ZendCryptHmac
to use hash_hmac_algos
instead of hmac_algos
when it is present.ext/mbstring
in order to install successfully.ZendCryptPasswordBcrypt::benchmarkCost()
, which allows you to find themaximum cost value possible for your hardware within a 50ms timeframe.ZendCryptPublicKeyRsaOptions
class, openssl_padding
(orsetOpensslPadding()
; this is now consumed inZendCryptPublicKeyRsa::encrypt()
andZendCryptPublicKeyRsa::decrypt()
, instead of the optional $padding
argument.$padding
argument from each of ZendCryptPublicKeyRsa
'sencrypt()
and decrypt()
methods; you can now specify the value via theRsaOptions
.substr()
and strlen()
to use mb_substr()
andmb_strlen()
, respectively. This provides better security with binary values.ZendCryptPasswordBcrypt
implementation to use password_hash()
andpassword_verify()
internally, as they are supported in all PHP versions wesupport.DiffieHellman
publickey implementation to initialize the BigInteger
adapter from zend-math as the first operation of its constructor, fixing afatal error that occurs when binary data is provided.ArrayObject
, which implements the samebehavior being tested.AbstractPluginManager
.ZendCryptPublicKeyRsaPublicKey
has a call to openssl_public_encrypt()
which used PHP's default $padding
argument, which specifiesOPENSSL_PKCS1_PADDING
, indicating usage of PKCS1v1.5 padding. This paddinghas a known vulnerability, theBleichenbacher's chosen-ciphertext attack,which can be used to recover an RSA private key. This release contains a patchthat changes the padding argument to use OPENSSL_PKCS1_OAEP_PADDING
.OPENSSL_PKCS1_PADDING
to a new $padding
argument inZendCryptPublicKeyRsa::encrypt()
and decrypt()
(though typically thisshould only apply to the latter):$rsa
is an instance of ZendCryptPublicKeyRsa
.$key
and $mode
argument defaults are null
andZendCryptPublicKeyRsa::MODE_AUTO
, if you were not using them previously.)ZendCryptPublicKeyRsaPublicKey
has a call to openssl_public_encrypt()
which used PHP's default $padding
argument, which specifiesOPENSSL_PKCS1_PADDING
, indicating usage of PKCS1v1.5 padding. This paddinghas a known vulnerability, theBleichenbacher's chosen-ciphertext attack,which can be used to recover an RSA private key. This release contains a patchthat changes the padding argument to use OPENSSL_PKCS1_OAEP_PADDING
.OPENSSL_PKCS1_PADDING
to a new $padding
argument inZendCryptPublicKeyRsa::encrypt()
and decrypt()
(though typically thisshould only apply to the latter):$rsa
is an instance of ZendCryptPublicKeyRsa
.$key
and $mode
argument defaults are null
andZendCryptPublicKeyRsa::MODE_AUTO
, if you were not using them previously.)