7F); + } + $value.= $temp; + } + return $value; + } }