gen-key with wrong passphrase

NIIBE Yutaka gniibe at fsij.org
Tue Oct 6 20:29:03 CEST 2015 

Hello,

I found that the commit efde50f92a introduced a regression for wrong
passphrase input (different passphrase for second time).  When it's
different, it failed with following error.

    gpg: agent_genkey failed: Unknown system error
    Key generation failed: Unknown system error

Expected behavior is to repeat asking passphrase.


In genkey.c, the function reenter_compare_cb can return -1.
The value -1 is incompatible by the change of the commit efde50f92a.

I'm not sure how we fix this.  Shall we change the callback
pininfo->check_cb return type from int to gpg_error_t?


commit efde50f92af241d8357db83e280a6ece62f6397f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Mar 11 16:28:32 2015 +0100

    agent: Improve error reporting from Pinentry.

    * agent/call-pinentry.c (unlock_pinentry): Add error logging.  Map
    error source of uncommon errors to Pinentry.
    --

    With this change it is possible to detect whether an error like
    GPG_ERR_ASS_INV_RESPONSE has its origin in a call to Pinentry or comes
    from another part of gpg-agent.

    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index a96406f..ef1bfa4 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -133,6 +133,34 @@ unlock_pinentry (int rc)
   assuan_context_t ctx = entry_ctx;
   int err;

+  if (rc)
+    {
+      if (DBG_ASSUAN)
+        log_debug ("error calling pinentry: %s <%s>\n",
+                   gpg_strerror (rc), gpg_strsource (rc));
+
+      /* Change the source of the error to pinentry so that the final
+         consumer of the error code knows that the problem is with
+         pinentry.  For backward compatibility we do not do that for
+         some common error codes.  */
+      switch (gpg_err_code (rc))
+        {
+        case GPG_ERR_NO_PIN_ENTRY:
+        case GPG_ERR_CANCELED:
+        case GPG_ERR_FULLY_CANCELED:
+        case GPG_ERR_ASS_UNKNOWN_INQUIRE:
+        case GPG_ERR_ASS_TOO_MUCH_DATA:
+        case GPG_ERR_NO_PASSPHRASE:
+        case GPG_ERR_BAD_PASSPHRASE:
+        case GPG_ERR_BAD_PIN:
+          break;
+
+        default:
+          rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc));
+          break;
+        }
+    }
+
   entry_ctx = NULL;
   err = npth_mutex_unlock (&entry_lock);
   if (err)
--

More information about the Gnupg-devel mailing list