Overview

File 0001-Disable-PKCS-1-v1.5-padding.patch of Package perl-Crypt-OpenSSL-RSA.38941

diff -urp Crypt-OpenSSL-RSA-0.28/RSA.xs Crypt-OpenSSL-RSA-0.28-fixed/RSA.xs
--- Crypt-OpenSSL-RSA-0.28/RSA.xs	2011-08-25 00:57:35.000000000 +0200
+++ Crypt-OpenSSL-RSA-0.28-fixed/RSA.xs	2025-06-02 19:24:54.733579943 +0200
@@ -542,7 +542,7 @@ void
 use_pkcs1_padding(p_rsa)
     rsaData* p_rsa;
   CODE:
-    p_rsa->padding = RSA_PKCS1_PADDING;
+    croak("PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks.");
 
 void
 use_pkcs1_oaep_padding(p_rsa)
diff -urp Crypt-OpenSSL-RSA-0.28/t/rsa.t Crypt-OpenSSL-RSA-0.28-fixed/t/rsa.t
--- Crypt-OpenSSL-RSA-0.28/t/rsa.t	2025-06-02 19:36:36.331819746 +0200
+++ Crypt-OpenSSL-RSA-0.28-fixed/t/rsa.t	2025-06-02 19:38:41.852936316 +0200
@@ -4,7 +4,7 @@ use Test;
 use Crypt::OpenSSL::Random;
 use Crypt::OpenSSL::RSA;
 
-BEGIN { plan tests => 43 + (UNIVERSAL::can("Crypt::OpenSSL::RSA", "use_sha512_hash") ? 4*5 : 0) }
+BEGIN { plan tests => 37 + (UNIVERSAL::can("Crypt::OpenSSL::RSA", "use_sha512_hash") ? 4*5 : 0) }
 
 sub _Test_Encrypt_And_Decrypt
 {
@@ -70,9 +70,6 @@ ok($rsa->check_key());
 $rsa->use_no_padding();
 _Test_Encrypt_And_Decrypt($rsa->size(), $rsa, 1);
 
-$rsa->use_pkcs1_padding();
-_Test_Encrypt_And_Decrypt($rsa->size() - 11, $rsa, 1);
-
 $rsa->use_pkcs1_oaep_padding();
 # private_encrypt does not work with pkcs1_oaep_padding
 _Test_Encrypt_And_Decrypt($rsa->size() - 42, $rsa, 0);
openSUSE Build Service is sponsored by
Places