Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Browse Source

smime/pkcs7: disable the Bleichenbacher workaround

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
Hubert Kario 1 year ago
parent
455db0c94c
commit
056dade341
1 changed files with 7 additions and 0 deletions
Split View Show Diff Stats
  1. 7 0
      crypto/pkcs7/pk7_doit.c

+ 7 - 0
crypto/pkcs7/pk7_doit.c
View File 

@@ -163,6 +163,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
 
     if (EVP_PKEY_decrypt_init(pctx) <= 0)
 
         goto err;
 
 
+    if (EVP_PKEY_is_a(pkey, "RSA"))
 
+        /* upper layer pkcs7 code incorrectly assumes that a successful RSA
 
+         * decryption means that the key matches ciphertext (which never
 
+         * was the case, implicit rejection or not), so to make it work
 
+         * disable implicit rejection for RSA keys */
 
+        EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0");
 
+
 
     if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
 
                          ri->enc_key->data, ri->enc_key->length) <= 0)
 
         goto err;