agent: Show "no secret key" instead of "card removed".

* agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
author: Werner Koch <wk@gnupg.org> 2023-03-01 16:49:40 +0100
committer: Werner Koch <wk@gnupg.org> 2023-03-01 16:49:40 +0100
commit: 1aaadede76ccd17a6636b26ec75954d6b709f3fa (patch)
tree: 09e2ff22ea78c942348e674f5f031b39579c9206 /agent/pkdecrypt.c
parent: gpgconf: Print some standard envvars with -X (diff)
download: gnupg2-1aaadede76ccd17a6636b26ec75954d6b709f3fa.tar.xz
gnupg2-1aaadede76ccd17a6636b26ec75954d6b709f3fa.zip
1 files changed, 11 insertions, 4 deletions
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 82818f863..c26f21d35 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -74,8 +74,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
     no_shadow_info = 1;
   else if (err)
     {
-      if (gpg_err_code (err) != GPG_ERR_NO_SECKEY)
-        log_error ("failed to read the secret key\n");
+      log_error ("failed to read the secret key\n");
       goto leave;
     }
 
@@ -88,7 +87,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
           goto leave;
         }
 
-      if (agent_is_tpm2_key (s_skey))
+      if (s_skey && agent_is_tpm2_key (s_skey))
 	err = divert_tpm2_pkdecrypt (ctrl, ciphertext, shadow_info,
                                      &buf, &len, r_padding);
       else
@@ -96,7 +95,15 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                                 &buf, &len, r_padding);
       if (err)
         {
-          log_error ("smartcard decryption failed: %s\n", gpg_strerror (err));
+          /* We restore the original error (ie. no seckey) is no card
+           * has been found and we have no shadow key.  This avoids a
+           * surprising "card removed" error code.  */
+          if ((gpg_err_code (err) == GPG_ERR_CARD_REMOVED
+               || gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
+              && no_shadow_info)
+            err = gpg_error (GPG_ERR_NO_SECKEY);
+          else
+            log_error ("smartcard decryption failed: %s\n", gpg_strerror (err));
           goto leave;
         }
author	Werner Koch <wk@gnupg.org>	2023-03-01 16:49:40 +0100
committer	Werner Koch <wk@gnupg.org>	2023-03-01 16:49:40 +0100
commit	1aaadede76ccd17a6636b26ec75954d6b709f3fa (patch)
tree	09e2ff22ea78c942348e674f5f031b39579c9206 /agent/pkdecrypt.c
parent	gpgconf: Print some standard envvars with -X (diff)
download	gnupg2-1aaadede76ccd17a6636b26ec75954d6b709f3fa.tar.xz gnupg2-1aaadede76ccd17a6636b26ec75954d6b709f3fa.zip