diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-17 10:52:33 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-17 10:52:33 +0000 |
| commit | 2c3307fb903f427be3d021c5780b75cac9af2ce8 (patch) | |
| tree | 65cf431f40b7481d81ae2dfce9576342686448f7 /upstream/debian-unstable/man3/RSA_public_encrypt.3ssl | |
| parent | Releasing progress-linux version 4.22.0-1~progress7.99u1. (diff) | |
| download | manpages-l10n-2c3307fb903f427be3d021c5780b75cac9af2ce8.tar.xz manpages-l10n-2c3307fb903f427be3d021c5780b75cac9af2ce8.zip | |
Merging upstream version 4.23.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'upstream/debian-unstable/man3/RSA_public_encrypt.3ssl')
| -rw-r--r-- | upstream/debian-unstable/man3/RSA_public_encrypt.3ssl | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/upstream/debian-unstable/man3/RSA_public_encrypt.3ssl b/upstream/debian-unstable/man3/RSA_public_encrypt.3ssl index d3b32a2b..a8d1c5cd 100644 --- a/upstream/debian-unstable/man3/RSA_public_encrypt.3ssl +++ b/upstream/debian-unstable/man3/RSA_public_encrypt.3ssl @@ -55,7 +55,7 @@ .\" ======================================================================== .\" .IX Title "RSA_PUBLIC_ENCRYPT 3SSL" -.TH RSA_PUBLIC_ENCRYPT 3SSL 2024-02-03 3.1.5 OpenSSL +.TH RSA_PUBLIC_ENCRYPT 3SSL 2024-04-04 3.2.2-dev OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -106,8 +106,8 @@ Raw RSA encryption. This mode should \fIonly\fR be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure. .PP -\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the PKCS #1 v1.5 -based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for +When encrypting \fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the +PKCS #1 v1.5 based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for RSA_PKCS1_OAEP_PADDING and exactly RSA_size(\fBrsa\fR) for RSA_NO_PADDING. When a padding mode other than RSA_NO_PADDING is in use, then \&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext @@ -143,6 +143,13 @@ Decryption failures in the RSA_PKCS1_PADDING mode leak information which can potentially be used to mount a Bleichenbacher padding oracle attack. This is an inherent weakness in the PKCS #1 v1.5 padding design. Prefer RSA_PKCS1_OAEP_PADDING. +.PP +In OpenSSL before version 3.2.0, both the return value and the length of +returned value could be used to mount the Bleichenbacher attack. +Since version 3.2.0, OpenSSL does not return an error in case of padding +checks failed. Instead it generates a random message based on used private +key and provided ciphertext so that application code doesn't have to implement +a side-channel secure error handling. .SH "CONFORMING TO" .IX Header "CONFORMING TO" SSL, PKCS #1 v2.0 |