From 2f440e63ca937359d22bd8c47602815dabe8ad94 Mon Sep 17 00:00:00 2001 From: martin Date: Sun, 5 Sep 2010 16:52:36 +0000 Subject: [PATCH] pkcs11: Remove the comment about max_tries==1 and CKF_USER_PIN_FINAL_TRY Assuming the driver has correctly set max_tries to 1 then PKCS#11 is very clear about it: """ True if supplying an incorrect user PIN will it to become locked. """ git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4687 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs11/framework-pkcs15.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 9a6e3a5a..76dbf1b8 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -300,7 +300,6 @@ static void __pkcs15_update_pin_flags(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *auth, int pin_verified) { - /* FIXME: should 'FINAL_TRY' be set when 'max_tries' is 1 ? */ struct sc_pkcs15_pin_info *pin_info; CK_TOKEN_INFO *tinfo; @@ -317,7 +316,7 @@ __pkcs15_update_pin_flags(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object * tinfo->flags &= ~(CKF_USER_PIN_FINAL_TRY | CKF_USER_PIN_LOCKED | CKF_USER_PIN_COUNT_LOW); else if (pin_info->tries_left < 0) return; - else if (pin_info->tries_left == 1) + else if (pin_info->tries_left == 1 || pin_info->max_tries == 1) tinfo->flags |= CKF_USER_PIN_FINAL_TRY; else if (pin_info->tries_left == 0) tinfo->flags |= CKF_USER_PIN_LOCKED;