gpgsm: New option --require-compliance

* sm/gpgsm.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * sm/gpgsm.h (opt): Add field require_compliance. (gpgsm_errors_seen): Declare. * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. --
author: Werner Koch <[email protected]> 2022-03-08 18:06:30 +0000
committer: Werner Koch <[email protected]> 2022-03-08 18:28:16 +0000
commit: f8075257afad4c7a41cd4409e334670a0097b5b8 (patch)
tree: e6de29104400b4a08d95746570ffcb0e69a8d520 /sm/encrypt.c
parent: gpg: New option --require-compliance. (diff)
download: gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.tar.gz
gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/sm/encrypt.c b/sm/encrypt.c
index ba2428e9a..4fd4f93b9 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -811,6 +811,15 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
   if (compliant && gnupg_gcrypt_is_compliant (CO_DE_VS))
     gpgsm_status (ctrl, STATUS_ENCRYPTION_COMPLIANCE_MODE,
                   gnupg_status_compliance_flag (CO_DE_VS));
+  else if (opt.require_compliance
+           && opt.compliance == CO_DE_VS)
+    {
+      log_error (_("operation forced to fail due to"
+                   " unfulfilled compliance rules\n"));
+      gpgsm_errors_seen = 1;
+      rc = gpg_error (GPG_ERR_FORBIDDEN);
+      goto leave;
+    }
 
   /* Main control loop for encryption. */
   recpno = 0;
author	Werner Koch <[email protected]>	2022-03-08 18:06:30 +0000
committer	Werner Koch <[email protected]>	2022-03-08 18:28:16 +0000
commit	f8075257afad4c7a41cd4409e334670a0097b5b8 (patch)
tree	e6de29104400b4a08d95746570ffcb0e69a8d520 /sm/encrypt.c
parent	gpg: New option --require-compliance. (diff)
download	gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.tar.gz gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.zip