agent: Skip unknown unknown ssh curves seen on cards.

* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown curves. -- For example when using my standard ed25519 token and testing cards with only Brainpool support, the ssh-agent failed due to the unknown curves seen on the card. This patches fixes this by ignoring keys with unknown curves. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 2d2391dfc2)
2021-03-29 15:39:32 +02:00 · 2021-03-29 15:39:32 +02:00 · bbf4bd3bfc
parent a456303ae3
commit bbf4bd3bfc
1 changed files with 17 additions and 7 deletions
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@ -2608,19 +2608,29 @@ ssh_handler_request_identities (ctrl_t ctrl,
            continue;

          err = ssh_send_key_public (key_blobs, key_public, cardsn);
-          if (err && opt.verbose)
-            gcry_log_debugsxp ("pubkey", key_public);
          gcry_sexp_release (key_public);
          key_public = NULL;
          xfree (cardsn);
          if (err)
            {
-              xfree (serialno);
-              free_strlist (card_list);
-              goto out;
+              if (opt.verbose)
+                gcry_log_debugsxp ("pubkey", key_public);
+              if (gpg_err_code (err) == GPG_ERR_UNKNOWN_CURVE
+                  || gpg_err_code (err) == GPG_ERR_INV_CURVE)
+                {
+                  /* For example a Brainpool curve or a curve we don't
+                   * support at all but a smartcard lists that curve.
+                   * We ignore them.  */
+                }
+              else
+                {
+                  xfree (serialno);
+                  free_strlist (card_list);
+                  goto out;
+                }
            }
-
-          key_counter++;
+          else
+            key_counter++;
        }

      xfree (serialno);