From f986c31575f41107bfe66610cdf922d6858a36be Mon Sep 17 00:00:00 2001 From: Timothy Legge Date: Tue, 6 May 2025 21:54:07 -0300 Subject: [PATCH] Disable PKCS#1 v1.5 padding --- RSA.pm | 14 ++++++++++++-- RSA.xs | 2 +- t/rsa.t | 5 +---- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/RSA.pm b/RSA.pm index dda5bc6..4ca0b44 100644 --- a/RSA.pm +++ b/RSA.pm @@ -80,6 +80,13 @@ Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries $signature = $rsa_priv->sign($plaintext); print "Signed correctly\n" if ($rsa->verify($plaintext, $signature)); +=head1 SECURITY + +Version 0.35 makes the use of PKCS#1 v1.5 padding a fatal error. It is +very difficult to implement PKCS#1 v1.5 padding securely. If you are still +using RSA in in general, you should be looking at alternative encryption +algorithms. + =head1 DESCRIPTION C provides the ability to RSA encrypt strings which are @@ -236,8 +243,11 @@ Encrypting user data directly with RSA is insecure. =item use_pkcs1_padding -Use PKCS #1 v1.5 padding. This currently is the most widely used mode -of padding. +PKCS #1 v1.5 padding has been disabled as it is nearly impossible to use this +padding method in a secure manner. It is known to be vulnerable to timing +based side channel attacks. use_pkcs1_padding() results in a fatal error. + +L =item use_pkcs1_oaep_padding diff --git a/RSA.xs b/RSA.xs index d60804b..775ae3e 100644 --- a/RSA.xs +++ b/RSA.xs @@ -925,7 +925,7 @@ void use_pkcs1_padding(p_rsa) rsaData* p_rsa; CODE: - p_rsa->padding = RSA_PKCS1_PADDING; + croak("PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks."); void use_pkcs1_oaep_padding(p_rsa) diff --git a/t/rsa.t b/t/rsa.t index d8a5967..05b2550 100644 --- a/t/rsa.t +++ b/t/rsa.t @@ -6,7 +6,7 @@ use Crypt::OpenSSL::RSA; use Crypt::OpenSSL::Guess qw(openssl_version); BEGIN { - plan tests => 43 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ) + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_whirlpool_hash" ) ? 1 * 5 : 0 ); + plan tests => 37 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ) + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_whirlpool_hash" ) ? 1 * 5 : 0 ); } sub _Test_Encrypt_And_Decrypt { @@ -76,9 +76,6 @@ ok( $rsa->check_key() ); $rsa->use_no_padding(); _Test_Encrypt_And_Decrypt( $rsa->size(), $rsa, 1 ); -$rsa->use_pkcs1_padding(); -_Test_Encrypt_And_Decrypt( $rsa->size() - 11, $rsa, 1 ); - $rsa->use_pkcs1_oaep_padding(); # private_encrypt does not work with pkcs1_oaep_padding -- 2.49.0