security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00
Code Activity

gpg: Allow smaller session keys with Kyber

Browse Source 
* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
key of less than 32 octets encrypted to a Kyber key.
--

GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
This commit is contained in:
Damien Goutte-Gattat via Gnupg-devel 2025-01-03 20:59:57 +00:00 committed by Werner Koch
parent 647fa16be7
commit 80828512b6
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/pubkey-enc.c
View File

@ -307,13 +307,9 @@ get_it (ctrl_t ctrl,
if (sk->pubkey_algo == PUBKEY_ALGO_KYBER) if (sk->pubkey_algo == PUBKEY_ALGO_KYBER)
{ {
/* We expect a 32 byte session key. We should not see this if (nframe != 32 && opt.flags.require_pqc_encryption)
* error here because due to the KEM mode the agent_pkdecrypt
* should have already failed. */
if (nframe != 32)
{ {
err = gpg_error (GPG_ERR_WRONG_SECKEY); log_info (_("WARNING: session key is not quantum-resistant\n"));
goto leave;
} }
dek->keylen = nframe; dek->keylen = nframe;
dek->algo = enc->d.seskey_algo; dek->algo = enc->d.seskey_algo;