1 files changed, 35 insertions, 6 deletions

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 871403ad7..4939fdef3 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -638,6 +638,7 @@ proc_encrypted (CTX c, PACKET *pkt)
 {
   int result = 0;
   int early_plaintext = literals_seen;
+  unsigned int compliance_de_vs = 0;
 
   if (pkt->pkttype == PKT_ENCRYPTED_AEAD)
     c->seen_pkt_encrypted_aead = 1;
@@ -761,10 +762,12 @@ proc_encrypted (CTX c, PACKET *pkt)
       xfree (pk);
 
       if (compliant)
-        write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
-                              gnupg_status_compliance_flag (CO_DE_VS),
-                              NULL);
-
+        {
+          write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
+                                gnupg_status_compliance_flag (CO_DE_VS),
+                                NULL);
+          compliance_de_vs |= 1;
+        }
     }
 
 
@@ -820,9 +823,15 @@ proc_encrypted (CTX c, PACKET *pkt)
         log_info(_("decryption okay\n"));
 
       if (pkt->pkt.encrypted->aead_algo)
-        write_status (STATUS_GOODMDC);
+        {
+          write_status (STATUS_GOODMDC);
+          compliance_de_vs |= 2;
+        }
       else if (pkt->pkt.encrypted->mdc_method && !result)
-        write_status (STATUS_GOODMDC);
+        {
+          write_status (STATUS_GOODMDC);
+          compliance_de_vs |= 2;
+        }
       else
         log_info (_("WARNING: message was not integrity protected\n"));
     }
@@ -864,6 +873,17 @@ proc_encrypted (CTX c, PACKET *pkt)
    * a misplace extra literal data packets follows after this
    * encrypted packet.  */
   literals_seen++;
+
+  /* The --require-compliance option allows to simplify decryption in
+   * de-vs compliance mode by just looking at the exit status.  */
+  if (opt.flags.require_compliance
+      && opt.compliance == CO_DE_VS
+      && compliance_de_vs != (2|1))
+    {
+      log_error (_("operation forced to fail due to"
+                   " unfulfilled compliance rules\n"));
+      g10_errors_seen = 1;
+    }
 }
 
 
@@ -2538,6 +2558,15 @@ check_sig_and_print (CTX c, kbnode_t node)
         write_status_strings (STATUS_VERIFICATION_COMPLIANCE_MODE,
                               gnupg_status_compliance_flag (CO_DE_VS),
                               NULL);
+      else if (opt.flags.require_compliance
+               && opt.compliance == CO_DE_VS)
+        {
+          log_error (_("operation forced to fail due to"
+                       " unfulfilled compliance rules\n"));
+          if (!rc)
+            rc = gpg_error (GPG_ERR_FORBIDDEN);
+        }
+
 
       free_public_key (pk);
       pk = NULL;