From 4c4b68225679ea65b90fb7d93d970e7139d1347d Mon Sep 17 00:00:00 2001
From: infosave2007 <urevich55@gmail.com>
Date: Fri, 24 Apr 2026 06:48:18 +0300
Subject: [PATCH] fix: normalize SSH private key to prevent libcrypto errors
 caused by incorrect formatting

---
 inc/VpnServer.php | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/inc/VpnServer.php b/inc/VpnServer.php
index b19e022..362743b 100644
--- a/inc/VpnServer.php
+++ b/inc/VpnServer.php
@@ -44,6 +44,29 @@ class VpnServer
         }
     }
 
+    /**
+     * Normalize SSH private key: fix line endings, trim whitespace, ensure trailing newline.
+     * Fixes "error in libcrypto" when keys are pasted from Windows or browsers.
+     */
+    private static function normalizeSshKey(string $key): string
+    {
+        // Remove \r (Windows line endings)
+        $key = str_replace("\r\n", "\n", $key);
+        $key = str_replace("\r", "\n", $key);
+        // Trim each line (remove trailing spaces)
+        $lines = explode("\n", $key);
+        $lines = array_map('rtrim', $lines);
+        // Remove empty lines at start/end but keep internal structure
+        while (!empty($lines) && trim($lines[0]) === '') array_shift($lines);
+        while (!empty($lines) && trim(end($lines)) === '') array_pop($lines);
+        $key = implode("\n", $lines);
+        // PEM/OpenSSH keys MUST end with a newline
+        if ($key !== '' && substr($key, -1) !== "\n") {
+            $key .= "\n";
+        }
+        return $key;
+    }
+
     /**
      * Create new VPN server in database
      */
@@ -88,7 +111,7 @@ class VpnServer
             $data['port'],
             $data['username'],
             $data['password'] ?? null,
-            $data['ssh_key'] ?? null,
+            !empty($data['ssh_key']) ? self::normalizeSshKey($data['ssh_key']) : null,
             $data['container_name'] ?? 'amnezia-awg',
             $protocolSlug,
             $installOptions,
@@ -388,7 +411,7 @@ class VpnServer
 
         if (!empty($this->data['ssh_key'])) {
             $keyFile = tempnam(sys_get_temp_dir(), 'sshkey');
-            file_put_contents($keyFile, $this->data['ssh_key']);
+            file_put_contents($keyFile, self::normalizeSshKey($this->data['ssh_key']));
             chmod($keyFile, 0600);
             $sshOptions .= " -i {$keyFile} -o IdentitiesOnly=yes -o PubkeyAuthentication=yes -o PreferredAuthentications=publickey";
             // sshpass is not needed for key-based auth
@@ -438,7 +461,7 @@ class VpnServer
 
         if (!empty($this->data['ssh_key'])) {
             $keyFile = tempnam(sys_get_temp_dir(), 'sshkey');
-            file_put_contents($keyFile, $this->data['ssh_key']);
+            file_put_contents($keyFile, self::normalizeSshKey($this->data['ssh_key']));
             chmod($keyFile, 0600);
             $sshOptions .= " -i {$keyFile} -o IdentitiesOnly=yes -o PubkeyAuthentication=yes -o PreferredAuthentications=publickey";