From 7e2b0488d13561be2b754e28801de654747a8dcc Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 15 Oct 2018 11:10:15 +0900
Subject: [PATCH] scd: Fix signing authentication status.

* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

--

Cherry-picked from master commit of:
	78f542e1f4495195db2e668f9cd41657fb1afc77

We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".

GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/app-openpgp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 9fcfa191e..911bd8856 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4381,7 +4381,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   log_info (_("signatures created so far: %lu\n"), sigcount);
 
   /* Check CHV if needed.  */
-  if (!app->did_chv1 || app->force_chv1 )
+  if (!app->did_chv1 || app->force_chv1)
     {
       char *pinvalue;
       int pinlen;
@@ -4429,6 +4429,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
     }
   rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value,
                            outdata, outdatalen);
+  if (!rc && app->force_chv1)
+    app->did_chv1 = 0;
+
   return rc;
 }