diff options
| author | Werner Koch <[email protected]> | 2022-08-31 13:27:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-08-31 13:34:17 +0000 |
| commit | e05fb5ca3711f02eb562868dc38d30e3cccda270 (patch) | |
| tree | 1afc613fe4016b177ce47a66c5528854447b7884 | |
| parent | scd: Add npth_unprotect/npth_protect for blocking operations. (diff) | |
| download | gnupg-e05fb5ca3711f02eb562868dc38d30e3cccda270.tar.gz gnupg-e05fb5ca3711f02eb562868dc38d30e3cccda270.zip | |
gpg: Emit STATUS_FAILURE for --require-compliance errors
* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG. Print
compliance failure error and status for CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
require-compliance error case.
* g10/encrypt.c (check_encryption_compliance): Ditto.
| -rw-r--r-- | g10/encrypt.c | 4 | ||||
| -rw-r--r-- | g10/mainproc.c | 7 | ||||
| -rw-r--r-- | g10/misc.c | 8 |
3 files changed, 9 insertions, 10 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index aba161ddd..a96a77974 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -567,10 +567,8 @@ check_encryption_compliance (DEK *dek, pk_list_t pk_list) && opt.compliance == CO_DE_VS && !compliant) { - log_error (_("operation forced to fail due to" - " unfulfilled compliance rules\n")); + compliance_failure (); err = gpg_error (GPG_ERR_FORBIDDEN); - g10_errors_seen = 1; goto leave; } diff --git a/g10/mainproc.c b/g10/mainproc.c index 3c9ea15d5..63e39ffef 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -944,9 +944,7 @@ proc_encrypted (CTX c, PACKET *pkt) && opt.compliance == CO_DE_VS && compliance_de_vs != (4|2|1)) { - log_error (_("operation forced to fail due to" - " unfulfilled compliance rules\n")); - g10_errors_seen = 1; + compliance_failure (); } } @@ -2625,8 +2623,7 @@ check_sig_and_print (CTX c, kbnode_t node) else if (opt.flags.require_compliance && opt.compliance == CO_DE_VS) { - log_error (_("operation forced to fail due to" - " unfulfilled compliance rules\n")); + compliance_failure (); if (!rc) rc = gpg_error (GPG_ERR_FORBIDDEN); } diff --git a/g10/misc.c b/g10/misc.c index 1d30bbc6d..0b19e1a2b 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1405,8 +1405,12 @@ compliance_failure(void) break; case CO_DE_VS: - ver="DE-VS applications"; - break; + /* For de-vs we do not allow any kind of fallback. */ + write_status_failure ("compliance-check", gpg_error (GPG_ERR_FORBIDDEN)); + log_error (_("operation forced to fail due to" + " unfulfilled compliance rules\n")); + g10_errors_seen = 1; + return; } log_info(_("this message may not be usable by %s\n"),ver); |