From e4ccaef7bf74833891386232946d2168a9e2fce2 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 18 Dec 2012 07:11:24 -0600 Subject: [PATCH] Make PEM lines be 64 bytes long instead of 72 Also, add more notes to Crypt_Random's comments --- phpseclib/Crypt/RSA.php | 6 +++--- phpseclib/Crypt/Random.php | 4 +++- phpseclib/File/X509.php | 8 ++++---- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 5fe34bd4..3373efa6 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -813,11 +813,11 @@ class Crypt_RSA { "Proc-Type: 4,ENCRYPTED\r\n" . "DEK-Info: DES-EDE3-CBC,$iv\r\n" . "\r\n" . - chunk_split(base64_encode($des->encrypt($RSAPrivateKey))) . + chunk_split(base64_encode($des->encrypt($RSAPrivateKey)), 64) . '-----END RSA PRIVATE KEY-----'; } else { $RSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\r\n" . - chunk_split(base64_encode($RSAPrivateKey)) . + chunk_split(base64_encode($RSAPrivateKey), 64) . '-----END RSA PRIVATE KEY-----'; } @@ -884,7 +884,7 @@ class Crypt_RSA { } $RSAPublicKey = "-----BEGIN PUBLIC KEY-----\r\n" . - chunk_split(base64_encode($RSAPublicKey)) . + chunk_split(base64_encode($RSAPublicKey), 64) . '-----END PUBLIC KEY-----'; return $RSAPublicKey; diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 557742a3..55df0bde 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -117,7 +117,9 @@ function crypt_random_string($length) { // on the data sent by all users. one user requests the page and a hash of their info is saved. // another user visits the page and the serialization of their data is utilized along with the // server envirnment stuff and a hash of the previous http request data (which itself utilizes - // a hash of the session data before that). + // a hash of the session data before that). certainly an attacker should be assumed to have + // full control over his own http requests. he, however, is not going to have control over + // everyone's http requests. static $crypto = false, $v; if ($crypto === false) { // save old session data diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index acf13726..5f42783d 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -1524,7 +1524,7 @@ class File_X509 { return $cert; // case FILE_X509_FORMAT_PEM: default: - return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert)) . '-----END CERTIFICATE-----'; + return "-----BEGIN CERTIFICATE-----\r\n" . chunk_split(base64_encode($cert), 64) . '-----END CERTIFICATE-----'; } } @@ -2150,7 +2150,7 @@ class File_X509 { // subjectPublicKey is stored as a bit string in X.509 certs. the first byte of a bit string represents how many bits // in the last byte should be ignored. the following only supports non-zero stuff but as none of the X.509 certs Firefox // uses as a cert authority actually use a non-zero bit I think it's safe to assume that none do. - chunk_split(base64_encode(substr(base64_decode($key), 1))) . + chunk_split(base64_encode(substr(base64_decode($key), 1)), 64) . '-----END PUBLIC KEY-----'; default: return $key; @@ -2877,7 +2877,7 @@ class File_X509 { return $csr; // case FILE_X509_FORMAT_PEM: default: - return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr)) . '-----END CERTIFICATE REQUEST-----'; + return "-----BEGIN CERTIFICATE REQUEST-----\r\n" . chunk_split(base64_encode($csr), 64) . '-----END CERTIFICATE REQUEST-----'; } } @@ -2991,7 +2991,7 @@ class File_X509 { return $crl; // case FILE_X509_FORMAT_PEM: default: - return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl)) . '-----END X509 CRL-----'; + return "-----BEGIN X509 CRL-----\r\n" . chunk_split(base64_encode($crl), 64) . '-----END X509 CRL-----'; } }