Zend\Crypt\PublicKey\Rsa\PublicKey
has a call to openssl_public_encrypt()
which uses PHP's default $padding
argument, which specifies
OPENSSL_PKCS1_PADDING
, indicating usage of PKCS1v1.5 padding. This padding has
a known vulnerability, the Bleichenbacher's chosen-ciphertext attack,
which can be used to decrypt arbitrary ciphertexts.
Zend\Crypt\PublicKey\Rsa\PublicKey::encrypt()
was updated to accept an
additional argument, $padding
; the default value for this argument was set
to OPENSSL_PKCS1_OAEP_PADDING
.Zend\Crypt\PublicKey\Rsa\PrivateKey::decrypt()
was updated to accept an
additional argument, $padding
; the default value for this argument was set
to OPENSSL_PKCS1_OAEP_PADDING
.Zend\Crypt\PublicKey\Rsa::encrypt()
was updated to accept an additional
optional argument, $padding
, allowing the user to specify the padding to use
with PublicKey::encrypt()
.Zend\Crypt\PublicKey\Rsa::decrypt()
was updated to accept an additional
optional argument, $padding
, allowing the user to specify the padding to use
with PrivateKey::decrypt()
.The above changes represent a backwards-compatibility break, but were necessary
to prevent the outlined vulnerability. If you were using
Zend\Crypt\PublicKey\Rsa
previously, you will likely need to re-encrypt any
data you've previously encrypted to use the new padding. This can be done as
follows:
$decrypted = $rsa->decrypt($data, $key, $rsa::MODE_AUTO, OPENSSL_PKCS1_PADDING);
$encrypted = $rsa->encrypt($data, $key); // Encrypted using OPENSSL_PKCS1_OAEP_PADDING
The key may have a value of null
in each of the examples above.
The following releases contain the fixes:
This advisory was given the CVE identifier CVE-2015-7503
If you use zend-crypt via either Zend Framework 2 or the zendframework/zend-crypt package, and are using the RSA public key functionality, we recommend upgrading to 2.4.9/2.5.2 immediately.
The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:
Released 2015-11-23
Have you identified a security vulnerability?
Please report it to us at zf-security@zend.com