diff options
author | Rich Salz <rsalz@akamai.com> | 2021-02-22 12:55:25 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-03-01 10:56:12 +0100 |
commit | b0aae913246af1d07e728d24f53f55028f61c696 (patch) | |
tree | 472478434dd9894a817e00d4eb56dd8197cc717a /doc | |
parent | d546e8e267bfddc1ca310dfa8b9a72ab4f9aac7c (diff) |
Remove RSA SSLv23 padding mode
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14248)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-pkeyutl.pod.in | 2 | ||||
-rw-r--r-- | doc/man1/openssl-rsautl.pod.in | 10 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 | ||||
-rw-r--r-- | doc/man3/RSA_padding_add_PKCS1_type_1.pod | 11 | ||||
-rw-r--r-- | doc/man3/RSA_public_encrypt.pod | 5 | ||||
-rw-r--r-- | doc/man7/EVP_SIGNATURE-RSA.pod | 2 | ||||
-rw-r--r-- | doc/man7/provider-asym_cipher.pod | 2 |
7 files changed, 5 insertions, 29 deletions
diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 3ba0955425..bc5fab5895 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -236,7 +236,7 @@ B<pkeyopt> values are supported: =item B<rsa_padding_mode:>I<mode> This sets the RSA padding mode. Acceptable values for I<mode> are B<pkcs1> for -PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep> +PKCS#1 padding, B<none> for no padding, B<oaep> for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS. In PKCS#1 padding if the message digest is not set then the supplied data is diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index 21d641aa27..516c4bc10b 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -24,10 +24,6 @@ B<openssl> B<rsautl> [B<-pkcs>] [B<-x931>] [B<-oaep>] -[B<-ssl>] -[B<-raw>] -[B<-pkcs>] -[B<-ssl>] [B<-raw>] [B<-hexdump>] [B<-asn1parse>] @@ -106,12 +102,10 @@ Encrypt the input data using an RSA public key. Decrypt the input data using an RSA private key. -=item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw> +=item B<-pkcs>, B<-oaep>, B<-x931> B<-raw> The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, -ANSI X9.31, -special padding used in SSL v2 backwards compatible handshakes, -or no padding, respectively. +ANSI X9.31, or no padding, respectively. For signatures, only B<-pkcs> and B<-raw> can be used. =item B<-hexdump> diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 54e4f5506e..37630920c0 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -249,7 +249,7 @@ terminating NUL byte. EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for I<ctx>. The I<pad> parameter can take the value B<RSA_PKCS1_PADDING> for PKCS#1 -padding, B<RSA_SSLV23_PADDING> for SSLv23 padding, B<RSA_NO_PADDING> for +padding, B<RSA_NO_PADDING> for no padding, B<RSA_PKCS1_OAEP_PADDING> for OAEP padding (encrypt and decrypt only), B<RSA_X931_PADDING> for X9.31 padding (signature operations only), B<RSA_PKCS1_PSS_PADDING> (sign and verify only) and diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod index f45f6356d1..17eb86b9d2 100644 --- a/doc/man3/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -6,7 +6,6 @@ RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, -RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption padding @@ -48,12 +47,6 @@ L<openssl_user_macros(7)>: const unsigned char *p, int pl, const EVP_MD *md, const EVP_MD *mgf1md); - int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl); - - int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - const unsigned char *f, int fl, int rsa_len); - int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, int fl); @@ -95,10 +88,6 @@ PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2) PKCS #1 v2.0 EME-OAEP -=item SSLv23 - -PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification - =item none simply copy the data diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod index 0aa18d7616..6012e911de 100644 --- a/doc/man3/RSA_public_encrypt.pod +++ b/doc/man3/RSA_public_encrypt.pod @@ -43,11 +43,6 @@ new applications. SEE WARNING BELOW. EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications. -=item RSA_SSLV23_PADDING - -PKCS #1 v1.5 padding with an SSL-specific modification that denotes -that the server is SSL3 capable. - =item RSA_NO_PADDING Raw RSA encryption. This mode should I<only> be used to implement diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod index 0cc3336bc9..41e8ad9a42 100644 --- a/doc/man7/EVP_SIGNATURE-RSA.pod +++ b/doc/man7/EVP_SIGNATURE-RSA.pod @@ -34,8 +34,6 @@ The type of padding to be used. Its value can be one of the following: =item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>) -=item "sslv23" (B<OSSL_PKEY_RSA_PAD_MODE_SSLV23>) - =item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>) =item "pss" (B<OSSL_PKEY_RSA_PAD_MODE_PSS>) diff --git a/doc/man7/provider-asym_cipher.pod b/doc/man7/provider-asym_cipher.pod index ac0dd14fb6..939dc76f76 100644 --- a/doc/man7/provider-asym_cipher.pod +++ b/doc/man7/provider-asym_cipher.pod @@ -183,7 +183,7 @@ algorithms: The type of padding to be used. The interpretation of this value will depend on the algorithm in use. The default provider understands these RSA padding -modes: 1 (RSA_PKCS1_PADDING), 2 (RSA_SSLV23_PADDING), 3 (RSA_NO_PADDING), +modes: 1 (RSA_PKCS1_PADDING), 3 (RSA_NO_PADDING), 4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and 7 (RSA_PKCS1_WITH_TLS_PADDING). See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details. |