From c166ec9f95d1b8283ff5a7c2cde5906b29e1691e Mon Sep 17 00:00:00 2001 From: Andrey Pshenkin Date: Fri, 12 Sep 2025 18:43:13 +0100 Subject: [PATCH 1/2] crypto/rsa: implement EncryptOAEPWithOptions for custom MGF1 hash --- src/crypto/rsa/fips.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go index 8373c125ae3096..cbb7f224cce388 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -191,11 +191,26 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts // The message must be no longer than the length of the public modulus minus // twice the hash length, minus a further 2. func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { + return encryptOAEP(hash, hash, random, pub, msg, label) +} + +// EncryptOAEPWithOptions encrypts the given message with RSA-OAEP using the provided options. +// +// This function should only be used over EncryptOAEP when there is a need to specify the OAEP and MGF1 +// hashes separately. +// +// See EncryptOAEP for additional details. +func EncryptOAEPWithOptions(random io.Reader, pub *PublicKey, msg []byte, opts OAEPOptions) ([]byte, error) { + return encryptOAEP(opts.Hash.New(), opts.MGFHash.New(), random, pub, msg, opts.Label) +} + +func encryptOAEP(hash hash.Hash, mgfHash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { if err := checkPublicKeySize(pub); err != nil { return nil, err } defer hash.Reset() + defer mgfHash.Reset() if boring.Enabled && random == boring.RandReader { hash.Reset() @@ -227,7 +242,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l if err != nil { return nil, err } - return fipsError2(rsa.EncryptOAEP(hash, hash, random, k, msg, label)) + return fipsError2(rsa.EncryptOAEP(hash, mgfHash, random, k, msg, label)) } // DecryptOAEP decrypts ciphertext using RSA-OAEP. From 38c8abab61ae958b21e32b2a75a6b905af5331c7 Mon Sep 17 00:00:00 2001 From: Andrey Pshenkin Date: Mon, 15 Sep 2025 10:48:43 +0100 Subject: [PATCH 2/2] add api update and release note --- api/next/75446.txt | 1 + doc/next/6-stdlib/99-minor/crypto/rsa/75446.md | 1 + 2 files changed, 2 insertions(+) create mode 100644 api/next/75446.txt create mode 100644 doc/next/6-stdlib/99-minor/crypto/rsa/75446.md diff --git a/api/next/75446.txt b/api/next/75446.txt new file mode 100644 index 00000000000000..5e3d026f87c0b1 --- /dev/null +++ b/api/next/75446.txt @@ -0,0 +1 @@ +pkg crypto/rsa, func EncryptOAEPWithOptions(random io.Reader, pub *PublicKey, msg []byte, opts OAEPOptions) ([]byte, error) #75446 diff --git a/doc/next/6-stdlib/99-minor/crypto/rsa/75446.md b/doc/next/6-stdlib/99-minor/crypto/rsa/75446.md new file mode 100644 index 00000000000000..f5db1feeb744f9 --- /dev/null +++ b/doc/next/6-stdlib/99-minor/crypto/rsa/75446.md @@ -0,0 +1 @@ +Added [EncryptOAEPWithOptions] function that allows specifying different hash functions for OAEP padding and MGF1 mask generation independently.