All notable changes to this project will be documented in this file, in reverse chronological order by release.
- #42 Added the CTR mode for OpenSSL.
- Nothing.
- Nothing.
- #48 Incorrect Rsa type declaration in Hybrid constructor.
- #38 Support of GCM and CCM encryption mode for OpenSSL with PHP 7.1+
- Nothing.
- Nothing.
- Nothing.
- #32 adds a new Hybrid encryption utility, to allow OpenPGP-like encryption/decryption of messages using OpenSSL. See the documentation for details.
- Nothing.
- Nothing.
- Nothing.
- #22 adds a requirement
on
ext/mbstring
in order to install successfully. - #25 adds a new symmetric encryption adapter for the OpenSSL extension; this is now the default adapter used internally by the component when symmetric encryption is required.
- #25 adds support for zend-math v3.
- #26 adds
Zend\Crypt\Password\Bcrypt::benchmarkCost()
, which allows you to find the maximum cost value possible for your hardware within a 50ms timeframe. - #11 adds a new option
to the
Zend\Crypt\PublicKey\RsaOptions
class,openssl_padding
(orsetOpensslPadding()
; this is now consumed inZend\Crypt\PublicKey\Rsa::encrypt()
andZend\Crypt\PublicKey\Rsa::decrypt()
, instead of the optional$padding
argument.
- #25 deprecates usage of the mcrypt symmetric encryption adapter when used on PHP 7 versions, as PHP 7.1 will deprecate the mcrypt extension.
- #11 removes the
optional
$padding
argument from each ofZend\Crypt\PublicKey\Rsa
'sencrypt()
anddecrypt()
methods; you can now specify the value via theRsaOptions
. - #25 removes support for zend-math v2 versions.
- #29 removes support for PHP 5.5.
- #22 updates all
occurrences of
substr()
andstrlen()
to usemb_substr()
andmb_strlen()
, respectively. This provides better security with binary values. - #25 updates the
Zend\Crypt\Password\Bcrypt
implementation to usepassword_hash()
andpassword_verify()
internally, as they are supported in all PHP versions we support. - #19 fixes the
DiffieHellman
publickey implementation to initialize theBigInteger
adapter from zend-math as the first operation of its constructor, fixing a fatal error that occurs when binary data is provided.
- #18 adds documentation, and publishes it to https://zendframework.github.io/zend-crypt/
- Nothing.
- Removes the (development) dependency on zend-config; tests that used it
previously have been updated to use
ArrayObject
, which implements the same behavior being tested.
- #4 replaces
the zend-servicemanager with container-interop, and refactors the
various plugin managers to implement that interface instead of extending the
AbstractPluginManager
.
- Nothing.
- Nothing.
- Nothing.
-
ZF2015-10:
Zend\Crypt\PublicKey\Rsa\PublicKey
has a call toopenssl_public_encrypt()
which used PHP's default$padding
argument, which specifiesOPENSSL_PKCS1_PADDING
, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to recover an RSA private key. This release contains a patch that changes the padding argument to useOPENSSL_PKCS1_OAEP_PADDING
.Users upgrading to this version may have issues decrypting previously stored values, due to the change in padding. If this occurs, you can pass the constant
OPENSSL_PKCS1_PADDING
to a new$padding
argument inZend\Crypt\PublicKey\Rsa::encrypt()
anddecrypt()
(though typically this should only apply to the latter):$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING);
where
$rsa
is an instance ofZend\Crypt\PublicKey\Rsa
.(The
$key
and$mode
argument defaults arenull
andZend\Crypt\PublicKey\Rsa::MODE_AUTO
, if you were not using them previously.)We recommend re-encrypting any such values using the new defaults.
- Nothing.
- Nothing.
- Nothing.
-
ZF2015-10:
Zend\Crypt\PublicKey\Rsa\PublicKey
has a call toopenssl_public_encrypt()
which used PHP's default$padding
argument, which specifiesOPENSSL_PKCS1_PADDING
, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to recover an RSA private key. This release contains a patch that changes the padding argument to useOPENSSL_PKCS1_OAEP_PADDING
.Users upgrading to this version may have issues decrypting previously stored values, due to the change in padding. If this occurs, you can pass the constant
OPENSSL_PKCS1_PADDING
to a new$padding
argument inZend\Crypt\PublicKey\Rsa::encrypt()
anddecrypt()
(though typically this should only apply to the latter):$decrypted = $rsa->decrypt($data, $key, $mode, OPENSSL_PKCS1_PADDING);
where
$rsa
is an instance ofZend\Crypt\PublicKey\Rsa
.(The
$key
and$mode
argument defaults arenull
andZend\Crypt\PublicKey\Rsa::MODE_AUTO
, if you were not using them previously.)We recommend re-encrypting any such values using the new defaults.
hotfix/5