Crypt-LE icon indicating copy to clipboard operation
Crypt-LE copied to clipboard
verified publisher icon do-know

PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks

Open frubat opened this issue 8 months ago • 6 comments

Hello,

When trying to use le.pl on my Debian machine - it gives me this error: PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks. at /usr/local/share/perl/5.32.1/Crypt/LE.pm line 674.

It was forking fine for few years, but now it stopped working completely. I'm unable t orenew the certs or create a new ones..

le.pl -key account.key -csr /var/www/cert/somedomain.csr -csr-key /var/www/cert/somedomain.key -crt /var/www/cert/somedomain.crt -domains some.domain.pl -path /var/www/dummy/.well-known/acme-challenge -generate-missing -live -renew 10 -unlink 2025/05/09 14:09:59 [ Crypt::LE client v0.40 started. ] 2025/05/09 14:09:59 Generating a new account key PKCS#1 1.5 is disabled as it is known to be vulnerable to marvin attacks. at /usr/local/share/perl/5.32.1/Crypt/LE.pm line 674.

Is there any solution available? I've tried to google how to enable support PKCS1 v1.5 in OpenSSL, but it seems that it's undocumented.

frubat avatar May 09 '25 12:05 frubat

I⁎ can't really read XS, but the error message comes from this software: https://github.com/cpan-authors/Crypt-OpenSSL-RSA/blob/0792f93952a7d093a98bf13a6d910d499563ff77/RSA.xs#L924C1-L929C1

One can see from the git-blame button on that page, or from the change log that this change is 3 days old:

https://metacpan.org/dist/Crypt-OpenSSL-RSA/changes

... so you can likely get away with pinning Crypt::OpenSSL::RSA to the previous version for now‡. I'd do that with a cpanfile with exact version specs, but you might do by blocking the corresponding version of the debian package (since this version might upset other perl programs on your system too)

I think there's also a debian crypto-policies tool that might have a say in which dist is installed, but I'm less sure about that.

__ ⁎. just some rando with a github account, not the project maintainer ‡. check with your security team, not medical, technical nor legal advice, void where prohibited, check local guides.

guest20 avatar May 09 '25 15:05 guest20

I think the fix is relatively easy. In line 654 of LE.pm change $key->use_pkcs1_padding; to $key->use_pkcs1_oaep_padding;

Hope that helps. For me it did the trick.

Refizul avatar May 11 '25 23:05 Refizul

Thank you for your replies. I've downgraded the Crypt::OpenSSL::RSA module to version 0.34 for now and it started to work again. Will wait for an updated version of Crypt::LE module to update RSA back to 0.35 :)

frubat avatar May 12 '25 16:05 frubat

I think the fix is relatively easy. In line 654 of LE.pm change $key->use_pkcs1_padding; to $key->use_pkcs1_oaep_padding;

Hope that helps. For me it did the trick.

use_pkcs1_oaep_padding is the current default for Crypt::OpenSSL::RSA. Because of this, commenting out that line works also. Would it be a better idea to solve it this way and let OpenSSL choose, rather than explicitly specifying the padding? Maybe another future headache can be avoided this way.

Alexander-ARTV avatar Jul 02 '25 14:07 Alexander-ARTV

Thanks for explaining a solution. Here's my pull request implementing it: https://github.com/do-know/Crypt-LE/pull/107

ajmetz avatar Sep 30 '25 17:09 ajmetz

This will not fix the problem. oap is not a drop-in replacement for pkcs1. In Crypt::OpenSSL::RSA 0.37, we have added use_pkcs1_pss_padding, which would be an alternative to use_pkcs1_padding, but you would also need to update the JWT encoding in the header to RS256 so the server knows what it's decoding.

toddr avatar Oct 29 '25 21:10 toddr