Fix performing bio verification from the command line

Yubico · Aug 29, 2024 · 9f77075 · 9f77075
1 parent 3d19b50
commit 9f77075
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/lib/ykpiv.c b/lib/ykpiv.c
@@ -1567,7 +1567,11 @@ static ykpiv_rc _ykpiv_verify(ykpiv_state *state, char *pin, size_t *p_pin_len,
     return YKPIV_SIZE_ERROR;
   }
 
-  if (bio && verify_spin && (!pin || !p_pin_len || *p_pin_len != 16)) {
+  if(!bio && !pin) {
+    return YKPIV_AUTHENTICATION_ERROR;
+  }
+
+  if (pin && (!p_pin_len || *p_pin_len != 16)) {
     return YKPIV_WRONG_PIN;
   }
 
@@ -1582,17 +1586,23 @@ static ykpiv_rc _ykpiv_verify(ykpiv_state *state, char *pin, size_t *p_pin_len,
       if (*p_pin_len < CB_PIN_MAX) {
         memset(apdu.st.data + *p_pin_len, 0xff, CB_PIN_MAX - *p_pin_len);
       }
-    }
-    else if (verify_spin && p_pin_len) {
+    } else if (verify_spin && p_pin_len) {
       apdu.st.data[0] = 0x01;
       apdu.st.data[1] = (uint8_t)*p_pin_len;
       memcpy(apdu.st.data + 2, pin, *p_pin_len);
-    }
-    else if (bio) {
+    } else if (bio) {
       memcpy(apdu.st.data, "\x02\x00", 2);
     }
   } else {
-    memcpy(apdu.st.data, "\x03\x00", 2);
+    if(bio) {
+      if (verify_spin) {
+        apdu.st.lc = 0;
+      } else {
+        memcpy(apdu.st.data, "\x03\x00", 2);
+      }
+    } else {
+      return YKPIV_AUTHENTICATION_ERROR;
+    }
   }
 
   int sw = 0;