Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Jan 12, 2016 Severity: 3-Major
CRYPTO::encrypt and CRYPTO::decrypt can be used to perform asymmetric operations when '-alg rsa-pub' or '-alg rsa-priv' are selected. The '-padding' option selects the type of padding applied to the input before CRYPTO::encrypt or after CRYPTO::decrypt. Two padding types are supported. '-padding pkcs' selects PKCS#1v2.1 padding, which is the default; and '-padding oaep' selects OAEP padding. In BIGIP v12.0.0, a valid iRule which uses the CRYPTO::encrypt or CRYPTO::decrypt methods, and includes the '-padding' option, will be rejected when attempting to save the iRule in the configuration.
The '-padding' option is unavailable, which will impact iRules that depend upon OAEP padding.
BIGIP v12.0.0 through HF1 is known to be affected.
None
Support '-padding' option for CRYPTO::encrypt and CRYPTO::decrypt iRules.