Revert "Do not allow PKCS #1.5 padding for encryption in FIPS"

Jakuje · NIIBE Yutaka · commit e83280b36be3 · 2022-10-19T10:36:52.000+09:00
This reverts commit c7709f7. The pubkey encryption has already separate explicit FIPS service indicator.
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
@@ -957,10 +957,7 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
       void *random_override = NULL;
       size_t random_override_len = 0;
 
-      /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */
-      if (fips_mode ())
-        rc = GPG_ERR_INV_FLAG;
-      else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+      if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
         rc = GPG_ERR_INV_OBJ;
       else
         {
diff --git a/cipher/rsa.c b/cipher/rsa.c
@@ -1460,11 +1460,6 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
       rc = GPG_ERR_INV_DATA;
       goto leave;
     }
-  if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
-    {
-      rc = GPG_ERR_INV_FLAG;
-      goto leave;
-    }
 
   /* Extract the key.  */
   rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?",
