mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
common: Allow for GCM decryption in de-vs mode.
* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
This commit is contained in:
parent
4980fb3c6d
commit
c17dac5ac3
@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
|
|||||||
|| mode == GCRY_CIPHER_MODE_CFB);
|
|| mode == GCRY_CIPHER_MODE_CFB);
|
||||||
case GNUPG_MODULE_NAME_GPGSM:
|
case GNUPG_MODULE_NAME_GPGSM:
|
||||||
return (mode == GCRY_CIPHER_MODE_NONE
|
return (mode == GCRY_CIPHER_MODE_NONE
|
||||||
|| mode == GCRY_CIPHER_MODE_CBC);
|
|| mode == GCRY_CIPHER_MODE_CBC
|
||||||
|
|| (mode == GCRY_CIPHER_MODE_GCM && !producer));
|
||||||
}
|
}
|
||||||
log_assert (!"reached");
|
log_assert (!"reached");
|
||||||
|
|
||||||
|
@ -3,4 +3,4 @@ Password is "abc".
|
|||||||
|
|
||||||
pwri-sample.cbc.p7m - Using CBC Mode
|
pwri-sample.cbc.p7m - Using CBC Mode
|
||||||
pwri-sample.cbc-2.p7m - Using CBC with a different iteration count
|
pwri-sample.cbc-2.p7m - Using CBC with a different iteration count
|
||||||
pwri-sample.gcm.p7m - Using GCM (from a broken implementation)
|
pwri-sample.gcm.p7m - Using GCM
|
||||||
|
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user