gpg: Fix regression for non-default --passphrase-repeat option.

* agent/command.c (cmd_get_passphrase): Take care of --repeat with --newsymkey. -- GnuPG-bug-id: 4997
2024-12-22 10:19:57 +01:00 · 2020-08-20 09:34:41 +02:00 · 2020-08-20 09:34:41 +02:00 · b8c4dd902d
commit b8c4dd902d
parent 4031c42bfd
2 changed files with 13 additions and 4 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -1716,7 +1716,11 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
  if (desc)
    plus_to_blank (desc);

-  if (opt_newsymkey)
+  /* If opt_repeat is 2 or higher we can't use our pin_entry_info_s
+   * based method but fallback to the old simple method.  It is
+   * anyway questionable whether this extra repeat count makes any
+   * real sense.  */
+  if (opt_newsymkey && opt_repeat < 2)
    {
      /* We do not want to break any existing usage of this command
       * and thus we introduced the option --newsymkey to make this
@ -1765,13 +1769,15 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
              continue;
            }
          if (*pi->pin && !pi->repeat_okay
-              && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK)
+              && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK
+              && opt_repeat)
            {
              /* The passphrase is empty and the pinentry did not
               * already run the repetition check, do it here.  This
               * is only called when using an old and simple pinentry.
               * It is neither called in loopback mode because the
-               * caller does any passphrase repetition by herself. */
+               * caller does any passphrase repetition by herself nor if
+               * no repetition was requested. */
              xfree (response);
              response = NULL;
              rc = agent_get_passphrase (ctrl, &response,
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -3268,7 +3268,10 @@ default. @option{--no-escape-from-lines} disables this option.
@opindex passphrase-repeat
 Specify how many times @command{@gpgname} will request a new
 passphrase be repeated.  This is useful for helping memorize a
-passphrase.  Defaults to 1 repetition.
+passphrase.  Defaults to 1 repetition; can be set to 0 to disable any
+passphrase repetition.  Note that a @var{n} greater than 1 will pop up
+the pinentry window @var{n}+1 times even if a modern pinentry with
+two entry fields is used.

@item --passphrase-fd @var{n}
@opindex passphrase-fd