From 58112dff656dcb6644e912bdee4c64a5ed3f63ee Mon Sep 17 00:00:00 2001
From: Sunil Dhayal <53350866+sunil-dhayal@users.noreply.github.com>
Date: Fri, 15 Dec 2023 17:05:31 +0530
Subject: [PATCH] =?UTF-8?q?lib/openssl/rsaes.c:=20Fix=20issue=20where=20`j?=
 =?UTF-8?q?ose=5Fhook=5Falg=5Ffind`=20failed=20to=20find=20the=20=E2=80=A6?=
 =?UTF-8?q?=20=E2=80=A6existance=20of=20RSA=5FOAEP=20algorithm?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After upgrading to  openssl 3.x, decryption of cipher started failing
with error `decryption algorithm not found, could not decode key`.

After investigation it was found that before openssl 3.x,
EVP_PKEY_CTX_set_rsa_oaep_md used to be a MACRO but with
openssl 3.x, it became a function.

To fix this, modify the check for MACRO to make it work with
openssl version 3.x or higher.

'''
Without this patch, algorithms listed by `jose_hook_alg_find`
function:
PS512, PS384, PS256, RS512, RS384, RS256, HS512, HS384, HS256,
S1, S224, S256, S384, S512, ES512, ES384, ES256, ECMR, ECDH, A256GCM,
A192GCM, A128GCM, A256CBC-HS512, A192CBC-HS384, A128CBC-HS256, DEF

After appling this patch algorithms listed by `jose_hook_alg_find`
function:
PS512, PS384, PS256, RS512, RS384, RS256, PS512, PS384, PS256,
RS512, RS384, RS256, RSA-OAEP-512, RSA-OAEP-384, RSA-OAEP-256,
RSA-OAEP-224, RSA-OAEP, RSA1_5, PBES2-HS512+A256KW, PBES2-HS384+A192KW,
PBES2-HS256+A128KW, HS512, HS384, HS256, S1, S224, S256, S384, S512,
ES512, ES384, ES256, ECMR, ECDH-ES+A256KW, ECDH-ES+A192KW, ECDH-ES+A128KW,
ECDH-ES, ECDH, dir, A256KW, A192KW, A128KW, A256GCMKW, A192GCMKW, A128GCMKW
'''

Signed-off-by: sunil-dhayal <sunildhayal3001@gmail.com>
---
 lib/openssl/rsaes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/openssl/rsaes.c b/lib/openssl/rsaes.c
index f2bc4141..932538b5 100644
--- a/lib/openssl/rsaes.c
+++ b/lib/openssl/rsaes.c
@@ -25,7 +25,7 @@
 
 #include <string.h>
 
-#ifdef EVP_PKEY_CTX_set_rsa_oaep_md
+#if defined (EVP_PKEY_CTX_set_rsa_oaep_md) || (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 #define NAMES "RSA1_5", "RSA-OAEP", "RSA-OAEP-224", "RSA-OAEP-256", "RSA-OAEP-384", "RSA-OAEP-512"
 #define HAVE_OAEP
 #else