diff options
| author | Filippo Valsorda <filippo@golang.org> | 2024-11-21 19:10:49 +0100 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-11-22 01:13:03 +0000 |
| commit | e6977837fc3d7d187436c2e8c8ac88f044ab551f (patch) | |
| tree | 13571f960836d97224413107ae9af67ab6791f3f /src/crypto | |
| parent | ff2cb4abb45c86c7fc1fbdf530a52ad226ef1318 (diff) | |
| download | go-e6977837fc3d7d187436c2e8c8ac88f044ab551f.tar.xz | |
crypto/internal/fips140/rsa: support separate MGF1 hash for EncryptOAEP
We might or might not want to expose it, but it makes the internal API
symmetrical, and lets us decide to do it in the future without changing
the FIPS module.
Updates #65716
Change-Id: Iea431a527ab17b9f00dee4da25761cedb2c2eba0
Reviewed-on: https://go-review.googlesource.com/c/go/+/630655
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/internal/fips140/rsa/pkcs1v22.go | 6 | ||||
| -rw-r--r-- | src/crypto/rsa/fips.go | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/crypto/internal/fips140/rsa/pkcs1v22.go b/src/crypto/internal/fips140/rsa/pkcs1v22.go index 2e82317ffa..c7aa955bb4 100644 --- a/src/crypto/internal/fips140/rsa/pkcs1v22.go +++ b/src/crypto/internal/fips140/rsa/pkcs1v22.go @@ -374,7 +374,7 @@ func checkApprovedHash(hash fips140.Hash) { // EncryptOAEP encrypts the given message with RSAES-OAEP. // // In FIPS mode, random is ignored and can be nil. -func EncryptOAEP(hash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { +func EncryptOAEP(hash, mgfHash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { // Note that while we don't commit to deterministic execution with respect // to the random stream, we also don't apply MaybeReadByte, so per Hyrum's // Law it's probably relied upon by some. It's a tolerable promise because a @@ -413,8 +413,8 @@ func EncryptOAEP(hash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte } } - mgf1XOR(db, hash, seed) - mgf1XOR(seed, hash, db) + mgf1XOR(db, mgfHash, seed) + mgf1XOR(seed, mgfHash, db) return encrypt(pub, em) } diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go index a08de0e75e..309ed273ec 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -172,7 +172,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l if err != nil { return nil, err } - return fipsError2(rsa.EncryptOAEP(hash, random, k, msg, label)) + return fipsError2(rsa.EncryptOAEP(hash, hash, random, k, msg, label)) } // DecryptOAEP decrypts ciphertext using RSA-OAEP. |