From bbf4bd3bfcb51e9d91e08ceefba3ff016bae50ff Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 29 Mar 2021 15:39:32 +0200 Subject: [PATCH] agent: Skip unknown unknown ssh curves seen on cards. * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown curves. -- For example when using my standard ed25519 token and testing cards with only Brainpool support, the ssh-agent failed due to the unknown curves seen on the card. This patches fixes this by ignoring keys with unknown curves. Signed-off-by: Werner Koch (cherry picked from commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304) --- agent/command-ssh.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/agent/command-ssh.c b/agent/command-ssh.c index bcc78bd15..1ed541621 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -2608,19 +2608,29 @@ ssh_handler_request_identities (ctrl_t ctrl, continue; err = ssh_send_key_public (key_blobs, key_public, cardsn); - if (err && opt.verbose) - gcry_log_debugsxp ("pubkey", key_public); gcry_sexp_release (key_public); key_public = NULL; xfree (cardsn); if (err) { - xfree (serialno); - free_strlist (card_list); - goto out; + if (opt.verbose) + gcry_log_debugsxp ("pubkey", key_public); + if (gpg_err_code (err) == GPG_ERR_UNKNOWN_CURVE + || gpg_err_code (err) == GPG_ERR_INV_CURVE) + { + /* For example a Brainpool curve or a curve we don't + * support at all but a smartcard lists that curve. + * We ignore them. */ + } + else + { + xfree (serialno); + free_strlist (card_list); + goto out; + } } - - key_counter++; + else + key_counter++; } xfree (serialno);