From: Nikos Mavrogiannopoulos Date: Sun, 14 Aug 2011 13:02:33 +0000 (+0200) Subject: Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously given PIN is wrong. X-Git-Tag: gnutls_3_0_1~9^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fbcbc22581084858845792ed0da0ece935d7ff0d;p=thirdparty%2Fgnutls.git Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously given PIN is wrong. --- diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 22726b879c..6dca20f4e0 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -59,6 +59,7 @@ typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata, * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking. * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks. + * @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct. * * Enumeration of different PIN flags. */ @@ -66,9 +67,10 @@ typedef enum { GNUTLS_PKCS11_PIN_USER = (1 << 0), GNUTLS_PKCS11_PIN_SO = (1 << 1), - GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4), GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2), GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3), + GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4), + GNUTLS_PKCS11_PIN_WRONG = (1 << 5), } gnutls_pkcs11_pin_flag_t; /** diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 23a1ed9bdf..91db86c7d7 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1847,6 +1847,9 @@ retrieve_pin_for_callback (struct ck_token_info *token_info, int attempts, flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; } + if (attempts > 0) + flags |= GNUTLS_PKCS11_PIN_WRONG; + ret = pin_func (pin_data, attempts, (char*)token_str, label, flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN); free (token_str); diff --git a/src/p11common.c b/src/p11common.c index 1ef7c9c538..4c7df1e1b7 100644 --- a/src/p11common.c +++ b/src/p11common.c @@ -58,6 +58,12 @@ pin_callback (void *user, int attempt, const char *token_url, cache = 0; printf ("*** Only few tries left before locking!\n"); } + + if (flags & GNUTLS_PKCS11_PIN_WRONG) + { + cache = 0; + printf ("*** Wrong PIN has been provided!\n"); + } if (cache > 0 && cached_url != NULL) { @@ -69,6 +75,7 @@ pin_callback (void *user, int attempt, const char *token_url, exit (1); } + fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label); strcpy (pin, cached_pin); cache--; return 0;