From ba78f7b0599ba5bfb5032dd2664465c5b13388e3 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Tue, 22 Nov 2022 18:25:49 +0100 Subject: [PATCH 3/3] smime/pkcs7: disable the Bleichenbacher workaround CVE: CVE-2023-50781 Upstream-Status: Backport [https://github.com/openssl/openssl/commit/056dade341d2589975a3aae71f81c8d7061583c7] Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13817) Signed-off-by: Jiaying Song --- crypto/pkcs7/pk7_doit.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e9de097da1..6d3124da87 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, if (EVP_PKEY_decrypt_init(pctx) <= 0) goto err; + if (EVP_PKEY_is_a(pkey, "RSA")) + /* upper layer pkcs7 code incorrectly assumes that a successful RSA + * decryption means that the key matches ciphertext (which never + * was the case, implicit rejection or not), so to make it work + * disable implicit rejection for RSA keys */ + EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0"); + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, ri->enc_key->data, ri->enc_key->length) <= 0) goto err; -- 2.34.1