From fc351de8799aa7c5742aeb78bdb64e61450eb9dc Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 24 Mar 2023 13:50:37 +0100
Subject: gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocb

* g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD
compatibility flag.
* sm/certreqgen.c (proc_parameters): All ECC generation only with
allow-ecc-encr.
--
---
 g10/keygen.c    | 4 ++++
 sm/certreqgen.c | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/g10/keygen.c b/g10/keygen.c
index 63c65111c..cb6770b64 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -523,6 +523,10 @@ keygen_set_std_prefs (const char *string,int personal)
 	xfree (prefstringbuf);
       }
 
+    /* For now we require a compat flag to set OCB into the preferences.  */
+    if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
+      ocb = 0;
+
     if(!rc)
       {
 	if(personal)
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index d85dffffd..63c35a227 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -732,7 +732,8 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
                     "(6:genkey(3:rsa(5:nbits%d:%s)))",
                     (int)strlen (numbuf), numbuf);
         }
-      else if (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA)
+      else if ((opt.compat_flags & COMPAT_ALLOW_ECC_ENCR)
+               && (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA))
         {
           const char *curve = get_parameter_value (para, pKEYCURVE, 0);
           const char *flags;
-- 
cgit v1.2.3