incomplete provisional OAEP CMS decrypt support

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 7dd278f5b8bc9d9543817003b1edeea226701160..d404ad07c981ee0c7be4ea7eef31e507841efb8a 100644 (file)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 919
-#define NUM_SN 912
-#define NUM_LN 912
-#define NUM_OBJ 856
+#define NUM_NID 920
+#define NUM_SN 913
+#define NUM_LN 913
+#define NUM_OBJ 857
 
-static const unsigned char lvalues[5971]={
+static const unsigned char lvalues[5980]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -924,6 +924,7 @@ static const unsigned char lvalues[5971]={
 0x55,0x1D,0x25,0x00,                         /* [5948] OBJ_anyExtendedKeyUsage */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5970] OBJ_rsaesOaep */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2404,6 +2405,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
        NID_aes_192_cbc_hmac_sha1,0,NULL,0},
 {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
        NID_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5970]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2571,6 +2573,7 @@ static const unsigned int sn_objs[NUM_SN]={
 668,   /* "RSA-SHA256" */
 669,   /* "RSA-SHA384" */
 670,   /* "RSA-SHA512" */
+919,   /* "RSAES-OAEP" */
 912,   /* "RSASSA-PSS" */
 777,   /* "SEED-CBC" */
 779,   /* "SEED-CFB" */
@@ -4009,6 +4012,7 @@ static const unsigned int ln_objs[NUM_LN]={
  6,    /* "rsaEncryption" */
 644,   /* "rsaOAEPEncryptionSET" */
 377,   /* "rsaSignature" */
+919,   /* "rsaesOaep" */
 912,   /* "rsassaPss" */
 124,   /* "run length compression" */
 482,   /* "sOARecord" */
@@ -4826,6 +4830,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
  8,    /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
 65,    /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
 644,   /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+919,   /* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
 911,   /* OBJ_mgf1                         1 2 840 113549 1 1 8 */
 912,   /* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
 668,   /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */

diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 02fc4095aa8ba3f30bfcb8ef759b6bd931fd56dd..b5ea7cdab4f84b90280f0a3aae1478a8d715c7a7 100644 (file)
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -580,6 +580,11 @@
 #define NID_sha1WithRSAEncryption              65
 #define OBJ_sha1WithRSAEncryption              OBJ_pkcs1,5L
 
+#define SN_rsaesOaep           "RSAES-OAEP"
+#define LN_rsaesOaep           "rsaesOaep"
+#define NID_rsaesOaep          919
+#define OBJ_rsaesOaep          OBJ_pkcs1,7L
+
 #define SN_mgf1                "MGF1"
 #define LN_mgf1                "mgf1"
 #define NID_mgf1               911

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index a50aa577090208715296652c0fd118eb38c583b2..1d0a7c802daf10ebc6855cba6913e8380b76b5f8 100644 (file)
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -916,3 +916,4 @@ rc4_hmac_md5                915
 aes_128_cbc_hmac_sha1          916
 aes_192_cbc_hmac_sha1          917
 aes_256_cbc_hmac_sha1          918
+rsaesOaep              919

diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 183806e39f98ff50740aa5478b3c45f64e6209e5..d3bfad72a2ac78e0c5bab35f2cb3957e4cd599c0 100644 (file)
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -166,6 +166,7 @@ pkcs1 3                     : RSA-MD4               : md4WithRSAEncryption
 pkcs1 4                        : RSA-MD5               : md5WithRSAEncryption
 pkcs1 5                        : RSA-SHA1              : sha1WithRSAEncryption
 # According to PKCS #1 version 2.1
+pkcs1 7                        : RSAES-OAEP            : rsaesOaep
 pkcs1 8                        : MGF1                  : mgf1
 pkcs1 10               : RSASSA-PSS            : rsassaPss
 

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 96b05fa7b38f9f9376c90af5a936deaab70cc5b7..2177f3f5c546d5d52207584f35414fc9a4340db2 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -63,6 +63,9 @@
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
@@ -548,12 +551,23 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
                case EVP_PKEY_CTRL_PKCS7_DECRYPT:
                case EVP_PKEY_CTRL_PKCS7_SIGN:
+               return 1;
 #ifndef OPENSSL_NO_CMS
-               case EVP_PKEY_CTRL_CMS_ENCRYPT:
                case EVP_PKEY_CTRL_CMS_DECRYPT:
+               {
+               X509_ALGOR *alg = NULL;
+               ASN1_OBJECT *encalg = NULL;
+               if (p2)
+                       CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
+               if (alg)
+                       X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+               if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                       rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+               }
+               case EVP_PKEY_CTRL_CMS_ENCRYPT:
                case EVP_PKEY_CTRL_CMS_SIGN:
-#endif
                return 1;
+#endif
                case EVP_PKEY_CTRL_PEER_KEY:
                        RSAerr(RSA_F_PKEY_RSA_CTRL,
                        RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);