scd:openpgp: Fix workaround for Yubikey heuristics.

* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

1 files changed, 21 insertions, 8 deletions

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 8bb346a86..4667416df 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
       app->app_local->keyattr[keyno].ecc.algo = *buffer;
       app->app_local->keyattr[keyno].ecc.flags = 0;
 
-      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
-	  || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
-        { /* Found "pubkey required"-byte for private key template.  */
-          oidlen--;
-          if (buffer[buflen-1] == 0xff)
-            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
+        {
+          /* Yubikey implementations vary.
+           * Firmware version 5.2 returns "pubkey required"-byte with
+           * 0x00, but after removal and second time insertion, it
+           * returns bogus value there.
+           * Firmware version 5.4 returns none.
+           */
+          curve = ecc_curve (buffer + 1, oidlen);
+          if (!curve)
+            curve = ecc_curve (buffer + 1, oidlen - 1);
+        }
+      else
+        {
+          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+            { /* Found "pubkey required"-byte for private key template.  */
+              oidlen--;
+              if (buffer[buflen-1] == 0xff)
+                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+            }
+          curve = ecc_curve (buffer + 1, oidlen);
         }
-
-      curve = ecc_curve (buffer + 1, oidlen);
 
       if (!curve)
         {