7 files changed, 83 insertions, 6 deletions

diff --git a/apps/apps.c b/apps/apps.c
index 1b7ca6961f..365287f488 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2304,11 +2304,11 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
 	return ret;
 	}
 
-int pkey_ctrl_string(BIO *err, EVP_PKEY_CTX *ctx, char *value)
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
 	{
+	int rv;
 	char *stmp, *vtmp = NULL;
 	stmp = BUF_strdup(value);
-	int rv;
 	if (!stmp)
 		return -1;
 	vtmp = strchr(stmp, ':');
diff --git a/apps/apps.h b/apps/apps.h
index d15127e7aa..00522341ff 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -286,6 +286,7 @@ int args_verify(char ***pargs, int *pargc,
 			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
 void policies_print(BIO *out, X509_STORE_CTX *ctx);
 int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
 
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index bac935c6d7..82b59a805c 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -154,8 +154,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 		else if(!strcmp(*argv, "-engine"))
 			{
-			if (--argc < 1) badarg = 1;
-			engine = *(++argv);
+			if (--argc < 1)
+				badarg = 1;
+			else
+				engine = *(++argv);
 			}
 #endif
 		else if(!strcmp(*argv, "-pubin"))
@@ -178,6 +180,23 @@ int MAIN(int argc, char **argv)
 			pkey_op = EVP_PKEY_OP_ENCRYPT;
 		else if(!strcmp(*argv, "-decrypt"))
 			pkey_op = EVP_PKEY_OP_DECRYPT;
+		else if (strcmp(*argv,"-param") == 0)
+			{
+			if (--argc < 1)
+				badarg = 1;
+			if (!ctx)
+				{
+				BIO_puts(bio_err,
+					"-param command before -inkey\n");
+				badarg = 1;
+				}
+			else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
+				{
+				BIO_puts(bio_err, "parameter setting error\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
 		else badarg = 1;
 		if(badarg)
 			{
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 06535510ca..07bcb50ad0 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -917,8 +917,11 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey);
 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
 				int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+						const char *value);
 
 
 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9ca351a53e..7c36395696 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -171,7 +171,8 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
 
 	}
 
-int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, char *name, char *value)
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
+					const char *name, const char *value)
 	{
 	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl)
 		{
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 6a9062b27e..2b03ede5fd 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -192,6 +192,12 @@ struct rsa_st
                                                 * be used for all exponents.
                                                 */
 
+#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_CTRL_RSA_PADDING, \
+				pad, NULL)
+
+#define EVP_PKEY_CTRL_RSA_PADDING	1
+
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 7fe9e52a7d..5401b0544a 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -151,6 +151,52 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
 	return 1;
 	}
 
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+	{
+	RSA_PKEY_CTX *rctx = ctx->data;
+	switch (type)
+		{
+
+		case EVP_PKEY_CTRL_RSA_PADDING:
+		/* TODO: add PSS support */
+		if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_X931_PADDING))
+			{
+			rctx->pad_mode = p1;
+			return 1;
+			}
+		return 0;
+
+		default:
+		return -2;
+
+		}
+	}
+			
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+			const char *type, const char *value)
+	{
+	if (!strcmp(type, "rsa_padding_mode"))
+		{
+		int pm;
+		if (!value)
+			return 0;
+		if (!strcmp(value, "pkcs1"))
+			pm = RSA_PKCS1_PADDING;
+		else if (!strcmp(value, "sslv23"))
+			pm = RSA_SSLV23_PADDING;
+		else if (!strcmp(value, "none"))
+			pm = RSA_NO_PADDING;
+		else if (!strcmp(value, "oeap"))
+			pm = RSA_PKCS1_OAEP_PADDING;
+		else if (!strcmp(value, "x931"))
+			pm = RSA_X931_PADDING;
+		else
+			return -2;
+		return pkey_rsa_ctrl(ctx, EVP_PKEY_CTRL_RSA_PADDING, pm, NULL);
+		}
+	return -2;
+	}
+
 const EVP_PKEY_METHOD rsa_pkey_meth = 
 	{
 	EVP_PKEY_RSA,
@@ -179,7 +225,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
 	0,
 	pkey_rsa_decrypt,
 
-	0,0
+	pkey_rsa_ctrl,
+	pkey_rsa_ctrl_str
 
 
 	};