security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-17 14:07:03 +01:00
Code Activity

agent: Show "no secret key" instead of "card removed".

Browse Source 
* agent/findkey.c (agent_key_from_file): Check the error of
read_key_file again.
* agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was
found.  Also remove useless condition.
--

The first patch fixes a likely merge error.  The second is about the
actual return code: If we have no smardcard but simply try to decrypt
with the current smartcard we should return the originla error code.

GnuPG-bug-id: 5170
Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
This commit is contained in:
Werner Koch 2023-03-01 16:49:40 +01:00
parent 523b3e1773
commit 1aaadede76
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
agent/findkey.c
View File

@ -1186,6 +1186,15 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
return gpg_error (GPG_ERR_NO_SECKEY); return gpg_error (GPG_ERR_NO_SECKEY);
err = read_key_file (grip? grip : ctrl->keygrip, &s_skey, &keymeta); err = read_key_file (grip? grip : ctrl->keygrip, &s_skey, &keymeta);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_ENOENT)
err = gpg_error (GPG_ERR_NO_SECKEY);
else
log_error ("findkey: error reading key file: %s\n",
gpg_strerror (err));
return err;
}
/* For use with the protection functions we also need the key as an /* For use with the protection functions we also need the key as an
canonical encoded S-expression in a buffer. Create this buffer canonical encoded S-expression in a buffer. Create this buffer

15
agent/pkdecrypt.c
View File

@ -74,8 +74,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
no_shadow_info = 1; no_shadow_info = 1;
else if (err) else if (err)
{ {
if (gpg_err_code (err) != GPG_ERR_NO_SECKEY) log_error ("failed to read the secret key\n");
log_error ("failed to read the secret key\n");
goto leave; goto leave;
} }
@ -88,7 +87,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
goto leave; goto leave;
} }
if (agent_is_tpm2_key (s_skey)) if (s_skey && agent_is_tpm2_key (s_skey))
err = divert_tpm2_pkdecrypt (ctrl, ciphertext, shadow_info, err = divert_tpm2_pkdecrypt (ctrl, ciphertext, shadow_info,
&buf, &len, r_padding); &buf, &len, r_padding);
else else
@ -96,7 +95,15 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
&buf, &len, r_padding); &buf, &len, r_padding);
if (err) if (err)
{ {
log_error ("smartcard decryption failed: %s\n", gpg_strerror (err)); /* We restore the original error (ie. no seckey) is no card
* has been found and we have no shadow key. This avoids a
* surprising "card removed" error code. */
if ((gpg_err_code (err) == GPG_ERR_CARD_REMOVED
|| gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
&& no_shadow_info)
err = gpg_error (GPG_ERR_NO_SECKEY);
else
log_error ("smartcard decryption failed: %s\n", gpg_strerror (err));
goto leave; goto leave;
} }