diff options
| author | Damien Goutte-Gattat via Gnupg-devel <[email protected]> | 2025-01-03 20:59:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-01-06 17:11:59 +0000 |
| commit | 80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58 (patch) | |
| tree | d50739c98a90e9e6bb986bf0fb30db67f64b3b2c | |
| parent | po: Update French translation (diff) | |
| download | gnupg-80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58.tar.gz gnupg-80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58.zip | |
gpg: Allow smaller session keys with Kyber
* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
key of less than 32 octets encrypted to a Kyber key.
--
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <[email protected]>
| -rw-r--r-- | g10/pubkey-enc.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 4d2d6d46b..3cbd5624a 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -307,13 +307,9 @@ get_it (ctrl_t ctrl, if (sk->pubkey_algo == PUBKEY_ALGO_KYBER) { - /* We expect a 32 byte session key. We should not see this - * error here because due to the KEM mode the agent_pkdecrypt - * should have already failed. */ - if (nframe != 32) + if (nframe != 32 && opt.flags.require_pqc_encryption) { - err = gpg_error (GPG_ERR_WRONG_SECKEY); - goto leave; + log_info (_("WARNING: session key is not quantum-resistant\n")); } dek->keylen = nframe; dek->algo = enc->d.seskey_algo; |