diff options
| author | NIIBE Yutaka <[email protected]> | 2020-09-16 03:46:50 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2020-09-16 03:46:50 +0000 |
| commit | 61aea64b3c1717a7e304c82cda92e08ce5a6c533 (patch) | |
| tree | efb95b8189f234d5194ac41f3c2f79180481e86f | |
| parent | gpg-connect-agent: Catch signals so that SIGPIPE is ignored. (diff) | |
| download | gnupg-61aea64b3c1717a7e304c82cda92e08ce5a6c533.tar.gz gnupg-61aea64b3c1717a7e304c82cda92e08ce5a6c533.zip | |
scd: Fix the use case of verify_chv2 by CHECKPIN.
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.
--
Backport of master commit of:
6e51f2044aebb885ea81dae259db1b7f477b1c44
Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | scd/app-openpgp.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index ccc360fc8..abcf7a038 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2372,26 +2372,30 @@ verify_chv2 (app_t app, if (rc) return rc; app->did_chv2 = 1; + + if (!app->did_chv1 && !app->force_chv1 && pinvalue) + { + /* For convenience we verify CHV1 here too. We do this only if + the card is not configured to require a verification before + each CHV1 controlled operation (force_chv1) and if we are not + using the pinpad (PINVALUE == NULL). */ + rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen); + if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) + rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); + if (rc) + { + log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc)); + flush_cache_after_error (app); + } + else + app->did_chv1 = 1; + } } else - rc = 0; - - if (!app->did_chv1 && !app->force_chv1 && pinvalue) { - /* For convenience we verify CHV1 here too. We do this only if - the card is not configured to require a verification before - each CHV1 controlled operation (force_chv1) and if we are not - using the pinpad (PINVALUE == NULL). */ - rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen); - if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) - rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); + rc = verify_a_chv (app, pincb, pincb_arg, 1, 0, &pinvalue, &pinlen); if (rc) - { - log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc)); - flush_cache_after_error (app); - } - else - app->did_chv1 = 1; + return rc; } xfree (pinvalue); |