From 2e22184ba5ac85b1da0209c1a4c72e2459b5c6eb Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 29 Sep 2022 15:16:35 +0200
Subject: gpg: Avoid to emit a compliance mode line if libgcrypt is
 non-compliant.

* g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance
before emitting an ENCRYPTION_COMPLIANCE_MODE status.
--

GnuPG-bug-id: 6221
Ported-from: 07c6743148d4abd30fb8bf08b07eb9755fdfff2d
---
 g10/encrypt.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index 7218de216..dadb726b3 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -162,8 +162,13 @@ check_encryption_compliance (DEK *dek, pk_list_t pk_list)
       goto leave;
     }
 
-  compliant = gnupg_cipher_is_compliant (CO_DE_VS, dek->algo,
-                                         GCRY_CIPHER_MODE_CFB);
+  /* From here on we only test for CO_DE_VS - if we ever want to
+   * return other compliance mode values we need to change this to
+   * loop over all those values.  */
+  compliant = gnupg_gcrypt_is_compliant (CO_DE_VS);
+
+  if (!gnupg_cipher_is_compliant (CO_DE_VS, dek->algo, GCRY_CIPHER_MODE_CFB))
+    compliant = 0;
 
   for (pkr = pk_list; pkr; pkr = pkr->next)
     {
-- 
cgit v1.2.3