agent: Ignore passphrase constraints for a generated passphrase.

* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
2025-07-03 22:56:33 +02:00 · 2021-08-18 18:24:35 +02:00 · 2021-08-18 18:24:35 +02:00 · db5dc7a91a
commit db5dc7a91a
parent 576e429d41
4 changed files with 73 additions and 35 deletions
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -495,7 +495,11 @@ user for a new passphrase and masking of the passphrase is turned off.

 If passphrase formatting is enabled, then all non-breaking space characters
 are stripped from the entered passphrase.  Passphrase formatting is mostly
-useful in combination with passphrases generated with the GENPIN command.
+useful in combination with passphrases generated with the GENPIN
+feature of some Pinentries.  Note that such a generated
+passphrase, if not modified by the user, skips all passphrase
+constraints checking because such constraints would actually weaken
+the generated passphrase.

@item --pinentry-program @var{filename}
@opindex pinentry-program