1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

scd,p15: Enforce a min. PIN length for certain cards.

* scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
This commit is contained in:
Werner Koch 2023-04-20 12:40:11 +02:00
parent 3ad4b339b8
commit e60544520b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -5203,6 +5203,7 @@ verify_pin (app_t app,
const char *errstr; const char *errstr;
const char *s; const char *s;
int remaining; int remaining;
unsigned int min_length;
int pin_reference; int pin_reference;
int verified = 0; int verified = 0;
int i; int i;
@ -5269,12 +5270,16 @@ verify_pin (app_t app,
} }
/* We might need to cope with UTF8 things here. Not sure how /* We might need to cope with UTF8 things here. Not sure how
min_length etc. are exactly defined, for now we take them as min_length etc. are exactly defined, for now we take them as a
a plain octet count. */ plain octet count. For RSCS we enforce 6 despite that some cards
if (strlen (pinvalue) < aodf->min_length) give 4 has min. length. */
min_length = aodf->min_length;
if (app->app_local->card_product == CARD_PRODUCT_RSCS && min_length < 6)
min_length = 6;
if (strlen (pinvalue) < min_length)
{ {
log_error ("p15: PIN is too short; minimum length is %lu\n", log_error ("p15: PIN is too short; minimum length is %u\n", min_length);
aodf->min_length);
err = gpg_error (GPG_ERR_BAD_PIN); err = gpg_error (GPG_ERR_BAD_PIN);
} }
else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length) else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)