gpgsm: New option --require-compliance

* sm/gpgsm.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * sm/gpgsm.h (opt): Add field require_compliance. (gpgsm_errors_seen): Declare. * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. --
author: Werner Koch <[email protected]> 2022-03-08 18:06:30 +0000
committer: Werner Koch <[email protected]> 2022-03-08 18:28:16 +0000
commit: f8075257afad4c7a41cd4409e334670a0097b5b8 (patch)
tree: e6de29104400b4a08d95746570ffcb0e69a8d520 /sm/verify.c
parent: gpg: New option --require-compliance. (diff)
download: gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.tar.gz
gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/sm/verify.c b/sm/verify.c
index fe111c32a..c9a435895 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -520,6 +520,13 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
           && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
         gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
                       gnupg_status_compliance_flag (CO_DE_VS));
+      else if (opt.require_compliance
+               && opt.compliance == CO_DE_VS)
+        {
+          log_error (_("operation forced to fail due to"
+                       " unfulfilled compliance rules\n"));
+          gpgsm_errors_seen = 1;
+        }
 
 
       /* Now we can check the signature.  */
author	Werner Koch <[email protected]>	2022-03-08 18:06:30 +0000
committer	Werner Koch <[email protected]>	2022-03-08 18:28:16 +0000
commit	f8075257afad4c7a41cd4409e334670a0097b5b8 (patch)
tree	e6de29104400b4a08d95746570ffcb0e69a8d520 /sm/verify.c
parent	gpg: New option --require-compliance. (diff)
download	gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.tar.gz gnupg-f8075257afad4c7a41cd4409e334670a0097b5b8.zip