Fix verify on change pin.

polhenarejos · polhenarejos · commit d45a0bfc20a9 · 2024-03-24T02:19:55.000+01:00
Signed-off-by: Pol Henarejos &lt;pol.henarejos@cttc.es&gt;
diff --git a/src/openpgp/piv.c b/src/openpgp/piv.c
@@ -888,15 +888,14 @@ static int cmd_change_pin() {
         return SW_MEMORY_FAILURE();
     }
     uint8_t *pin_data = file_get_data(ef), pin_len = apdu.nc - pin_data[0];
-    uint8_t dhash[33];
-    double_hash_pin(apdu.data, pin_data[0], dhash + 1);
-    if (memcmp(dhash, file_get_data(ef) + 1, sizeof(dhash) - 1) != 0) {
-        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    uint16_t ret = check_pin(ef, apdu.data, pin_data[0]);
+    if (ret != 0x9000) {
+        return ret;
     }
+    uint8_t dhash[33];
     dhash[0] = pin_len;
     double_hash_pin(apdu.data + pin_data[0], pin_len, dhash + 1);
     flash_write_data_to_file(ef, dhash, sizeof(dhash));
-    pin_reset_retries(ef, true);
     low_flash_available();
     return SW_OK();
 }
