From c17dac5ac3ccb374e5a1276d4bc9b444c390a4c5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 2 Jun 2021 19:14:37 +0200
Subject: common: Allow for GCM decryption in de-vs mode.

* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.

* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.
---
 common/compliance.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'common')

diff --git a/common/compliance.c b/common/compliance.c
index 217ed0997..6c2fcd5b3 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
                       || mode == GCRY_CIPHER_MODE_CFB);
 	    case GNUPG_MODULE_NAME_GPGSM:
 	      return (mode == GCRY_CIPHER_MODE_NONE
-                      || mode == GCRY_CIPHER_MODE_CBC);
+                      || mode == GCRY_CIPHER_MODE_CBC
+                      || (mode == GCRY_CIPHER_MODE_GCM && !producer));
 	    }
 	  log_assert (!"reached");
 
-- 
cgit v1.2.3