Hello Nicolas, Niels,
Now that another attack on RSA encryption with PKCS#1 v1.5 padding has been discovered (though Nettle is not vulnerable)[1], it is recommended to avoid using the v1.5 scheme in new applications[2][3], and thus supporting RSA-OAEP in Nettle is becoming more relevant.
I made some modifications to the existing merge request[4], mainly to make it side-channel safe at decryption: https://git.lysator.liu.se/nettle/nettle/-/merge_requests/60
Could you take a look when you have time?
Footnotes: [1] https://people.redhat.com/~hkario/marvin/
[2] https://datatracker.ietf.org/doc/draft-kario-rsa-guidance/
[3] https://github.com/checkpoint-restore/criu/pull/2297#discussion_r1420116692
[4] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/20
Regards,