RSA: rm ENCRYPTION_PKCS15_COMPAT mode

phpseclib/Crypt/RSA.php

@@ -109,12 +109,6 @@ abstract class RSA extends AsymmetricKey
      * stuff, if you're trying to diagnose why an encrypted message isn't decrypting, etc.
      */
     const ENCRYPTION_NONE = 4;
-    /**
-     * Use PKCS#1 padding with PKCS1 v1.5 compatibility
-     *
-     * A PKCS1 v2.1 encrypted message may not successfully decrypt with a PKCS1 v1.5 implementation (such as OpenSSL).
-     */
-    const ENCRYPTION_PKCS15_COMPAT = 8;
     /**#@-*/
 
     /**#@+
@@ -747,8 +741,7 @@ public function withPadding($padding)
         $masks = [
             self::ENCRYPTION_OAEP,
             self::ENCRYPTION_PKCS1,
-            self::ENCRYPTION_NONE,
-            self::ENCRYPTION_PKCS15_COMPAT
+            self::ENCRYPTION_NONE
         ];
         $numSelected = 0;
         $selected = 0;

phpseclib/Crypt/RSA/PrivateKey.php

@@ -324,17 +324,6 @@ public function sign($message)
      *
      * See {@link http://tools.ietf.org/html/rfc3447#section-7.2.2 RFC3447#section-7.2.2}.
      *
-     * For compatibility purposes, this function departs slightly from the description given in RFC3447.
-     * The reason being that RFC2313#section-8.1 (PKCS#1 v1.5) states that ciphertext's encrypted by the
-     * private key should have the second byte set to either 0 or 1 and that ciphertext's encrypted by the
-     * public key should have the second byte set to 2.  In RFC3447 (PKCS#1 v2.1), the second byte is supposed
-     * to be 2 regardless of which key is used.  For compatibility purposes, we'll just check to make sure the
-     * second byte is 2 or less.  If it is, we'll accept the decrypted string as valid.
-     *
-     * As a consequence of this, a private key encrypted ciphertext produced with \phpseclib3\Crypt\RSA may not decrypt
-     * with a strictly PKCS#1 v1.5 compliant RSA implementation.  Public key encrypted ciphertext's should but
-     * not private key encrypted ciphertext's.
-     *
      * @access private
      * @param string $c
      * @return bool|string

phpseclib/Crypt/RSA/PublicKey.php

@@ -329,12 +329,6 @@ private function rsaes_pkcs1_v1_5_encrypt($m, $pkcs15_compat = false)
             $ps.= $temp;
         }
         $type = 2;
-        // see the comments of _rsaes_pkcs1_v1_5_decrypt() to understand why this is being done
-        if ($pkcs15_compat && (!isset($this->publicExponent) || $this->exponent !== $this->publicExponent)) {
-            $type = 1;
-            // "The padding string PS shall consist of k-3-||D|| octets. ... for block type 01, they shall have value FF"
-            $ps = str_repeat("\xFF", $psLen);
-        }
         $em = chr(0) . chr($type) . $ps . chr(0) . $m;
 
         // RSA encryption
@@ -450,10 +444,8 @@ public function encrypt($plaintext)
         switch ($this->encryptionPadding) {
             case self::ENCRYPTION_NONE:
                 return $this->raw_encrypt($plaintext);
-            case self::ENCRYPTION_PKCS15_COMPAT:
             case self::ENCRYPTION_PKCS1:
-                $pkcs15_compat = $this->encryptionPadding & self::ENCRYPTION_PKCS15_COMPAT;
-                return $this->rsaes_pkcs1_v1_5_encrypt($plaintext, $pkcs15_compat);
+                return $this->rsaes_pkcs1_v1_5_encrypt($plaintext);
             //case self::ENCRYPTION_OAEP:
             default:
                 return $this->rsaes_oaep_encrypt($plaintext);