[openssl-users] RSA_PKCS1_OAEP_PADDING

Dr. Stephen Henson steve at openssl.org
Mon May 15 12:08:30 UTC 2017


On Mon, May 15, 2017, RudyAC wrote:

> Hello Steve,
> 
> first of all thanks for helpful advice. When printing out all the fields of
> the message with the openssl command
> I got for every recipient two blocks. One block includes the OAEP padding
> and the other block (same recipient) includes the default padding.
> 
> d.ktri: 
>         version: <ABSENT>
>         d.issuerAndSerialNumber: 
>           issuer: C=DE, O=extern, OU=host3, CN=CA - host3
>           serialNumber: 12302977334217659119
>         keyEncryptionAlgorithm: 
>           algorithm: rsaEncryption (1.2.840.113549.1.1.1)
>           parameter: NULL
> 
> d.ktri: 
>         version: <ABSENT>
>         d.issuerAndSerialNumber: 
>           issuer: C=DE, O=extern, OU=host3, CN=CA - host3
>           serialNumber: 12302977334217659119
>         keyEncryptionAlgorithm: 
>           algorithm: rsaesOaep (1.2.840.113549.1.1.7)
>           parameter: SEQUENCE:
>     0:d=0  hl=2 l=  43 cons: SEQUENCE          
>     2:d=1  hl=2 l=  13 cons:  cont [ 0 ]        
>     4:d=2  hl=2 l=  11 cons:   SEQUENCE          
>     6:d=3  hl=2 l=   9 prim:    OBJECT            :sha256
>    17:d=1  hl=2 l=  26 cons:  cont [ 1 ]        
>    19:d=2  hl=2 l=  24 cons:   SEQUENCE          
>    21:d=3  hl=2 l=   9 prim:    OBJECT            :mgf1
>    32:d=3  hl=2 l=  11 cons:    SEQUENCE          
>    34:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
> 
> How can I make sure that only the OAEP padding is used?
> 

What code are you using? The original you posted had a bug:

       CMS_final(cms, in, NULL, nflags);

    /* encrypt content */
    cms = CMS_encrypt(encerts, in, cipher, flags);

Which will overwrite the created cms structure.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list