Security Advisory: ZF2015-10

ZF2015-10: Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey

Zend\Crypt\PublicKey\Rsa\PublicKey has a call to openssl_public_encrypt() which uses PHP's default $padding argument, which specifies OPENSSL_PKCS1_PADDING , indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts.

Action Taken

Zend\Crypt\PublicKey\Rsa\PublicKey::encrypt() was updated to accept an additional argument, $padding ; the default value for this argument was set to OPENSSL_PKCS1_OAEP_PADDING .

was updated to accept an additional argument, ; the default value for this argument was set to . Zend\Crypt\PublicKey\Rsa\PrivateKey::decrypt() was updated to accept an additional argument, $padding ; the default value for this argument was set to OPENSSL_PKCS1_OAEP_PADDING .

was updated to accept an additional argument, ; the default value for this argument was set to . Zend\Crypt\PublicKey\Rsa::encrypt() was updated to accept an additional optional argument, $padding , allowing the user to specify the padding to use with PublicKey::encrypt() .

was updated to accept an additional optional argument, , allowing the user to specify the padding to use with . Zend\Crypt\PublicKey\Rsa::decrypt() was updated to accept an additional optional argument, $padding , allowing the user to specify the padding to use with PrivateKey::decrypt() .

The above changes represent a backwards-compatibility break, but were necessary to prevent the outlined vulnerability. If you were using Zend\Crypt\PublicKey\Rsa previously, you will likely need to re-encrypt any data you've previously encrypted to use the new padding. This can be done as follows:

$decrypted = $rsa->decrypt($data, $key, $rsa::MODE_AUTO, OPENSSL_PKCS1_PADDING); $encrypted = $rsa->encrypt($data, $key); // Encrypted using OPENSSL_PKCS1_OAEP_PADDING

The key may have a value of null in each of the examples above.

The following releases contain the fixes:

Zend Framework 2.4.9

zend-framework/zend-crypt 2.4.9

zend-framework/zend-crypt 2.5.2

This advisory was given the CVE identifier CVE-2015-7503

Recommendations

If you use zend-crypt via either Zend Framework 2 or the zendframework/zend-crypt package, and are using the RSA public key functionality, we recommend upgrading to 2.4.9/2.5.2 immediately.

Other Information

Acknowledgments

The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:

Paragon Initiative Enterprises for reporting the vulnerability and verifying the patch, and

Enrico Zimuel, who provided the patch.

Released 2015-11-23

Back to advisories