agent: Skip unknown unknown ssh curves seen on cards.

* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
curves.
--

For example when using my standard ed25519 token and testing cards
with only Brainpool support, the ssh-agent failed due to the unknown
curves seen on the card.  This patches fixes this by ignoring keys
with unknown curves.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 16 insertions, 6 deletions

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 538b4ddef..73f98e9cd 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2513,18 +2513,28 @@ ssh_handler_request_identities (ctrl_t ctrl,
             continue;
 
           err = ssh_send_key_public (key_blobs, key_public, cardsn);
-          if (err && opt.verbose)
-            gcry_log_debugsxp ("pubkey", key_public);
           gcry_sexp_release (key_public);
           key_public = NULL;
           xfree (cardsn);
           if (err)
             {
-              agent_card_free_keyinfo (keyinfo_list);
-              goto out;
+              if (err && opt.verbose)
+                gcry_log_debugsxp ("pubkey", key_public);
+              if (gpg_err_code (err) == GPG_ERR_UNKNOWN_CURVE
+                  || gpg_err_code (err) == GPG_ERR_INV_CURVE)
+                {
+                  /* For example a Brainpool curve or a curve we don't
+                   * support at all but a smartcard lists that curve.
+                   * We ignore them.  */
+                }
+              else
+                {
+                  agent_card_free_keyinfo (keyinfo_list);
+                  goto out;
+                }
             }
-
-          key_counter++;
+          else
+            key_counter++;
         }
 
       agent_card_free_keyinfo (keyinfo_list);