From ca7e16e8aad5c77445905c088cedf41c881552a8 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Mon, 15 Aug 2022 12:20:28 +0200 Subject: openpgp: Avoid hardcoding EAX for memory encryption. - Previously, we used EAX for memory encryption because it was supported by all cryptographic backends. However, this is problematic for OpenSSL, which doesn't support EAX. - Instead, have the backends provide a default algorithm to use that they support. --- openpgp/src/crypto/backend/rust.rs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'openpgp/src/crypto/backend/rust.rs') diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs index dc4773ed..61784b2c 100644 --- a/openpgp/src/crypto/backend/rust.rs +++ b/openpgp/src/crypto/backend/rust.rs @@ -55,6 +55,15 @@ impl Curve { } impl AEADAlgorithm { + /// Returns the best AEAD mode supported by the backend. + /// + /// This SHOULD return OCB, which is the mandatory-to-implement + /// algorithm and the most performing one, but fall back to any + /// supported algorithm. + pub(crate) const fn const_default() -> AEADAlgorithm { + AEADAlgorithm::EAX + } + pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { -- cgit v1.2.3