Browse Source

common: Allow for GCM decryption in de-vs mode.

* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.

* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.
master
Werner Koch 3 weeks ago
parent
commit
c17dac5ac3
No known key found for this signature in database GPG Key ID: E3FDFF218E45B72B
  1. 3
      common/compliance.c
  2. 2
      tests/cms/samplemsgs/README
  3. BIN
      tests/cms/samplemsgs/pwri-sample.gcm.p7m

3
common/compliance.c

@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
|| mode == GCRY_CIPHER_MODE_CFB);
case GNUPG_MODULE_NAME_GPGSM:
return (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CBC);
|| mode == GCRY_CIPHER_MODE_CBC
|| (mode == GCRY_CIPHER_MODE_GCM && !producer));
}
log_assert (!"reached");

2
tests/cms/samplemsgs/README

@ -3,4 +3,4 @@ Password is "abc".
pwri-sample.cbc.p7m - Using CBC Mode
pwri-sample.cbc-2.p7m - Using CBC with a different iteration count
pwri-sample.gcm.p7m - Using GCM (from a broken implementation)
pwri-sample.gcm.p7m - Using GCM

BIN
tests/cms/samplemsgs/pwri-sample.gcm.p7m

Loading…
Cancel
Save