diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-10-05 17:00:27 +0200 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-10-19 10:36:36 +0900 |
commit | a7b5cab05f6a7de23c565b1303eb3f198d0b7e2b (patch) | |
tree | d27aa4b1743b50bb70bc0c46652cda8d97322e3a /cipher | |
parent | 05cb8355d3e66f15425ad85ae2203882e80f4792 (diff) | |
download | libgcrypt-a7b5cab05f6a7de23c565b1303eb3f198d0b7e2b.tar.gz |
Revert "fips: Disable RSA-OAEP padding in FIPS mode."
This reverts commit e552e37983da0c54840786eeff34481685fde1e9. The pubkey
encryption has already separate explicit FIPS service indicator.
Diffstat (limited to 'cipher')
-rw-r--r-- | cipher/pubkey-util.c | 5 | ||||
-rw-r--r-- | cipher/rsa.c | 3 |
2 files changed, 2 insertions, 6 deletions
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 244dd5d4..4953caf3 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -1092,10 +1092,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, const void * value; size_t valuelen; - /* The RSA OAEP encryption requires some more assurances in FIPS */ - if (fips_mode ()) - rc = GPG_ERR_INV_FLAG; - else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) + if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else { diff --git a/cipher/rsa.c b/cipher/rsa.c index 1a935d80..60625c16 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1460,8 +1460,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = GPG_ERR_INV_DATA; goto leave; } - if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 || - ctx.encoding == PUBKEY_ENC_OAEP)) + if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1)) { rc = GPG_ERR_INV_FLAG; goto leave; |