diff --git a/api/next/75446.txt b/api/next/75446.txt new file mode 100644 index 00000000000000..5e3d026f87c0b1 --- /dev/null +++ b/api/next/75446.txt @@ -0,0 +1 @@ +pkg crypto/rsa, func EncryptOAEPWithOptions(random io.Reader, pub *PublicKey, msg []byte, opts OAEPOptions) ([]byte, error) #75446 diff --git a/doc/next/6-stdlib/99-minor/crypto/rsa/75446.md b/doc/next/6-stdlib/99-minor/crypto/rsa/75446.md new file mode 100644 index 00000000000000..f5db1feeb744f9 --- /dev/null +++ b/doc/next/6-stdlib/99-minor/crypto/rsa/75446.md @@ -0,0 +1 @@ +Added [EncryptOAEPWithOptions] function that allows specifying different hash functions for OAEP padding and MGF1 mask generation independently. diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go index 8373c125ae3096..cbb7f224cce388 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -191,11 +191,26 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts // The message must be no longer than the length of the public modulus minus // twice the hash length, minus a further 2. func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { + return encryptOAEP(hash, hash, random, pub, msg, label) +} + +// EncryptOAEPWithOptions encrypts the given message with RSA-OAEP using the provided options. +// +// This function should only be used over EncryptOAEP when there is a need to specify the OAEP and MGF1 +// hashes separately. +// +// See EncryptOAEP for additional details. +func EncryptOAEPWithOptions(random io.Reader, pub *PublicKey, msg []byte, opts OAEPOptions) ([]byte, error) { + return encryptOAEP(opts.Hash.New(), opts.MGFHash.New(), random, pub, msg, opts.Label) +} + +func encryptOAEP(hash hash.Hash, mgfHash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { if err := checkPublicKeySize(pub); err != nil { return nil, err } defer hash.Reset() + defer mgfHash.Reset() if boring.Enabled && random == boring.RandReader { hash.Reset() @@ -227,7 +242,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l if err != nil { return nil, err } - return fipsError2(rsa.EncryptOAEP(hash, hash, random, k, msg, label)) + return fipsError2(rsa.EncryptOAEP(hash, mgfHash, random, k, msg, label)) } // DecryptOAEP decrypts ciphertext using RSA-OAEP.