Re: [openssl-users] Some S/MIME CMS encrypted messages produce invalid key length when using the debug_decrypt option

2017-05-11 Thread Harakiri via openssl-users 
The message is first signed then encrypted. Commands are as follows



/usr/bin/openssl cms -encrypt -aes128 -in /tmp/OpenSSL5294490400891792656.eml 
-out /tmp/OpenSSL3519826551660167644.eml -subject 'subject' -from 
sen...@sender.com -to recipi...@recipient.com,recipie...@recipient.com  -recip 
cert1.pem -recip cert2.pem -keyopt rsa_padding_mode:oaepI maybe could provide a 
problematic e-mail including private keys - off the list - due privacy concerns 
to investigate - would that be acceptable ? If so - what e-mail address can i 
sent it to

  From: Dr. Stephen Henson 
 To: Harakiri ; openssl-users@openssl.org 
 Sent: Tuesday, May 9, 2017 1:04 AM
 Subject: Re: [openssl-users] Some S/MIME CMS encrypted messages produce 
invalid key length when using the debug_decrypt option
  
On Mon, May 08, 2017, Harakiri via openssl-users wrote:

> Im using the cmd client openssl cms -decrypt with the "debug_decrypt" option 
> to have the same behaviour as before the bleichenbach security patch to use 
> decryption without recipient public keys.
> For some reason, some messages will produce the following error on OpenSSL 
> 1.0.2d and even OpenSSL 1.0.2k
> Error decrypting CMS structure6828:error:0607A082:digital envelope 
> routines:EVP_CIPHER_CTX_set_key_length:invalid key 
> length:evp_enc.c:593:6828:error:2E078076:CMS 
> routines:cms_EncryptedContent_init_bio:invalid key length:cms_enc.c:163:
> Calling cms -decrypt without the debug_decrypt option produces no error.
> What is weird, is that its always basically the same source e-mail encrypted 
> using openssl cms with aes-128-cbc and rsaesOaep and sometimes the resulting 
> messagewill produce this error and other times it works.
> 
> 

That's odd. What command line are you using to create the messages?

Would it be possible to create a test case that reproduces this error?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


   

   -- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Jakob Bohm 

(keeping TOFU style to keep thread consistent).

You can also just use the cipher-list configuration option string
that an OpenSSL 1.0.x should allow passing to OpenSSL.

On 11/05/2017 22:17, Scott Neugroschl wrote:


So if I’m using 1.0.2, and want to deprecate 3DES, I need to do that 
as part of my build?


*From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On 
Behalf Of *Scott Neugroschl

*Sent:* Thursday, May 11, 2017 11:13 AM
*To:* openssl-users@openssl.org
*Subject:* Re: [openssl-users] Dumb question about DES

OK.  Are the 3DES CBC ciphers still part of DEFAULT?

*From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On 
Behalf Of *Benjamin Kaduk via openssl-users

*Sent:* Thursday, May 11, 2017 9:18 AM
*To:* openssl-users@openssl.org 
*Subject:* Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it 
away ... well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are 
included in the "40 and 56 bit cipher support removed from libssl" 
item in the release notes), though the raw crypto primitives remain in 
libcrypto.


-Ben

On 05/11/2017 11:07 AM, Scott Neugroschl wrote:

Has DES been deprecated in OpenSSL?  If so, what release?  In
particular the following ciphers

  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Benjamin Kaduk via openssl-users 
On 05/11/2017 03:17 PM, Scott Neugroschl wrote:
>
> So if I’m using 1.0.2, and want to deprecate 3DES, I need to do that
> as part of my build?
>
>

Yes.

-Ben
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Scott Neugroschl 
So if I'm using 1.0.2, and want to deprecate 3DES, I need to do that as part of 
my build?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Scott Neugroschl
Sent: Thursday, May 11, 2017 11:13 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dumb question about DES

OK.  Are the 3DES CBC ciphers still part of DEFAULT?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Benjamin Kaduk via openssl-users
Sent: Thursday, May 11, 2017 9:18 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it away ... 
well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are included in the 
"40 and 56 bit cipher support removed from libssl" item in the release notes), 
though the raw crypto primitives remain in libcrypto.

-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL?  If so, what release?  In particular the 
following ciphers


  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Jeffrey Walton 
On Thu, May 11, 2017 at 2:13 PM, Scott Neugroschl  wrote:
> OK.  Are the 3DES CBC ciphers still part of DEFAULT?

>From OpenSSL 1.0.1t:

$ openssl ciphers "DEFAULT"
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SH
A:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-D
SS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DS
S-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-S
HA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM
-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA
:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA2
56-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GC
M-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128
-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA
:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DH
E-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128
-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAME
LLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RS
A-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES
128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA
:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:
ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE
-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3
DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3
-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Viktor Dukhovni 

> On May 11, 2017, at 2:13 PM, Scott Neugroschl  wrote:
> 
> OK.  Are the 3DES CBC ciphers still part of DEFAULT?

Normal builds of OpenSSL 1.1.0 disable the TLS 3DES ciphersuites at
compile time.  To make use of 3DES in TLS you need to configure your
OpenSSL 1.1.0 build with the "enable-weak-ssl-ciphers" option.

-- 
-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Benjamin Kaduk via openssl-users 
The triple-DES ciphers are not part of DEFAULT in 1.1.0e(what I happened
to check).
Though, the specific list of ciphers there does not quite match with
your list below, so you should double-check if necessary.

-Ben

On 05/11/2017 01:13 PM, Scott Neugroschl wrote:
>
> OK.  Are the 3DES CBC ciphers still part of DEFAULT?
>
>  
>
> *From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On
> Behalf Of *Benjamin Kaduk via openssl-users
> *Sent:* Thursday, May 11, 2017 9:18 AM
> *To:* openssl-users@openssl.org
> *Subject:* Re: [openssl-users] Dumb question about DES
>
>  
>
> Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it
> away ... well, not exactly.)
> The single-DES ciphers were removed in release 1.1.0 (they are
> included in the "40 and 56 bit cipher support removed from libssl"
> item in the release notes), though the raw crypto primitives remain in
> libcrypto.
>
> -Ben
>
> On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
>
> Has DES been deprecated in OpenSSL?  If so, what release?  In
> particular the following ciphers
>
>  
>
>   0.19 EDH-DSS-DES-CBC3-SHA
>
>   0.22 EDH-RSA-DES-CBC3-SHA
>
> 192.13 ECDH-RSA-DES-CBC3-SHA
>
> 192.3  ECDH-ECDSA-DES-CBC3-SHA
>
> 192.18 ECDHE-RSA-DES-CBC3-SHA
>
> 192.8  ECDHE-ECDSA-DES-CBC3-SHA
>
>  
>
>  
>
>  
>
> ---
>
> Scott Neugroschl | XYPRO Technology Corporation
>
> 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone
> 805 583-2874|Fax 805 583-0124 |
>
>  
>
>  
>
>
>
>  
>
>
>

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Scott Neugroschl 
OK.  Are the 3DES CBC ciphers still part of DEFAULT?

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Benjamin Kaduk via openssl-users
Sent: Thursday, May 11, 2017 9:18 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it away ... 
well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are included in the 
"40 and 56 bit cipher support removed from libssl" item in the release notes), 
though the raw crypto primitives remain in libcrypto.

-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL?  If so, what release?  In particular the 
following ciphers


  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |





-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Benjamin Kaduk via openssl-users 
Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it away
... well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are included
in the "40 and 56 bit cipher support removed from libssl" item in the
release notes), though the raw crypto primitives remain in libcrypto.

-Ben

On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
>
> Has DES been deprecated in OpenSSL?  If so, what release?  In
> particular the following ciphers
>
>  
>
>   0.19 EDH-DSS-DES-CBC3-SHA
>
>   0.22 EDH-RSA-DES-CBC3-SHA
>
> 192.13 ECDH-RSA-DES-CBC3-SHA
>
> 192.3  ECDH-ECDSA-DES-CBC3-SHA
>
> 192.18 ECDHE-RSA-DES-CBC3-SHA
>
> 192.8  ECDHE-ECDSA-DES-CBC3-SHA
>
>  
>
>  
>
>  
>
> ---
>
> Scott Neugroschl | XYPRO Technology Corporation
>
> 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
> 583-2874|Fax 805 583-0124 |
>
>  
>
>  
>
>
>

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Dumb question about DES

2017-05-11 Thread Scott Neugroschl 
Has DES been deprecated in OpenSSL?  If so, what release?  In particular the 
following ciphers


  0.19 EDH-DSS-DES-CBC3-SHA

  0.22 EDH-RSA-DES-CBC3-SHA

192.13 ECDH-RSA-DES-CBC3-SHA

192.3  ECDH-ECDSA-DES-CBC3-SHA

192.18 ECDHE-RSA-DES-CBC3-SHA

192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 
583-2874|Fax 805 583-0124 |


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RSA_PKCS1_OAEP_PADDING

2017-05-11 Thread Dr. Stephen Henson 
On Thu, May 11, 2017, RudyAC wrote:

> Hello,
> 
> I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the
> library openssl-1.0.2k and encrypt with CMS container. The following
> function describes my method. My problem is that I'm not sure if this method
> really uses the RSA-OAEP padding.
> 
> bool
> smime_encrypt_cms(const std::string& infile, const std::string& outfile)
> {
> boolbResult = false;
> const char* inmode = "r";
> const char* outmode = "w";
> const EVP_CIPHER*   cipher = NULL;
> 
> 
> STACK_OF(X509)* encerts = NULL;
> BIO*in = NULL;
> BIO*out = NULL;
> BIO*bio_err = NULL;
> int flags = 0;
> 
>   X509 *recip;
>   int i = 0;
>   unsigned char *oaep_label = NULL;
>   int oaep_label_l = 0;
>   int nflags = CMS_PARTIAL | CMS_KEY_PARAM;
>   CMS_ContentInfo* cms = CMS_encrypt(NULL, NULL, cipher, nflags);
>   EVP_PKEY_CTX* wrap_ctx = NULL;
> 
> KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () started" );
> 
> cipher = get_cipher();
> SMTPD_RAND_load_file ( NULL , bio_err , 0 );
> 
> encerts = sk_X509_new_null();
> 
> FOR_CONST_IT(EmailAndCertList, itRecip, _m_recipCertsList)
> {
> SMIME_key_list recip_encerts = (*itRecip)->smime_enc();
> 
> FOR_CONST_IT(SMIME_key_list, iter, recip_encerts)
> {
> sk_X509_push( encerts, (*iter).dup_cert());
> }
> }
> 
> 
> if ( ! ( in = BIO_new_file ( infile.c_str() , inmode ))) {
> KWlog_appl ( EV_E_APPL_INFO , "Can't open input file %s",
> infile.c_str() );
> _error_messages.push_back("Internal Error");
> goto exit;
> }
> 
> if ( ! ( out = BIO_new_file ( outfile.c_str() , outmode ))) {
> KWlog_appl ( EV_E_APPL_INFO , "Can't open output file %s",
> outfile.c_str() );
> _error_messages.push_back("Internal Error");
> goto exit;
> }
> 
> for (i = 0; i < sk_X509_num(encerts); i++) {
> 
>   CMS_RecipientInfo* r_info;
> 
>   recip = sk_X509_value(encerts, i);
>   r_info = CMS_add1_recipient_cert(cms, recip, nflags);
>   if (!r_info) {
>   KWlog_appl(EV_E_APPL_INFO,
>   "smime_encrypt_cms(): Error 
> while adding recipient certs to CMS info
> structure");
>   return false;
>   }
>   wrap_ctx = CMS_RecipientInfo_get0_pkey_ctx(r_info);
>   KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () Set OAEP Padding");
>   EVP_PKEY_CTX_set_rsa_padding(wrap_ctx, RSA_PKCS1_OAEP_PADDING);
>   EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
>   EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
>   EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, 
> oaep_label_l);
>   }
> 
>CMS_final(cms, in, NULL, nflags);
> 
> /* encrypt content */
> cms = CMS_encrypt(encerts, in, cipher, flags);
> 
> 
> if( ! cms ) {
> KWlog ( EV_E_APPL_INFO , "Error creating CMS structure");
> KWlog_SSL ;
> _error_messages.push_back("Internal Error");
> goto exit;
> }
> 
> flags |= SMIME_OLDMIME;
> 
> /* Write out S/MIME message */
> if (!SMIME_write_CMS(out, cms, in, flags))
>   goto exit;
> 
> bResult = true;
> 
>  exit:
> SMTPD_RAND_write_file (NULL, bio_err);
> sk_X509_pop_free(encerts, X509_free);
> if (cms)
>   CMS_ContentInfo_free(cms);
> BIO_free(in);
> BIO_free_all(out);
> 
> KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () finished" );
> return ( bResult );
> }
> 
> When using this function to encrypt an e-mail Thunderbird can decrypt the
> message. But is RSA-OAEP padding really used or is the default padding still
> used? How can I check this?
> 
> For comments I would be very grateful
> 

You can try printing out all the fields of the message with:

openssl cms -cmsout -noout -print

Near the top you should see: 

keyEncryptionAlgorithm: 
  algorithm: rsaesOaep (1.2.840.113549.1.1.7)

while the default padding give:

keyEncryptionAlgorithm: 
  algorithm: rsaEncryption (1.2.840.113549.1.1.1)

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] RSA_PKCS1_OAEP_PADDING

2017-05-11 Thread RudyAC 
Hello,

I have the requirement to encrypt e-mails using RSA-OAEP padding. I use the
library openssl-1.0.2k and encrypt with CMS container. The following
function describes my method. My problem is that I'm not sure if this method
really uses the RSA-OAEP padding.

bool
smime_encrypt_cms(const std::string& infile, const std::string& outfile)
{
boolbResult = false;
const char* inmode = "r";
const char* outmode = "w";
const EVP_CIPHER*   cipher = NULL;


STACK_OF(X509)* encerts = NULL;
BIO*in = NULL;
BIO*out = NULL;
BIO*bio_err = NULL;
int flags = 0;

X509 *recip;
int i = 0;
unsigned char *oaep_label = NULL;
int oaep_label_l = 0;
int nflags = CMS_PARTIAL | CMS_KEY_PARAM;
CMS_ContentInfo* cms = CMS_encrypt(NULL, NULL, cipher, nflags);
EVP_PKEY_CTX* wrap_ctx = NULL;

KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () started" );

cipher = get_cipher();
SMTPD_RAND_load_file ( NULL , bio_err , 0 );

encerts = sk_X509_new_null();

FOR_CONST_IT(EmailAndCertList, itRecip, _m_recipCertsList)
{
SMIME_key_list recip_encerts = (*itRecip)->smime_enc();

FOR_CONST_IT(SMIME_key_list, iter, recip_encerts)
{
sk_X509_push( encerts, (*iter).dup_cert());
}
}


if ( ! ( in = BIO_new_file ( infile.c_str() , inmode ))) {
KWlog_appl ( EV_E_APPL_INFO , "Can't open input file %s",
infile.c_str() );
_error_messages.push_back("Internal Error");
goto exit;
}

if ( ! ( out = BIO_new_file ( outfile.c_str() , outmode ))) {
KWlog_appl ( EV_E_APPL_INFO , "Can't open output file %s",
outfile.c_str() );
_error_messages.push_back("Internal Error");
goto exit;
}

for (i = 0; i < sk_X509_num(encerts); i++) {

CMS_RecipientInfo* r_info;

recip = sk_X509_value(encerts, i);
r_info = CMS_add1_recipient_cert(cms, recip, nflags);
if (!r_info) {
KWlog_appl(EV_E_APPL_INFO,
"smime_encrypt_cms(): Error 
while adding recipient certs to CMS info
structure");
return false;
}
wrap_ctx = CMS_RecipientInfo_get0_pkey_ctx(r_info);
KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () Set OAEP Padding");
EVP_PKEY_CTX_set_rsa_padding(wrap_ctx, RSA_PKCS1_OAEP_PADDING);
EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, 
oaep_label_l);
}

   CMS_final(cms, in, NULL, nflags);

/* encrypt content */
cms = CMS_encrypt(encerts, in, cipher, flags);


if( ! cms ) {
KWlog ( EV_E_APPL_INFO , "Error creating CMS structure");
KWlog_SSL ;
_error_messages.push_back("Internal Error");
goto exit;
}

flags |= SMIME_OLDMIME;

/* Write out S/MIME message */
if (!SMIME_write_CMS(out, cms, in, flags))
goto exit;

bResult = true;

 exit:
SMTPD_RAND_write_file (NULL, bio_err);
sk_X509_pop_free(encerts, X509_free);
if (cms)
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free_all(out);

KWlog ( EV_D_APPL_14 , "smime_encrypt_cms () finished" );
return ( bResult );
}

When using this function to encrypt an e-mail Thunderbird can decrypt the
message. But is RSA-OAEP padding really used or is the default padding still
used? How can I check this?

For comments I would be very grateful

Regards Rudy





--
View this message in context: 
http://openssl.6102.n7.nabble.com/RSA-PKCS1-OAEP-PADDING-tp70741.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users