ZF2015-10: Potential Information Disclosure in ZendCryptPublicKeyRsaPublicKey

ZF2015-10: Potential Information Disclosure in ZendCryptPublicKeyRsaPublicKey

ZendCryptPublicKeyRsaPublicKey has a call to openssl_public_encrypt()
which uses PHP’s default $padding argument, which specifies
OPENSSL_PKCS1_PADDING, indicating usage of PKCS1v1.5 padding. This padding has
a known vulnerability, the Bleichenbacher’s chosen-ciphertext attack,
which can be used to decrypt arbitrary ciphertexts.

Action Taken

  • ZendCryptPublicKeyRsaPublicKey::encrypt() was updated to accept an
    additional argument, $padding; the default value for this argument was set
    to OPENSSL_PKCS1_OAEP_PADDING.
  • ZendCryptPublicKeyRsaPrivateKey::decrypt() was updated to accept an
    additional argument, $padding; the default value for this argument was set
    to OPENSSL_PKCS1_OAEP_PADDING.
  • ZendCryptPublicKeyRsa::encrypt() was updated to accept an additional
    optional argument, $padding, allowing the user to specify the padding to use
    with PublicKey::encrypt().
  • ZendCryptPublicKeyRsa::decrypt() was updated to accept an additional
    optional argument, $padding, allowing the user to specify the padding to use
    with PrivateKey::decrypt().

The above changes represent a backwards-compatibility break, but were necessary
to prevent the outlined vulnerability. If you were using
ZendCryptPublicKeyRsa previously, you will likely need to re-encrypt any
data you’ve previously encrypted to use the new padding. This can be done as
follows:

$decrypted = $rsa->decrypt($data, $key, $rsa::MODE_AUTO, OPENSSL_PKCS1_PADDING);
$encrypted = $rsa->encrypt($data, $key); // Encrypted using OPENSSL_PKCS1_OAEP_PADDING

The key may have a value of null in each of the examples above.

The following releases contain the fixes:

  • Zend Framework 2.4.9
  • zend-framework/zend-crypt 2.4.9
  • zend-framework/zend-crypt 2.5.2

This advisory was given the CVE identifier CVE-2015-7503

Recommendations

If you use zend-crypt via either Zend Framework 2 or the
zendframework/zend-crypt package, and are using the RSA public key
functionality, we recommend upgrading to 2.4.9/2.5.2 immediately.

Other Information

Acknowledgments

The Zend Framework team thanks the following for identifying the issues and
working with us to help protect its users:

Source: Zend security feed