security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

scd: Flush KDF DO (0x00F9) when it's being set.

Browse Source 
* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.

--

Only it was called when there was an object with KDF_DATA_LENGTH_MAX.
No matter the VALUELEN, it should be flushed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2020-09-10 15:06:30 +09:00
parent 8ed85ef3de
commit d4cb774ddd
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
scd/app-openpgp.c
View File

@ -2967,14 +2967,14 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
if (!rc) if (!rc)
rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0); rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0);
/* Flush the cache again, because pin2hash_if_kdf uses the DO. */
flush_cache_item (app, 0xF9);
wipe_and_free (buffer1, bufferlen1); wipe_and_free (buffer1, bufferlen1);
wipe_and_free_string (oldpinvalue); wipe_and_free_string (oldpinvalue);
} }
else else
return gpg_error (GPG_ERR_INV_OBJ); return gpg_error (GPG_ERR_INV_OBJ);
/* Flush the cache again, because pin2hash_if_kdf uses the DO. */
flush_cache_item (app, 0xF9);
} }
rc = iso7816_put_data (app_get_slot (app), rc = iso7816_put_data (app_get_slot (app),