+
+RawBuffer asymmetricHelper(int (*cryptoFn)(int, const unsigned char*, unsigned char*, RSA*, int),
+ const std::string logPrefix,
+ const EvpShPtr &pkey,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &data)
+{
+ validateParams<IsAsymEncryption>(alg);
+
+ RSA* rsa = EVP_PKEY_get1_RSA(pkey.get());
+ if (!rsa)
+ ThrowErr(Exc::Crypto::InputParam, logPrefix, "invalid key");
+
+ /*
+ * RSA_padding_add_PKCS1_OAEP supports custom label but RSA_public_encrypt calls it with NULL
+ * value so for now label is not supported. Alternative is to rewrite the openssl implementation
+ * to support it: openssl-fips/crypto/rsa/rsa_eay.c
+ */
+ RawBuffer output;
+ output.resize(RSA_size(rsa));
+ int ret = cryptoFn(data.size(),
+ data.data(),
+ output.data(),
+ rsa,
+ RSA_PKCS1_OAEP_PADDING);
+ RSA_free(rsa);
+ if (ret < 0)
+ ThrowErr(Exc::Crypto::InternalError, logPrefix, "failed");
+
+ output.resize(ret);
+ return output;
+}
+