From c45a8b034c5e093a48da5f5249c7511a0d100513 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 11 Oct 2023 10:18:59 +0200 Subject: [PATCH] scd:openpgp: Use a special compare for the serialno. * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. (do_learn_status): Add mssing error handling. -- This is required because we changed what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100 --- scd/app-openpgp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 106e3552c..f2f99333a 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2161,6 +2161,8 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) } if (!err && app->app_local->extcap.has_button) err = do_getattr (app, ctrl, "UIF"); + if (gpg_err_code (err) == GPG_ERR_NO_OBJ) + err = 0; if (!err && app->app_local->extcap.private_dos) { if (!err) @@ -4986,7 +4988,10 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth) return gpg_error (GPG_ERR_INV_ID); } - if (n != 32 || strncmp (keyidstr, "D27600012401", 12)) + /* For a description of the serialno compare function see + * is_same_serialno. We don't use that function because here we + * are working on a hex string. */ + if (n != 32 || ascii_strncasecmp (keyidstr, "D27600012401", 12)) return gpg_error (GPG_ERR_INV_ID); else if (!*s) ; /* no fingerprint given: we allow this for now. */ @@ -4994,7 +4999,9 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth) fpr = s + 1; serial = app_get_serialno (app); - if (strncmp (serial, keyidstr, 32)) + if (!serial || strlen (serial) != 32 + || ascii_memcasecmp (serial, "D27600012401", 12) + || ascii_memcasecmp (serial+16, keyidstr+16, 16)) { xfree (serial); return gpg_error (GPG_ERR_WRONG_CARD);