From 994c2c6c7962436e7c8b49795da5c5e765a29f5d Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Tue, 5 Mar 2013 00:19:11 -0600
Subject: [PATCH 1/4] Rijndael, TripleDES: $block not defined in these either

---
 phpseclib/Crypt/Rijndael.php  | 12 ++++++++----
 phpseclib/Crypt/TripleDES.php |  6 ++++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/phpseclib/Crypt/Rijndael.php b/phpseclib/Crypt/Rijndael.php
index 9ac4e1b2..f8f1fff6 100644
--- a/phpseclib/Crypt/Rijndael.php
+++ b/phpseclib/Crypt/Rijndael.php
@@ -900,12 +900,13 @@ class Crypt_Rijndael {
                 $xor = $this->encryptIV;
                 if (strlen($buffer['xor'])) {
                     for ($i = 0; $i < strlen($plaintext); $i+=$block_size) {
+                        $block = substr($plaintext, $i, $block_size);
                         if (strlen($block) > strlen($buffer['xor'])) {
                             $xor = $this->_encryptBlock($xor);
                             $buffer['xor'].= $xor;
                         }
                         $key = $this->_string_shift($buffer['xor'], $block_size);
-                        $ciphertext.= substr($plaintext, $i, $block_size) ^ $key;
+                        $ciphertext.= $block ^ $key;
                     }
                 } else {
                     for ($i = 0; $i < strlen($plaintext); $i+=$block_size) {
@@ -1040,12 +1041,13 @@ class Crypt_Rijndael {
                 $xor = $this->decryptIV;
                 if (strlen($buffer['xor'])) {
                     for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) {
+                        $block = substr($ciphertext, $i, $block_size);
                         if (strlen($block) > strlen($buffer['xor'])) {
                             $xor = $this->_encryptBlock($xor);
                             $buffer['xor'].= $xor;
                         }
                         $key = $this->_string_shift($buffer['xor'], $block_size);
-                        $plaintext.= substr($ciphertext, $i, $block_size) ^ $key;
+                        $plaintext.= $block ^ $key;
                     }
                 } else {
                     for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) {
@@ -1973,6 +1975,7 @@ class Crypt_Rijndael {
 
                         if (strlen($buffer["xor"])) {
                             for ($i = 0; $i < $plaintext_len; $i+= '.$block_size.') {
+                                $block = substr($text, $i, '.$block_size.');
                                 if (strlen($block) > strlen($buffer["xor"])) {
                                     $in = $xor;
                                     '.$_encryptBlock.'
@@ -1980,7 +1983,7 @@ class Crypt_Rijndael {
                                     $buffer["xor"].= $xor;
                                 }
                                 $key = $self->_string_shift($buffer["xor"], '.$block_size.');
-                                $ciphertext.= substr($text, $i, '.$block_size.') ^ $key;
+                                $ciphertext.= $block ^ $key;
                             }
                         } else {
                             for ($i = 0; $i < $plaintext_len; $i+= '.$block_size.') {
@@ -2008,6 +2011,7 @@ class Crypt_Rijndael {
 
                         if (strlen($buffer["xor"])) {
                             for ($i = 0; $i < $ciphertext_len; $i+= '.$block_size.') {
+                                $block = substr($text, $i, '.$block_size.');
                                 if (strlen($block) > strlen($buffer["xor"])) {
                                     $in = $xor;
                                     '.$_encryptBlock.'
@@ -2015,7 +2019,7 @@ class Crypt_Rijndael {
                                     $buffer["xor"].= $xor;
                                 }
                                 $key = $self->_string_shift($buffer["xor"], '.$block_size.');
-                                $plaintext.= substr($text, $i, '.$block_size.') ^ $key;
+                                $plaintext.= $block ^ $key;
                             }
                         } else {
                             for ($i = 0; $i < $ciphertext_len; $i+= '.$block_size.') {
diff --git a/phpseclib/Crypt/TripleDES.php b/phpseclib/Crypt/TripleDES.php
index 5af43ec9..28cdc588 100644
--- a/phpseclib/Crypt/TripleDES.php
+++ b/phpseclib/Crypt/TripleDES.php
@@ -669,6 +669,7 @@ class Crypt_TripleDES {
                 $xor = $this->encryptIV;
                 if (strlen($buffer['xor'])) {
                     for ($i = 0; $i < strlen($plaintext); $i+=8) {
+                        $block = substr($plaintext, $i, 8);
                         if (strlen($block) > strlen($buffer['xor'])) {
                             $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT);
                             $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
@@ -676,7 +677,7 @@ class Crypt_TripleDES {
                             $buffer['xor'].= $xor;
                         }
                         $key = $this->_string_shift($buffer['xor'], 8);
-                        $ciphertext.= substr($plaintext, $i, 8) ^ $key;
+                        $ciphertext.= $block ^ $key;
                     }
                 } else {
                     for ($i = 0; $i < strlen($plaintext); $i+=8) {
@@ -882,6 +883,7 @@ class Crypt_TripleDES {
                 $xor = $this->decryptIV;
                 if (strlen($buffer['xor'])) {
                     for ($i = 0; $i < strlen($ciphertext); $i+=8) {
+                        $block = substr($ciphertext, $i, 8);
                         if (strlen($block) > strlen($buffer['xor'])) {
                             $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT);
                             $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT);
@@ -889,7 +891,7 @@ class Crypt_TripleDES {
                             $buffer['xor'].= $xor;
                         }
                         $key = $this->_string_shift($buffer['xor'], 8);
-                        $plaintext.= substr($ciphertext, $i, 8) ^ $key;
+                        $plaintext.= $block ^ $key;
                     }
                 } else {
                     for ($i = 0; $i < strlen($ciphertext); $i+=8) {

From 4e06ab52dd71d7c3c74036d244861a483c898604 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@phpbb.com>
Date: Tue, 5 Mar 2013 08:29:06 -0600
Subject: [PATCH 2/4] BigInteger: revamp base-10 regex

new Math_BigInteger('-09') gave 0 back as a number in GMP mode
---
 phpseclib/Math/BigInteger.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php
index c1e239cb..e818e8bb 100644
--- a/phpseclib/Math/BigInteger.php
+++ b/phpseclib/Math/BigInteger.php
@@ -413,7 +413,10 @@ class Math_BigInteger {
                 break;
             case  10:
             case -10:
-                $x = preg_replace('#^(-?[0-9]*).*#', '$1', $x);
+                // (?<!^)(?:-).*: find any -'s that aren't at the beginning and then any characters that follow that
+                // (?<=^|-)0*: find any 0's that are preceeded by the start of the string or by a - (ie. octals)
+                // [^-0-9].*: find any non-numeric characters and then any characters that follow that
+                $x = preg_replace('#(?<!^)(?:-).*|(?<=^|-)0*|[^-0-9].*#', '', $x);
 
                 switch ( MATH_BIGINTEGER_MODE ) {
                     case MATH_BIGINTEGER_MODE_GMP:

From 42f22a4e4413bedef92ef530acd0b23a7f60b46e Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@phpbb.com>
Date: Tue, 5 Mar 2013 08:37:59 -0600
Subject: [PATCH 3/4] BigInteger: fix special case for base-10 / bcmath

echo new Math_BigInteger('-') when in bcmath mode would output '-' - not '0'
---
 phpseclib/Math/BigInteger.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php
index e818e8bb..8ff41470 100644
--- a/phpseclib/Math/BigInteger.php
+++ b/phpseclib/Math/BigInteger.php
@@ -425,7 +425,7 @@ class Math_BigInteger {
                     case MATH_BIGINTEGER_MODE_BCMATH:
                         // explicitly casting $x to a string is necessary, here, since doing $x[0] on -1 yields different
                         // results then doing it on '-1' does (modInverse does $x[0])
-                        $this->value = (string) $x;
+                        $this->value = $x === '-' ? '0' : (string) $x;
                         break;
                     default:
                         $temp = new Math_BigInteger();

From ee84c4b41d64e58d851236b36c6ddf82b16074ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hans-J=C3=BCrgen=20Petrich?= <petrich@tronic-media.com>
Date: Wed, 6 Mar 2013 18:14:27 +0700
Subject: [PATCH 4/4] $plaintext should be $ciphertext

---
 phpseclib/Crypt/DES.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php
index 0b353b87..a4b3e541 100644
--- a/phpseclib/Crypt/DES.php
+++ b/phpseclib/Crypt/DES.php
@@ -846,7 +846,7 @@ class Crypt_DES {
                 $xor = $this->decryptIV;
                 if (strlen($buffer['xor'])) {
                     for ($i = 0; $i < strlen($ciphertext); $i+=8) {
-                        $block = substr($plaintext, $i, 8);
+                        $block = substr($ciphertext, $i, 8);
                         if (strlen($block) > strlen($buffer['xor'])) {
                             $xor = $this->_processBlock($xor, CRYPT_DES_ENCRYPT);
                             $buffer['xor'].= $xor;