1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

scd:p15: Make $SIGNKEY et al determination more fault tolerant.

* scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out
the keys to use.
This commit is contained in:
Werner Koch 2021-03-24 11:41:57 +01:00
parent c56926f773
commit 964363e788
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -4118,10 +4118,10 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
char *buf; char *buf;
/* We return the ID of the first private key capable of the /* We return the ID of the first private key capable of the
* requested action. IF any gpgusage flag has been set for the * requested action. If any gpgusage flag has been set for the
* card we use the key only if both the P15 usage and the * card we consult the gpgusage flags and not the regualr usage
* gpgusage are set. This allows allows to single out the keys * flags.
* dedicated to OpenPGP. */ */
/* FIXME: This changed: Note that we do not yet return /* FIXME: This changed: Note that we do not yet return
* non_repudiation keys for $SIGNKEYID because our D-Trust * non_repudiation keys for $SIGNKEYID because our D-Trust
* testcard uses rsaPSS, which is not supported by gpgsm and not * testcard uses rsaPSS, which is not supported by gpgsm and not
@ -4129,19 +4129,24 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
for (prkdf = app->app_local->private_key_info; prkdf; for (prkdf = app->app_local->private_key_info; prkdf;
prkdf = prkdf->next) prkdf = prkdf->next)
{ {
if (name[1] == 'A' && (prkdf->usageflags.sign if (app->app_local->any_gpgusage)
|| prkdf->usageflags.sign_recover) {
&& (!app->app_local->any_gpgusage || prkdf->gpgusage.auth)) if ((name[1] == 'A' && prkdf->gpgusage.auth)
|| (name[1] == 'E' && prkdf->gpgusage.encr)
|| (name[1] == 'S' && prkdf->gpgusage.sign))
break; break;
else if (name[1] == 'E' && (prkdf->usageflags.decrypt }
|| prkdf->usageflags.unwrap) else
&& (!app->app_local->any_gpgusage || prkdf->gpgusage.encr)) {
break; if ((name[1] == 'A' && (prkdf->usageflags.sign
else if (name[1] == 'S' && (prkdf->usageflags.sign || prkdf->usageflags.sign_recover))
|| prkdf->usageflags.sign_recover) || (name[1] == 'E' && (prkdf->usageflags.decrypt
&& (!app->app_local->any_gpgusage || prkdf->gpgusage.sign)) || prkdf->usageflags.unwrap))
|| (name[1] == 'S' && (prkdf->usageflags.sign
|| prkdf->usageflags.sign_recover)))
break; break;
} }
}
if (prkdf) if (prkdf)
{ {
buf = keyref_from_prkdf (app, prkdf); buf = keyref_from_prkdf (app, prkdf);