* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session key of less than 32 octets encrypted to a Kyber key. --
GnuPG-bug-id: 7472 Signed-off-by: Damien Goutte-Gattat <[email protected]> --- g10/pubkey-enc.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 4d2d6d46b..3cbd5624a 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -307,13 +307,9 @@ get_it (ctrl_t ctrl, if (sk->pubkey_algo == PUBKEY_ALGO_KYBER) { - /* We expect a 32 byte session key. We should not see this - * error here because due to the KEM mode the agent_pkdecrypt - * should have already failed. */ - if (nframe != 32) + if (nframe != 32 && opt.flags.require_pqc_encryption) { - err = gpg_error (GPG_ERR_WRONG_SECKEY); - goto leave; + log_info (_("WARNING: session key is not quantum-resistant\n")); } dek->keylen = nframe; dek->algo = enc->d.seskey_algo; -- 2.46.2 _______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
