Skip to content

Commit f10b570

Browse files
toddrtoddr
authored
Merge pull request #58 from timlegge/padding
Disable PKCS#1 v1.5 padding
2 parents af95162 + f986c31 commit f10b570

File tree

3 files changed

+14
-7
lines changed

3 files changed

+14
-7
lines changed

RSA.pm

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,13 @@ Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
8080
$signature = $rsa_priv->sign($plaintext);
8181
print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));
8282
83+
=head1 SECURITY
84+
85+
Version 0.35 makes the use of PKCS#1 v1.5 padding a fatal error. It is
86+
very difficult to implement PKCS#1 v1.5 padding securely. If you are still
87+
using RSA in in general, you should be looking at alternative encryption
88+
algorithms.
89+
8390
=head1 DESCRIPTION
8491
8592
C<Crypt::OpenSSL::RSA> provides the ability to RSA encrypt strings which are
@@ -236,8 +243,11 @@ Encrypting user data directly with RSA is insecure.
236243
237244
=item use_pkcs1_padding
238245
239-
Use PKCS #1 v1.5 padding. This currently is the most widely used mode
240-
of padding.
246+
PKCS #1 v1.5 padding has been disabled as it is nearly impossible to use this
247+
padding method in a secure manner. It is known to be vulnerable to timing
248+
based side channel attacks. use_pkcs1_padding() results in a fatal error.
249+
250+
L<Marvin Attack|https://github.com/tomato42/marvin-toolkit/blob/master/README.md>
241251
242252
=item use_pkcs1_oaep_padding
243253

RSA.xs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -925,7 +925,7 @@ void
925925
use_pkcs1_padding(p_rsa)
926926
rsaData* p_rsa;
927927
CODE:
928-
p_rsa->padding = RSA_PKCS1_PADDING;
928+
croak("PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks.");
929929

930930
void
931931
use_pkcs1_oaep_padding(p_rsa)

t/rsa.t

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ use Crypt::OpenSSL::RSA;
66
use Crypt::OpenSSL::Guess qw(openssl_version);
77

88
BEGIN {
9-
plan tests => 43 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ) + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_whirlpool_hash" ) ? 1 * 5 : 0 );
9+
plan tests => 37 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ) + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_whirlpool_hash" ) ? 1 * 5 : 0 );
1010
}
1111

1212
sub _Test_Encrypt_And_Decrypt {
@@ -76,9 +76,6 @@ ok( $rsa->check_key() );
7676
$rsa->use_no_padding();
7777
_Test_Encrypt_And_Decrypt( $rsa->size(), $rsa, 1 );
7878

79-
$rsa->use_pkcs1_padding();
80-
_Test_Encrypt_And_Decrypt( $rsa->size() - 11, $rsa, 1 );
81-
8279
$rsa->use_pkcs1_oaep_padding();
8380

8481
# private_encrypt does not work with pkcs1_oaep_padding

0 commit comments

Comments
 (0)