security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: New option --require-compliance.

Browse source 
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--

Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
This commit is contained in:
Werner Koch 2022-03-08 10:13:44 +01:00
parent c11292fe73
commit 17890d4318
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 67 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
g10/encrypt.c
View file

@ -655,6 +655,18 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
gnupg_status_compliance_flag (CO_DE_VS),
NULL);
if (opt.flags.require_compliance
&& opt.compliance == CO_DE_VS
&& !compliant)
{
log_error (_("operation forced to fail due to"
" unfulfilled compliance rules\n"));
rc = gpg_error (GPG_ERR_FORBIDDEN);
g10_errors_seen = 1;
goto leave;
}
cfx.dek->use_mdc = use_mdc (pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a