scd:p15: Run a keygrip_from_prkdf before verify_pin

* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
verification.
(do_decipher): Add keygrip_from_prkdf.
--

This is required because that function may change the current file
which is set by prepare_verify_pin right before MSE.  HAs alredy been
done on the backport to 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>

scd/app-p15.c

@@ -3382,6 +3382,15 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
       return gpg_error (GPG_ERR_INV_CARD);
     }
 
+  /* We need some more info about the key - get the keygrip to
+   * populate these fields.  */
+  err = keygrip_from_prkdf (app, prkdf);
+  if (err)
+    {
+      log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
 
   /* Prepare PIN verification.  This is split so that we can do
    * MSE operation for some task after having selected the key file but
@@ -3492,15 +3501,6 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
     }
 
 
-  /* We need some more info about the key - get the keygrip to
-   * populate these fields.  */
-  err = keygrip_from_prkdf (app, prkdf);
-  if (err)
-    {
-      log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
-      return err;
-    }
-
   /* Manage security environment needs to be tweaked for certain cards. */
   if (mse_done)
     err = 0;
@@ -3651,6 +3651,15 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
       return gpg_error (GPG_ERR_INV_CARD);
     }
 
+  /* We need some more info about the key - get the keygrip to
+   * populate these fields.  */
+  err = keygrip_from_prkdf (app, prkdf);
+  if (err)
+    {
+      log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
 
   /* Verify the PIN.  */
   err = prepare_verify_pin (app, keyidstr, prkdf, aodf);