diff --git a/apps/apps.c b/apps/apps.c index 1b7ca6961f..365287f488 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2304,11 +2304,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) return ret; } -int pkey_ctrl_string(BIO *err, EVP_PKEY_CTX *ctx, char *value) +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) { + int rv; char *stmp, *vtmp = NULL; stmp = BUF_strdup(value); - int rv; if (!stmp) return -1; vtmp = strchr(stmp, ':'); diff --git a/apps/apps.h b/apps/apps.h index d15127e7aa..00522341ff 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -286,6 +286,7 @@ int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, X509_VERIFY_PARAM **pm); void policies_print(BIO *out, X509_STORE_CTX *ctx); int bio_to_mem(unsigned char **out, int maxlen, BIO *in); +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index bac935c6d7..82b59a805c 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -154,8 +154,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE else if(!strcmp(*argv, "-engine")) { - if (--argc < 1) badarg = 1; - engine = *(++argv); + if (--argc < 1) + badarg = 1; + else + engine = *(++argv); } #endif else if(!strcmp(*argv, "-pubin")) @@ -178,6 +180,23 @@ int MAIN(int argc, char **argv) pkey_op = EVP_PKEY_OP_ENCRYPT; else if(!strcmp(*argv, "-decrypt")) pkey_op = EVP_PKEY_OP_DECRYPT; + else if (strcmp(*argv,"-param") == 0) + { + if (--argc < 1) + badarg = 1; + if (!ctx) + { + BIO_puts(bio_err, + "-param command before -inkey\n"); + badarg = 1; + } + else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) + { + BIO_puts(bio_err, "parameter setting error\n"); + ERR_print_errors(bio_err); + goto end; + } + } else badarg = 1; if(badarg) { diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 06535510ca..07bcb50ad0 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -917,8 +917,11 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 9ca351a53e..7c36395696 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -171,7 +171,8 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, } -int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, char *name, char *value) +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, + const char *name, const char *value) { if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 6a9062b27e..2b03ede5fd 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -192,6 +192,12 @@ struct rsa_st * be used for all exponents. */ +#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_CTRL_RSA_PADDING, \ + pad, NULL) + +#define EVP_PKEY_CTRL_RSA_PADDING 1 + #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 7fe9e52a7d..5401b0544a 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -151,6 +151,52 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen, return 1; } +static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + RSA_PKEY_CTX *rctx = ctx->data; + switch (type) + { + + case EVP_PKEY_CTRL_RSA_PADDING: + /* TODO: add PSS support */ + if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_X931_PADDING)) + { + rctx->pad_mode = p1; + return 1; + } + return 0; + + default: + return -2; + + } + } + +static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { + if (!strcmp(type, "rsa_padding_mode")) + { + int pm; + if (!value) + return 0; + if (!strcmp(value, "pkcs1")) + pm = RSA_PKCS1_PADDING; + else if (!strcmp(value, "sslv23")) + pm = RSA_SSLV23_PADDING; + else if (!strcmp(value, "none")) + pm = RSA_NO_PADDING; + else if (!strcmp(value, "oeap")) + pm = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(value, "x931")) + pm = RSA_X931_PADDING; + else + return -2; + return pkey_rsa_ctrl(ctx, EVP_PKEY_CTRL_RSA_PADDING, pm, NULL); + } + return -2; + } + const EVP_PKEY_METHOD rsa_pkey_meth = { EVP_PKEY_RSA, @@ -179,7 +225,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth = 0, pkey_rsa_decrypt, - 0,0 + pkey_rsa_ctrl, + pkey_rsa_ctrl_str };