gpgsm: New option --require-compliance

* sm/gpgsm.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* sm/gpgsm.h (opt): Add field require_compliance.
(gpgsm_errors_seen): Declare.
* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--

1 files changed, 7 insertions, 1 deletions

diff --git a/sm/decrypt.c b/sm/decrypt.c
index 1fe2522b5..3702cd893 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -1389,7 +1389,13 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                           && gnupg_gcrypt_is_compliant (CO_DE_VS))
                         gpgsm_status (ctrl, STATUS_DECRYPTION_COMPLIANCE_MODE,
                                       gnupg_status_compliance_flag (CO_DE_VS));
-
+                      else if (opt.require_compliance
+                               && opt.compliance == CO_DE_VS)
+                        {
+                          log_error (_("operation forced to fail due to"
+                                       " unfulfilled compliance rules\n"));
+                          gpgsm_errors_seen = 1;
+                        }
                     }
                   audit_log_ok (ctrl->audit, AUDIT_RECP_RESULT, rc);
                 }