diff options
| author | schwarze <> | 2017-08-20 20:53:04 +0000 |
|---|---|---|
| committer | schwarze <> | 2017-08-20 20:53:04 +0000 |
| commit | 641b14538a2987bf20fa1b25f96201419a66589c (patch) | |
| tree | 71dda16c3e0fc221987dadda5951eec5d7818b53 | |
| parent | f6b981f4a6516aead24667ad1b21501c3bfcbe99 (diff) | |
| download | openbsd-641b14538a2987bf20fa1b25f96201419a66589c.tar.gz openbsd-641b14538a2987bf20fa1b25f96201419a66589c.tar.bz2 openbsd-641b14538a2987bf20fa1b25f96201419a66589c.zip | |
Add a BUGS section stating that RSA_PKCS1_PADDING is weak by design;
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
| -rw-r--r-- | src/lib/libcrypto/man/RSA_public_encrypt.3 | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/lib/libcrypto/man/RSA_public_encrypt.3 b/src/lib/libcrypto/man/RSA_public_encrypt.3 index 808126415d..c830d5d767 100644 --- a/src/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/src/lib/libcrypto/man/RSA_public_encrypt.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" $OpenBSD: RSA_public_encrypt.3,v 1.6 2017/03/25 18:17:45 schwarze Exp $ | 1 | .\" $OpenBSD: RSA_public_encrypt.3,v 1.7 2017/08/20 20:53:04 schwarze Exp $ |
| 2 | .\" OpenSSL RSA_public_encrypt.pod b41f6b64 Mar 10 15:49:04 2017 +0000 | 2 | .\" OpenSSL RSA_public_encrypt.pod 1e3f62a3 Jul 17 16:47:13 2017 +0200 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file was written by Ulf Moeller <ulf@openssl.org>. | 4 | .\" This file was written by Ulf Moeller <ulf@openssl.org>. |
| 5 | .\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. | 5 | .\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. |
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 50 | .\" | 50 | .\" |
| 51 | .Dd $Mdocdate: March 25 2017 $ | 51 | .Dd $Mdocdate: August 20 2017 $ |
| 52 | .Dt RSA_PUBLIC_ENCRYPT 3 | 52 | .Dt RSA_PUBLIC_ENCRYPT 3 |
| 53 | .Os | 53 | .Os |
| 54 | .Sh NAME | 54 | .Sh NAME |
| @@ -157,3 +157,11 @@ argument was added in SSLeay 0.8. | |||
| 157 | .Dv RSA_NO_PADDING | 157 | .Dv RSA_NO_PADDING |
| 158 | is available since SSLeay 0.9.0. | 158 | is available since SSLeay 0.9.0. |
| 159 | OAEP was added in OpenSSL 0.9.2b. | 159 | OAEP was added in OpenSSL 0.9.2b. |
| 160 | .Sh BUGS | ||
| 161 | Decryption failures in the | ||
| 162 | .Dv RSA_PKCS1_PADDING | ||
| 163 | mode leak information which can potentially be used to mount a | ||
| 164 | Bleichenbacher padding oracle attack. | ||
| 165 | This is an inherent weakness in the PKCS #1 v1.5 padding design. | ||
| 166 | Prefer | ||
| 167 | .Dv RSA_PKCS1_OAEP_PADDING . | ||