Skip to content

Disable PKCS#1 v1.5 padding #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
toddr merged 1 commit into from
May 7, 2025
Merged

Disable PKCS#1 v1.5 padding #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions RSA.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,13 @@ Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries
$signature = $rsa_priv->sign($plaintext);
print "Signed correctly\n" if ($rsa->verify($plaintext, $signature));

=head1 SECURITY

Version 0.35 makes the use of PKCS#1 v1.5 padding a fatal error. It is
very difficult to implement PKCS#1 v1.5 padding securely. If you are still
using RSA in in general, you should be looking at alternative encryption
algorithms.

=head1 DESCRIPTION

C<Crypt::OpenSSL::RSA> provides the ability to RSA encrypt strings which are
Expand Down Expand Up @@ -236,8 +243,11 @@ Encrypting user data directly with RSA is insecure.

=item use_pkcs1_padding

Use PKCS #1 v1.5 padding. This currently is the most widely used mode
of padding.
PKCS #1 v1.5 padding has been disabled as it is nearly impossible to use this
padding method in a secure manner. It is known to be vulnerable to timing
based side channel attacks. use_pkcs1_padding() results in a fatal error.

L<Marvin Attack|https://github.com/tomato42/marvin-toolkit/blob/master/README.md>

=item use_pkcs1_oaep_padding

Expand Down
2 changes: 1 addition & 1 deletion RSA.xs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -925,7 +925,7 @@ void
use_pkcs1_padding(p_rsa)
rsaData* p_rsa;
CODE:
p_rsa->padding = RSA_PKCS1_PADDING;
croak("PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks.");

void
use_pkcs1_oaep_padding(p_rsa)
Expand Down
5 changes: 1 addition & 4 deletions t/rsa.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::Guess qw(openssl_version);

BEGIN {
plan tests => 43 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ) + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_whirlpool_hash" ) ? 1 * 5 : 0 );
plan tests => 37 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 ) + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_whirlpool_hash" ) ? 1 * 5 : 0 );
}

sub _Test_Encrypt_And_Decrypt {
Expand Down Expand Up @@ -76,9 +76,6 @@ ok( $rsa->check_key() );
$rsa->use_no_padding();
_Test_Encrypt_And_Decrypt( $rsa->size(), $rsa, 1 );

$rsa->use_pkcs1_padding();
_Test_Encrypt_And_Decrypt( $rsa->size() - 11, $rsa, 1 );

$rsa->use_pkcs1_oaep_padding();

# private_encrypt does not work with pkcs1_oaep_padding
Expand Down