diff options
| author | Werner Koch <[email protected]> | 2022-03-08 09:13:44 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-03-08 18:26:01 +0000 |
| commit | ee013c5350ce6a5b3d4089753cb99a44802fdfa8 (patch) | |
| tree | d81bc0fc1d8a47e2230f35df87e6f4ca84cdb116 /g10/encrypt.c | |
| parent | gpg: fix --enarmor with zero length source file (diff) | |
| download | gnupg-ee013c5350ce6a5b3d4089753cb99a44802fdfa8.tar.gz gnupg-ee013c5350ce6a5b3d4089753cb99a44802fdfa8.zip | |
gpg: New option --require-compliance.
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--
Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
Diffstat (limited to 'g10/encrypt.c')
| -rw-r--r-- | g10/encrypt.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index bca7344f4..28a761747 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -847,6 +847,17 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, gnupg_status_compliance_flag (CO_DE_VS), NULL); + if (opt.flags.require_compliance + && opt.compliance == CO_DE_VS + && !compliant) + { + log_error (_("operation forced to fail due to" + " unfulfilled compliance rules\n")); + rc = gpg_error (GPG_ERR_FORBIDDEN); + g10_errors_seen = 1; + goto leave; + } + cfx.dek->use_aead = use_aead (pk_list, cfx.dek->algo); if (!cfx.dek->use_aead) cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo); |