1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00

scd:openpgp: Fix workaround for Yubikey heuristics.

* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-07-13 10:40:55 +09:00
parent 95651d1a4f
commit f34b9147eb

View File

@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
app->app_local->keyattr[keyno].ecc.algo = *buffer; app->app_local->keyattr[keyno].ecc.algo = *buffer;
app->app_local->keyattr[keyno].ecc.flags = 0; app->app_local->keyattr[keyno].ecc.flags = 0;
if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
|| buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) {
{ /* Found "pubkey required"-byte for private key template. */ /* Yubikey implementations vary.
oidlen--; * Firmware version 5.2 returns "pubkey required"-byte with
if (buffer[buflen-1] == 0xff) * 0x00, but after removal and second time insertion, it
app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; * returns bogus value there.
* Firmware version 5.4 returns none.
*/
curve = ecc_curve (buffer + 1, oidlen);
if (!curve)
curve = ecc_curve (buffer + 1, oidlen - 1);
}
else
{
if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
{ /* Found "pubkey required"-byte for private key template. */
oidlen--;
if (buffer[buflen-1] == 0xff)
app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
}
curve = ecc_curve (buffer + 1, oidlen);
} }
curve = ecc_curve (buffer + 1, oidlen);
if (!curve) if (!curve)
{ {