From fd0ddf26990d3e932788ea321927c49086f0562d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 28 Oct 2022 15:19:19 +0200 Subject: [PATCH] gpgsm: New compatibility flag "allow-ecc-encr". * sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): New. * sm/gpgsm.c (compatibility_flags): Add new flag. * sm/encrypt.c (encrypt_dek): Allw ECC only if flag is set. -- ECC encryption was not part of the original VS evaluation. Until this has been re-evaluated we hide this feature behind this flag. GnuPG-bug-id: 6253 --- sm/encrypt.c | 5 ++++- sm/gpgsm.c | 1 + sm/gpgsm.h | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/sm/encrypt.c b/sm/encrypt.c index 6210f310a..fb36977af 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -483,7 +483,10 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo, s_data = NULL; /* (avoid compiler warning) */ if (pk_algo == GCRY_PK_ECC) { - rc = ecdh_encrypt (dek, s_pkey, &s_ciph); + if (!(opt.compat_flags & COMPAT_ALLOW_ECC_ENCR)) + rc = gpg_error (GPG_ERR_NOT_SUPPORTED); + else + rc = ecdh_encrypt (dek, s_pkey, &s_ciph); } else { diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 27168904c..70952391a 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -463,6 +463,7 @@ static struct debug_flags_s debug_flags [] = static struct compatibility_flags_s compatibility_flags [] = { { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" }, + { COMPAT_ALLOW_ECC_ENCR, "allow-ecc-encr" }, { 0, NULL } }; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index b74b41419..d7bc13565 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -181,6 +181,7 @@ struct * policies: 1.3.6.1.4.1.7924.1.1:N: */ #define COMPAT_ALLOW_KA_TO_ENCR 1 +#define COMPAT_ALLOW_ECC_ENCR 2 /* Forward declaration for an object defined in server.c */