Use default PIN flag

2 files changed, 24 insertions, 1 deletions

diff --git a/scd/ChangeLog b/scd/ChangeLog
index 79802a879..a2ebbdc78 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,7 @@
+2008-04-21  Werner Koch  <[email protected]>
+
+	* app-openpgp.c (verify_a_chv): Make use of the default CHV flag.
+
 2008-03-26  Werner Koch  <[email protected]>
 
 	* app-openpgp.c (verify_chv3): Support the keypad.
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 94dff6058..c8ad936f4 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -481,7 +481,7 @@ count_bits (const unsigned char *a, size_t len)
   return n;
 }
 
-/* GnuPG makes special use of the login-data DO, this fucntion parses
+/* GnuPG makes special use of the login-data DO, this function parses
    the login data to store the flags for later use.  It may be called
    at any time and should be called after changing the login-data DO.
 
@@ -1300,6 +1300,25 @@ verify_a_chv (app_t app,
 
   *pinvalue = NULL;
 
+  if (chvno == 2 && app->app_local->flags.def_chv2)
+    {
+      /* Special case for def_chv2 mechanism. */
+      if (opt.verbose)
+        log_info (_("using default PIN as %s\n"), "CHV2");
+      rc = iso7816_verify (app->slot, 0x82, "123456", 6);
+      if (rc)
+        {
+          /* Verification of CHV2 with the default PIN failed,
+             although the card pretends to have the default PIN set as
+             CHV2.  We better disable the def_chv2 flag now. */
+          log_info (_("failed to use default PIN as %s: %s"
+                      " - disabling further default use\n"),
+                    "CHV2", gpg_strerror (rc));
+          app->app_local->flags.def_chv2 = 0;
+        }
+      return rc;
+    }
+
   memset (&pininfo, 0, sizeof pininfo);
   pininfo.mode = 1;
   pininfo.minlen = minlen;