1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

common: Allow for GCM decryption in de-vs mode.

* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.

* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.
This commit is contained in:
Werner Koch 2021-06-02 19:14:37 +02:00
parent 4980fb3c6d
commit c17dac5ac3
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 3 additions and 2 deletions

View File

@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
|| mode == GCRY_CIPHER_MODE_CFB); || mode == GCRY_CIPHER_MODE_CFB);
case GNUPG_MODULE_NAME_GPGSM: case GNUPG_MODULE_NAME_GPGSM:
return (mode == GCRY_CIPHER_MODE_NONE return (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CBC); || mode == GCRY_CIPHER_MODE_CBC
|| (mode == GCRY_CIPHER_MODE_GCM && !producer));
} }
log_assert (!"reached"); log_assert (!"reached");

View File

@ -3,4 +3,4 @@ Password is "abc".
pwri-sample.cbc.p7m - Using CBC Mode pwri-sample.cbc.p7m - Using CBC Mode
pwri-sample.cbc-2.p7m - Using CBC with a different iteration count pwri-sample.cbc-2.p7m - Using CBC with a different iteration count
pwri-sample.gcm.p7m - Using GCM (from a broken implementation) pwri-sample.gcm.p7m - Using GCM