From b349ceedfca2780a7dfd79e6bee476b060f35ca5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 6 Apr 2023 09:21:33 +0200
Subject: [PATCH] gpg: Take care not to encrypt with OCB in de-vs mode

* g10/encrypt.c (use_aead): In de-vs mode use OCB only if the
compatibility flag ist set.
---
 g10/encrypt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index 3d8d9160f..d84596939 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -262,6 +262,10 @@ use_aead (pk_list_t pk_list, int algo)
 {
   int can_use;
 
+  if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB)
+      && opt.compliance == CO_DE_VS)
+    return 0;  /* Not yet allowed.  */
+
   can_use = openpgp_cipher_get_algo_blklen (algo) == 16;
 
   /* With --force-aead we want AEAD.  */