1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpgsm: New compatibility flag "allow-ecc-encr".

* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): New.
* sm/gpgsm.c (compatibility_flags): Add new flag.
* sm/encrypt.c (encrypt_dek): Allw ECC only if flag is set.
--

ECC encryption was not part of the original VS evaluation.  Until this
has been re-evaluated we hide this feature behind this flag.

GnuPG-bug-id: 6253
This commit is contained in:
Werner Koch 2022-10-28 15:19:19 +02:00
parent 28467f3735
commit fd0ddf2699
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 6 additions and 1 deletions

View File

@ -483,7 +483,10 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo,
s_data = NULL; /* (avoid compiler warning) */
if (pk_algo == GCRY_PK_ECC)
{
rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
if (!(opt.compat_flags & COMPAT_ALLOW_ECC_ENCR))
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
}
else
{

View File

@ -463,6 +463,7 @@ static struct debug_flags_s debug_flags [] =
static struct compatibility_flags_s compatibility_flags [] =
{
{ COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" },
{ COMPAT_ALLOW_ECC_ENCR, "allow-ecc-encr" },
{ 0, NULL }
};

View File

@ -181,6 +181,7 @@ struct
* policies: 1.3.6.1.4.1.7924.1.1:N:
*/
#define COMPAT_ALLOW_KA_TO_ENCR 1
#define COMPAT_ALLOW_ECC_ENCR 2
/* Forward declaration for an object defined in server.c */