Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.

18 files changed, 246 insertions, 24 deletions

diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
index f08e2f8457..9a5aae5299 100644
--- a/src/lib/libcrypto/cms/cms.h
+++ b/src/lib/libcrypto/cms/cms.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.h,v 1.6 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: cms.h,v 1.7 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -58,7 +58,9 @@
 
 #include <openssl/x509.h>
 
+#ifdef OPENSSL_NO_CMS
 #error CMS is disabled.
+#endif
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 8f7a73a481..d4c8b111a8 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -66,6 +66,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -592,6 +595,26 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                             0);
                 }
                 return 1;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0) {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid,
+                            EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
+                            0);
+                }
+                return 1;
+#endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *)arg2 = NID_sha1;
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 567d16e307..dd1c31883e 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -65,6 +65,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -570,6 +573,24 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2)
                         X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
                 }
                 return 1;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0) {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
+                            &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1;
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                }
+                return 1;
+#endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *) arg2 = NID_sha1;
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index 296c1a5ba3..58adce64e7 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.21 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: err_all.c,v 1.22 2015/02/11 04:05:14 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -115,9 +115,6 @@ ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_RSA
         ERR_load_RSA_strings();
 #endif
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
 #ifndef OPENSSL_NO_DH
         ERR_load_DH_strings();
 #endif
@@ -154,6 +151,9 @@ ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
+#ifndef OPENSSL_NO_CMS
+        ERR_load_CMS_strings();
+#endif
 #ifndef OPENSSL_NO_GOST
         ERR_load_GOST_strings();
 #endif
diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c
index fb1d57ad6d..45ddd44e42 100644
--- a/src/lib/libcrypto/gost/gostr341001_ameth.c
+++ b/src/lib/libcrypto/gost/gostr341001_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_ameth.c,v 1.7 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: gostr341001_ameth.c,v 1.8 2015/02/11 04:05:14 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -61,6 +61,9 @@
 #include <openssl/x509.h>
 #include <openssl/gost.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 #include "gost_locl.h"
@@ -653,6 +656,17 @@ pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                 if (arg1 == 0)
                         PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
                 break;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                break;
+
+        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
+                break;
+#endif
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *)arg2 = GostR3410_get_md_digest(digest);
                 return 2;
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
index 89e1ae62cd..0157996a40 100644
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
+++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_pmeth.c,v 1.9 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: gostr341001_pmeth.c,v 1.10 2015/02/11 04:05:14 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -597,6 +597,11 @@ pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         case EVP_PKEY_CTRL_PKCS7_DECRYPT:
         case EVP_PKEY_CTRL_PKCS7_SIGN:
         case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS
+        case EVP_PKEY_CTRL_CMS_ENCRYPT:
+        case EVP_PKEY_CTRL_CMS_DECRYPT:
+        case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
                 return 1;
 
         case EVP_PKEY_CTRL_GOST_PARAMSET:
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 9107e9c225..48768a4467 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.38 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.39 2015/02/11 04:05:14 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -264,6 +264,15 @@ check_pem(const char *nm, const char *name)
             !strcmp(name, PEM_STRING_PKCS7))
                 return 1;
 
+#ifndef OPENSSL_NO_CMS
+        if (!strcmp(nm, PEM_STRING_X509) &&
+            !strcmp(name, PEM_STRING_CMS))
+                return 1;
+        /* Allow CMS to be read from PKCS#7 headers */
+        if (!strcmp(nm, PEM_STRING_PKCS7) &&
+            !strcmp(name, PEM_STRING_CMS))
+                return 1;
+#endif
 
         return 0;
 }
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index a68fcbeb11..528b72b4b9 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.13 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -66,6 +66,9 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -417,6 +420,17 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                 if (arg1 == 0)
                         PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
                 break;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
+                break;
+
+        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
+                break;
+#endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *)arg2 = NID_sha1;
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 6d38a7c923..09166e105b 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -69,6 +69,9 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "evp_locl.h"
 #include "rsa_locl.h"
@@ -459,6 +462,26 @@ bad_pad:
         case EVP_PKEY_CTRL_PKCS7_DECRYPT:
         case EVP_PKEY_CTRL_PKCS7_SIGN:
                 return 1;
+#ifndef OPENSSL_NO_CMS
+        case EVP_PKEY_CTRL_CMS_DECRYPT:
+                {
+                        X509_ALGOR *alg = NULL;
+                        ASN1_OBJECT *encalg = NULL;
+
+                        if (p2)
+                                CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
+                                    NULL, &alg);
+                        if (alg)
+                                X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+                        if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                                rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+                }
+                /* FALLTHROUGH */
+
+        case EVP_PKEY_CTRL_CMS_ENCRYPT:
+        case EVP_PKEY_CTRL_CMS_SIGN:
+                return 1;
+#endif
         case EVP_PKEY_CTRL_PEER_KEY:
                 RSAerr(RSA_F_PKEY_RSA_CTRL,
                     RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
diff --git a/src/lib/libssl/src/crypto/cms/cms.h b/src/lib/libssl/src/crypto/cms/cms.h
index f08e2f8457..9a5aae5299 100644
--- a/src/lib/libssl/src/crypto/cms/cms.h
+++ b/src/lib/libssl/src/crypto/cms/cms.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.h,v 1.6 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: cms.h,v 1.7 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -58,7 +58,9 @@
 
 #include <openssl/x509.h>
 
+#ifdef OPENSSL_NO_CMS
 #error CMS is disabled.
+#endif
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
index 8f7a73a481..d4c8b111a8 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -66,6 +66,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -592,6 +595,26 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                             0);
                 }
                 return 1;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0) {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid,
+                            EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
+                            0);
+                }
+                return 1;
+#endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *)arg2 = NID_sha1;
diff --git a/src/lib/libssl/src/crypto/ec/ec_ameth.c b/src/lib/libssl/src/crypto/ec/ec_ameth.c
index 567d16e307..dd1c31883e 100644
--- a/src/lib/libssl/src/crypto/ec/ec_ameth.c
+++ b/src/lib/libssl/src/crypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -65,6 +65,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -570,6 +573,24 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2)
                         X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
                 }
                 return 1;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0) {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
+                            &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1;
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                }
+                return 1;
+#endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *) arg2 = NID_sha1;
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
index 296c1a5ba3..58adce64e7 100644
--- a/src/lib/libssl/src/crypto/err/err_all.c
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.21 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: err_all.c,v 1.22 2015/02/11 04:05:14 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -115,9 +115,6 @@ ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_RSA
         ERR_load_RSA_strings();
 #endif
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
 #ifndef OPENSSL_NO_DH
         ERR_load_DH_strings();
 #endif
@@ -154,6 +151,9 @@ ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
+#ifndef OPENSSL_NO_CMS
+        ERR_load_CMS_strings();
+#endif
 #ifndef OPENSSL_NO_GOST
         ERR_load_GOST_strings();
 #endif
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c b/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c
index fb1d57ad6d..45ddd44e42 100644
--- a/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c
+++ b/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_ameth.c,v 1.7 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: gostr341001_ameth.c,v 1.8 2015/02/11 04:05:14 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -61,6 +61,9 @@
 #include <openssl/x509.h>
 #include <openssl/gost.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 #include "gost_locl.h"
@@ -653,6 +656,17 @@ pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                 if (arg1 == 0)
                         PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
                 break;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                break;
+
+        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
+                break;
+#endif
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *)arg2 = GostR3410_get_md_digest(digest);
                 return 2;
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
index 89e1ae62cd..0157996a40 100644
--- a/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
+++ b/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_pmeth.c,v 1.9 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: gostr341001_pmeth.c,v 1.10 2015/02/11 04:05:14 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -597,6 +597,11 @@ pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         case EVP_PKEY_CTRL_PKCS7_DECRYPT:
         case EVP_PKEY_CTRL_PKCS7_SIGN:
         case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS
+        case EVP_PKEY_CTRL_CMS_ENCRYPT:
+        case EVP_PKEY_CTRL_CMS_DECRYPT:
+        case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
                 return 1;
 
         case EVP_PKEY_CTRL_GOST_PARAMSET:
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 9107e9c225..48768a4467 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.38 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.39 2015/02/11 04:05:14 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -264,6 +264,15 @@ check_pem(const char *nm, const char *name)
             !strcmp(name, PEM_STRING_PKCS7))
                 return 1;
 
+#ifndef OPENSSL_NO_CMS
+        if (!strcmp(nm, PEM_STRING_X509) &&
+            !strcmp(name, PEM_STRING_CMS))
+                return 1;
+        /* Allow CMS to be read from PKCS#7 headers */
+        if (!strcmp(nm, PEM_STRING_PKCS7) &&
+            !strcmp(name, PEM_STRING_CMS))
+                return 1;
+#endif
 
         return 0;
 }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
index a68fcbeb11..528b72b4b9 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.13 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -66,6 +66,9 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -417,6 +420,17 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                 if (arg1 == 0)
                         PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
                 break;
+#ifndef OPENSSL_NO_CMS
+        case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
+                break;
+
+        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
+                break;
+#endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                 *(int *)arg2 = NID_sha1;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 6d38a7c923..09166e105b 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -69,6 +69,9 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "evp_locl.h"
 #include "rsa_locl.h"
@@ -459,6 +462,26 @@ bad_pad:
         case EVP_PKEY_CTRL_PKCS7_DECRYPT:
         case EVP_PKEY_CTRL_PKCS7_SIGN:
                 return 1;
+#ifndef OPENSSL_NO_CMS
+        case EVP_PKEY_CTRL_CMS_DECRYPT:
+                {
+                        X509_ALGOR *alg = NULL;
+                        ASN1_OBJECT *encalg = NULL;
+
+                        if (p2)
+                                CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
+                                    NULL, &alg);
+                        if (alg)
+                                X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+                        if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                                rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+                }
+                /* FALLTHROUGH */
+
+        case EVP_PKEY_CTRL_CMS_ENCRYPT:
+        case EVP_PKEY_CTRL_CMS_SIGN:
+                return 1;
+#endif
         case EVP_PKEY_CTRL_PEER_KEY:
                 RSAerr(RSA_F_PKEY_RSA_CTRL,
                     RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);