projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Raise an error on syscall failure in tls_retry_write_records
[openssl.git] / doc / man3 / EVP_PKEY_CTX_ctrl.pod
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index edbcb0dce854b8c05161925a5c63ad4e723e6866..21ae20adb058d93855d1aa9d04c6e0dc5121b27a 100644 (file)
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -396,11 +396,12 @@ negotiated protocol version. Otherwise it should be left unset.
 Similarly to the B<RSA_PKCS1_WITH_TLS_PADDING> above, since OpenSSL version
 3.2.0, the use of B<RSA_PKCS1_PADDING> will return a randomly generated message
 instead of padding errors in case padding checks fail. Applications that
-want to remain secure while using earlier versions of OpenSSL, still need to
+want to remain secure while using earlier versions of OpenSSL, or a provider
+that doesn't implement the implicit rejection mechanism, still need to
 handle both the error code from the RSA decryption operation and the
 returned message in a side channel secure manner.
 This protection against Bleichenbacher attacks can be disabled by setting
-the OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (an unsigned integer) to 0.
+B<OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION> (an unsigned integer) to 0.
 
 =head2 DSA parameters
 
Unnamed repository; edit this file 'description' to name the repository.