From 25394f75d63a46d8c60b940e5e8519369b5964eb Mon Sep 17 00:00:00 2001
From: nicolaasuni <info@tecnick.com>
Date: Tue, 28 Jul 2015 16:28:45 +0100
Subject: [PATCH] 6.2.10 (2015-07-28) - Minor mod to PNG parsing. - Make
 dependency on mcrypt optional.

---
 CHANGELOG.TXT            |  5 +++--
 README.TXT               |  4 ++--
 composer.json            |  2 +-
 include/tcpdf_images.php |  3 ++-
 include/tcpdf_static.php | 32 +++++++++++++++++++++++++++++---
 tcpdf.php                | 18 +++++++++---------
 6 files changed, 46 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index 5277d01..bea656f 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -1,5 +1,6 @@
-6.2.9 (2015-06-18)
-	- 
+6.2.10 (2015-07-28)
+	- Minor mod to PNG parsing.
+	- Make dependency on mcrypt optional.
 
 6.2.8 (2015-04-29)
 	- Removed unwanted file.
diff --git a/README.TXT b/README.TXT
index b3a4a8b..3793d10 100644
--- a/README.TXT
+++ b/README.TXT
@@ -8,8 +8,8 @@ http://sourceforge.net/donate/index.php?group_id=128076
 ------------------------------------------------------------
 
 Name: TCPDF
-Version: 6.2.9
-Release date: 2015-06-18
+Version: 6.2.10
+Release date: 2015-07-28
 Author:	Nicola Asuni
 
 Copyright (c) 2002-2015:
diff --git a/composer.json b/composer.json
index 72fbdc8..a7bff18 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
 	"name": "tecnick.com/tcpdf",
-	"version": "6.2.9",
+	"version": "6.2.10",
 	"homepage": "http://www.tcpdf.org/",
 	"type": "library",
 	"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",
diff --git a/include/tcpdf_images.php b/include/tcpdf_images.php
index 40cbe9d..c2e3c36 100644
--- a/include/tcpdf_images.php
+++ b/include/tcpdf_images.php
@@ -297,8 +297,8 @@ class TCPDF_IMAGES {
 		$trns = '';
 		$data = '';
 		$icc = false;
+		$n = TCPDF_STATIC::_freadint($f);
 		do {
-			$n = TCPDF_STATIC::_freadint($f);
 			$type = fread($f, 4);
 			if ($type == 'PLTE') {
 				// read palette
@@ -346,6 +346,7 @@ class TCPDF_IMAGES {
 			} else {
 				TCPDF_STATIC::rfread($f, $n + 4);
 			}
+			$n = TCPDF_STATIC::_freadint($f);
 		} while ($n);
 		if (($colspace == 'Indexed') AND (empty($pal))) {
 			// Missing palette
diff --git a/include/tcpdf_static.php b/include/tcpdf_static.php
index 4ab18b6..3e6085e 100644
--- a/include/tcpdf_static.php
+++ b/include/tcpdf_static.php
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
 	 * Current TCPDF version.
 	 * @private static
 	 */
-	private static $tcpdf_version = '6.2.9';
+	private static $tcpdf_version = '6.2.10';
 
 	/**
 	 * String alias for total number of pages.
@@ -1024,7 +1024,7 @@ class TCPDF_STATIC {
 			return false;
 		}
 		$rest = ($length - strlen($data));
-		if ($rest > 0) {
+		if (($rest > 0) && !feof($handle)) {
 			$data .= self::rfread($handle, $rest);
 		}
 		return $data;
@@ -1078,7 +1078,7 @@ class TCPDF_STATIC {
 
 	/**
 	 * Returns the input text exrypted using AES algorithm and the specified key.
-	 * This method requires mcrypt.
+	 * This method requires openssl or mcrypt. Text is padded to 16bytes blocks
 	 * @param $key (string) encryption key
 	 * @param $text (String) input text to be encrypted
 	 * @return String encrypted text
@@ -1090,12 +1090,38 @@ class TCPDF_STATIC {
 		// padding (RFC 2898, PKCS #5: Password-Based Cryptography Specification Version 2.0)
 		$padding = 16 - (strlen($text) % 16);
 		$text .= str_repeat(chr($padding), $padding);
+		if (extension_loaded('openssl')) {
+			$iv = openssl_random_pseudo_bytes (openssl_cipher_iv_length('aes-256-cbc'));
+			$text = openssl_encrypt($text, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+			return $iv.substr($text, 0, -16);
+		}
 		$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
 		$text = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_CBC, $iv);
 		$text = $iv.$text;
 		return $text;
 	}
 
+	/**
+	 * Returns the input text exrypted using AES algorithm and the specified key.
+	 * This method requires openssl or mcrypt. Text is not padded
+	 * @param $key (string) encryption key
+	 * @param $text (String) input text to be encrypted
+	 * @return String encrypted text
+	 * @author Nicola Asuni
+	 * @since TODO
+	 * @public static
+	 */
+	public static function _AESnopad($key, $text) {
+		if (extension_loaded('openssl')) {
+			$iv = str_repeat("\x00", openssl_cipher_iv_length('aes-256-cbc'));
+			$text = openssl_encrypt($text, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+			return substr($text, 0, -16);
+		}
+		$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
+		$text = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_CBC, $iv);
+		return $text;
+	}
+
 	/**
 	 * Returns the input text encrypted using RC4 algorithm and the specified key.
 	 * RC4 is the standard encryption algorithm used in PDF format
diff --git a/tcpdf.php b/tcpdf.php
index 1412834..c65d138 100644
--- a/tcpdf.php
+++ b/tcpdf.php
@@ -10633,8 +10633,7 @@ class TCPDF {
 	 */
 	protected function _UEvalue() {
 		$hashkey = hash('sha256', $this->encryptdata['user_password'].$this->encryptdata['UKS'], true);
-		$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
-		return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $hashkey, $this->encryptdata['key'], MCRYPT_MODE_CBC, $iv);
+		return TCPDF_STATIC::_AESnopad($hashkey, $this->encryptdata['key']);
 	}
 
 	/**
@@ -10684,8 +10683,7 @@ class TCPDF {
 	 */
 	protected function _OEvalue() {
 		$hashkey = hash('sha256', $this->encryptdata['owner_password'].$this->encryptdata['OKS'].$this->encryptdata['U'], true);
-		$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
-		return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $hashkey, $this->encryptdata['key'], MCRYPT_MODE_CBC, $iv);
+		return TCPDF_STATIC::_AESnopad($hashkey, $this->encryptdata['key']);
 	}
 
 	/**
@@ -10740,8 +10738,7 @@ class TCPDF {
 				}
 				$perms .= 'adb'; // bytes 9-11
 				$perms .= 'nick'; // bytes 12-15
-				$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB));
-				$this->encryptdata['perms'] = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->encryptdata['key'], $perms, MCRYPT_MODE_ECB, $iv);
+				$this->encryptdata['perms'] = TCPDF_STATIC::_AESnopad($this->encryptdata['key'], $perms);
 			} else { // RC4-40, RC4-128, AES-128
 				// Pad passwords
 				$this->encryptdata['user_password'] = substr($this->encryptdata['user_password'].TCPDF_STATIC::$enc_padding, 0, 32);
@@ -10859,10 +10856,13 @@ class TCPDF {
 			$this->encryptdata['StrF'] = 'StdCF';
 		}
 		if ($mode > 1) { // AES
-			if (!extension_loaded('mcrypt')) {
-				$this->Error('AES encryption requires mcrypt library (http://www.php.net/manual/en/mcrypt.requirements.php).');
+			if (!extension_loaded('openssl') && !extension_loaded('mcrypt')) {
+				$this->Error('AES encryption requires openssl or mcrypt extension (http://www.php.net/manual/en/mcrypt.requirements.php).');
 			}
-			if (mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) === false) {
+			if (extension_loaded('openssl') && !in_array('aes-256-cbc', openssl_get_cipher_methods())) {
+				$this->Error('AES encryption requires openssl/aes-256-cbc cypher.');
+			}
+			if (extension_loaded('mcrypt') && mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) === false) {
 				$this->Error('AES encryption requires MCRYPT_RIJNDAEL_128 cypher.');
 			}
 			if (($mode == 3) AND !function_exists('hash')) {