giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Reject the case that the PIN and PUK padding flags are different, since this 

case can not be handled by the card driver interface. Better to detect and
fail early instead of sending invalid data to the card.
This commit is contained in:
Zoltan Kelemen 2020-07-04 12:03:06 +02:00 committed by Frank Morgner
parent 555cb73615
commit 6f1df6454a
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libopensc/pkcs15-pin.c
View File

@ -614,6 +614,15 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
r = _validate_pin(p15card, puk_info, puklen);
LOG_TEST_RET(ctx, r, "PIN do not conforms PIN policy");
/*
* With the current card driver interface we have no way of specifying different padding
* flags for the PIN and the PUK. Therefore reject this case.
*/
if ((auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) !=
(puk_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)) {
LOG_TEST_RET(ctx, r, "Padding mismatch for PIN/PUK");
}
r = sc_lock(card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");