From 3a0193875a09dcbb0f86ba8263e5eba999de5520 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Tue, 24 Dec 2013 18:37:43 -0600
Subject: [PATCH 1/3] RSA: more verbose RSA key handling

---
 phpseclib/Crypt/RSA.php | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php
index 4ce00456..43516af4 100644
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@@ -992,8 +992,9 @@ class Crypt_RSA
                     $iv = pack('H*', trim($matches[2]));
                     $symkey = pack('H*', md5($this->password . substr($iv, 0, 8))); // symkey is short for symmetric key
                     $symkey.= pack('H*', md5($symkey . $this->password . substr($iv, 0, 8)));
-                    $ciphertext = preg_replace('#.+(\r|\n|\r\n)\1|[\r\n]|-.+-| #s', '', $key);
-                    $ciphertext = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $ciphertext) ? base64_decode($ciphertext) : false;
+                    // remove the Proc-Type / DEK-Info sections as they're no longer needed
+                    $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key);
+                    $ciphertext = $this->_extractBER($key);
                     if ($ciphertext === false) {
                         $ciphertext = $key;
                     }
@@ -1037,8 +1038,7 @@ class Crypt_RSA
                     $crypto->setIV($iv);
                     $decoded = $crypto->decrypt($ciphertext);
                 } else {
-                    $decoded = preg_replace('#-.+-|[\r\n]| #', '', $key);
-                    $decoded = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $decoded) ? base64_decode($decoded) : false;
+                    $decoded = $this->_extractBER($key);
                 }
 
                 if ($decoded !== false) {
@@ -2781,4 +2781,31 @@ class Crypt_RSA
                 return $this->_rsassa_pss_verify($message, $signature);
         }
     }
+
+    /**
+     * Extract raw BER from Base64 encoding
+     *
+     * @access private
+     * @param String $str
+     * @return String
+     */
+    function _extractBER($str)
+    {
+        /*
+            X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie.
+            some may have the following preceding the -----BEGIN CERTIFICATE----- line:
+
+            Bag Attributes
+                localKeyID: 01 00 00 00
+            subject=/O=organization/OU=org unit/CN=common name
+            issuer=/O=organization/CN=common name
+        */
+        $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
+        // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
+        $temp = preg_replace('#-+[^-]+-+#', '', $temp);
+        // remove new lines
+        $temp = str_replace(array("\r", "\n", ' '), '', $temp);
+        $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? base64_decode($temp) : false;
+        return $temp != false ? $temp : $str;
+    }
 }

From b23a693ae5149a8d2071146ba90fe958dc911d19 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Thu, 26 Dec 2013 01:46:58 -0600
Subject: [PATCH 2/3] RSA: update comments for _extractBER

---
 phpseclib/Crypt/RSA.php  | 18 +++++++++---------
 phpseclib/File/X509.php  | 18 +++++++++---------
 tests/Crypt/RSA/Test.php | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+), 18 deletions(-)
 create mode 100644 tests/Crypt/RSA/Test.php

diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php
index 43516af4..97a2503b 100644
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@@ -2791,15 +2791,15 @@ class Crypt_RSA
      */
     function _extractBER($str)
     {
-        /*
-            X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie.
-            some may have the following preceding the -----BEGIN CERTIFICATE----- line:
-
-            Bag Attributes
-                localKeyID: 01 00 00 00
-            subject=/O=organization/OU=org unit/CN=common name
-            issuer=/O=organization/CN=common name
-        */
+        /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them
+         * above and beyond the ceritificate.
+         * ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line:
+         *
+         * Bag Attributes
+         *     localKeyID: 01 00 00 00
+         * subject=/O=organization/OU=org unit/CN=common name
+         * issuer=/O=organization/CN=common name
+         */
         $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
         // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
         $temp = preg_replace('#-+[^-]+-+#', '', $temp);
diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php
index 21a3f0c4..c558bf49 100644
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@@ -4413,15 +4413,15 @@ class File_X509
      */
     function _extractBER($str)
     {
-        /*
-            X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them above and beyond the ceritificate. ie.
-            some may have the following preceding the -----BEGIN CERTIFICATE----- line:
-
-            Bag Attributes
-                localKeyID: 01 00 00 00
-            subject=/O=organization/OU=org unit/CN=common name
-            issuer=/O=organization/CN=common name
-        */
+        /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them
+         * above and beyond the ceritificate.
+         * ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line:
+         *
+         * Bag Attributes
+         *     localKeyID: 01 00 00 00
+         * subject=/O=organization/OU=org unit/CN=common name
+         * issuer=/O=organization/CN=common name
+         */
         $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
         // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
         $temp = preg_replace('#-+[^-]+-+#', '', $temp);
diff --git a/tests/Crypt/RSA/Test.php b/tests/Crypt/RSA/Test.php
new file mode 100644
index 00000000..58063d69
--- /dev/null
+++ b/tests/Crypt/RSA/Test.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * @author     Jim Wigginton <terrafrost@php.net>
+ * @copyright  MMXIII Jim Wigginton
+ * @license    http://www.opensource.org/licenses/mit-license.html  MIT License
+ */
+
+class Crypt_RSA_Test extends PhpseclibTestCase
+{
+	static public function setUpBeforeClass()
+	{
+		require_once('Crypt/RSA.php');
+	}
+
+	public function testLoadKey()
+	{
+		$rsa = new Crypt_RSA();
+
+		$key1 = '-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
+wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
+1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
+3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
+pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
+GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
+AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
+L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
+X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
+U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
+37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
+-----END RSA PRIVATE KEY-----';
+		$key2 = str_replace(array("\r", "\n", "\r\n"), ' ', $key1);
+
+		$this->assertTrue($rsa->loadKey($key1));
+		$this->assertTrue($rsa->loadKey($key2));
+	}
+}
\ No newline at end of file

From 48ab947fe186154b5aef9589c0a3958aac58832b Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Fri, 27 Dec 2013 10:22:36 -0600
Subject: [PATCH 3/3] RSA: remove unit test for time being - it's going to be
 renamed and rewritten

---
 tests/Crypt/RSA/Test.php | 37 -------------------------------------
 1 file changed, 37 deletions(-)
 delete mode 100644 tests/Crypt/RSA/Test.php

diff --git a/tests/Crypt/RSA/Test.php b/tests/Crypt/RSA/Test.php
deleted file mode 100644
index 58063d69..00000000
--- a/tests/Crypt/RSA/Test.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-/**
- * @author     Jim Wigginton <terrafrost@php.net>
- * @copyright  MMXIII Jim Wigginton
- * @license    http://www.opensource.org/licenses/mit-license.html  MIT License
- */
-
-class Crypt_RSA_Test extends PhpseclibTestCase
-{
-	static public function setUpBeforeClass()
-	{
-		require_once('Crypt/RSA.php');
-	}
-
-	public function testLoadKey()
-	{
-		$rsa = new Crypt_RSA();
-
-		$key1 = '-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
-wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
-1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
-3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
-pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
-GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
-AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
-L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
-X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
-U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
-37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
------END RSA PRIVATE KEY-----';
-		$key2 = str_replace(array("\r", "\n", "\r\n"), ' ', $key1);
-
-		$this->assertTrue($rsa->loadKey($key1));
-		$this->assertTrue($rsa->loadKey($key2));
-	}
-}
\ No newline at end of file