rsa: Add option to disable implicit rejection

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13817)
author: Hubert Kario <hkario@redhat.com> 2022-10-27 19:16:58 +0200
committer: Tomas Mraz <tomas@openssl.org> 2022-12-12 11:30:52 +0100
commit: 5ab3ec1bb1eaa795d775f5896818cfaa84d33a1a (patch)
tree: 8891701c8e4c4429fb9030cca393c132f938dd34 /crypto/cms
parent: 8ae4f0e68ebb7435be494b58676827ae91695371 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index d25504a03f..c55511011f 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -608,6 +608,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
     if (!ossl_cms_env_asn1_ctrl(ri, 1))
         goto err;
 
+    if (EVP_PKEY_is_a(pkey, "RSA"))
+        /* upper layer CMS code incorrectly assumes that a successful RSA
+         * decryption means that the key matches ciphertext (which never
+         * was the case, implicit rejection or not), so to make it work
+         * disable implicit rejection for RSA keys */
+        EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0");
+
     if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
                          ktri->encryptedKey->data,
                          ktri->encryptedKey->length) <= 0)
author	Hubert Kario <hkario@redhat.com>	2022-10-27 19:16:58 +0200
committer	Tomas Mraz <tomas@openssl.org>	2022-12-12 11:30:52 +0100
commit	5ab3ec1bb1eaa795d775f5896818cfaa84d33a1a (patch)
tree	8891701c8e4c4429fb9030cca393c132f938dd34 /crypto/cms
parent	8ae4f0e68ebb7435be494b58676827ae91695371 (diff)