gpgsm: New compatibility flag "allow-ecc-encr".

* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): New. * sm/gpgsm.c (compatibility_flags): Add new flag. * sm/encrypt.c (encrypt_dek): Allw ECC only if flag is set. -- ECC encryption was not part of the original VS evaluation. Until this has been re-evaluated we hide this feature behind this flag. GnuPG-bug-id: 6253
2024-06-09 23:39:51 +02:00 · 2022-10-28 15:19:19 +02:00 · 2022-10-28 15:19:19 +02:00 · fd0ddf2699
commit fd0ddf2699
parent 28467f3735
3 changed files with 6 additions and 1 deletions
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@ -483,7 +483,10 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo,
  s_data = NULL; /* (avoid compiler warning) */
  if (pk_algo == GCRY_PK_ECC)
    {
-      rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
+      if (!(opt.compat_flags & COMPAT_ALLOW_ECC_ENCR))
+        rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      else
+        rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
    }
  else
    {
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -463,6 +463,7 @@ static struct debug_flags_s debug_flags [] =
 static struct compatibility_flags_s compatibility_flags [] =
  {
    { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" },
+    { COMPAT_ALLOW_ECC_ENCR,   "allow-ecc-encr" },
    { 0, NULL }
  };

--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -181,6 +181,7 @@ struct
 *  policies: 1.3.6.1.4.1.7924.1.1:N:
 */
 #define COMPAT_ALLOW_KA_TO_ENCR   1
+#define COMPAT_ALLOW_ECC_ENCR     2


 /* Forward declaration for an object defined in server.c */