Index: b/agent/agent.h =================================================================== --- b/agent/agent.h +++ b/agent/agent.h @@ -415,7 +415,7 @@ membuf_t *outbuf, int *r_padding); /*-- genkey.c --*/ -int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); +int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent, char **failed_constraint); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, Index: b/agent/call-pinentry.c =================================================================== --- b/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -675,7 +675,7 @@ else { percent = estimate_passphrase_quality (pin); - if (check_passphrase_constraints (NULL, pin, 1)) + if (check_passphrase_constraints (NULL, pin, 1, NULL)) percent = -percent; snprintf (numbuf, sizeof numbuf, "%d", percent); rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); Index: b/agent/command.c =================================================================== --- b/agent/command.c +++ b/agent/command.c @@ -1530,7 +1530,11 @@ { int i; - if (opt_check && check_passphrase_constraints (ctrl, response, 0)) + if (opt_check && + check_passphrase_constraints (ctrl, response, 0, + &repeat_errtext) /* Override use of repeat_errtext + for errtext */ + ) { xfree (response); goto next_try; Index: b/agent/genkey.c =================================================================== --- b/agent/genkey.c +++ b/agent/genkey.c @@ -153,11 +153,9 @@ gpg_error_t err; if (opt.enforce_passphrase_constraints) - { - err = agent_show_message (ctrl, desc, _("Enter new passphrase")); - if (!err) - err = gpg_error (GPG_ERR_CANCELED); - } + /* Passphrase constraints errors are shown + * as error messages in password prompt */ + err = gpg_error (GPG_ERR_CANCELED); else err = agent_get_confirmation (ctrl, desc, anyway_btn, _("Enter new passphrase"), 0); @@ -175,9 +173,10 @@ /* Check whether the passphrase PW is suitable. Returns 0 if the passphrase is suitable and true if it is not and the user should be asked to provide a different one. If SILENT is set, no message are - displayed. */ + displayed. If FAILED_CONSTRAINT is set and SILENT is not, the error + messages are returned */ int -check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent) +check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent, char **failed_constraint) { gpg_error_t err = 0; unsigned int minlen = opt.min_passphrase_len; @@ -205,6 +204,9 @@ err = take_this_one_anyway2 (ctrl, desc, _("Yes, protection is not needed")); + if (failed_constraint) + *failed_constraint = xstrdup (desc); + goto leave; } @@ -297,6 +299,8 @@ /* Show error messages. */ err = take_this_one_anyway (ctrl, msg); + if (failed_constraint) + *failed_constraint = xtrystrdup (msg); xfree (msg); } @@ -333,7 +337,7 @@ gpg_error_t err; const char *text1 = prompt; const char *text2 = _("Please re-enter this passphrase"); - const char *initial_errtext = NULL; + char *initial_errtext = NULL; struct pin_entry_info_s *pi, *pi2; *r_passphrase = NULL; @@ -371,10 +375,11 @@ next_try: err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); + xfree (initial_errtext); initial_errtext = NULL; if (!err) { - if (check_passphrase_constraints (ctrl, pi->pin, 0)) + if (check_passphrase_constraints (ctrl, pi->pin, 0, &initial_errtext)) { pi->failed_tries = 0; pi2->failed_tries = 0; @@ -388,7 +393,7 @@ if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ - initial_errtext = _("does not match - try again"); + initial_errtext = xstrdup ("does not match - try again"); goto next_try; } }