From 3a5ab5276ec7767244b1f1831e01402844ec49b2 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 22 Sep 2012 11:32:41 -0500 Subject: [PATCH 1/9] CRYPT_MODE_DES_CBC should have been CRYPT_DES_MODE_CBC Thanks arook! --- phpseclib/Crypt/DES.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 2fd7a9b8..f6c1f301 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -291,7 +291,7 @@ class Crypt_DES { * @return Crypt_DES * @access public */ - function Crypt_DES($mode = CRYPT_MODE_DES_CBC) + function Crypt_DES($mode = CRYPT_DES_MODE_CBC) { if ( !defined('CRYPT_DES_MODE') ) { switch (true) { @@ -1292,4 +1292,4 @@ class Crypt_DES { } // vim: ts=4:sw=4:et: -// vim6: fdl=1: +// vim6: fdl=1: \ No newline at end of file From 0e0eebf4564f4da5702e1bb6a6fc6095aaaaacdf Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 12 Nov 2012 00:46:03 -0600 Subject: [PATCH 2/9] CS adjustments, make loadXXX() take in binary data, and make getDN() == getIssuerDN() for CRLs --- phpseclib/File/X509.php | 63 ++++++++++++++++++++++++++++++----------- 1 file changed, 47 insertions(+), 16 deletions(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 21a6cb6a..f9c68eb4 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -59,15 +59,35 @@ if (!class_exists('File_ASN1')) { */ define('FILE_X509_VALIDATE_SIGNATURE_BY_CA', 1); +/**#@+ + * @access public + * @see File_X509::getDN() + */ /** - * Name format tokens for the getDN() method. + * Return internal array representation */ define('FILE_X509_DN_ARRAY', 0); // Internal array representation. -define('FILE_X509_DN_STRING', 1); // String. -define('FILE_X509_DN_ASN1', 2); // ASN.1 Name string. -define('FILE_X509_DN_OPENSSL', 3); // OpenSSL compatible array. -define('FILE_X509_DN_CANON', 4); // Canonical ASN.1 RDNs string. -define('FILE_X509_DN_HASH', 5); // Name hash for file indexing. +/** + * Return string + */ +define('FILE_X509_DN_STRING', 1) +/** + * Return ASN.1 name string + */ +define('FILE_X509_DN_ASN1', 2); +/** + * Return OpenSSL compatible array + */ +define('FILE_X509_DN_OPENSSL', 3); +/** + * Return canonical ASN.1 RDNs string + */ +define('FILE_X509_DN_CANON', 4); +/** + * Return name ash for file indexing + */ +define('FILE_X509_DN_HASH', 5); +/**#@-*/ /** * Pure-PHP X.509 Parser @@ -1346,8 +1366,11 @@ class File_X509 { subject=/O=organization/OU=org unit/CN=common name issuer=/O=organization/CN=common name */ - $cert = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $cert); - $cert = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $cert) ? base64_decode($cert) : false; + $temp = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $cert); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; + if ($temp != false) { + $cert = $temp; + } if ($cert === false) { $this->currentCert = false; @@ -2361,7 +2384,7 @@ class File_X509 { return $this->getDN($format, $this->currentCert['tbsCertList']['issuer']); } - return false; + return false; } /** @@ -2385,7 +2408,7 @@ class File_X509 { return $this->getDN($format, $this->currentCert['certificationRequestInfo']['subject']); } - return false; + return false; } /** @@ -2407,7 +2430,7 @@ class File_X509 { return $this->getDNProp($propname, $this->currentCert['tbsCertList']['issuer'], $withType); } - return false; + return false; } /** @@ -2431,7 +2454,7 @@ class File_X509 { return $this->getDNProp($propname, $this->currentCert['certificationRequestInfo']['subject'], $withType); } - return false; + return false; } /** @@ -2518,8 +2541,11 @@ class File_X509 { $asn1 = new File_ASN1(); - $csr = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $csr); - $orig = $csr = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $csr) ? base64_decode($csr) : false; + $temp = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $csr); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; + if ($temp != false) { + $orig = $csr = $temp; + } if ($csr === false) { $this->currentCert = false; @@ -2612,8 +2638,11 @@ class File_X509 { { $asn1 = new File_ASN1(); - $crl = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]#', '', $crl); - $orig = $crl = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $crl) ? base64_decode($crl) : false; + $temp = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $csr); + $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; + if ($temp != false) { + $orig = $crl = $temp; + } if ($crl === false) { $this->currentCert = false; @@ -2636,6 +2665,8 @@ class File_X509 { $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); + $this->dn = $crl['tbsCertList']['issuer']; + $this->_mapInExtensions($crl, 'tbsCertList/crlExtensions', $asn1); $rclist = &$this->_subArray($crl,'tbsCertList/revokedCertificates'); if (is_array($rclist)) { From 661eb8db3fd21bad581827dc6cfa0254bc58d711 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 12 Nov 2012 01:05:24 -0600 Subject: [PATCH 3/9] Missing ; --- phpseclib/File/X509.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index f9c68eb4..0ef8edc2 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -70,7 +70,7 @@ define('FILE_X509_DN_ARRAY', 0); // Internal array representation. /** * Return string */ -define('FILE_X509_DN_STRING', 1) +define('FILE_X509_DN_STRING', 1); /** * Return ASN.1 name string */ From 1abc7e742b55545104c1465670a11387ff37ecf9 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 12 Nov 2012 23:51:41 -0600 Subject: [PATCH 4/9] X509: CSRs and CRLs didn't have the signatureSubject variable saved properly --- phpseclib/File/X509.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 0ef8edc2..81a22b38 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -2544,8 +2544,9 @@ class File_X509 { $temp = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $csr); $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; if ($temp != false) { - $orig = $csr = $temp; + $csr = $temp; } + $orig = $csr; if ($csr === false) { $this->currentCert = false; @@ -2641,8 +2642,9 @@ class File_X509 { $temp = preg_replace('#^(?:[^-].+[\r\n]+)+|-.+-|[\r\n]| #', '', $csr); $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false; if ($temp != false) { - $orig = $crl = $temp; + $crl = $temp; } + $orig = $crl; if ($crl === false) { $this->currentCert = false; From 1fd87dcd35d4d4e323859de4c2f115c97d93dde3 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 13 Nov 2012 00:33:15 -0600 Subject: [PATCH 5/9] Fix bug in listRevoked() and make it so getSubjectDN() doesn't return issuer DN for CRLs --- phpseclib/File/X509.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 81a22b38..8dbb8faa 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -2232,7 +2232,7 @@ class File_X509 { function getDN($format = FILE_X509_DN_ARRAY, $dn = NULL) { if (!isset($dn)) { - $dn = $this->dn; + $dn = isset($this->currentCert['tbsCertList']) ? this->currentCert['tbsCertList']['issuer'] : $this->dn; } switch ((int) $format) { @@ -2667,8 +2667,6 @@ class File_X509 { $this->signatureSubject = substr($orig, $decoded[0]['content'][0]['start'], $decoded[0]['content'][0]['length']); - $this->dn = $crl['tbsCertList']['issuer']; - $this->_mapInExtensions($crl, 'tbsCertList/crlExtensions', $asn1); $rclist = &$this->_subArray($crl,'tbsCertList/revokedCertificates'); if (is_array($rclist)) { @@ -3658,7 +3656,7 @@ class File_X509 { $result = array(); - if (!is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) { + if (is_array($rclist = $this->_subArray($crl, 'tbsCertList/revokedCertificates'))) { foreach ($rclist as $rc) { $result[] = $rc['userCertificate']->toString(); } From d492d197483dddbfa29a8fd6f7e0732db733d2fb Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 13 Nov 2012 00:37:54 -0600 Subject: [PATCH 6/9] X509: Missing $ --- phpseclib/File/X509.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 8dbb8faa..d8abdeb2 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -2232,7 +2232,7 @@ class File_X509 { function getDN($format = FILE_X509_DN_ARRAY, $dn = NULL) { if (!isset($dn)) { - $dn = isset($this->currentCert['tbsCertList']) ? this->currentCert['tbsCertList']['issuer'] : $this->dn; + $dn = isset($this->currentCert['tbsCertList']) ? $this->currentCert['tbsCertList']['issuer'] : $this->dn; } switch ((int) $format) { From 691f4d1e62812b34f62fcb6b07d15518d0b5b45d Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 13 Nov 2012 00:43:45 -0600 Subject: [PATCH 7/9] Make it so loadCA() doesn't have to be called before loadX509() or loadCRL() --- phpseclib/File/X509.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index d8abdeb2..6ad74675 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1660,8 +1660,16 @@ class File_X509 { */ function loadCA($cert) { + $olddn = $this->dn; + $oldcert = $this->currentCert; + $oldsigsubj = $this->signatureSubject; + $cert = $this->loadX509($cert); if (!$cert) { + $this->dn = $olddn; + $this->currentCert = $oldcert; + $this->signatureSubject = $oldsigsubj; + return false; } @@ -1690,8 +1698,10 @@ class File_X509 { //} $this->CAs[] = $cert; - unset($this->currentCert); - unset($this->signatureSubject); + + $this->dn = $olddn; + $this->currentCert = $oldcert; + $this->signatureSubject = $oldsigsubj; return true; } From 8cf6bb0b1cbd629491f331759d8bb80062472eed Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 14 Nov 2012 04:34:33 -0600 Subject: [PATCH 8/9] SSH1: Fix E_NOTICE (thanks dayton967!) --- phpseclib/Net/SSH1.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Net/SSH1.php b/phpseclib/Net/SSH1.php index 69669aa7..67e09652 100644 --- a/phpseclib/Net/SSH1.php +++ b/phpseclib/Net/SSH1.php @@ -428,7 +428,7 @@ class Net_SSH1 { * @var Array * @access private */ - var $interactive_buffer = ''; + var $interactiveBuffer = ''; /** * Default Constructor. From 2a1909fd7140cfd7b41ee1b4a2f5f5cf4e9dc318 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Fri, 16 Nov 2012 02:59:06 -0600 Subject: [PATCH 9/9] Set $this->paddable to true in a few missing places --- phpseclib/Crypt/DES.php | 2 +- phpseclib/Crypt/TripleDES.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index f6c1f301..0d6dd00e 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -723,7 +723,7 @@ class Crypt_DES { mcrypt_generic_init($this->demcrypt, $this->keys, $this->decryptIV); } - return $this->mode != 'ctr' ? $this->_unpad($plaintext) : $plaintext; + return $this->paddable ? $this->_unpad($plaintext) : $plaintext; } if (!is_array($this->keys)) { diff --git a/phpseclib/Crypt/TripleDES.php b/phpseclib/Crypt/TripleDES.php index bbabf169..faf8c18a 100644 --- a/phpseclib/Crypt/TripleDES.php +++ b/phpseclib/Crypt/TripleDES.php @@ -265,6 +265,7 @@ class Crypt_TripleDES { new Crypt_DES(CRYPT_DES_MODE_CBC), new Crypt_DES(CRYPT_DES_MODE_CBC) ); + $this->paddable = true; // we're going to be doing the padding, ourselves, so disable it in the Crypt_DES objects $this->des[0]->disablePadding();