common: Allow for GCM decryption in de-vs mode.

* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.

* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.

3 files changed, 3 insertions, 2 deletions

diff --git a/common/compliance.c b/common/compliance.c
index 217ed0997..6c2fcd5b3 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -416,7 +416,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
                       || mode == GCRY_CIPHER_MODE_CFB);
 	    case GNUPG_MODULE_NAME_GPGSM:
 	      return (mode == GCRY_CIPHER_MODE_NONE
-                      || mode == GCRY_CIPHER_MODE_CBC);
+                      || mode == GCRY_CIPHER_MODE_CBC
+                      || (mode == GCRY_CIPHER_MODE_GCM && !producer));
 	    }
 	  log_assert (!"reached");
 
diff --git a/tests/cms/samplemsgs/README b/tests/cms/samplemsgs/README
index a76b9457a..db1d8b17b 100644
--- a/tests/cms/samplemsgs/README
+++ b/tests/cms/samplemsgs/README
@@ -3,4 +3,4 @@ Password is "abc".
 
 pwri-sample.cbc.p7m      - Using CBC Mode
 pwri-sample.cbc-2.p7m    - Using CBC with a different iteration count
-pwri-sample.gcm.p7m      - Using GCM (from a broken implementation)
+pwri-sample.gcm.p7m      - Using GCM
diff --git a/tests/cms/samplemsgs/pwri-sample.gcm.p7m b/tests/cms/samplemsgs/pwri-sample.gcm.p7m
index 7cf1f8542..3a5947019 100644
--- a/tests/cms/samplemsgs/pwri-sample.gcm.p7m
+++ b/tests/cms/samplemsgs/pwri-sample.gcm.p7m