[openssl-users] RSA_PKCS1_OAEP_PADDING

RudyAC rpo at compumatica.com
Thu May 11 09:33:52 UTC 2017


Hello,

I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the
library openssl-1.0.2k and encrypt with CMS container. The following
function describes my method. My problem is that I'm not sure if this method
really uses the RSA-OAEP padding.

bool
smime_encrypt_cms(const std::string& infile, const std::string& outfile)
{
    bool                bResult = false;
    const char*         inmode = "r";
    const char*         outmode = "w";
    const EVP_CIPHER*   cipher = NULL;


    STACK_OF(X509)*     encerts = NULL;
    BIO*                in = NULL;
    BIO*                out = NULL;
    BIO*                bio_err = NULL;
    int                 flags = 0;

	X509 *recip;
	int i = 0;
	unsigned char *oaep_label = NULL;
	int oaep_label_l = 0;
	int nflags = CMS_PARTIAL | CMS_KEY_PARAM;
	CMS_ContentInfo* cms = CMS_encrypt(NULL, NULL, cipher, nflags);
	EVP_PKEY_CTX* wrap_ctx = NULL;

    KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () started" );

    cipher = get_cipher();
    SMTPD_RAND_load_file ( NULL , bio_err , 0 );

    encerts = sk_X509_new_null();

    FOR_CONST_IT(EmailAndCertList, itRecip, _m_recipCertsList)
    {
        SMIME_key_list recip_encerts = (*itRecip)->smime_enc();

        FOR_CONST_IT(SMIME_key_list, iter, recip_encerts)
        {
            sk_X509_push( encerts, (*iter).dup_cert());
        }
    }


    if ( ! ( in = BIO_new_file ( infile.c_str() , inmode ))) {
        KWlog_appl ( EV_E_APPL_INFO , "Can't open input file %s",
infile.c_str() );
        _error_messages.push_back("Internal Error");
        goto exit;
    }

    if ( ! ( out = BIO_new_file ( outfile.c_str() , outmode ))) {
        KWlog_appl ( EV_E_APPL_INFO , "Can't open output file %s",
outfile.c_str() );
        _error_messages.push_back("Internal Error");
        goto exit;
    }

    for (i = 0; i < sk_X509_num(encerts); i++) {

    	CMS_RecipientInfo* r_info;

		recip = sk_X509_value(encerts, i);
		r_info = CMS_add1_recipient_cert(cms, recip, nflags);
		if (!r_info) {
				KWlog_appl(EV_E_APPL_INFO,
						"smime_encrypt_cms(): Error while adding recipient certs to CMS info
structure");
				return false;
		}
		wrap_ctx = CMS_RecipientInfo_get0_pkey_ctx(r_info);
		KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () Set OAEP Padding");
		EVP_PKEY_CTX_set_rsa_padding(wrap_ctx, RSA_PKCS1_OAEP_PADDING);
		EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
		EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
		EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, oaep_label_l);
	}

       CMS_final(cms, in, NULL, nflags);

    /* encrypt content */
    cms = CMS_encrypt(encerts, in, cipher, flags);


    if( ! cms ) {
        KWlog ( EV_E_APPL_INFO , "Error creating CMS structure");
        KWlog_SSL ;
        _error_messages.push_back("Internal Error");
        goto exit;
    }

    flags |= SMIME_OLDMIME;

    /* Write out S/MIME message */
    if (!SMIME_write_CMS(out, cms, in, flags))
    	goto exit;

    bResult = true;

 exit:
    SMTPD_RAND_write_file (NULL, bio_err);
    sk_X509_pop_free(encerts, X509_free);
    if (cms)
    	CMS_ContentInfo_free(cms);
    BIO_free(in);
    BIO_free_all(out);

    KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () finished" );
    return ( bResult );
}

When using this function to encrypt an e-mail Thunderbird can decrypt the
message. But is RSA-OAEP padding really used or is the default padding still
used? How can I check this?

For comments I would be very grateful

Regards Rudy





--
View this message in context: http://openssl.6102.n7.nabble.com/RSA-PKCS1-OAEP-PADDING-tp70741.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list