From f111bf94b61550fc4685f1c17a5041102aa7410e Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Mar 2019 18:42:40 -0500 Subject: [PATCH 1/6] SSH2: fix issue with reconnecting via ping() --- phpseclib/Net/SSH2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 8c29fdea..c4098ac3 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -3408,7 +3408,7 @@ class Net_SSH2 return false; } foreach ($this->auth as $auth) { - $result = call_user_func_array(array(&$this, 'parent::login'), $auth); + $result = call_user_func_array(array(&$this, 'login'), $auth); } return $result; } From 539fc1a9b03fe21f068619c063e38d9d76940361 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Mar 2019 19:20:06 -0500 Subject: [PATCH 2/6] SSH2: CS adjustments --- phpseclib/Net/SSH2.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index fd4973c4..da2218a5 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -3361,7 +3361,7 @@ class SSH2 return false; } foreach ($this->auth as $auth) { - $result = call_user_func_array(array(&$this, 'login'), $auth); + $result = $this->login(...$auth); } return $result; } @@ -3805,7 +3805,7 @@ class SSH2 $response = $this->binary_packet_buffer; $this->binary_packet_buffer = false; } else { - $read = array($this->fsock); + $read = [$this->fsock]; $write = $except = null; if (!$this->curTimeout) { @@ -3892,7 +3892,7 @@ class SSH2 return $data; } if (!isset($this->channel_buffers[$channel])) { - $this->channel_buffers[$channel] = array(); + $this->channel_buffers[$channel] = []; } $this->channel_buffers[$channel][] = $data; From b5b763b3f2e709ac2044f6443289fcc368a492ec Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Mar 2019 20:17:43 -0500 Subject: [PATCH 3/6] RSA: use hash_equals if available --- phpseclib/Crypt/RSA.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 3be36c88..1a35a274 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -2301,6 +2301,10 @@ class Crypt_RSA */ function _equals($x, $y) { + if (function_exists('hash_equals')) { + return hash_equals($x, $y); + } + if (strlen($x) != strlen($y)) { return false; } From 213516128ac3b8df236928793d36f1fb0cd8027d Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Mar 2019 20:50:10 -0500 Subject: [PATCH 4/6] Crypt: $use_inline_crypt is no longer used --- phpseclib/Crypt/Common/SymmetricKey.php | 12 ------------ phpseclib/Crypt/RC4.php | 9 --------- 2 files changed, 21 deletions(-) diff --git a/phpseclib/Crypt/Common/SymmetricKey.php b/phpseclib/Crypt/Common/SymmetricKey.php index 5e3bd08b..0567cf6d 100644 --- a/phpseclib/Crypt/Common/SymmetricKey.php +++ b/phpseclib/Crypt/Common/SymmetricKey.php @@ -452,23 +452,11 @@ abstract class SymmetricKey * @see self::encrypt() * @see self::decrypt() * @see self::setupInlineCrypt() - * @see self::$use_inline_crypt * @var Callback * @access private */ protected $inline_crypt; - /** - * Holds whether performance-optimized $inline_crypt() can/should be used. - * - * @see self::encrypt() - * @see self::decrypt() - * @see self::inline_crypt - * @var mixed - * @access private - */ - protected $use_inline_crypt; - /** * If OpenSSL can be used in ECB but not in CTR we can emulate CTR * diff --git a/phpseclib/Crypt/RC4.php b/phpseclib/Crypt/RC4.php index 7318a74b..14aca451 100644 --- a/phpseclib/Crypt/RC4.php +++ b/phpseclib/Crypt/RC4.php @@ -93,15 +93,6 @@ class RC4 extends StreamCipher */ protected $cipher_name_mcrypt = 'arcfour'; - /** - * Holds whether performance-optimized $inline_crypt() can/should be used. - * - * @see \phpseclib\Crypt\Common\SymmetricKey::inline_crypt - * @var mixed - * @access private - */ - protected $use_inline_crypt = false; // currently not available - /** * The Key * From 70f5eb4bf7a72905b51ea1c6f6fa9d6fe6d8d776 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Mar 2019 20:53:20 -0500 Subject: [PATCH 5/6] SSH2: Rijndael -> AES (for consistency) --- phpseclib/Net/SSH2.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index da2218a5..f475b6c0 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -55,7 +55,6 @@ use phpseclib\Crypt\Hash; use phpseclib\Crypt\Random; use phpseclib\Crypt\RC4; use phpseclib\Crypt\Rijndael; -use phpseclib\Crypt\AES; use phpseclib\Crypt\RSA; use phpseclib\Crypt\TripleDES; use phpseclib\Crypt\Twofish; @@ -2143,7 +2142,7 @@ class SSH2 return new RC4(); case 'aes128-gcm@openssh.com': case 'aes256-gcm@openssh.com': - return new AES('gcm'); + return new Rijndael('gcm'); } return null; } From 16abd1508998440d0bca7fa378e92a8641f839c8 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 23 Mar 2019 21:41:52 -0500 Subject: [PATCH 6/6] SSH2: micro-optimization for AES-GCM --- phpseclib/Net/SSH2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index f475b6c0..ce211769 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -4120,7 +4120,7 @@ class SSH2 $this->encrypt->invocation_counter ); Strings::increment_str($this->encrypt->invocation_counter); - $this->encrypt->setAAD($temp = substr($packet, 0, 4)); + $this->encrypt->setAAD($temp = ($packet & "\xFF\xFF\xFF\xFF")); $packet = $temp . $this->encrypt->encrypt(substr($packet, 4)); } }