Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1754121811, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"40f398ceb714c1d75db4d8a5ef308ec5", "commit": {"type":"commit", "time": 1500369399, "time_ofs": 120, "oid_tree": { "oid": "979f2a1a496cc1084ea475f10aef05d9d3fc028f", "alias": []}, "oid":{ "oid": "1e3f62a3823f7e3db9d403f724fd9d66f5b04cf8", "alias": []}, "msg": "RSA_padding_check_PKCS1_type_2 is not constant time.", "sig_commit": { "git_time": { "time": 1500369399, "offset": 120 }, "name": "Emilia Kasper", "email": "emilia@openssl.org", "md5": "ed7c7cd0bbbda5ebcb1a10a4000e62ce" }, "sig_author": { "git_time": { "time": 1500302833, "offset": 120 }, "name": "Emilia Kasper", "email": "emilia@openssl.org", "md5": "ed7c7cd0bbbda5ebcb1a10a4000e62ce" }}, "body": "RSA_padding_check_PKCS1_type_2 is not constant time.\n\nThis is an inherent weakness of the padding mode. We can't make the\nimplementation constant time (see the comments in rsa_pk1.c), so add a\nwarning to the docs.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n" , "diff": "diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod\nindex 52ca15a..93911ca 100644\n--- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod\n+++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod\n@@ -105,6 +105,13 @@ The RSA_padding_check_xxx() functions return the length of the\n recovered data, -1 on error. Error codes can be obtained by calling\n L\u003cERR_get_error(3)\u003e.\n \n+\u003dhead1 WARNING\n+\n+The RSA_padding_check_PKCS1_type_2() padding check leaks timing\n+information which can potentially be used to mount a Bleichenbacher\n+padding oracle attack. This is an inherent weakness in the PKCS #1\n+v1.5 padding design. Prefer PKCS1_OAEP padding.\n+\n \u003dhead1 SEE ALSO\n \n L\u003cRSA_public_encrypt(3)\u003e,\ndiff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod\nindex a495ecd..91c176e 100644\n--- a/doc/man3/RSA_public_encrypt.pod\n+++ b/doc/man3/RSA_public_encrypt.pod\n@@ -67,6 +67,13 @@ recovered plaintext.\n On error, -1 is returned; the error codes can be\n obtained by L\u003cERR_get_error(3)\u003e.\n \n+\u003dhead1 WARNING\n+\n+Decryption failures in the RSA_PKCS1_PADDING mode leak information\n+which can potentially be used to mount a Bleichenbacher padding oracle\n+attack. This is an inherent weakness in the PKCS #1 v1.5 padding\n+design. Prefer RSA_PKCS1_OAEP_PADDING.\n+\n \u003dhead1 CONFORMING TO\n \n SSL, PKCS #1 v2.0\n","s":{"c":1754121811,"u": 65403}} ],"g": 66401,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}