security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

scd:openpgp: Return better error codes for the Reset Code. 

* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.

* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo.  Also simply condition.
(agent_get_passphrase):  Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
This commit is contained in:
Werner Koch 2023-10-06 12:04:00 +02:00
parent 24b3a5a579
commit 4963f13f8f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
6 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
agent/call-pinentry.c
View File

@ -174,6 +174,7 @@ unlock_pinentry (ctrl_t ctrl, gpg_error_t rc)
case GPG_ERR_NO_PASSPHRASE: case GPG_ERR_NO_PASSPHRASE:
case GPG_ERR_BAD_PASSPHRASE: case GPG_ERR_BAD_PASSPHRASE:
case GPG_ERR_BAD_PIN: case GPG_ERR_BAD_PIN:
case GPG_ERR_BAD_RESET_CODE:
break; break;
case GPG_ERR_CORRUPTED_PROTECTION: case GPG_ERR_CORRUPTED_PROTECTION:
@ -1621,12 +1622,13 @@ agent_askpin (ctrl_t ctrl,
&& (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
return unlock_pinentry (ctrl, rc); return unlock_pinentry (ctrl, rc);
if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE) if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN
|| gpg_err_code (rc) == GPG_ERR_BAD_RESET_CODE)
{ {
if (pininfo->cb_errtext) if (pininfo->cb_errtext)
errtext = pininfo->cb_errtext; errtext = pininfo->cb_errtext;
else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE else
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN)
errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase"));
} }
else if (rc) else if (rc)
@ -1894,12 +1896,13 @@ agent_get_passphrase (ctrl_t ctrl,
if (rc && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) if (rc && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
return unlock_pinentry (ctrl, rc); return unlock_pinentry (ctrl, rc);
if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE) if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN
|| gpg_err_code (rc) == GPG_ERR_BAD_RESET_CODE)
{ {
if (pininfo->cb_errtext) if (pininfo->cb_errtext)
errtext = pininfo->cb_errtext; errtext = pininfo->cb_errtext;
else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE else
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN)
errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase"));
} }
else if (rc) else if (rc)

5
common/util.h
View File

@ -39,6 +39,11 @@
* libgpg-error version. Define them here. * libgpg-error version. Define them here.
* Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21) * Example: (#if GPG_ERROR_VERSION_NUMBER < 0x011500 // 1.21)
*/ */
#if GPG_ERROR_VERSION_NUMBER < 0x012f00 /* 1.47 */
# define GPG_ERR_BAD_PUK 320
# define GPG_ERR_NO_RESET_CODE 321
# define GPG_ERR_BAD_RESET_CODE 322
#endif
#ifndef EXTERN_UNLESS_MAIN_MODULE #ifndef EXTERN_UNLESS_MAIN_MODULE
# if !defined (INCLUDED_BY_MAIN_MODULE) # if !defined (INCLUDED_BY_MAIN_MODULE)

1
g10/call-agent.c
View File

@ -130,6 +130,7 @@ status_sc_op_failure (int rc)
write_status_text (STATUS_SC_OP_FAILURE, "1"); write_status_text (STATUS_SC_OP_FAILURE, "1");
break; break;
case GPG_ERR_BAD_PIN: case GPG_ERR_BAD_PIN:
case GPG_ERR_BAD_RESET_CODE:
write_status_text (STATUS_SC_OP_FAILURE, "2"); write_status_text (STATUS_SC_OP_FAILURE, "2");
break; break;
default: default:

1
g10/card-util.c
View File

@ -62,6 +62,7 @@ write_sc_op_status (gpg_error_t err)
write_status_text (STATUS_SC_OP_FAILURE, "1"); write_status_text (STATUS_SC_OP_FAILURE, "1");
break; break;
case GPG_ERR_BAD_PIN: case GPG_ERR_BAD_PIN:
case GPG_ERR_BAD_RESET_CODE:
write_status_text (STATUS_SC_OP_FAILURE, "2"); write_status_text (STATUS_SC_OP_FAILURE, "2");
break; break;
default: default:

6
scd/app-openpgp.c
View File

@ -3453,7 +3453,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (!remaining) if (!remaining)
{ {
log_error (_("Reset Code not or not anymore available\n")); log_error (_("Reset Code not or not anymore available\n"));
rc = gpg_error (GPG_ERR_BAD_PIN); rc = gpg_error (GPG_ERR_NO_RESET_CODE);
goto leave; goto leave;
} }
@ -3470,7 +3470,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
{ {
log_info (_("Reset Code is too short; minimum length is %d\n"), log_info (_("Reset Code is too short; minimum length is %d\n"),
minlen); minlen);
rc = gpg_error (GPG_ERR_BAD_PIN); rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
goto leave; goto leave;
} }
} }
@ -3538,7 +3538,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (bufferlen != 0 && bufferlen < 8) if (bufferlen != 0 && bufferlen < 8)
{ {
log_error (_("Reset Code is too short; minimum length is %d\n"), 8); log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
rc = gpg_error (GPG_ERR_BAD_PIN); rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
} }
else else
{ {

1
tools/card-call-scd.c
View File

@ -235,6 +235,7 @@ status_sc_op_failure (gpg_error_t err)
gnupg_status_printf (STATUS_SC_OP_FAILURE, "1"); gnupg_status_printf (STATUS_SC_OP_FAILURE, "1");
break; break;
case GPG_ERR_BAD_PIN: case GPG_ERR_BAD_PIN:
case GPG_ERR_BAD_RESET_CODE:
gnupg_status_printf (STATUS_SC_OP_FAILURE, "2"); gnupg_status_printf (STATUS_SC_OP_FAILURE, "2");
break; break;
default: default: