gpg: Allow smaller session keys with Kyber

* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session key of less than 32 octets encrypted to a Kyber key. -- GnuPG-bug-id: 7472 Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
author: Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org> 2025-01-03 21:59:57 +0100
committer: Werner Koch <wk@gnupg.org> 2025-01-06 18:11:59 +0100
commit: 80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58 (patch)
tree: d50739c98a90e9e6bb986bf0fb30db67f64b3b2c /g10/pubkey-enc.c
parent: po: Update French translation (diff)
download: gnupg2-80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58.tar.xz
gnupg2-80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58.zip
1 files changed, 2 insertions, 6 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 4d2d6d46b..3cbd5624a 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -307,13 +307,9 @@ get_it (ctrl_t ctrl,
 
   if (sk->pubkey_algo == PUBKEY_ALGO_KYBER)
     {
-      /* We expect a 32 byte session key.  We should not see this
-       * error here because due to the KEM mode the agent_pkdecrypt
-       * should have already failed.  */
-      if (nframe != 32)
+      if (nframe != 32 && opt.flags.require_pqc_encryption)
         {
-          err = gpg_error (GPG_ERR_WRONG_SECKEY);
-          goto leave;
+          log_info (_("WARNING: session key is not quantum-resistant\n"));
         }
       dek->keylen = nframe;
       dek->algo = enc->d.seskey_algo;
author	Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>	2025-01-03 21:59:57 +0100
committer	Werner Koch <wk@gnupg.org>	2025-01-06 18:11:59 +0100
commit	80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58 (patch)
tree	d50739c98a90e9e6bb986bf0fb30db67f64b3b2c /g10/pubkey-enc.c
parent	po: Update French translation (diff)
download	gnupg2-80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58.tar.xz gnupg2-80828512b6ec8ad610bf3d1d40ae09d0c2ad8c58.zip