Skip to content

Clarify the padding and fix some missing frees for openssl objects #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
toddr merged 3 commits into from
Nov 3, 2025
Merged

Clarify the padding and fix some missing frees for openssl objects #66

toddr merged 3 commits into from
Nov 3, 2025

Conversation

@timlegge
Copy link
Member

@timlegge timlegge commented Nov 1, 2025

Closed #65

@timlegge timlegge force-pushed the pss_padding branch 3 times, most recently from 7f65b36 to 6328592 Compare November 1, 2025 02:14
@timlegge
Make padding selection clearer and update documentation
b24e1c0 
Also add t/padding.t that attempts to test the paddingi
combinations more thoroughly or possible more clearly?
@guest20
Copy link
Contributor

guest20 commented Nov 1, 2025

Are there other choices for padding?

It looks like there are only 2 types of padding available and they each have only one use case - would it be useful to recommend that the consumer of the library not request a specific posting themselves?

@timlegge
Copy link
Member Author

timlegge commented Nov 1, 2025

Are there other choices for padding?

It looks like there are only 2 types of padding available and they each have only one use case - would it be useful to recommend that the consumer of the library not request a specific posting themselves?

There are effectively four types available: Older openssl versions also support the first three and are unaffected by there changes.

With openssl 3.0+

  • use_no_padding
  • use_pkcs1_oaep_padding (only encryption/decryption)
  • use_pkcs1_pss_padding (only signing/verifying)

With openssl < 3.0

  • use_sslv23_padding

Disabled:

  • use_pkcs1_padding

However, you are probably correct recommending not setting one is likely best. As I think of it, we could probably add a:

set_signature_padding(type), set_encryption_padding(type)
It might make it easier to deal with in the future.

@timlegge
Copy link
Member Author

timlegge commented Nov 1, 2025

Are there other choices for padding?
It looks like there are only 2 types of padding available and they each have only one use case - would it be useful to recommend that the consumer of the library not request a specific posting themselves?

There are effectively four types available: Older openssl versions also support the first three and are unaffected by these changes.

With openssl 3.0+

  • use_no_padding
  • use_pkcs1_oaep_padding (only encryption/decryption)
  • use_pkcs1_pss_padding (only signing/verifying)

With openssl < 3.0

  • use_sslv23_padding

Disabled:

  • use_pkcs1_padding

However, you are probably correct recommending not setting one is likely best. As I think of it, we could probably add a:

set_signature_padding(type), set_encryption_padding(type) It might make it easier to deal with in the future.

@toddr toddr merged commit 049120a into cpan-authors:main Nov 3, 2025
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

in 0.36 and 0.37, default padding can't sign

3 participants

@timlegge @guest20 @toddr