5.4.2 RSA-OAEP Identifier: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p (REQUIRED) The RSAES-OAEP-ENCRYPT algorithm, as specified in RFC 2437 [PKCS1], takes three parameters. The two user specified parameters are a MANDATORY message digest function and an OPTIONAL encoding octet string OAEPparams. The message digest function is indicated by the Algorithm attribute of a child ds:DigestMethod element and the mask generation function, the third parameter, is always MGF1 with SHA1 (mgf1SHA1Identifier). Both the message digest and mask generation functions are used in the EME-OAEP-ENCODE operation as part of RSAES-OAEP-ENCRYPT. The encoding octet string is the base64 decoding of the content of an optional OAEPparams child element . If no OAEPparams child is provided, a null string is used. Schema Definition:If you want to use OpenSSL to decode RSA-OAEP padded data, however, the OAEPparams option cannot be used. Normally, when a message is initially prepared, it is hashed with an input parameter, which is step 3 in Section 9.1.1 RFC 2437 under "Generate an octet string PS consisting of emLen-||M||-2hLen-1 zero octets. The length of PS may be 0.".
An example of an RSA-OAEP element is: 9lWu3Q==
But according to http://www.openssl.org/docs/crypto/RSA_public_encrypt.html, EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. (EME standards for encoding methods for encryption). Therefore, the octect string PS must be empty.