From 97b37db144da6c9278786d51a233716e78c1f12c Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 6 May 2024 14:34:48 +0200
Subject: [PATCH] gpg,gpgsm: Remove compatibility_flags allow-ecc-encr and
 vsd-allow-encr.

* g10/options.h (COMPAT_VSD_ALLOW_OCB): Remove.
* g10/gpg.c (compatibility_flags): Remove "vsd-allow_ocb".
(main): Alwas set CO_EXTRA_INFO_VSD_ALLOW_OCB.
* g10/keygen.c (keygen_set_std_prefs): Always set OCB feature flag.
* g10/encrypt.c (use_aead): Always OCB also in de-vs mode.
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): Remove.
* sm/gpgsm.c (compatibility_flags): Remove "allow-ecc-encr".
* sm/encrypt.c (encrypt_dek): Always allow ecc encryption.
* sm/certreqgen.c (proc_parameters): Likewise.
--

Both feature are meanwhile approved in de-vs mode thus there is no
more need for the flags.
---
 g10/encrypt.c   | 4 ----
 g10/gpg.c       | 4 +---
 g10/keygen.c    | 4 ----
 g10/options.h   | 1 -
 sm/certreqgen.c | 3 +--
 sm/encrypt.c    | 5 +----
 sm/gpgsm.c      | 1 -
 sm/gpgsm.h      | 1 -
 8 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index a4863fa5d..fbf355ecb 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -262,10 +262,6 @@ use_aead (pk_list_t pk_list, int algo)
 {
   int can_use;
 
-  if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB)
-      && opt.compliance == CO_DE_VS)
-    return 0;  /* Not yet allowed.  */
-
   can_use = openpgp_cipher_get_algo_blklen (algo) == 16;
 
   /* With --force-aead we want AEAD.  */
diff --git a/g10/gpg.c b/g10/gpg.c
index 229635185..f431a2676 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1001,7 +1001,6 @@ static struct debug_flags_s debug_flags [] =
 /* The list of compatibility flags.  */
 static struct compatibility_flags_s compatibility_flags [] =
   {
-    { COMPAT_VSD_ALLOW_OCB, "vsd-allow-ocb" },
     { 0, NULL }
   };
 
@@ -3825,8 +3824,7 @@ main (int argc, char **argv)
       parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
 
     gnupg_set_compliance_extra_info (CO_EXTRA_INFO_MIN_RSA, opt.min_rsa_length);
-    if ((opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
-      gnupg_set_compliance_extra_info (CO_EXTRA_INFO_VSD_ALLOW_OCB, 1);
+    gnupg_set_compliance_extra_info (CO_EXTRA_INFO_VSD_ALLOW_OCB, 1);
 
     if (DBG_CLOCK)
       log_clock ("start");
diff --git a/g10/keygen.c b/g10/keygen.c
index 52fd97a64..26126cde7 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -523,10 +523,6 @@ keygen_set_std_prefs (const char *string,int personal)
 	xfree (prefstringbuf);
       }
 
-    /* For now we require a compat flag to set OCB into the preferences.  */
-    if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
-      ocb = 0;
-
     if(!rc)
       {
 	if(personal)
diff --git a/g10/options.h b/g10/options.h
index b3cb52003..8234bc731 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -354,7 +354,6 @@ EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
 EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 
 /* Compatibility flags */
-#define COMPAT_VSD_ALLOW_OCB  1
 
 
 /* Compliance test macors.  */
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 63c35a227..d85dffffd 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -732,8 +732,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
                     "(6:genkey(3:rsa(5:nbits%d:%s)))",
                     (int)strlen (numbuf), numbuf);
         }
-      else if ((opt.compat_flags & COMPAT_ALLOW_ECC_ENCR)
-               && (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA))
+      else if (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA)
         {
           const char *curve = get_parameter_value (para, pKEYCURVE, 0);
           const char *flags;
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 7c8a96481..c6c59cfae 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -483,10 +483,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo,
   s_data = NULL; /* (avoid compiler warning) */
   if (pk_algo == GCRY_PK_ECC)
     {
-      if (!(opt.compat_flags & COMPAT_ALLOW_ECC_ENCR))
-        rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
-      else
-        rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
+      rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
     }
   else
     {
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 8819cc12e..25fdfe57b 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -469,7 +469,6 @@ static struct debug_flags_s debug_flags [] =
 static struct compatibility_flags_s compatibility_flags [] =
   {
     { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" },
-    { COMPAT_ALLOW_ECC_ENCR,   "allow-ecc-encr" },
     { 0, NULL }
   };
 
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 4140c9709..3946b5679 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -183,7 +183,6 @@ struct
  *  policies: 1.3.6.1.4.1.7924.1.1:N:
  */
 #define COMPAT_ALLOW_KA_TO_ENCR   1
-#define COMPAT_ALLOW_ECC_ENCR     2
 
 
 /* Forward declaration for an object defined in server.c */