blob: 94062c885b5bf61c96e1defd171f1e643c434630 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f34b9147eb3070bce80d53febaa564164cd6c977
From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 13 Jul 2022 10:40:55 +0900
Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics.
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.
--
GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
app->app_local->keyattr[keyno].ecc.algo = *buffer;
app->app_local->keyattr[keyno].ecc.flags = 0;
- if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
- || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
- { /* Found "pubkey required"-byte for private key template. */
- oidlen--;
- if (buffer[buflen-1] == 0xff)
- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
+ {
+ /* Yubikey implementations vary.
+ * Firmware version 5.2 returns "pubkey required"-byte with
+ * 0x00, but after removal and second time insertion, it
+ * returns bogus value there.
+ * Firmware version 5.4 returns none.
+ */
+ curve = ecc_curve (buffer + 1, oidlen);
+ if (!curve)
+ curve = ecc_curve (buffer + 1, oidlen - 1);
+ }
+ else
+ {
+ if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+ { /* Found "pubkey required"-byte for private key template. */
+ oidlen--;
+ if (buffer[buflen-1] == 0xff)
+ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+ }
+ curve = ecc_curve (buffer + 1, oidlen);
}
-
- curve = ecc_curve (buffer + 1, oidlen);
if (!curve)
{
|
GitWeb
