From da29e6947c59cc7458469cfa28ed28db73c06c1a Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Mon, 24 Aug 2015 08:28:49 +0200 Subject: [PATCH] authentication failed is supposed to be 0x63cX not 0x630X so mask everything but the low 4 bits for remaining tries --- lib/ykpiv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 4dbff20..2c50af3 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -680,7 +680,7 @@ ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) { } else if(sw == 0x9000) { return YKPIV_OK; } else if((sw >> 8) == 0x63) { - *tries = (sw & 0xff); + *tries = (sw & 0xf); return YKPIV_WRONG_PIN; } else if(sw == 0x6983) { *tries = 0;