git.ipfire.org Git - thirdparty/openssl.git/commit

author	Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
	Mon, 13 May 2024 17:07:40 +0000 (18:07 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 22 May 2024 13:31:00 +0000 (15:31 +0200)
commit	1bfc8d17f349fbe1c849bf362b24ca0af4a8977d
tree	8181102afd5116eb0488d6d176d3555ec512c771	tree \| snapshot
parent	973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07	commit \| diff

rsa-oaep: block SHAKE usage in FIPS mode

NIST SP 800-56 rev2 only allows using approved hash algorithms in
OAEP. Unlike FIPS 186-5 it doesn't have text allowing to use XOF SHAKE
functions. Maybe future revisions of SP 800-56 will adopt similar text
to FIPS 186-5 and allow XOF as MD and MGF (not MGF1).

RFC documents do not specify if SHAKE is allowed or blocked for usage
(i.e. there is no equivalent of RFC 8692 or RFC 8702 for OAEP). Status
quo allows their usage.

Add test cases for SHAKE in RSA-OAEP as allowed in default provider,
and blocked in fips.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24387)

crypto/rsa/rsa_oaep.c		diff \| blob \| blame \| history
test/recipes/30-test_evp_data/evppkey_rsa_common.txt		diff \| blob \| blame \| history