security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

scd:p15: Run a keygrip_from_prkdf before verify_pin

Browse Source 
* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
verification.
(do_decipher): Add keygrip_from_prkdf.
--

This is required because that function may change the current file
which is set by prepare_verify_pin right before MSE.  HAs alredy been
done on the backport to 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-04-01 17:49:14 +02:00
parent ca4391399c
commit 132d82c158
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
scd/app-p15.c
View File

@ -3382,6 +3382,15 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
return gpg_error (GPG_ERR_INV_CARD);
}
/* We need some more info about the key - get the keygrip to
* populate these fields. */
err = keygrip_from_prkdf (app, prkdf);
if (err)
{
log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
return err;
}
/* Prepare PIN verification. This is split so that we can do
* MSE operation for some task after having selected the key file but
@ -3492,15 +3501,6 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
}
/* We need some more info about the key - get the keygrip to
* populate these fields. */
err = keygrip_from_prkdf (app, prkdf);
if (err)
{
log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
return err;
}
/* Manage security environment needs to be tweaked for certain cards. */
if (mse_done)
err = 0;
@ -3651,6 +3651,15 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
return gpg_error (GPG_ERR_INV_CARD);
}
/* We need some more info about the key - get the keygrip to
* populate these fields. */
err = keygrip_from_prkdf (app, prkdf);
if (err)
{
log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
return err;
}
/* Verify the PIN. */
err = prepare_verify_pin (app, keyidstr, prkdf, aodf);