From 1df07c761b25e5aca8ecd90b81d05496631285fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 15 Jan 2025 10:14:41 +0100 Subject: Fix documentation of OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION This drops OSSL_PKEY_PARAM_IMPLICIT_REJECTION - which is a meaningless name - everywhere apart from still existing (for API stability, in case someone uses that macro). Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26421) --- doc/man3/EVP_PKEY_decrypt.pod | 2 +- doc/man7/provider-asym_cipher.pod | 6 +++--- util/perl/OpenSSL/paramnames.pm | 3 +++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod index 3146620095..2dfcb93a1e 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -61,7 +61,7 @@ used private key. They had to be processed in a side-channel free way. Since version 3.2.0, the EVP_PKEY_decrypt() method when used with PKCS#1 v1.5 padding as implemented in the B provider implements the implicit rejection mechanism (see -B in L). +B in L). That means it doesn't return an error when it detects an error in padding, instead it returns a pseudo-randomly generated message, removing the need of side-channel secure code from applications using OpenSSL. diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod index 0ff33f5b70..7259fc4307 100644 --- a/doc/man7/provider-asym_cipher.pod +++ b/doc/man7/provider-asym_cipher.pod @@ -234,14 +234,14 @@ The TLS protocol version first requested by the client. The negotiated TLS protocol version. -=item "implicit-rejection" (B) +=item "implicit-rejection" (B) -Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 +Gets or sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5 decryption. When set (non zero value), the decryption API will return a deterministically random value if the PKCS#1 v1.5 padding check fails. This makes exploitation of the Bleichenbacher significantly harder, even if the code using the RSA decryption API is not implemented in side-channel -free manner. Set by default. Requires provider support. +free manner. Set by default in OpenSSL providers. =back diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index 2e9ad2fd40..3d7b89b688 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -303,6 +303,9 @@ my %params = ( 'PKEY_PARAM_DIST_ID' => "distid", 'PKEY_PARAM_PUB_KEY' => "pub", 'PKEY_PARAM_PRIV_KEY' => "priv", + # PKEY_PARAM_IMPLICIT_REJECTION isn't actually used, or meaningful. We keep + # it for API stability, but please use ASYM_CIPHER_PARAM_IMPLICIT_REJECTION + # instead. 'PKEY_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", 'PKEY_PARAM_FIPS_DIGEST_CHECK' => "digest-check", 'PKEY_PARAM_FIPS_KEY_CHECK' => "key-check", -- cgit v1.2.3