pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 993834 from security:privacy

Browse Source 
Fix YubiKey 5 Nano support (boo#1202201)

OBS-URL: https://build.opensuse.org/request/show/993834
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=278
This commit is contained in:
Pedro Monreal Gonzalez 2022-08-08 20:32:26 +00:00 committed by Git OBS Bridge
parent 5d908c5a8d
commit a47f80ec30
3 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch Normal file
View File

@ -0,0 +1,61 @@
From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 13 Jul 2022 10:40:55 +0900
Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics.
References: https://bugzilla.opensuse.org/show_bug.cgi?id=1202201
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.
--
GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
scd/app-openpgp.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 8bb346a86..4667416df 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
app->app_local->keyattr[keyno].ecc.algo = *buffer;
app->app_local->keyattr[keyno].ecc.flags = 0;
- if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
- || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
- { /* Found "pubkey required"-byte for private key template. */
- oidlen--;
- if (buffer[buflen-1] == 0xff)
- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
+ {
+ /* Yubikey implementations vary.
+ * Firmware version 5.2 returns "pubkey required"-byte with
+ * 0x00, but after removal and second time insertion, it
+ * returns bogus value there.
+ * Firmware version 5.4 returns none.
+ */
+ curve = ecc_curve (buffer + 1, oidlen);
+ if (!curve)
+ curve = ecc_curve (buffer + 1, oidlen - 1);
+ }
+ else
+ {
+ if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+ { /* Found "pubkey required"-byte for private key template. */
+ oidlen--;
+ if (buffer[buflen-1] == 0xff)
+ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+ }
+ curve = ecc_curve (buffer + 1, oidlen);
}
-
- curve = ecc_curve (buffer + 1, oidlen);
if (!curve)
{
--
2.37.1

6
gpg2.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Aug 8 18:00:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- Fix YubiKey 5 Nano support (boo#1202201), add
gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 12 22:06:02 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> Tue Jul 12 22:06:02 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>

1
gpg2.spec
View File

@ -39,6 +39,7 @@ Patch7: gnupg-2.2.16-secmem.patch
Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch
Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
Patch11: gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: ibmswtpm2 BuildRequires: ibmswtpm2