g10: check_pin_for_key_operation should be just before genkey.

* g10/card-util.c (generate_card_keys): Check PIN later. (card_generate_subkey): Likewise. -- Changing key attribute resets PIN authentication status. So, CHECKPIN should be after that, before key generation. Note that CHECKPIN is done for binding signature. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 10:48:37 +09:00 · 2018-03-29 10:48:37 +09:00 · 02d7bb819f
parent e610d51f0d
commit 02d7bb819f
1 changed files with 7 additions and 7 deletions
--- a/g10/card-util.c
+++ b/g10/card-util.c
@ -1498,9 +1498,6 @@ generate_card_keys (ctrl_t ctrl)
      tty_printf ("\n");
    }

-  if (check_pin_for_key_operation (&info, &forced_chv1))
-    goto leave;
-
  /* If the cards features changeable key attributes, we ask for the
     key size.  */
  if (info.is_v2 && info.extcap.aac)
@ -1533,6 +1530,9 @@ generate_card_keys (ctrl_t ctrl)
         the serialnumber and thus it won't harm.  */
    }

+  if (check_pin_for_key_operation (&info, &forced_chv1))
+    goto leave;
+
  generate_keypair (ctrl, 1, NULL, info.serialno, want_backup);

 leave:
@ -1587,10 +1587,6 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
      goto leave;
    }

-  err = check_pin_for_key_operation (&info, &forced_chv1);
-  if (err)
-    goto leave;
-
  /* If the cards features changeable key attributes, we ask for the
     key size.  */
  if (info.is_v2 && info.extcap.aac)
@ -1621,6 +1617,10 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
         the serialnumber and thus it won't harm.  */
    }

+  err = check_pin_for_key_operation (&info, &forced_chv1);
+  if (err)
+    goto leave;
+
  err = generate_card_subkeypair (ctrl, pub_keyblock, keyno, info.serialno);

 leave: