CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2026/05/22 13:03:55
Modified files:
security/p5-Crypt-OpenSSL-RSA: Tag: OPENBSD_7_9 Makefile
distinfo
Log message:
MFC: Update to Crypt::OpenSSL::RSA 0.41, tested by henning
Attacks on the Marvin attack were too aggressive and 0.35 disabled the
widely used PKCS#1 v1.5 padding outright, when only decryption is
problematic due to the padding oracle. Signing is fine and required for
many things, among other things TLS and DNSSEC.
Version 0.35 disabled PKCS#1 v1.5 padding entirely to mitigate the
Marvin attack. However, the Marvin attack only affects PKCS#1 v1.5
decryption (padding oracle), not signatures. Version 0.38 re-enables
use_pkcs1_padding() for use with sign() and verify(), while keeping it
disabled for encrypt() and decrypt(). PKCS1_OAEP should be used for
encryption and either PKCS1_PSS or PKCS1 can be used for signing.
https://metacpan.org/pod/Crypt::OpenSSL::RSA#SECURITY
