summaryrefslogtreecommitdiffstats
path: root/scd
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2020-04-01 17:49:14 +0200
committerWerner Koch <wk@gnupg.org>2020-04-01 17:49:14 +0200
commit132d82c1582009013af5c7bdb17cbaaa8807c70e (patch)
tree08eadcac540077e077084a154b579204e2297bac /scd
parentscd:p15: Support decryption with CardOS 5 cards. (diff)
downloadgnupg2-132d82c1582009013af5c7bdb17cbaaa8807c70e.tar.xz
gnupg2-132d82c1582009013af5c7bdb17cbaaa8807c70e.zip
scd:p15: Run a keygrip_from_prkdf before verify_pin
* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN verification. (do_decipher): Add keygrip_from_prkdf. -- This is required because that function may change the current file which is set by prepare_verify_pin right before MSE. HAs alredy been done on the backport to 2.2 Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'scd')
-rw-r--r--scd/app-p15.c27
1 files changed, 18 insertions, 9 deletions
diff --git a/scd/app-p15.c b/scd/app-p15.c
index fc17e66ff..ed1ba7a69 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -3382,6 +3382,15 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
return gpg_error (GPG_ERR_INV_CARD);
}
+ /* We need some more info about the key - get the keygrip to
+ * populate these fields. */
+ err = keygrip_from_prkdf (app, prkdf);
+ if (err)
+ {
+ log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+
/* Prepare PIN verification. This is split so that we can do
* MSE operation for some task after having selected the key file but
@@ -3492,15 +3501,6 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
}
- /* We need some more info about the key - get the keygrip to
- * populate these fields. */
- err = keygrip_from_prkdf (app, prkdf);
- if (err)
- {
- log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
- return err;
- }
-
/* Manage security environment needs to be tweaked for certain cards. */
if (mse_done)
err = 0;
@@ -3651,6 +3651,15 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
return gpg_error (GPG_ERR_INV_CARD);
}
+ /* We need some more info about the key - get the keygrip to
+ * populate these fields. */
+ err = keygrip_from_prkdf (app, prkdf);
+ if (err)
+ {
+ log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+
/* Verify the PIN. */
err = prepare_verify_pin (app, keyidstr, prkdf, aodf);