Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Call out insecure PKCS #1 v1.5 default padding for RSA #549

Merged
merged 1 commit into from
Oct 17, 2022
Merged

Call out insecure PKCS #1 v1.5 default padding for RSA #549

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions lib/openssl/pkey.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -363,7 +363,8 @@ def new(*args, &blk) # :nodoc:
# rsa.private_encrypt(string, padding) -> String
#
# Encrypt +string+ with the private key. +padding+ defaults to
# PKCS1_PADDING. The encrypted string output can be decrypted using
# PKCS1_PADDING, which is known to be insecure but is kept for backwards
# compatibility. The encrypted string output can be decrypted using
# #public_decrypt.
#
# <b>Deprecated in version 3.0</b>.
Expand All @@ -386,7 +387,8 @@ def private_encrypt(string, padding = PKCS1_PADDING)
# rsa.public_decrypt(string, padding) -> String
#
# Decrypt +string+, which has been encrypted with the private key, with the
# public key. +padding+ defaults to PKCS1_PADDING.
# public key. +padding+ defaults to PKCS1_PADDING which is known to be
# insecure but is kept for backwards compatibility.
#
# <b>Deprecated in version 3.0</b>.
# Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
Expand All @@ -407,7 +409,8 @@ def public_decrypt(string, padding = PKCS1_PADDING)
# rsa.public_encrypt(string, padding) -> String
#
# Encrypt +string+ with the public key. +padding+ defaults to
# PKCS1_PADDING. The encrypted string output can be decrypted using
# PKCS1_PADDING, which is known to be insecure but is kept for backwards
# compatibility. The encrypted string output can be decrypted using
# #private_decrypt.
#
# <b>Deprecated in version 3.0</b>.
Expand All @@ -428,7 +431,8 @@ def public_encrypt(data, padding = PKCS1_PADDING)
# rsa.private_decrypt(string, padding) -> String
#
# Decrypt +string+, which has been encrypted with the public key, with the
# private key. +padding+ defaults to PKCS1_PADDING.
# private key. +padding+ defaults to PKCS1_PADDING, which is known to be
# insecure but is kept for backwards compatibility.
#
# <b>Deprecated in version 3.0</b>.
# Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
Expand Down