diff options
author | Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> | 2024-05-11 01:26:55 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-22 15:31:00 +0200 |
commit | 973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07 (patch) | |
tree | ec9d031c4d3d97859bde0b388d1dd60468c3b132 /providers | |
parent | 7884bedc04b90bcdd46cb52e525ebe6aa1bedae5 (diff) |
rsa-pss: add tests checking for SHAKE usage in RSA-PSS
FIPS 186-5, RFC 8692, RFC 8702 all agree and specify that Shake shall
be used directly as MGF (not as a hash in MGF1). Add tests that try to
specify shake hash as MGF1 to ensure that fails.
Separately the above standards specify how to use SHAKE as a message
digest with either fixed or minimum output lengths. However, currently
shake is not part of allowed hashes.
Note that rsa_setup_md()/rsa_setup_mgf1_md() call
ossl_digest_rsa_sign_get_md_nid() ->
ossl_digest_get_approved_nid_with_sha1() ->
ossl_digest_get_approved_nid() which only contain sha1/sha2/sha3
digests without XOF.
The digest test case will need to be replace if/when shake with
minimum output lengths is added to ossl_digest_get_approved_nid().
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24387)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/common/digest_to_nid.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/providers/common/digest_to_nid.c b/providers/common/digest_to_nid.c index 49af04ad2a..ff347bacd5 100644 --- a/providers/common/digest_to_nid.c +++ b/providers/common/digest_to_nid.c @@ -39,6 +39,7 @@ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len) */ int ossl_digest_get_approved_nid(const EVP_MD *md) { + /* TODO: FIPS 180-5 RFC 8692 RFC 8702 allow SHAKE */ static const OSSL_ITEM name_to_nid[] = { { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, |