1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

1163 Commits

Author SHA1 Message Date
Werner Koch
385f484133
scd:openpgp: Fix a segv for cards supporting unknown curves.
* common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL.
--

GnuPG-bug-id: 5963
2022-05-05 09:38:32 +02:00
NIIBE Yutaka
2fc91e15c6 common:iobuf: Exclude cases with IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.

--

GnuPG-bug-id: 5941
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 17:37:32 +09:00
Werner Koch
61038be813
tests: Fix warning in common/t-ssh-utils.c
* common/t-ssh-utils.c (main): Remove continue.
--
Obvious c+p bug.

Fixes-commit: 5e508ffcab185eb8149e2fb2833ce15820140368
2022-04-14 10:14:51 +02:00
NIIBE Yutaka
5e508ffcab tests: Fix common/t-ssh-utils.
* common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-14 11:46:58 +09:00
Jakub Jelen
1f0651dbfb tests: Honor FIPS mode
* common/t-ssh-utils.c (FLAGS_NOFIPS): New.
  (sample_keys): Add flags member.
  (main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints
  first and expect the MD5 ones will fail.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14 11:46:55 +09:00
Werner Koch
137e59a6a5
sm: Print diagnostic about CRL problems due to Tor mode.
* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default)
(ca_cert_fetch, start_cert_fetch): Factor Tor error out to ...
(no_crl_due_to_tor): new.  Print status note.

* dirmngr/ks-engine-ldap.c (ks_ldap_get)
(ks_ldap_search, ks_ldap_put): Factor Tor error out to ...
(no_ldap_due_to_tor): new.  Print status note.

* dirmngr/ocsp.c (do_ocsp_request): Print status note.
* sm/misc.c (gpgsm_print_further_info): New.
* sm/call-dirmngr.c (warning_and_note_printer): New.
(isvalid_status_cb): Call it.
(lookup_status_cb): Ditto.
(run_command_status_cb): Ditto.

* common/asshelp2.c (vprint_assuan_status): Strip a possible trailing
LF.

--
2022-04-11 17:57:14 +02:00
NIIBE Yutaka
b47a23f5fa w32: Exclude tests with HOME.
* common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not
defined, so, exclude the tests.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-06 13:28:15 +09:00
NIIBE Yutaka
39d478f5ba w32: Fix for make check.
* common/Makefile.am (module_tests): Exclude t-exechelp and
t-exectool.
* common/t-stringhelp.c (mygetcwd): Convert '\' to '/'.
* tests/cms/Makefile.am: Add $(EXEEXT).
* tests/gpgme/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-06 11:28:00 +09:00
NIIBE Yutaka
2189b4bb63 common,w32: Fix handle_to_fd to match use of _open_osfhandle.
* common/exechelp-w32.c (handle_to_fd): Use intptr_t.
(gnupg_wait_processes): Fix to use pid_to_handle.

--

Both of original MinGW and MinGW-W64 use intptr_t for the first
argument of _open_osfhandle.  So, intptr_t is better here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 11:44:06 +09:00
Werner Koch
0f03bdcd2e
common,w32: Fix early home dir creation.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Call gnupg_mkdir directly.
(_gnupg_socketdir_internal): Ditto.
--
GnuPG-bug-id: 5895
2022-03-25 13:22:46 +01:00
NIIBE Yutaka
2f1afc1296 common: Fix another race condition, and address the other one.
* common/dotlock.c (dotlock_take_unix): Do same when same PID
process detects stale lockfile.  Add comment.

--

GnuPG-bug-id: 5884
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-19 14:47:59 +09:00
Werner Koch
449d2fbcde
common: New function map_static_strings
* common/mapstrings.c (struct intmapping_s): New.
(map_static_strings): New.
* common/stringhelp.c (do_strconcat): Rename to ...
(vstrconcat): this and make global.

* common/t-mapstrings.c (test_map_static_strings): New test.
2022-03-18 14:14:39 +01:00
Werner Koch
6d6438a361
common: New flags for gnupg_spawn_process
* common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
(GNUPG_SPAWN_KEEP_STDOUT): New.
(GNUPG_SPAWN_KEEP_STDERR): New.
* common/exechelp-posix.c (do_exec): Add arg flags and implement new
flags.
* common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
2022-03-18 11:14:54 +01:00
NIIBE Yutaka
d94b411f12 common: Fix a race condition removing stale lockfile.
* common/dotlock.c (read_lockfile): Return the file descriptor when
R_FD is available.
(dotlock_take_unix): Check the case the lockfile was already removed.

--

GnuPG-bug-id: 5884
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-18 14:33:53 +09:00
NIIBE Yutaka
a30359cecb common: More heavy test condition for t-dotlock.c.
* common/t-dotlock.c (lock_and_unlock): Use usleep and faster.
Loop at least once.  Use getrandom for random time.
(main): Add new option --one-shot to run lock/unlock once.

--

GnuPG-bug-id: 5884
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-18 12:01:45 +09:00
Jussi Kivilinna
49c6e58394 gpg: fix --enarmor with zero length source file
* common/iobuf.c (filter_flush): Remove "src_len == 0" check.
* g10/compress-bz2.c (do_compress): Exit early if flush not
forced and input length is zero.
* g10/compress.c (do_compress): Likewise.
--

Remove "(src_len == 0)" check in filter_flush which was
introduced to fix compress failure caused by zero length
flush from iobuf_close. However this check broke enarmoring
file with length of zero. Patch instead fixes zero length
flush problem in compress filters.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:03:08 +02:00
Jussi Kivilinna
b96eb6f08d iobuf: add zerocopy optimization for iobuf_write
* common/iobuf.c (filter_flush): Use 'iobuf->e_d' if configured.
(iobuf_write): Configure 'iobuf->e_d' for 'filter_flush' if
'iobuf->d.buf' is empty and external buffer is larger than threshold.
--

Zero-copy operation in iobuf_write() and filter_flush() allow bypassing
'iobuf->d.buf' for greater performance. This mainly helps OCB
performance where additional memory copies through iobuf stack
can take significant portion of program time.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:03:03 +02:00
Jussi Kivilinna
15df88d135 iobuf: add zerocopy optimization for iobuf_read
* common/iobuf.h (iobuf_struct): Add 'e_d' substructure and members.
* common/iobuf.c (IOBUF_ZEROCOPY_THRESHOLD): New.
(iobuf_alloc): Clear 'iobuf->e_d'.
(underflow_target): Use 'iobuf->e_d' when configured to bypass copying
through 'iobuf->d.buf'.
(iobuf_read): Configure 'iobuf->e_d' for 'underflow' if 'iobuf->d.buf'
is empty and external buffer is larger than threshold.
--

Zero-copy operation in iobuf_read() and underflow() allow bypassing
'iobuf->d.buf' for greater performance. This mainly helps OCB
performance where additional memory copies through iobuf stack
can take significant portion of program time.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:00:31 +02:00
Jussi Kivilinna
f2322ff942 Use iobuf buffer size for temporary buffer size
* common/iobuf.c (iobuf_copy): Use iobuf buffer size for temporary
buffers.
* g10/plaintext.c (handle_plaintext, do_hash): Likewise.
* g10/sign.c (sign_file): Likewise.
--

As iobuf will have zerocopy operation for read/write, it is better to
use same size buffers as iobuf for temporary copy buffers.

GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-03-08 20:00:31 +02:00
Werner Koch
6afedbcd47
common,w32: Support file names longer than MAX_PATH in iobuf.
* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
(any8bitchar): Remove.
2022-03-08 07:50:14 +01:00
NIIBE Yutaka
14e13fb712 common: Fix confusion of get_pk_algo_from_key.
* common/ssh-utils.c (ssh_public_key_in_base64): Fix the constants.

--

Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-04 10:57:48 +09:00
NIIBE Yutaka
8e650dbd48 scd: Let READKEY support --format=ssh option.
* scd/command.c (do_readkey): Support --format=ssh option.
* common/ssh-utils.c (ssh_public_key_in_base64): New.
* common/ssh-utils.h (ssh_public_key_in_base64): New declaration.

--

Code duplication (agent/command-ssh.c) will be cleaned up later.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-02 14:07:46 +09:00
NIIBE Yutaka
05fdaa1737 sm: Fix use of value NONE in gnupg_isotime_t type.
* common/gettime.h (GNUPG_ISOTIME_NONE): New.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it.
* sm/certlist.c (gpgsm_add_to_certlist): Likewise.
* sm/import.c (check_and_store): Likewise.
* sm/keylist.c (list_cert_colon, list_cert_raw): Likewise.
(list_cert_std): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-18 11:11:12 +09:00
Werner Koch
ec311425ca
doc: Typo fixes.
--
2021-12-30 10:24:36 +01:00
Werner Koch
da39102216
common: Add set_membuf_err.
* common/membuf.c (set_membuf_err): New.
2021-12-20 19:34:34 +01:00
NIIBE Yutaka
e08225030d w32: Prepare for the case gcrypt.h will not include winsock2.h.
* common/dynload.h: Include specific headers only.
* common/exechelp-w32.c: Include <windows.h>.
* common/gettime.c: Likewise.
* common/utf8conv.c: Likewise.
* tests/gpgscm/ffi.c: Likewise.
* tools/gpgconf.c: Likewise.
* configure.ac: Check winsock2.h, removing gl_HEADER_SYS_SOCKET.

--

GnuPG-bug-id: 5731
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-17 13:32:14 +09:00
Jakub Jelen
6ee3eb4202 homedir: Avoid memory leaks on errors
* common/homedir.c (unix_rootdir): Free allocated memory on error path
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00
Werner Koch
5f39db70c0
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 20:49:37 +01:00
Werner Koch
5053939480
common,w32: New function read_w32_reg_string.
* common/w32-reg.c (get_root_key): Remove.
(read_w32_registry_string): Turn into a wrapper for the gpgrt
function.
(read_w32_reg_string): New.
2021-11-17 09:30:48 +01:00
Werner Koch
50e43af3f1
common: Support MYPROC_SELF_EXE for Solaris
* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.
--

GnuPG-bug-id: 5671
2021-10-27 12:55:03 +02:00
Werner Koch
4cb44914b5
common: Silence warning from unix_rootdir on systems w/o /proc
* common/homedir.c (unix_rootdir): Silence diagnostic in the common
case.
(MYPROC_SELF_EXE): Support NetBSD.
--

GnuPG-bug-id: 5656
2021-10-20 16:40:14 +02:00
Werner Koch
e293da3b21
common,w32: Do not always print "Garbled console data" warning.
* common/init.c (_init_common_subsystems): Silence message.
--
2021-10-20 16:40:14 +02:00
Ingo Klöcker
e99b9890c2 common: Respect gpgconf.ctl when looking up translations
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--

On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.

GnuPG-bug-id: 5999
2021-10-06 13:42:50 +02:00
Werner Koch
4b3e9a44b5
dirmngr: New option --ignore-cert
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--

This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
2021-10-06 10:35:51 +02:00
Werner Koch
dbe1b237a6
common: Support gpgconf.ctl also for BSDs.
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here.  Also support GNUPG_BUILD_ROOT as
fallback.
--

In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
2021-10-01 14:44:06 +02:00
Werner Koch
ec847cf17f
common: Add keyword sysconfdir to the optional gpgconf.ctl file.
* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
(gnupg_sysconfdir): Return it.
--

Our regression test suite has the problem that we can't disable the
use of the global config files or test them using the regualr
binaries.  This new keyword will allow us to overcome the problem.
2021-10-01 09:18:17 +02:00
Werner Koch
d4768bb982
common: Support a gpgconf.ctl file under Unix.
* common/homedir.c (unix_rootdir): New.
(gnupg_bindir): Use it.
(gnupg_libexecdir): Use it.
(gnupg_libdir): Use it.
(gnupg_datadir): Use it.
(gnupg_localedir): Use it.
--

This feature is useful for building and using an AppImage version of
gnupg and probably also for some other use cases.

GnuPG-bug-id: 5999

Here is a sample gpgconf.ctl file
--8<---------------cut here---------------start------------->8---
# gpgconf.ctl
#
# This file is used to change the directories where the gpg components
# are installed.  It does not change the configuration directories.
# The file is expected in the same directory as gpgconf.  The physical
# installation directories are evaluated and no symlinks.  Blank lines
# and lines starting with pound signed are ignored.  No errors are
# printed for unknown keywords or commands.  The only defined key for
# now is "rootdir" which must be followed by one optional space, an
# equal sign, and the value for the root directory.  Environment
# variables are substituted in standard shell manner, the final value
# must start with a slash, trailing slashed are stripped.

rootdir = $APPDIR/gnupg
--8<---------------cut here---------------end--------------->8---
2021-09-17 17:39:07 +02:00
Werner Koch
9c272dc245
common: New function substitute_envvars.
* common/stringhelp.c (substitute_envvars): New.  Based on code in
gpg-connect-agent.
* common/t-stringhelp.c: Include sysutils.h.
(test_substitute_envvars): New.
--

GnuPG-bug-id: 5599
2021-09-17 17:33:21 +02:00
Werner Koch
f2b01025c3
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
breakaway messages and turn them again into debug messages.
2021-09-13 17:13:38 +02:00
NIIBE Yutaka
f271c69164 common: Fix put_membuf.
* common/membuf.c (put_membuf): Allow NULL for the second arg.

--

There has been such a use case in keybox-blob.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 16:55:25 +09:00
NIIBE Yutaka
c4ba712736 common: Fix get_signal_name for GNU/Linux.
* common/signal.c (get_signal_name): Use sigdescr_np if available.
* configure.ac: Check the function.

--

GnuPG-bug-id: 5568
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-26 14:22:19 +09:00
Werner Koch
b4345f7521
wkd: Fix client issue with leading or trailing spaces in user-ids.
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c: Remove assert.h.
(strtokenize): Factor code out to do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.

* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--

This fixes a bug with user ids with leading spaces because:

wks-client lists all mail addresses from the key and matches them to the
requested mail address.

If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.

The filter built expression unfortunately strips leading blanks but
requires a verbatim match.  Thus it won't find the user id again and
errors out.

The new -t flag and a non-trimming strtokenize solves the problem.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-20 09:18:22 +02:00
Werner Koch
629f4a5cff
common,w32: Replace log_debug by log_info for InProcessJobs
* common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
2021-08-18 10:34:05 +02:00
Werner Koch
0802cbb59b
w32: Move socketdir to LCOAL_APPDATA
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.

* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--

That is actually a more correct directory than APPDATA.  This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).

LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.

GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-11 11:50:41 +02:00
Ingo Klöcker
94d18320b2 common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry
* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
QT_QPA_PLATFORM.
--

On Unix systems (except Darwin), Qt uses those two environment
variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out
whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs
to be set to "wayland" to make Qt use Wayland on Gnome.

GnuPG-bug-id: 3659
2021-08-02 17:19:45 +02:00
Werner Koch
101ba4f18a
kbx: Fix keyboxd searching with multiple patterns.
* kbx/keybox-search-desc.h (struct keydb_search_desc): New flag
name_used.
* common/userids.c (classify_user_id): Set flag.
* kbx/kbxserver.c (struct search_backing_store_s): New.
(cmd_search): use a backing store for the const pointers.
(kbxd_start_command_handler): Release the backing store.
--

Well, the search object partly uses buffers but also const
pointers (for strings and the serial number).  This when assigning
such objects to an another one we should really take a deep copy and
not just copy the pointer.  The more clean solution would have been to
provide a storage option the search object but that needs checking the
code at too many places so that I decided to use a separate backing
store array here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-07-08 13:57:13 +02:00
Werner Koch
5df658233a
tests: Cope with broken Libgcrypt versions
* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
errors.
--

For unknown reasons some versions of Fedora or RHEL provide a patched
version of Libgcrypt with Brainpool support removed.  We better ignore
this error because it is a regression in 2.2.28 although that older
versions could not used Brainpool keys.

GnuPG-bug-id: 5502
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-22 12:30:46 +02:00
Werner Koch
edfe9453be
w32: Add fallback in case the Windows console can't cope with Unicode.
* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
error.
--

To test this switch the Windows Console to "legacy mode"

  set LANG=de
  gpg --card-edit

and enter an invalid command.  The response contains an Umlaut and old
Windows versions (and the legacy console) don't have a proper font
installed for this.  Without this patch this runs into a log_fatal
error.

The mitigation we implement is to fallback to WriteConsoleA, that is
accepting wrong encoding and to print a note about the problem.

GnuPG-bug-id: 5491
2021-06-22 11:12:28 +02:00
Werner Koch
bebc71d229
gpg,sm: Simplify keyserver spec parsing.
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
an ambiguity in dirmngr by adding a prefix if needed.

* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here.  Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--

We now rely on the dirmngr to parse the keyserver specs.  Thus a bad
specification will not be caught immediately.  However, even before
that dirmngr had stricter tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
2021-06-16 12:03:13 +02:00
Werner Koch
c17dac5ac3
common: Allow for GCM decryption in de-vs mode.
* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.

* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.
2021-06-02 19:14:37 +02:00