common: Allow for GCM decryption in de-vs mode.

* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.

* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.
This commit is contained in:
Werner Koch 2021-06-02 19:14:37 +02:00
parent 4980fb3c6d
commit c17dac5ac3
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 3 additions and 2 deletions

View File

@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
|| mode == GCRY_CIPHER_MODE_CFB);
case GNUPG_MODULE_NAME_GPGSM:
return (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CBC);
|| mode == GCRY_CIPHER_MODE_CBC
|| (mode == GCRY_CIPHER_MODE_GCM && !producer));
}
log_assert (!"reached");

View File

@ -3,4 +3,4 @@ Password is "abc".
pwri-sample.cbc.p7m - Using CBC Mode
pwri-sample.cbc-2.p7m - Using CBC with a different iteration count
pwri-sample.gcm.p7m - Using GCM (from a broken implementation)
pwri-sample.gcm.p7m - Using GCM