3 files changed, 31 insertions, 1 deletions

diff --git a/scd/ChangeLog b/scd/ChangeLog
index 60b5f8eb9..0862d356b 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,12 @@
+2003-12-19  Werner Koch  <[email protected]>
+
+	* apdu.c (apdu_send_le): Send a get_response with the indicated
+	length and not the 64 bytes we used for testing.
+
+	* app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the
+	minimum length of the passphrase, so that we don't need to
+	decrement the retry counter.
+
 2003-12-17  Werner Koch  <[email protected]>
 
 	* card-p15.c (p15_enum_keypairs): Replaced KRC by RC.
diff --git a/scd/apdu.c b/scd/apdu.c
index 27304c8b5..02038b65c 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -1207,7 +1207,7 @@ apdu_send_le(int slot, int class, int ins, int p0, int p1,
           apdu[apdulen++] = 0xC0;
           apdu[apdulen++] = 0;
           apdu[apdulen++] = 0;
-          apdu[apdulen++] = 64; /* that is 256 bytes for Le */
+          apdu[apdulen++] = len; 
           memset (apdu+apdulen, 0, sizeof (apdu) - apdulen);
           rc = send_apdu (slot, apdu, apdulen, result, &resultlen);
           if (rc || resultlen < 2)
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 6b4a2f7ef..8f9a303fe 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -534,6 +534,13 @@ verify_chv2 (APP app,
           return rc;
         }
 
+      if (strlen (pinvalue) < 6)
+        {
+          log_error ("prassphrase (CHV2) is too short; minimum length is 6\n");
+          xfree (pinvalue);
+          return gpg_error (GPG_ERR_BAD_PIN);
+        }
+
       rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
       if (rc)
         {
@@ -586,6 +593,13 @@ verify_chv3 (APP app,
           return rc;
         }
 
+      if (strlen (pinvalue) < 6)
+        {
+          log_error ("prassphrase (CHV3) is too short; minimum length is 6\n");
+          xfree (pinvalue);
+          return gpg_error (GPG_ERR_BAD_PIN);
+        }
+
       rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
       xfree (pinvalue);
       if (rc)
@@ -1041,6 +1055,13 @@ do_sign (APP app, const char *keyidstr, int hashalgo,
           return rc;
         }
 
+      if (strlen (pinvalue) < 6)
+        {
+          log_error ("prassphrase (CHV1) is too short; minimum length is 6\n");
+          xfree (pinvalue);
+          return gpg_error (GPG_ERR_BAD_PIN);
+        }
+
       rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
       if (rc)
         {