aboutsummaryrefslogtreecommitdiffstats
path: root/sbin/decryptcore
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/decryptcore')
-rw-r--r--sbin/decryptcore/decryptcore.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sbin/decryptcore/decryptcore.c b/sbin/decryptcore/decryptcore.c
index 7fbe237487c5..80050c9a0bfb 100644
--- a/sbin/decryptcore/decryptcore.c
+++ b/sbin/decryptcore/decryptcore.c
@@ -219,6 +219,10 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile,
if (RSA_private_decrypt(kdk->kdk_encryptedkeysize,
kdk->kdk_encryptedkey, key, privkey,
+ RSA_PKCS1_OAEP_PADDING) != sizeof(key) &&
+ /* Fallback to deprecated, formerly-used PKCS 1.5 padding. */
+ RSA_private_decrypt(kdk->kdk_encryptedkeysize,
+ kdk->kdk_encryptedkey, key, privkey,
RSA_PKCS1_PADDING) != sizeof(key)) {
pjdlog_error("Unable to decrypt key: %s",
ERR_error_string(ERR_get_error(), NULL));