mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 02:40:08 +00:00
Remove keystring with BY_ADMIN when it's becomming admin-less mode.
This commit is contained in:
parent
de24655920
commit
55781cb7bb
@ -1,3 +1,8 @@
|
||||
2018-01-22 NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
* src/openpgp.c (cmd_change_password): Remove access to private
|
||||
key with BY_ADMIN when it's becoming admin-less mode.
|
||||
|
||||
2018-01-19 NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
* src/binary-edit.sh: Copied from NeuG 1.0.8. Exclude FILE.
|
||||
|
6
NEWS
6
NEWS
@ -11,6 +11,12 @@ agreement to USB Forum. Now, we have new file named gnuk-vidpid.elf
|
||||
for flashing. The file gnuk.elf can be used to generate
|
||||
gnuk-vidpid.elf and we can check if it is reproducible or not.
|
||||
|
||||
** Remove access with BY_ADMIN
|
||||
|
||||
For admin-less mode, access by OPENPGP_CARD_INITIAL_PW3 remained on
|
||||
flash ROM. This could be considered a backdoor, if some other person
|
||||
had or kept access to the flash ROM. Now, the entry is cleared by
|
||||
zero when the token is set to admin-less mode.
|
||||
|
||||
** Upgrade of Chopstx
|
||||
We use Chopstx 1.8.
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* openpgp.c -- OpenPGP card protocol support
|
||||
*
|
||||
* Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
|
||||
* Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
|
||||
* Free Software Initiative of Japan
|
||||
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||
*
|
||||
@ -426,15 +426,26 @@ cmd_change_password (void)
|
||||
}
|
||||
else if (r > 0 && who == BY_USER)
|
||||
{
|
||||
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KS_META_SIZE);
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
/* When it was already admin-less mode, admin_authorized is
|
||||
* BY_USER. If no PW3 keystring, it's becoming admin-less mode,
|
||||
* now. For these two cases, we need to reset admin
|
||||
* authorization status. */
|
||||
if (admin_authorized == BY_USER || ks_pw3 == NULL)
|
||||
if (admin_authorized == BY_USER)
|
||||
ac_reset_admin ();
|
||||
else if (ks_pw3 == NULL)
|
||||
{
|
||||
enum kind_of_key kk0;
|
||||
|
||||
/* Remove keystrings for BY_ADMIN. */
|
||||
for (kk0 = 0; kk0 <= GPG_KEY_FOR_AUTHENTICATION; kk0++)
|
||||
gpg_do_chks_prvkey (kk0, BY_ADMIN, NULL, 0, NULL);
|
||||
|
||||
ac_reset_admin ();
|
||||
}
|
||||
|
||||
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, new_ks0, KS_META_SIZE);
|
||||
ac_reset_pso_cds ();
|
||||
ac_reset_other ();
|
||||
DEBUG_INFO ("Changed length of DO_KEYSTRING_PW1.\r\n");
|
||||
GPG_SUCCESS ();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user