From c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 1 Apr 2022 18:29:08 +0200
Subject: [PATCH] Do not allow PKCS #1.5 padding for encryption in FIPS

* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5
  padding for encryption in FIPS mode
* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode
--

GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 cipher/pubkey-util.c | 5 ++++-
 cipher/rsa.c         | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 68defea6..4953caf3 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -957,7 +957,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
       void *random_override = NULL;
       size_t random_override_len = 0;
 
-      if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+      /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */
+      if (fips_mode ())
+        rc = GPG_ERR_INV_FLAG;
+      else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
         rc = GPG_ERR_INV_OBJ;
       else
         {
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 771413b3..c6319b67 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1391,6 +1391,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
       rc = GPG_ERR_INV_DATA;
       goto leave;
     }
+  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
+    {
+      rc = GPG_ERR_INV_FLAG;
+      goto leave;
+    }
 
   /* Extract the key.  */
   rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?",