From 61aea64b3c1717a7e304c82cda92e08ce5a6c533 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 16 Sep 2020 12:46:50 +0900
Subject: [PATCH] scd: Fix the use case of verify_chv2 by CHECKPIN.

* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.

--

Backport of master commit of:
	6e51f2044aebb885ea81dae259db1b7f477b1c44

Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/app-openpgp.c | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index ccc360fc8..abcf7a038 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -2372,26 +2372,30 @@ verify_chv2 (app_t app,
       if (rc)
         return rc;
       app->did_chv2 = 1;
+
+      if (!app->did_chv1 && !app->force_chv1 && pinvalue)
+        {
+          /* For convenience we verify CHV1 here too.  We do this only if
+             the card is not configured to require a verification before
+             each CHV1 controlled operation (force_chv1) and if we are not
+             using the pinpad (PINVALUE == NULL). */
+          rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen);
+          if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+            rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
+          if (rc)
+            {
+              log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
+              flush_cache_after_error (app);
+            }
+          else
+            app->did_chv1 = 1;
+        }
     }
   else
-    rc = 0;
-
-  if (!app->did_chv1 && !app->force_chv1 && pinvalue)
     {
-      /* For convenience we verify CHV1 here too.  We do this only if
-         the card is not configured to require a verification before
-         each CHV1 controlled operation (force_chv1) and if we are not
-         using the pinpad (PINVALUE == NULL). */
-      rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen);
-      if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
-        rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
+      rc = verify_a_chv (app, pincb, pincb_arg, 1, 0, &pinvalue, &pinlen);
       if (rc)
-        {
-          log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
-          flush_cache_after_error (app);
-        }
-      else
-        app->did_chv1 = 1;
+        return rc;
     }
 
   xfree (pinvalue);