diff options
| author | Werner Koch <wk@gnupg.org> | 2023-04-20 12:40:11 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2023-04-20 12:41:08 +0200 |
| commit | af3724d3831564218ea23543dd8cea40089409dd (patch) | |
| tree | 818e8ec4385c71b1d2adc4ff49a917ef977a0820 /scd | |
| parent | common: Fix minor bug in the jimregexp code. (diff) | |
| download | gnupg2-af3724d3831564218ea23543dd8cea40089409dd.tar.xz gnupg2-af3724d3831564218ea23543dd8cea40089409dd.zip | |
scd,p15: Enforce a min. PIN length for certain cards.
* scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
Diffstat (limited to 'scd')
| -rw-r--r-- | scd/app-p15.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/scd/app-p15.c b/scd/app-p15.c index 29241af6b..92628b926 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -5211,6 +5211,7 @@ verify_pin (app_t app, const char *errstr; const char *s; int remaining; + unsigned int min_length; int pin_reference; int verified = 0; int i; @@ -5277,12 +5278,16 @@ verify_pin (app_t app, } /* We might need to cope with UTF8 things here. Not sure how - min_length etc. are exactly defined, for now we take them as - a plain octet count. */ - if (strlen (pinvalue) < aodf->min_length) + min_length etc. are exactly defined, for now we take them as a + plain octet count. For RSCS we enforce 6 despite that some cards + give 4 has min. length. */ + min_length = aodf->min_length; + if (app->app_local->card_product == CARD_PRODUCT_RSCS && min_length < 6) + min_length = 6; + + if (strlen (pinvalue) < min_length) { - log_error ("p15: PIN is too short; minimum length is %lu\n", - aodf->min_length); + log_error ("p15: PIN is too short; minimum length is %u\n", min_length); err = gpg_error (GPG_ERR_BAD_PIN); } else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length) |