Adding upstream version 4.23.0.upstream/4.23.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 20 insertions, 4 deletions

diff --git a/upstream/debian-unstable/man1/openssl-pkeyutl.1ssl b/upstream/debian-unstable/man1/openssl-pkeyutl.1ssl
index 63a3a1a0..46702d45 100644
--- a/upstream/debian-unstable/man1/openssl-pkeyutl.1ssl
+++ b/upstream/debian-unstable/man1/openssl-pkeyutl.1ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL-PKEYUTL 1SSL"
-.TH OPENSSL-PKEYUTL 1SSL 2024-02-03 3.1.5 OpenSSL
+.TH OPENSSL-PKEYUTL 1SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,7 +154,9 @@ The peer key format; unspecified by default.
 See \fBopenssl\-format\-options\fR\|(1) for details.
 .IP \fB\-pubin\fR 4
 .IX Item "-pubin"
-The input file is a public key.
+By default a private key is read from the key input.
+With this option a public key is read instead.
+If the input contains no public key but a private key, its public part is used.
 .IP \fB\-certin\fR 4
 .IX Item "-certin"
 The input is a certificate containing a public key.
@@ -273,6 +275,11 @@ signed or verified directly instead of using a \fBDigestInfo\fR structure. If a
 digest is set, then the \fBDigestInfo\fR structure is used and its length
 must correspond to the digest type.
 .Sp
+Note, for \fBpkcs1\fR padding, as a protection against the Bleichenbacher attack,
+the decryption will not fail in case of padding check failures. Use \fBnone\fR
+and manual inspection of the decrypted message to verify if the decrypted
+value has correct PKCS#1 v1.5 padding.
+.Sp
 For \fBoaep\fR mode only encryption and decryption is supported.
 .Sp
 For \fBx931\fR if the digest type is set it is used to format the block data
@@ -296,6 +303,15 @@ explicitly set in PSS mode then the signing digest is used.
 .IX Item "rsa_oaep_md:digest"
 Sets the digest used for the OAEP hash function. If not explicitly set then
 SHA1 is used.
+.IP \fBrsa_pkcs1_implicit_rejection:\fR\fIflag\fR 4
+.IX Item "rsa_pkcs1_implicit_rejection:flag"
+Disables (when set to 0) or enables (when set to 1) the use of implicit
+rejection with PKCS#1 v1.5 decryption. When enabled (the default), as a
+protection against Bleichenbacher attack, the library will generate a
+deterministic random plaintext that it will return to the caller in case
+of padding check failure.
+When disabled, it's the callers' responsibility to handle the returned
+errors in a side-channel free manner.
 .SH "RSA-PSS ALGORITHM"
 .IX Header "RSA-PSS ALGORITHM"
 The RSA-PSS algorithm is a restricted version of the RSA algorithm which only
@@ -307,7 +323,7 @@ These have the same meaning as the \fBRSA\fR algorithm with some additional
 restrictions. The padding mode can only be set to \fBpss\fR which is the
 default value.
 .Sp
-If the key has parameter restrictions than the digest, MGF1
+If the key has parameter restrictions then the digest, MGF1
 digest and salt length are set to the values specified in the parameters.
 The digest and MG cannot be changed and the salt length cannot be set to a
 value less than the minimum restriction.
@@ -447,7 +463,7 @@ Decrypt some data using a private key with OAEP padding using SHA256:
 The \fB\-engine\fR option was deprecated in OpenSSL 3.0.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
-Copyright 2006\-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy