#include <openssl/rsa.h>
int RSA_public_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
+ unsigned char *to, RSA *rsa, int padding);
=head1 DESCRIPTION
On error, -1 is returned; the error codes can be
obtained by L<ERR_get_error(3)>.
+=head1 WARNING
+
+Decryption failures in the RSA_PKCS1_PADDING mode leak information
+which can potentially be used to mount a Bleichenbacher padding oracle
+attack. This is an inherent weakness in the PKCS #1 v1.5 padding
+design. Prefer RSA_PKCS1_OAEP_PADDING.
+
=head1 CONFORMING TO
SSL, PKCS #1 v2.0
=head1 SEE ALSO
-L<ERR_get_error(3)>, L<rand(3)>,
+L<ERR_get_error(3)>, L<RAND_bytes(3)>,
L<RSA_size(3)>
=head1 COPYRIGHT