mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
63bda3aad8
* scd/app-openpgp.c (wipe_and_free, wipe_and_free_string): Use them everywere where we do a wipememory followed by a free. (pin2hash_if_kdf): Change interface. The input PIN is not anymore changed. Further there are no more assumptions about the length of the provided buffer. (cache_pin): Restructure. (chvno_to_keyref): New. (pin_from_cache): New. (verify_a_chv): Add arg CTRL. Adjust for changed pin2hash_if_kdf. Chache and retrieve the PIN here. (verify_chv2): Do not cache the PIN here. (build_enter_admin_pin_prompt): Add arg 'r_remaining'. (verify_chv3): Adjust for changed pin2hash_if_kdf. Implement the PIN cache. (do_change_pin): Clear the PIN cache. Do not change the PIN here. Lots of adjustments to cope with the chnaged pin2hash_if_kdf. (do_sign): Do not cache the PIN here. -- Note that some of the changes are required because we can't rely that the PIN is always cached in secure memory. Thus it is better to do an explicit wipe. Testing the PIN cache can currently only be done my modifying the code to do a verification for each operation. Only some basic testing has been done. Clearing the PIN cache is also not fully implemented. With the forthcoming changes to app-piv we should be enter able to test the PIN cache. Missing stuff: - The agent should be able to selectively clear the cache on a per slot base. - We should replace AESWRAP by OCB. Signed-off-by: Werner Koch <wk@gnupg.org>