From 132d82c1582009013af5c7bdb17cbaaa8807c70e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 1 Apr 2020 17:49:14 +0200
Subject: [PATCH] scd:p15: Run a keygrip_from_prkdf before verify_pin

* scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
verification.
(do_decipher): Add keygrip_from_prkdf.
--

This is required because that function may change the current file
which is set by prepare_verify_pin right before MSE.  HAs alredy been
done on the backport to 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 scd/app-p15.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/scd/app-p15.c b/scd/app-p15.c
index fc17e66ff..ed1ba7a69 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -3382,6 +3382,15 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
       return gpg_error (GPG_ERR_INV_CARD);
     }
 
+  /* We need some more info about the key - get the keygrip to
+   * populate these fields.  */
+  err = keygrip_from_prkdf (app, prkdf);
+  if (err)
+    {
+      log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
 
   /* Prepare PIN verification.  This is split so that we can do
    * MSE operation for some task after having selected the key file but
@@ -3492,15 +3501,6 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
     }
 
 
-  /* We need some more info about the key - get the keygrip to
-   * populate these fields.  */
-  err = keygrip_from_prkdf (app, prkdf);
-  if (err)
-    {
-      log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
-      return err;
-    }
-
   /* Manage security environment needs to be tweaked for certain cards. */
   if (mse_done)
     err = 0;
@@ -3651,6 +3651,15 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
       return gpg_error (GPG_ERR_INV_CARD);
     }
 
+  /* We need some more info about the key - get the keygrip to
+   * populate these fields.  */
+  err = keygrip_from_prkdf (app, prkdf);
+  if (err)
+    {
+      log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
 
   /* Verify the PIN.  */
   err = prepare_verify_pin (app, keyidstr, prkdf, aodf);