This commit was generated by cvs2git to track changes on a CVS vendor

branch.
author: djm <> 2012-10-13 21:23:50 +0000
committer: djm <> 2012-10-13 21:23:50 +0000
commit: d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df (patch)
tree: 10ebe51c3542099b0ab8325d8f322372375dc3b4 /src/lib/libcrypto/rsa/rsa_pmeth.c
parent: bc685bd401e5657f7fb51b4e1a62a7a5c5ea4098 (diff)
parent: 228cae30b117c2493f69ad3c195341cd6ec8d430 (diff)
download: openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.gz
openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.bz2
openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.zip
1 files changed, 145 insertions, 9 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index c6892ecd09..5b2ecf56ad 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -63,6 +63,12 @@
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
@@ -79,6 +85,8 @@ typedef struct
        int pad_mode;
        /* message digest */
        const EVP_MD *md;
+        /* message digest for MGF1 */
+        const EVP_MD *mgf1md;
        /* PSS/OAEP salt length */
        int saltlen;
        /* Temp buffer */
@@ -95,6 +103,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
        rctx->pub_exp = NULL;
        rctx->pad_mode = RSA_PKCS1_PADDING;
        rctx->md = NULL;
+        rctx->mgf1md = NULL;
        rctx->tbuf = NULL;
        rctx->saltlen = -2;
@@ -147,6 +156,31 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                OPENSSL_free(rctx);
                }
        }
+#ifdef OPENSSL_FIPS
+/* FIP checker. Return value indicates status of context parameters:
+ * 1  : redirect to FIPS.
+ * 0  : don't redirect to FIPS.
+ * -1 : illegal operation in FIPS mode.
+ */
+static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        RSA *rsa = ctx->pkey->pkey.rsa;
+        int rv = -1;
+        if (!FIPS_mode())
+                return 0;
+        if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+                rv = 0;
+        if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
+                return -1;
+        if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
+                return rv;
+        if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
+                return rv;
+        return 1;
+        }
+#endif
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        const unsigned char *tbs, size_t tbslen)
@@ -155,6 +189,15 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
+#ifdef OPENSSL_FIPS
+        ret = pkey_fips_check_ctx(ctx);
+        if (ret < 0)
+                {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return -1;
+                }
+#endif
        if (rctx->md)
                {
                if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -163,7 +206,36 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        RSA_R_INVALID_DIGEST_LENGTH);
                        return -1;
                        }
-                if (rctx->pad_mode == RSA_X931_PADDING)
+#ifdef OPENSSL_FIPS
+                if (ret > 0)
+                        {
+                        unsigned int slen;
+                        ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
+                                                        rctx->pad_mode,
+                                                        rctx->saltlen,
+                                                        rctx->mgf1md,
+                                                        sig, &slen);
+                        if (ret > 0)
+                                *siglen = slen;
+                        else
+                                *siglen = 0;
+                        return ret;
+                        }
+#endif
+                if (EVP_MD_type(rctx->md) == NID_mdc2)
+                        {
+                        unsigned int sltmp;
+                        if (rctx->pad_mode != RSA_PKCS1_PADDING)
+                                return -1;
+                        ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
+                                                tbs, tbslen, sig, &sltmp, rsa);
+                        if (ret <= 0)
+                                return ret;
+                        ret = sltmp;
+                        }
+                else if (rctx->pad_mode == RSA_X931_PADDING)
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;
@@ -186,8 +258,10 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;
-                        if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
+                        if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
-                                                rctx->md, rctx->saltlen))
+                                                rctx->tbuf, tbs,
+                                                rctx->md, rctx->mgf1md,
+                                                rctx->saltlen))
                                return -1;
                        ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
                                                sig, rsa, RSA_NO_PADDING);
@@ -269,8 +343,30 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
        size_t rslen;
+#ifdef OPENSSL_FIPS
+        int rv;
+        rv = pkey_fips_check_ctx(ctx);
+        if (rv < 0)
+                {
+                RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return -1;
+                }
+#endif
        if (rctx->md)
                {
+#ifdef OPENSSL_FIPS
+                if (rv > 0)
+                        {
+                        return FIPS_rsa_verify_digest(rsa,
+                                                        tbs, tbslen,
+                                                        rctx->md,
+                                                        rctx->pad_mode,
+                                                        rctx->saltlen,
+                                                        rctx->mgf1md,
+                                                        sig, siglen);
+                                                        
+                        }
+#endif
                if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                        sig, siglen, rsa);
@@ -289,7 +385,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
                                                        rsa, RSA_NO_PADDING);
                        if (ret <= 0)
                                return 0;
-                        ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+                        ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
+                                                rctx->md, rctx->mgf1md,
                                                rctx->tbuf, rctx->saltlen);
                        if (ret <= 0)
                                return 0;
@@ -403,15 +500,25 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                                RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
                return -2;
+                case EVP_PKEY_CTRL_GET_RSA_PADDING:
+                *(int *)p2 = rctx->pad_mode;
+                return 1;
                case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
-                if (p1 < -2)
+                case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
-                        return -2;
                if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
                        {
                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
                        return -2;
                        }
-                rctx->saltlen = p1;
+                if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
+                        *(int *)p2 = rctx->saltlen;
+                else
+                        {
+                        if (p1 < -2)
+                                return -2;
+                        rctx->saltlen = p1;
+                        }
                return 1;
                case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
@@ -435,16 +542,45 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                rctx->md = p2;
                return 1;
+                case EVP_PKEY_CTRL_RSA_MGF1_MD:
+                case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
+                if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
+                        return -2;
+                        }
+                if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
+                        {
+                        if (rctx->mgf1md)
+                                *(const EVP_MD **)p2 = rctx->mgf1md;
+                        else
+                                *(const EVP_MD **)p2 = rctx->md;
+                        }
+                else
+                        rctx->mgf1md = p2;
+                return 1;
                case EVP_PKEY_CTRL_DIGESTINIT:
                case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
                case EVP_PKEY_CTRL_PKCS7_DECRYPT:
                case EVP_PKEY_CTRL_PKCS7_SIGN:
+                return 1;
 #ifndef OPENSSL_NO_CMS
-                case EVP_PKEY_CTRL_CMS_ENCRYPT:
                case EVP_PKEY_CTRL_CMS_DECRYPT:
+                {
+                X509_ALGOR *alg = NULL;
+                ASN1_OBJECT *encalg = NULL;
+                if (p2)
+                        CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
+                if (alg)
+                        X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+                if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                        rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+                }
+                case EVP_PKEY_CTRL_CMS_ENCRYPT:
                case EVP_PKEY_CTRL_CMS_SIGN:
-#endif
                return 1;
+#endif
                case EVP_PKEY_CTRL_PEER_KEY:
                        RSAerr(RSA_F_PKEY_RSA_CTRL,
                        RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
author	djm <>	2012-10-13 21:23:50 +0000
committer	djm <>	2012-10-13 21:23:50 +0000
commit	d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df (patch)
tree	10ebe51c3542099b0ab8325d8f322372375dc3b4 /src/lib/libcrypto/rsa/rsa_pmeth.c
parent	bc685bd401e5657f7fb51b4e1a62a7a5c5ea4098 (diff)
parent	228cae30b117c2493f69ad3c195341cd6ec8d430 (diff)
download	openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.gz openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.tar.bz2 openbsd-d56dbc3c72494d4b68c03f5bcc3ae1f9df7b17df.zip

diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c index c6892ecd09..5b2ecf56ad 100644 --- a/src/lib/libcrypto/rsa/rsa_pmeth.c +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -63,6 +63,12 @@
63	#include <openssl/rsa.h>	63	#include <openssl/rsa.h>
64	#include <openssl/bn.h>	64	#include <openssl/bn.h>
65	#include <openssl/evp.h>	65	#include <openssl/evp.h>
		66	#ifndef OPENSSL_NO_CMS
		67	#include <openssl/cms.h>
		68	#endif
		69	#ifdef OPENSSL_FIPS
		70	#include <openssl/fips.h>
		71	#endif
66	#include "evp_locl.h"	72	#include "evp_locl.h"
67	#include "rsa_locl.h"	73	#include "rsa_locl.h"
68		74
@@ -79,6 +85,8 @@ typedef struct
79	int pad_mode;	85	int pad_mode;
80	/* message digest */	86	/* message digest */
81	const EVP_MD *md;	87	const EVP_MD *md;
		88	/* message digest for MGF1 */
		89	const EVP_MD *mgf1md;
82	/* PSS/OAEP salt length */	90	/* PSS/OAEP salt length */
83	int saltlen;	91	int saltlen;
84	/* Temp buffer */	92	/* Temp buffer */
@@ -95,6 +103,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
95	rctx->pub_exp = NULL;	103	rctx->pub_exp = NULL;
96	rctx->pad_mode = RSA_PKCS1_PADDING;	104	rctx->pad_mode = RSA_PKCS1_PADDING;
97	rctx->md = NULL;	105	rctx->md = NULL;
		106	rctx->mgf1md = NULL;
98	rctx->tbuf = NULL;	107	rctx->tbuf = NULL;
99		108
100	rctx->saltlen = -2;	109	rctx->saltlen = -2;
@@ -147,6 +156,31 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
147	OPENSSL_free(rctx);	156	OPENSSL_free(rctx);
148	}	157	}
149	}	158	}
		159	#ifdef OPENSSL_FIPS
		160	/* FIP checker. Return value indicates status of context parameters:
		161	* 1 : redirect to FIPS.
		162	* 0 : don't redirect to FIPS.
		163	* -1 : illegal operation in FIPS mode.
		164	*/
		165
		166	static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
		167	{
		168	RSA_PKEY_CTX *rctx = ctx->data;
		169	RSA *rsa = ctx->pkey->pkey.rsa;
		170	int rv = -1;
		171	if (!FIPS_mode())
		172	return 0;
		173	if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
		174	rv = 0;
		175	if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
		176	return -1;
		177	if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
		178	return rv;
		179	if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
		180	return rv;
		181	return 1;
		182	}
		183	#endif
150		184
151	static int pkey_rsa_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,	185	static int pkey_rsa_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,
152	const unsigned char *tbs, size_t tbslen)	186	const unsigned char *tbs, size_t tbslen)
@@ -155,6 +189,15 @@ static int pkey_rsa_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,
155	RSA_PKEY_CTX *rctx = ctx->data;	189	RSA_PKEY_CTX *rctx = ctx->data;
156	RSA *rsa = ctx->pkey->pkey.rsa;	190	RSA *rsa = ctx->pkey->pkey.rsa;
157		191
		192	#ifdef OPENSSL_FIPS
		193	ret = pkey_fips_check_ctx(ctx);
		194	if (ret < 0)
		195	{
		196	RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		197	return -1;
		198	}
		199	#endif
		200
158	if (rctx->md)	201	if (rctx->md)
159	{	202	{
160	if (tbslen != (size_t)EVP_MD_size(rctx->md))	203	if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -163,7 +206,36 @@ static int pkey_rsa_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,
163	RSA_R_INVALID_DIGEST_LENGTH);	206	RSA_R_INVALID_DIGEST_LENGTH);
164	return -1;	207	return -1;
165	}	208	}
166	if (rctx->pad_mode == RSA_X931_PADDING)	209	#ifdef OPENSSL_FIPS
		210	if (ret > 0)
		211	{
		212	unsigned int slen;
		213	ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
		214	rctx->pad_mode,
		215	rctx->saltlen,
		216	rctx->mgf1md,
		217	sig, &slen);
		218	if (ret > 0)
		219	*siglen = slen;
		220	else
		221	*siglen = 0;
		222	return ret;
		223	}
		224	#endif
		225
		226	if (EVP_MD_type(rctx->md) == NID_mdc2)
		227	{
		228	unsigned int sltmp;
		229	if (rctx->pad_mode != RSA_PKCS1_PADDING)
		230	return -1;
		231	ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
		232	tbs, tbslen, sig, &sltmp, rsa);
		233
		234	if (ret <= 0)
		235	return ret;
		236	ret = sltmp;
		237	}
		238	else if (rctx->pad_mode == RSA_X931_PADDING)
167	{	239	{
168	if (!setup_tbuf(rctx, ctx))	240	if (!setup_tbuf(rctx, ctx))
169	return -1;	241	return -1;
@@ -186,8 +258,10 @@ static int pkey_rsa_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,
186	{	258	{
187	if (!setup_tbuf(rctx, ctx))	259	if (!setup_tbuf(rctx, ctx))
188	return -1;	260	return -1;
189	if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,	261	if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
190	rctx->md, rctx->saltlen))	262	rctx->tbuf, tbs,
		263	rctx->md, rctx->mgf1md,
		264	rctx->saltlen))
191	return -1;	265	return -1;
192	ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,	266	ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
193	sig, rsa, RSA_NO_PADDING);	267	sig, rsa, RSA_NO_PADDING);
@@ -269,8 +343,30 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
269	RSA_PKEY_CTX *rctx = ctx->data;	343	RSA_PKEY_CTX *rctx = ctx->data;
270	RSA *rsa = ctx->pkey->pkey.rsa;	344	RSA *rsa = ctx->pkey->pkey.rsa;
271	size_t rslen;	345	size_t rslen;
		346	#ifdef OPENSSL_FIPS
		347	int rv;
		348	rv = pkey_fips_check_ctx(ctx);
		349	if (rv < 0)
		350	{
		351	RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		352	return -1;
		353	}
		354	#endif
272	if (rctx->md)	355	if (rctx->md)
273	{	356	{
		357	#ifdef OPENSSL_FIPS
		358	if (rv > 0)
		359	{
		360	return FIPS_rsa_verify_digest(rsa,
		361	tbs, tbslen,
		362	rctx->md,
		363	rctx->pad_mode,
		364	rctx->saltlen,
		365	rctx->mgf1md,
		366	sig, siglen);
		367
		368	}
		369	#endif
274	if (rctx->pad_mode == RSA_PKCS1_PADDING)	370	if (rctx->pad_mode == RSA_PKCS1_PADDING)
275	return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,	371	return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
276	sig, siglen, rsa);	372	sig, siglen, rsa);
@@ -289,7 +385,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
289	rsa, RSA_NO_PADDING);	385	rsa, RSA_NO_PADDING);
290	if (ret <= 0)	386	if (ret <= 0)
291	return 0;	387	return 0;
292	ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,	388	ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
		389	rctx->md, rctx->mgf1md,
293	rctx->tbuf, rctx->saltlen);	390	rctx->tbuf, rctx->saltlen);
294	if (ret <= 0)	391	if (ret <= 0)
295	return 0;	392	return 0;
@@ -403,15 +500,25 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
403	RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);	500	RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
404	return -2;	501	return -2;
405		502
		503	case EVP_PKEY_CTRL_GET_RSA_PADDING:
		504	(int )p2 = rctx->pad_mode;
		505	return 1;
		506
406	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:	507	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
407	if (p1 < -2)	508	case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
408	return -2;
409	if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)	509	if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
410	{	510	{
411	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);	511	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
412	return -2;	512	return -2;
413	}	513	}
414	rctx->saltlen = p1;	514	if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
		515	(int )p2 = rctx->saltlen;
		516	else
		517	{
		518	if (p1 < -2)
		519	return -2;
		520	rctx->saltlen = p1;
		521	}
415	return 1;	522	return 1;
416		523
417	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:	524	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
@@ -435,16 +542,45 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
435	rctx->md = p2;	542	rctx->md = p2;
436	return 1;	543	return 1;
437		544
		545	case EVP_PKEY_CTRL_RSA_MGF1_MD:
		546	case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
		547	if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
		548	{
		549	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
		550	return -2;
		551	}
		552	if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
		553	{
		554	if (rctx->mgf1md)
		555	(const EVP_MD *)p2 = rctx->mgf1md;
		556	else
		557	(const EVP_MD *)p2 = rctx->md;
		558	}
		559	else
		560	rctx->mgf1md = p2;
		561	return 1;
		562
438	case EVP_PKEY_CTRL_DIGESTINIT:	563	case EVP_PKEY_CTRL_DIGESTINIT:
439	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:	564	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
440	case EVP_PKEY_CTRL_PKCS7_DECRYPT:	565	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
441	case EVP_PKEY_CTRL_PKCS7_SIGN:	566	case EVP_PKEY_CTRL_PKCS7_SIGN:
		567	return 1;
442	#ifndef OPENSSL_NO_CMS	568	#ifndef OPENSSL_NO_CMS
443	case EVP_PKEY_CTRL_CMS_ENCRYPT:
444	case EVP_PKEY_CTRL_CMS_DECRYPT:	569	case EVP_PKEY_CTRL_CMS_DECRYPT:
		570	{
		571	X509_ALGOR *alg = NULL;
		572	ASN1_OBJECT *encalg = NULL;
		573	if (p2)
		574	CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
		575	if (alg)
		576	X509_ALGOR_get0(&encalg, NULL, NULL, alg);
		577	if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
		578	rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
		579	}
		580	case EVP_PKEY_CTRL_CMS_ENCRYPT:
445	case EVP_PKEY_CTRL_CMS_SIGN:	581	case EVP_PKEY_CTRL_CMS_SIGN:
446	#endif
447	return 1;	582	return 1;
		583	#endif
448	case EVP_PKEY_CTRL_PEER_KEY:	584	case EVP_PKEY_CTRL_PEER_KEY:
449	RSAerr(RSA_F_PKEY_RSA_CTRL,	585	RSAerr(RSA_F_PKEY_RSA_CTRL,
450	RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);	586	RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);