gpg: Replace --override-compliance-check by a real fix.

* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: 773b8fbbe915449c723302f5268d7906b40d84d3
GnuPG-bug-id: 5655

5 files changed, 8 insertions, 32 deletions

diff --git a/common/compliance.c b/common/compliance.c
index c552f0275..992c1d3e3 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -358,6 +358,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 
 
 	case PUBKEY_ALGO_EDDSA:
+          if (use == PK_USE_VERIFICATION)
+            result = 1;
+          else /* We may not create such signatures in de-vs mode.  */
+            result = 0;
 	  break;
 
 	default:
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d6320f576..4f09d4e2c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3424,13 +3424,7 @@ signatures made using SHA-1, those key signatures are considered
 invalid.  This options allows to override this restriction.
 
 @item --override-compliance-check
-@opindex --override-compliance-check
-The signature verification only allows the use of keys suitable in the
-current compliance mode.  If the compliance mode has been forced by a
-global option, there might be no way to check certain signature.  This
-option allows to override this and prints an extra warning in such a
-case.  This option is ignored in --batch mode so that no accidental
-unattended verification may happen.
+This was a temporary introduced option and has no more effect.
 
 @item --no-default-keyring
 @opindex no-default-keyring
diff --git a/g10/gpg.c b/g10/gpg.c
index d7b75a1d8..d4ba3d867 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -350,7 +350,6 @@ enum cmd_and_opt_values
     oShowSessionKey,
     oOverrideSessionKey,
     oOverrideSessionKeyFD,
-    oOverrideComplianceCheck,
     oNoRandomSeedFile,
     oAutoKeyRetrieve,
     oNoAutoKeyRetrieve,
@@ -856,7 +855,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
-  ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
   /* Options to override new security defaults.  */
   ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
   ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -953,6 +951,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
   ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
   ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
 
 
   ARGPARSE_group (302, N_(
@@ -3593,10 +3592,6 @@ main (int argc, char **argv)
             opt.flags.allow_weak_key_signatures = 1;
             break;
 
-          case oOverrideComplianceCheck:
-            opt.flags.override_compliance_check = 1;
-            break;
-
           case oFakedSystemTime:
             {
               size_t len = strlen (pargs.r.ret_str);
@@ -3793,15 +3788,6 @@ main (int argc, char **argv)
 	g10_exit(2);
       }
 
-    /* We allow overriding the compliance check only in non-batch mode
-     * so that the user has a chance to see the message.  */
-    if (opt.flags.override_compliance_check && opt.batch)
-      {
-        opt.flags.override_compliance_check = 0;
-        log_info ("Note: '%s' ignored due to batch mode\n",
-                  "--override-compliance-check");
-      }
-
     set_debug (debug_level);
     if (opt.verbose) /* Print the compatibility flags.  */
       parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
diff --git a/g10/options.h b/g10/options.h
index 020b558aa..2333c6973 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -238,7 +238,6 @@ struct
     unsigned int allow_multiple_messages:1;
     unsigned int allow_weak_digest_algos:1;
     unsigned int allow_weak_key_signatures:1;
-    unsigned int override_compliance_check:1;
     unsigned int large_rsa:1;
     unsigned int disable_signer_uid:1;
     unsigned int include_key_block:1;
diff --git a/g10/sig-check.c b/g10/sig-check.c
index eeaf6f0df..ec136024b 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -75,17 +75,10 @@ check_key_verify_compliance (PKT_public_key *pk)
                             NULL))
     {
       /* Compliance failure.  */
-      log_info (_("key %s may not be used for signing in %s mode\n"),
+      log_error (_("key %s may not be used for signing in %s mode\n"),
                  keystr_from_pk (pk),
                  gnupg_compliance_option_string (opt.compliance));
-      if (opt.flags.override_compliance_check)
-        log_info (_("continuing verification anyway due to option %s\n"),
-                  "--override-compliance-failure");
-      else
-        {
-          log_inc_errorcount (); /* We used log info above.  */
-          err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-        }
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
     }
 
   return err;