security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

gpgsm: New compatibility flag "allow-ecc-encr".

Browse Source 
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): New.
* sm/gpgsm.c (compatibility_flags): Add new flag.
* sm/encrypt.c (encrypt_dek): Allw ECC only if flag is set.
--

ECC encryption was not part of the original VS evaluation.  Until this
has been re-evaluated we hide this feature behind this flag.

GnuPG-bug-id: 6253
This commit is contained in:
Werner Koch 2022-10-28 15:19:19 +02:00
parent 28467f3735
commit fd0ddf2699
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sm/encrypt.c
View File

@ -483,7 +483,10 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo,
s_data = NULL; /* (avoid compiler warning) */ s_data = NULL; /* (avoid compiler warning) */
if (pk_algo == GCRY_PK_ECC) if (pk_algo == GCRY_PK_ECC)
{ {
rc = ecdh_encrypt (dek, s_pkey, &s_ciph); if (!(opt.compat_flags & COMPAT_ALLOW_ECC_ENCR))
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
rc = ecdh_encrypt (dek, s_pkey, &s_ciph);
} }
else else
{ {

1
sm/gpgsm.c
View File

@ -463,6 +463,7 @@ static struct debug_flags_s debug_flags [] =
static struct compatibility_flags_s compatibility_flags [] = static struct compatibility_flags_s compatibility_flags [] =
{ {
{ COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" }, { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" },
{ COMPAT_ALLOW_ECC_ENCR, "allow-ecc-encr" },
{ 0, NULL } { 0, NULL }
}; };

1
sm/gpgsm.h
View File

@ -181,6 +181,7 @@ struct
* policies: 1.3.6.1.4.1.7924.1.1:N: * policies: 1.3.6.1.4.1.7924.1.1:N:
*/ */
#define COMPAT_ALLOW_KA_TO_ENCR 1 #define COMPAT_ALLOW_KA_TO_ENCR 1
#define COMPAT_ALLOW_ECC_ENCR 2
/* Forward declaration for an object defined in server.c */ /* Forward declaration for an object defined in server.c */