From 28db0fabb4edf65ad1c5bec061c19c9922be9b23 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 23 Dec 2003 10:25:24 +0000
Subject: [PATCH] * apdu.c (apdu_send_le): Send a get_response with the
 indicated length and not the 64 bytes we used for testing. * app-openpgp.c
 (verify_chv2, verify_chv3, do_sign): Check the minimum length of the
 passphrase, so that we don't need to decrement the retry counter.

---
 scd/ChangeLog     |  9 +++++++++
 scd/apdu.c        |  2 +-
 scd/app-openpgp.c | 21 +++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/scd/ChangeLog b/scd/ChangeLog
index 60b5f8eb9..0862d356b 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,12 @@
+2003-12-19  Werner Koch  <wk@gnupg.org>
+
+	* apdu.c (apdu_send_le): Send a get_response with the indicated
+	length and not the 64 bytes we used for testing.
+
+	* app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the
+	minimum length of the passphrase, so that we don't need to
+	decrement the retry counter.
+
 2003-12-17  Werner Koch  <wk@gnupg.org>
 
 	* card-p15.c (p15_enum_keypairs): Replaced KRC by RC.
diff --git a/scd/apdu.c b/scd/apdu.c
index 27304c8b5..02038b65c 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -1207,7 +1207,7 @@ apdu_send_le(int slot, int class, int ins, int p0, int p1,
           apdu[apdulen++] = 0xC0;
           apdu[apdulen++] = 0;
           apdu[apdulen++] = 0;
-          apdu[apdulen++] = 64; /* that is 256 bytes for Le */
+          apdu[apdulen++] = len; 
           memset (apdu+apdulen, 0, sizeof (apdu) - apdulen);
           rc = send_apdu (slot, apdu, apdulen, result, &resultlen);
           if (rc || resultlen < 2)
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 6b4a2f7ef..8f9a303fe 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -534,6 +534,13 @@ verify_chv2 (APP app,
           return rc;
         }
 
+      if (strlen (pinvalue) < 6)
+        {
+          log_error ("prassphrase (CHV2) is too short; minimum length is 6\n");
+          xfree (pinvalue);
+          return gpg_error (GPG_ERR_BAD_PIN);
+        }
+
       rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
       if (rc)
         {
@@ -586,6 +593,13 @@ verify_chv3 (APP app,
           return rc;
         }
 
+      if (strlen (pinvalue) < 6)
+        {
+          log_error ("prassphrase (CHV3) is too short; minimum length is 6\n");
+          xfree (pinvalue);
+          return gpg_error (GPG_ERR_BAD_PIN);
+        }
+
       rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
       xfree (pinvalue);
       if (rc)
@@ -1041,6 +1055,13 @@ do_sign (APP app, const char *keyidstr, int hashalgo,
           return rc;
         }
 
+      if (strlen (pinvalue) < 6)
+        {
+          log_error ("prassphrase (CHV1) is too short; minimum length is 6\n");
+          xfree (pinvalue);
+          return gpg_error (GPG_ERR_BAD_PIN);
+        }
+
       rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
       if (rc)
         {