smime/pkcs7: disable the Bleichenbacher workaround

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13817)
author: Hubert Kario <hkario@redhat.com> 2022-11-22 18:25:49 +0100
committer: Tomas Mraz <tomas@openssl.org> 2022-12-12 11:30:52 +0100
commit: 056dade341d2589975a3aae71f81c8d7061583c7 (patch)
tree: a7b56b83bf7cd0e7204728998fdf87018b5023f8 /crypto/pkcs7
parent: rsa: add test for the option to disable implicit rejection (diff)
download: openssl-056dade341d2589975a3aae71f81c8d7061583c7.tar.xz
openssl-056dade341d2589975a3aae71f81c8d7061583c7.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 31b368bda3..8a46ab471d 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -163,6 +163,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
     if (EVP_PKEY_decrypt_init(pctx) <= 0)
         goto err;
 
+    if (EVP_PKEY_is_a(pkey, "RSA"))
+        /* upper layer pkcs7 code incorrectly assumes that a successful RSA
+         * decryption means that the key matches ciphertext (which never
+         * was the case, implicit rejection or not), so to make it work
+         * disable implicit rejection for RSA keys */
+        EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0");
+
     if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
                          ri->enc_key->data, ri->enc_key->length) <= 0)
         goto err;
author	Hubert Kario <hkario@redhat.com>	2022-11-22 18:25:49 +0100
committer	Tomas Mraz <tomas@openssl.org>	2022-12-12 11:30:52 +0100
commit	056dade341d2589975a3aae71f81c8d7061583c7 (patch)
tree	a7b56b83bf7cd0e7204728998fdf87018b5023f8 /crypto/pkcs7
parent	rsa: add test for the option to disable implicit rejection (diff)
download	openssl-056dade341d2589975a3aae71f81c8d7061583c7.tar.xz openssl-056dade341d2589975a3aae71f81c8d7061583c7.zip