From d4cb774ddd8830836c9c87a90db01f749ac8d67c Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 10 Sep 2020 15:06:30 +0900
Subject: [PATCH] scd: Flush KDF DO (0x00F9) when it's being set.

* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.

--

Only it was called when there was an object with KDF_DATA_LENGTH_MAX.
No matter the VALUELEN, it should be flushed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/app-openpgp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index d434e341d..f870e1a70 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -2967,14 +2967,14 @@ do_setattr (app_t app, ctrl_t ctrl, const char *name,
           if (!rc)
             rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0);
 
-          /* Flush the cache again, because pin2hash_if_kdf uses the DO.  */
-          flush_cache_item (app, 0xF9);
-
           wipe_and_free (buffer1, bufferlen1);
           wipe_and_free_string (oldpinvalue);
         }
       else
         return gpg_error (GPG_ERR_INV_OBJ);
+
+      /* Flush the cache again, because pin2hash_if_kdf uses the DO.  */
+      flush_cache_item (app, 0xF9);
     }
 
   rc = iso7816_put_data (app_get_slot (app),