Don't set OPENSSL_PKCS1_OAEP_PADDING as default in (2.5.2), please.

Question

Don't set OPENSSL_PKCS1_OAEP_PADDING as default in (2.5.2), please.

Moln opened this issue 9 years ago · 1 comments

$privateKey = file_get_contents('test/_files/test.pem');
$publicKey= file_get_contents('test/_files/test.cert');

$rsa = Zend\Crypt\PublicKey\Rsa::factory([
    'private_key' => $privateKey,
    'public_key' => $publicKey,
    'binary_output' => false,
]);

//In 2.5.1 default decrypt padding is OPENSSL_PKCS1_PADDING.
//My app client's padding is OPENSSL_PKCS1_PADDING too.
$txt = $rsa->encrypt('123456', $rsa->getOptions()->getPublicKey(), Zend\Crypt\PublicKey\Rsa::MODE_BASE64, OPENSSL_PKCS1_PADDING);
echo $rsa->decrypt($txt, $rsa->getOptions()->getPrivateKey(), Zend\Crypt\PublicKey\Rsa::MODE_BASE64, OPENSSL_PKCS1_PADDING), PHP_EOL;

//When I update 2.5.1 to 2.5.2, it's not working.
//This may be updated to version 2.6?
echo $rsa->decrypt($txt); //Throw exception 'Can not decrypt; openssl error:0906D06C:PEM routines:PEM_read_bio:no start line'.

Answer 1 · 2015-12-25T05:14:22.000Z

Please see http://framework.zend.com/security/advisory/ZF2015-10 for the reason why the default was changed, and why we will not be changing it back. In short, the old default was insecure, and created easily exploitable attack vectors.