if (EVP_PKEY_decrypt_init(pctx) <= 0)
goto err;
+ if (EVP_PKEY_is_a(pkey, "RSA"))
+ /* upper layer pkcs7 code incorrectly assumes that a successful RSA
+ * decryption means that the key matches ciphertext (which never
+ * was the case, implicit rejection or not), so to make it work
+ * disable implicit rejection for RSA keys */
+ EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0");
+
if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0)
goto err;