fips: Disable RSA-OAEP padding in FIPS mode.

* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding
  in FIPS mode for encryption
* cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for
  decryption
--

Cherry-picked from master commit:
	e552e37983da0c54840786eeff34481685fde1e9

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

2 files changed, 6 insertions, 2 deletions

diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 4953caf3..244dd5d4 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
       const void * value;
       size_t valuelen;
 
-      if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+      /* The RSA OAEP encryption requires some more assurances in FIPS */
+      if (fips_mode ())
+        rc = GPG_ERR_INV_FLAG;
+      else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
 	rc = GPG_ERR_INV_OBJ;
       else
 	{
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 96dba090..87f57b55 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
       rc = GPG_ERR_INV_DATA;
       goto leave;
     }
-  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
+  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 ||
+                       ctx.encoding == PUBKEY_ENC_OAEP))
     {
       rc = GPG_ERR_INV_FLAG;
       goto leave;