gpg: New option --override-compliance-check

* g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): this. Turn error into a warning in override mode. -- There is one important use case for this: For systems configured globally to use de-vs mode, Ed25519 and other key types are not allowed because they are not listred in the BSI algorithm catalog. Now, our release signing keys happen to be Ed25519 and thus we need to offer a way for users to check new versions even if the system is in de-vs mode. This does on purpose not work in --batch mode so that scripted solutions won't accidently pass a signature check. GnuPG-bug-id: 5655
2025-07-03 22:56:33 +02:00 · 2021-10-13 17:25:28 +02:00 · 2021-10-13 17:25:28 +02:00 · fb26e144ad
commit fb26e144ad
parent d7d26eff85
4 changed files with 56 additions and 12 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -357,6 +357,7 @@ enum cmd_and_opt_values
    oShowSessionKey,
    oOverrideSessionKey,
    oOverrideSessionKeyFD,
+    oOverrideComplianceCheck,
    oNoRandomSeedFile,
    oAutoKeyRetrieve,
    oNoAutoKeyRetrieve,
@ -840,7 +841,6 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
  ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),

-
  ARGPARSE_header ("Security", N_("Options controlling the security")),

  ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
@ -871,6 +871,7 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_s (oAEADAlgo,   "aead-algo", "@"),
  ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
  ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
+  ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),


  ARGPARSE_header (NULL, N_("Options for unattended use")),
@ -3660,6 +3661,10 @@ main (int argc, char **argv)
            opt.flags.allow_old_cipher_algos = 1;
            break;

+          case oOverrideComplianceCheck:
+            opt.flags.override_compliance_check = 1;
+            break;
+
          case oFakedSystemTime:
            {
              size_t len = strlen (pargs.r.ret_str);
@ -3869,6 +3874,15 @@ main (int argc, char **argv)
 	g10_exit(2);
      }

+    /* We allow overriding the compliance check only in non-batch mode
+     * so that the user has a chance to see the message.  */
+    if (opt.flags.override_compliance_check && opt.batch)
+      {
+        opt.flags.override_compliance_check = 0;
+        log_info ("Note: '%s' ignored due to batch mode\n",
+                  "--override-compliance-check");
+      }
+
    set_debug (debug_level);
    if (DBG_CLOCK)
      log_clock ("start");