From b8c4dd902df34faa4d23efb2bb4ac222c8bbdbdb Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 20 Aug 2020 09:34:41 +0200 Subject: gpg: Fix regression for non-default --passphrase-repeat option. * agent/command.c (cmd_get_passphrase): Take care of --repeat with --newsymkey. -- GnuPG-bug-id: 4997 --- agent/command.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'agent/command.c') diff --git a/agent/command.c b/agent/command.c index b2bb72ace..cb4f22bd6 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1716,7 +1716,11 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) if (desc) plus_to_blank (desc); - if (opt_newsymkey) + /* If opt_repeat is 2 or higher we can't use our pin_entry_info_s + * based method but fallback to the old simple method. It is + * anyway questionable whether this extra repeat count makes any + * real sense. */ + if (opt_newsymkey && opt_repeat < 2) { /* We do not want to break any existing usage of this command * and thus we introduced the option --newsymkey to make this @@ -1765,13 +1769,15 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) continue; } if (*pi->pin && !pi->repeat_okay - && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK) + && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK + && opt_repeat) { /* The passphrase is empty and the pinentry did not * already run the repetition check, do it here. This * is only called when using an old and simple pinentry. * It is neither called in loopback mode because the - * caller does any passphrase repetition by herself. */ + * caller does any passphrase repetition by herself nor if + * no repetition was requested. */ xfree (response); response = NULL; rc = agent_get_passphrase (ctrl, &response, -- cgit