From 0f8623d518d49541c1d54676d400916546ff38f4 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 25 Apr 2022 11:18:40 +0200
Subject: [PATCH] gpg: Emit an ERROR status as hint for a bad passphrase.

* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
---
 g10/mainproc.c | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index cd62737a4..af11877aa 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -437,6 +437,11 @@ proc_symkey_enc (CTX c, PACKET *pkt)
                           && gpg_err_code (err) != GPG_ERR_CHECKSUM)
                         log_fatal ("process terminated to be bug compatible"
                                    " with GnuPG <= 2.2\n");
+                      else
+                        write_status_text (STATUS_ERROR,
+                                           "symkey_decrypt.maybe_error"
+                                           " 11_BAD_PASSPHRASE");
+
                       if (c->dek->s2k_cacheid[0])
                         {
                           if (opt.debug)
@@ -805,15 +810,22 @@ proc_encrypted (CTX c, PACKET *pkt)
     }
   else
     {
-      if ((gpg_err_code (result) == GPG_ERR_BAD_KEY
-	   || gpg_err_code (result) == GPG_ERR_CHECKSUM
-	   || gpg_err_code (result) == GPG_ERR_CIPHER_ALGO)
-          && c->dek && *c->dek->s2k_cacheid != '\0')
+      if (gpg_err_code (result) == GPG_ERR_BAD_KEY
+          || gpg_err_code (result) == GPG_ERR_CHECKSUM
+          || gpg_err_code (result) == GPG_ERR_CIPHER_ALGO)
         {
-          if (opt.debug)
-            log_debug ("cleared passphrase cached with ID: %s\n",
-                       c->dek->s2k_cacheid);
-          passphrase_clear_cache (c->dek->s2k_cacheid);
+          if (c->symkeys)
+            write_status_text (STATUS_ERROR,
+                               "symkey_decrypt.maybe_error"
+                               " 11_BAD_PASSPHRASE");
+
+          if (c->dek && *c->dek->s2k_cacheid != '\0')
+            {
+              if (opt.debug)
+                log_debug ("cleared passphrase cached with ID: %s\n",
+                           c->dek->s2k_cacheid);
+              passphrase_clear_cache (c->dek->s2k_cacheid);
+            }
         }
       glo_ctrl.lasterr = result;
       write_status (STATUS_DECRYPTION_FAILED);