From e05fb5ca3711f02eb562868dc38d30e3cccda270 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 31 Aug 2022 15:27:59 +0200
Subject: [PATCH] gpg: Emit STATUS_FAILURE for --require-compliance errors

* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG.  Print
compliance failure error and status for CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
require-compliance error case.
* g10/encrypt.c (check_encryption_compliance): Ditto.
---
 g10/encrypt.c  | 4 +---
 g10/mainproc.c | 7 ++-----
 g10/misc.c     | 8 ++++++--
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index aba161ddd..a96a77974 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -567,10 +567,8 @@ check_encryption_compliance (DEK *dek, pk_list_t pk_list)
       && opt.compliance == CO_DE_VS
       && !compliant)
     {
-      log_error (_("operation forced to fail due to"
-                   " unfulfilled compliance rules\n"));
+      compliance_failure ();
       err = gpg_error (GPG_ERR_FORBIDDEN);
-      g10_errors_seen = 1;
       goto leave;
     }
 
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 3c9ea15d5..63e39ffef 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -944,9 +944,7 @@ proc_encrypted (CTX c, PACKET *pkt)
       && opt.compliance == CO_DE_VS
       && compliance_de_vs != (4|2|1))
     {
-      log_error (_("operation forced to fail due to"
-                   " unfulfilled compliance rules\n"));
-      g10_errors_seen = 1;
+      compliance_failure ();
     }
 }
 
@@ -2625,8 +2623,7 @@ check_sig_and_print (CTX c, kbnode_t node)
       else if (opt.flags.require_compliance
                && opt.compliance == CO_DE_VS)
         {
-          log_error (_("operation forced to fail due to"
-                       " unfulfilled compliance rules\n"));
+          compliance_failure ();
           if (!rc)
             rc = gpg_error (GPG_ERR_FORBIDDEN);
         }
diff --git a/g10/misc.c b/g10/misc.c
index 1d30bbc6d..0b19e1a2b 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1405,8 +1405,12 @@ compliance_failure(void)
       break;
 
     case CO_DE_VS:
-      ver="DE-VS applications";
-      break;
+      /* For de-vs we do not allow any kind of fallback.  */
+      write_status_failure ("compliance-check", gpg_error (GPG_ERR_FORBIDDEN));
+      log_error (_("operation forced to fail due to"
+                   " unfulfilled compliance rules\n"));
+      g10_errors_seen = 1;
+      return;
     }
 
   log_info(_("this message may not be usable by %s\n"),ver);