CryptoAPI ENGINE (capi) unusable since 1.0.2m due to RSA_NO_PADDING

[bwatermann]

The call RSA_private_decrypt((int)n, p, p, rsa, RSA_NO_PADDING); in ssl/s3_srvr.c which first appeared with OpenSSL 1.0.2m does not work in conjunction with the CryptoAPI ENGINE (capi). The effectively called function capi_rsa_priv_dec in engines/e_capi.c requires the padding parameter being set to RSA_PKCS1_PADDING. It is now no longer possible to implement a SSL/TLS service (well, unless we provide access to the server certificate's private key through other means than CryptoAPI, but that's sometimes not desirable. The "capi" engine's whole purpose is (or was?) to resolve the demand for making Windows' crypto-infrastructure available to OpenSSL, isn't/wasn't it ?

The affected commit that broke the feature is c63a5ea and also references
5b8fa43 . It appears as if this patch was quite important in terms of security. Simply reverting it would probably not be a good option....

[levitte]

Hi,

#7132 is a tentative fix. Would you be willing to try it out?

[bwatermann]

Works for me. Thank you!

[levitte]

Cool. It will get into the releases soon (unfortunately, I think it misses the 1.1.1 mark, unless @mattcaswell is willing to merge the PR promptly... otherwise, it will be part of the update releases)

[mattcaswell]

I'd prefer to wait until after the release. I'm trying to keep the master branch as stable as possible - only merging stuff directly related to the release/release criteria.

[Fimon]

Hello,

It seems that this fix has been made available in the 1.1.1 release but doesn't work for me :-/
If I look into the source, the fix seems dependent of the CRYPT_DECRYPT_RSA_NO_PADDING_CHECK definition but I see its definition nowhere :-/