scd:openpgp: Return better error codes for the Reset Code.

* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where appropriate. * common/util.h: Add error codes missing in gpgrt 1.46. * agent/call-pinentry.c (unlock_pinentry): Handle GPG_ERR_BAD_RESET_CODE. (agent_askpin): Ditlo. Also simply condition. (agent_get_passphrase): Ditto. * g10/call-agent.c (status_sc_op_failure): Handle GPG_ERR_BAD_RESET_CODE. * g10/card-util.c (write_sc_op_status): Ditto. * tools/card-call-scd.c (status_sc_op_failure): Ditto.
2024-12-22 10:19:57 +01:00 · 2023-10-06 12:04:00 +02:00 · 2023-10-06 12:04:00 +02:00 · 4963f13f8f
commit 4963f13f8f
parent 24b3a5a579
6 changed files with 20 additions and 9 deletions
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@ -174,6 +174,7 @@ unlock_pinentry (ctrl_t ctrl, gpg_error_t rc)
        case GPG_ERR_NO_PASSPHRASE:
        case GPG_ERR_BAD_PASSPHRASE:
        case GPG_ERR_BAD_PIN:
+        case GPG_ERR_BAD_RESET_CODE:
          break;

        case GPG_ERR_CORRUPTED_PROTECTION:
@ -1621,12 +1622,13 @@ agent_askpin (ctrl_t ctrl,
              && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
            return unlock_pinentry (ctrl, rc);

-          if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE)
+          if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+              || gpg_err_code (rc) == GPG_ERR_BAD_PIN
+              || gpg_err_code (rc) == GPG_ERR_BAD_RESET_CODE)
            {
              if (pininfo->cb_errtext)
                errtext = pininfo->cb_errtext;
-              else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
-                       || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+              else
                errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase"));
            }
          else if (rc)
@ -1894,12 +1896,13 @@ agent_get_passphrase (ctrl_t ctrl,
          if (rc && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
            return unlock_pinentry (ctrl, rc);

-          if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE)
+          if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+              || gpg_err_code (rc) == GPG_ERR_BAD_PIN
+              || gpg_err_code (rc) == GPG_ERR_BAD_RESET_CODE)
            {
              if (pininfo->cb_errtext)
                errtext = pininfo->cb_errtext;
-              else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
-                       || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+              else
                errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase"));
            }
          else if (rc)
--- a/common/util.h
+++ b/common/util.h
@ -39,6 +39,11 @@
 * libgpg-error version.  Define them here.
 * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
 */
+#if GPG_ERROR_VERSION_NUMBER < 0x012f00 /* 1.47 */
+# define GPG_ERR_BAD_PUK          320
+# define GPG_ERR_NO_RESET_CODE    321
+# define GPG_ERR_BAD_RESET_CODE   322
+#endif

 #ifndef EXTERN_UNLESS_MAIN_MODULE
 # if !defined (INCLUDED_BY_MAIN_MODULE)
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -130,6 +130,7 @@ status_sc_op_failure (int rc)
      write_status_text (STATUS_SC_OP_FAILURE, "1");
      break;
    case GPG_ERR_BAD_PIN:
+    case GPG_ERR_BAD_RESET_CODE:
      write_status_text (STATUS_SC_OP_FAILURE, "2");
      break;
    default:
--- a/g10/card-util.c
+++ b/g10/card-util.c
@ -62,6 +62,7 @@ write_sc_op_status (gpg_error_t err)
      write_status_text (STATUS_SC_OP_FAILURE, "1");
      break;
    case GPG_ERR_BAD_PIN:
+    case GPG_ERR_BAD_RESET_CODE:
      write_status_text (STATUS_SC_OP_FAILURE, "2");
      break;
    default:
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -3453,7 +3453,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
          if (!remaining)
            {
              log_error (_("Reset Code not or not anymore available\n"));
-              rc = gpg_error (GPG_ERR_BAD_PIN);
+              rc = gpg_error (GPG_ERR_NO_RESET_CODE);
              goto leave;
            }

@ -3470,7 +3470,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
            {
              log_info (_("Reset Code is too short; minimum length is %d\n"),
                        minlen);
-              rc = gpg_error (GPG_ERR_BAD_PIN);
+              rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
              goto leave;
            }
        }
@ -3538,7 +3538,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
      if (bufferlen != 0 && bufferlen < 8)
        {
          log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
-          rc = gpg_error (GPG_ERR_BAD_PIN);
+          rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
        }
      else
        {
--- a/tools/card-call-scd.c
+++ b/tools/card-call-scd.c
@ -235,6 +235,7 @@ status_sc_op_failure (gpg_error_t err)
      gnupg_status_printf (STATUS_SC_OP_FAILURE, "1");
      break;
    case GPG_ERR_BAD_PIN:
+    case GPG_ERR_BAD_RESET_CODE:
      gnupg_status_printf (STATUS_SC_OP_FAILURE, "2");
      break;
    default: