From 6f1df6454a965f2c1ee67ae895e148c70f40d5e4 Mon Sep 17 00:00:00 2001 From: Zoltan Kelemen Date: Sat, 4 Jul 2020 12:03:06 +0200 Subject: [PATCH] Reject the case that the PIN and PUK padding flags are different, since this case can not be handled by the card driver interface. Better to detect and fail early instead of sending invalid data to the card. --- src/libopensc/pkcs15-pin.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c index 2710bba2..48e16fdc 100644 --- a/src/libopensc/pkcs15-pin.c +++ b/src/libopensc/pkcs15-pin.c @@ -614,6 +614,15 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card, r = _validate_pin(p15card, puk_info, puklen); LOG_TEST_RET(ctx, r, "PIN do not conforms PIN policy"); + /* + * With the current card driver interface we have no way of specifying different padding + * flags for the PIN and the PUK. Therefore reject this case. + */ + if ((auth_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING) != + (puk_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_NEEDS_PADDING)) { + LOG_TEST_RET(ctx, r, "Padding mismatch for PIN/PUK"); + } + r = sc_lock(card); LOG_TEST_RET(ctx, r, "sc_lock() failed");