common: Allow for GCM decryption in de-vs mode.

* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
2024-12-22 10:19:57 +01:00 · 2021-06-02 19:14:37 +02:00 · 2021-06-02 19:14:37 +02:00 · c17dac5ac3
commit c17dac5ac3
parent 4980fb3c6d
3 changed files with 3 additions and 2 deletions
--- a/common/compliance.c
+++ b/common/compliance.c
@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
                      || mode == GCRY_CIPHER_MODE_CFB);
 	    case GNUPG_MODULE_NAME_GPGSM:
 	      return (mode == GCRY_CIPHER_MODE_NONE
-                      || mode == GCRY_CIPHER_MODE_CBC);
+                      || mode == GCRY_CIPHER_MODE_CBC
+                      || (mode == GCRY_CIPHER_MODE_GCM && !producer));
 	    }
 	  log_assert (!"reached");

--- a/tests/cms/samplemsgs/README
+++ b/tests/cms/samplemsgs/README
@ -3,4 +3,4 @@ Password is "abc".

 pwri-sample.cbc.p7m      - Using CBC Mode
 pwri-sample.cbc-2.p7m    - Using CBC with a different iteration count
-pwri-sample.gcm.p7m      - Using GCM (from a broken implementation)
+pwri-sample.gcm.p7m      - Using GCM
--- a/tests/cms/samplemsgs/pwri-sample.gcm.p7m
+++ b/tests/cms/samplemsgs/pwri-sample.gcm.p7m