gpg: Replace --override-compliance-check by a real fix.

* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: 773b8fbbe9 GnuPG-bug-id: 5655
2025-07-03 22:56:33 +02:00 · 2023-01-20 11:02:02 +01:00 · 2023-01-20 11:02:02 +01:00 · aecebdf705
commit aecebdf705
parent de292078a5
5 changed files with 8 additions and 32 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -350,7 +350,6 @@ enum cmd_and_opt_values
    oShowSessionKey,
    oOverrideSessionKey,
    oOverrideSessionKeyFD,
-    oOverrideComplianceCheck,
    oNoRandomSeedFile,
    oAutoKeyRetrieve,
    oNoAutoKeyRetrieve,
@ -856,7 +855,6 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
  ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
  ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
-  ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
  /* Options to override new security defaults.  */
  ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"),
  ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@ -953,6 +951,7 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
  ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
  ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+  ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),


  ARGPARSE_group (302, N_(
@ -3593,10 +3592,6 @@ main (int argc, char **argv)
            opt.flags.allow_weak_key_signatures = 1;
            break;

-          case oOverrideComplianceCheck:
-            opt.flags.override_compliance_check = 1;
-            break;
-
          case oFakedSystemTime:
            {
              size_t len = strlen (pargs.r.ret_str);
@ -3793,15 +3788,6 @@ main (int argc, char **argv)
 	g10_exit(2);
      }

-    /* We allow overriding the compliance check only in non-batch mode
-     * so that the user has a chance to see the message.  */
-    if (opt.flags.override_compliance_check && opt.batch)
-      {
-        opt.flags.override_compliance_check = 0;
-        log_info ("Note: '%s' ignored due to batch mode\n",
-                  "--override-compliance-check");
-      }
-
    set_debug (debug_level);
    if (opt.verbose) /* Print the compatibility flags.  */
      parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);