summaryrefslogtreecommitdiff
path: root/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
diff options
context:
space:
mode:
Diffstat (limited to 'deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod')
-rw-r--r--deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod7
1 files changed, 7 insertions, 0 deletions
diff --git a/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
index b8f678fe72..f20f815d47 100644
--- a/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ b/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -104,6 +104,13 @@ The RSA_padding_check_xxx() functions return the length of the
recovered data, -1 on error. Error codes can be obtained by calling
L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 WARNING
+
+The RSA_padding_check_PKCS1_type_2() padding check leaks timing
+information which can potentially be used to mount a Bleichenbacher
+padding oracle attack. This is an inherent weakness in the PKCS #1
+v1.5 padding design. Prefer PKCS1_OAEP padding.
+
=head1 SEE ALSO
L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-11 21:23:47 +0000