diff options
| -rw-r--r-- | cipher/pubkey-util.c | 5 | ||||
| -rw-r--r-- | cipher/rsa.c | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 4953caf3..244dd5d4 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, const void * value; size_t valuelen; - if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) + /* The RSA OAEP encryption requires some more assurances in FIPS */ + if (fips_mode ()) + rc = GPG_ERR_INV_FLAG; + else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else { diff --git a/cipher/rsa.c b/cipher/rsa.c index 96dba090..87f57b55 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = GPG_ERR_INV_DATA; goto leave; } - if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1)) + if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 || + ctx.encoding == PUBKEY_ENC_OAEP)) { rc = GPG_ERR_INV_FLAG; goto leave; |