g10: check_pin_for_key_operation should be just before genkey.
authorNIIBE Yutaka <gniibe@fsij.org>
Thu, 29 Mar 2018 01:48:37 +0000 (10:48 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Thu, 29 Mar 2018 01:48:37 +0000 (10:48 +0900)
commit02d7bb819ff44cc90212568dd6ce24ae1dc5d17f
tree5e9f28ad76122df9629b9c26baea56b68aec9f9e
parente610d51f0de11154050915b951bcc5c53c940f5e
g10: check_pin_for_key_operation should be just before genkey.

* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.

--

Changing key attribute resets PIN authentication status.  So, CHECKPIN
should be after that, before key generation.  Note that CHECKPIN is
done for binding signature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
g10/card-util.c