]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously given PIN is wrong.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 14 Aug 2011 13:02:33 +0000 (15:02 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 14 Aug 2011 13:02:33 +0000 (15:02 +0200)
lib/includes/gnutls/pkcs11.h
lib/pkcs11.c
src/p11common.c

index 22726b879c9b92e3f804b076af5bc700ea6a0879..6dca20f4e058b0baa5a11e6297d240c10f5428c4 100644 (file)
@@ -59,6 +59,7 @@ typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata,
  * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
  * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
  * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
+ * @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct.
  *
  * Enumeration of different PIN flags.
  */
@@ -66,9 +67,10 @@ typedef enum
   {
     GNUTLS_PKCS11_PIN_USER = (1 << 0),
     GNUTLS_PKCS11_PIN_SO = (1 << 1),
-    GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
     GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
     GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3),
+    GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
+    GNUTLS_PKCS11_PIN_WRONG = (1 << 5),
   } gnutls_pkcs11_pin_flag_t;
 
 /**
index 23a1ed9bdf22b7abcdb27a8edfed9fcdcd77f849..91db86c7d774892938338a8dfb3567c088aef66d 100644 (file)
@@ -1847,6 +1847,9 @@ retrieve_pin_for_callback (struct ck_token_info *token_info, int attempts,
         flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
     }
 
+  if (attempts > 0)
+    flags |= GNUTLS_PKCS11_PIN_WRONG;
+
   ret = pin_func (pin_data, attempts, (char*)token_str, label,
                   flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
   free (token_str);
index 1ef7c9c538e57de01ed4a2d98d2ef12a3721cf99..4c7df1e1b7be36b0252c7154dbda457cfcfbecbc 100644 (file)
@@ -58,6 +58,12 @@ pin_callback (void *user, int attempt, const char *token_url,
       cache = 0;
       printf ("*** Only few tries left before locking!\n");
     }
+
+  if (flags & GNUTLS_PKCS11_PIN_WRONG)
+    {
+      cache = 0;
+      printf ("*** Wrong PIN has been provided!\n");
+    }
     
   if (cache > 0 && cached_url != NULL)
     {
@@ -69,6 +75,7 @@ pin_callback (void *user, int attempt, const char *token_url,
               exit (1);
             }
 
+          fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
           strcpy (pin, cached_pin);
           cache--;
           return 0;