From b8c4dd902df34faa4d23efb2bb4ac222c8bbdbdb Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 20 Aug 2020 09:34:41 +0200 Subject: [PATCH] gpg: Fix regression for non-default --passphrase-repeat option. * agent/command.c (cmd_get_passphrase): Take care of --repeat with --newsymkey. -- GnuPG-bug-id: 4997 --- agent/command.c | 12 +++++++++--- doc/gpg.texi | 5 ++++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/agent/command.c b/agent/command.c index b2bb72ace..cb4f22bd6 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1716,7 +1716,11 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) if (desc) plus_to_blank (desc); - if (opt_newsymkey) + /* If opt_repeat is 2 or higher we can't use our pin_entry_info_s + * based method but fallback to the old simple method. It is + * anyway questionable whether this extra repeat count makes any + * real sense. */ + if (opt_newsymkey && opt_repeat < 2) { /* We do not want to break any existing usage of this command * and thus we introduced the option --newsymkey to make this @@ -1765,13 +1769,15 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) continue; } if (*pi->pin && !pi->repeat_okay - && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK) + && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK + && opt_repeat) { /* The passphrase is empty and the pinentry did not * already run the repetition check, do it here. This * is only called when using an old and simple pinentry. * It is neither called in loopback mode because the - * caller does any passphrase repetition by herself. */ + * caller does any passphrase repetition by herself nor if + * no repetition was requested. */ xfree (response); response = NULL; rc = agent_get_passphrase (ctrl, &response, diff --git a/doc/gpg.texi b/doc/gpg.texi index 09e973f17..b9ac685de 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3268,7 +3268,10 @@ default. @option{--no-escape-from-lines} disables this option. @opindex passphrase-repeat Specify how many times @command{@gpgname} will request a new passphrase be repeated. This is useful for helping memorize a -passphrase. Defaults to 1 repetition. +passphrase. Defaults to 1 repetition; can be set to 0 to disable any +passphrase repetition. Note that a @var{n} greater than 1 will pop up +the pinentry window @var{n}+1 times even if a modern pinentry with +two entry fields is used. @item --passphrase-fd @var{n} @opindex passphrase-fd