ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.0l

Browse Source
This commit is contained in:
Steve Dower
2019-09-16 11:19:00 +01:00
parent 697f7e1f24
commit 42e1dddc24
80 changed files with 1888 additions and 995 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
doc/crypto/RSA_padding_add_PKCS1_type_1.pod
View File

@@ -109,7 +109,12 @@ L<ERR_get_error(3)>.
The RSA_padding_check_PKCS1_type_2() padding check leaks timing
information which can potentially be used to mount a Bleichenbacher
padding oracle attack. This is an inherent weakness in the PKCS #1
v1.5 padding design. Prefer PKCS1_OAEP padding.
v1.5 padding design. Prefer PKCS1_OAEP padding. Otherwise it can
be recommended to pass zero-padded B<f>, so that B<fl> equals to
B<rsa_len>, and if fixed by protocol, B<tlen> being set to the
expected length. In such case leakage would be minimal, it would
take attacker's ability to observe memory access pattern with byte
granilarity as it occurs, post-factum timing analysis won't do.
=head1 SEE ALSO