smime/pkcs7: disable the Bleichenbacher workaround

author Hubert Kario <hkario@redhat.com>

Tue, 22 Nov 2022 17:25:49 +0000 (18:25 +0100)

committer Tomas Mraz <tomas@openssl.org>

Mon, 12 Dec 2022 10:30:52 +0000 (11:30 +0100)
author Hubert Kario <hkario@redhat.com>
Tue, 22 Nov 2022 17:25:49 +0000 (18:25 +0100)
committer Tomas Mraz <tomas@openssl.org>
Mon, 12 Dec 2022 10:30:52 +0000 (11:30 +0100)
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c

index 31b368bda3b818a69ca7662173cc6e763ee51372..8a46ab471df4b06dc19c46099f857b5672478a55 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -163,6 +163,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
      if (EVP_PKEY_decrypt_init(pctx) <= 0)
          goto err;
  
+    if (EVP_PKEY_is_a(pkey, "RSA"))
+        /* upper layer pkcs7 code incorrectly assumes that a successful RSA
+         * decryption means that the key matches ciphertext (which never
+         * was the case, implicit rejection or not), so to make it work
+         * disable implicit rejection for RSA keys */
+        EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0");
+
      if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
                           ri->enc_key->data, ri->enc_key->length) <= 0)
          goto err;
author	Hubert Kario <hkario@redhat.com>
	Tue, 22 Nov 2022 17:25:49 +0000 (18:25 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 12 Dec 2022 10:30:52 +0000 (11:30 +0100)