sm: Support AES-GCM decryption.

* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt supports this. * sm/decrypt.c (decrypt_gcm_filter): New. (gpgsm_decrypt): Use this filter if requested. Check authtag. * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in consumer (decrypt) de-vs mode. -- Backported-from-master: 4980fb3c6d We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2021-06-02 11:03:55 +02:00 · 2021-06-02 11:03:55 +02:00 · b722fd755c
commit b722fd755c
parent c8f0b02936
3 changed files with 89 additions and 8 deletions
--- a/common/compliance.c
+++ b/common/compliance.c
@ -418,7 +418,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
                      || mode == GCRY_CIPHER_MODE_CFB);
 	    case GNUPG_MODULE_NAME_GPGSM:
 	      return (mode == GCRY_CIPHER_MODE_NONE
-                      || mode == GCRY_CIPHER_MODE_CBC);
+                      || mode == GCRY_CIPHER_MODE_CBC
+                      || (mode == GCRY_CIPHER_MODE_GCM && !producer));
 	    }
 	  log_assert (!"reached");