diff options
author | Werner Koch <wk@gnupg.org> | 2020-04-01 17:49:14 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2020-04-01 17:49:14 +0200 |
commit | 132d82c1582009013af5c7bdb17cbaaa8807c70e (patch) | |
tree | 08eadcac540077e077084a154b579204e2297bac /scd | |
parent | scd:p15: Support decryption with CardOS 5 cards. (diff) | |
download | gnupg2-132d82c1582009013af5c7bdb17cbaaa8807c70e.tar.xz gnupg2-132d82c1582009013af5c7bdb17cbaaa8807c70e.zip |
scd:p15: Run a keygrip_from_prkdf before verify_pin
* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
verification.
(do_decipher): Add keygrip_from_prkdf.
--
This is required because that function may change the current file
which is set by prepare_verify_pin right before MSE. HAs alredy been
done on the backport to 2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'scd')
-rw-r--r-- | scd/app-p15.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/scd/app-p15.c b/scd/app-p15.c index fc17e66ff..ed1ba7a69 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -3382,6 +3382,15 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, return gpg_error (GPG_ERR_INV_CARD); } + /* We need some more info about the key - get the keygrip to + * populate these fields. */ + err = keygrip_from_prkdf (app, prkdf); + if (err) + { + log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err)); + return err; + } + /* Prepare PIN verification. This is split so that we can do * MSE operation for some task after having selected the key file but @@ -3492,15 +3501,6 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, } - /* We need some more info about the key - get the keygrip to - * populate these fields. */ - err = keygrip_from_prkdf (app, prkdf); - if (err) - { - log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err)); - return err; - } - /* Manage security environment needs to be tweaked for certain cards. */ if (mse_done) err = 0; @@ -3651,6 +3651,15 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, return gpg_error (GPG_ERR_INV_CARD); } + /* We need some more info about the key - get the keygrip to + * populate these fields. */ + err = keygrip_from_prkdf (app, prkdf); + if (err) + { + log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err)); + return err; + } + /* Verify the PIN. */ err = prepare_verify_pin (app, keyidstr, prkdf, aodf); |