scd:p15: Make $SIGNKEY et al determination more fault tolerant.

* scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out the keys to use.
author: Werner Koch <[email protected]> 2021-03-24 10:41:57 +0000
committer: Werner Koch <[email protected]> 2021-03-24 11:27:36 +0000
commit: 964363e788210f96a471e31ffa8fd17b534c0aa8 (patch)
tree: 59630c842b8fe62d826e5e417a64759d7d80d6b9 /scd/app-p15.c
parent: sm: Add a few more OIDs to the table for nicer keylistings (diff)
download: gnupg-964363e788210f96a471e31ffa8fd17b534c0aa8.tar.gz
gnupg-964363e788210f96a471e31ffa8fd17b534c0aa8.zip
1 files changed, 21 insertions, 16 deletions
diff --git a/scd/app-p15.c b/scd/app-p15.c
index 4744e7481..597159860 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -4118,10 +4118,10 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
       char *buf;
 
       /* We return the ID of the first private key capable of the
-       * requested action.  IF any gpgusage flag has been set for the
-       * card we use the key only if both the P15 usage and the
-       * gpgusage are set.  This allows allows to single out the keys
-       * dedicated to OpenPGP.  */
+       * requested action.  If any gpgusage flag has been set for the
+       * card we consult the gpgusage flags and not the regualr usage
+       * flags.
+       */
       /* FIXME: This changed: Note that we do not yet return
        * non_repudiation keys for $SIGNKEYID because our D-Trust
        * testcard uses rsaPSS, which is not supported by gpgsm and not
@@ -4129,18 +4129,23 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
       for (prkdf = app->app_local->private_key_info; prkdf;
            prkdf = prkdf->next)
         {
-          if (name[1] == 'A' && (prkdf->usageflags.sign
-                                 || prkdf->usageflags.sign_recover)
-              && (!app->app_local->any_gpgusage || prkdf->gpgusage.auth))
-            break;
-          else if (name[1] == 'E' && (prkdf->usageflags.decrypt
-                                      || prkdf->usageflags.unwrap)
-                   && (!app->app_local->any_gpgusage || prkdf->gpgusage.encr))
-            break;
-          else if (name[1] == 'S' && (prkdf->usageflags.sign
-                                      || prkdf->usageflags.sign_recover)
-                   && (!app->app_local->any_gpgusage || prkdf->gpgusage.sign))
-            break;
+          if (app->app_local->any_gpgusage)
+            {
+              if ((name[1] == 'A' && prkdf->gpgusage.auth)
+                  || (name[1] == 'E' && prkdf->gpgusage.encr)
+                  || (name[1] == 'S' && prkdf->gpgusage.sign))
+                break;
+            }
+          else
+            {
+              if ((name[1] == 'A' && (prkdf->usageflags.sign
+                                      || prkdf->usageflags.sign_recover))
+                  || (name[1] == 'E' && (prkdf->usageflags.decrypt
+                                         || prkdf->usageflags.unwrap))
+                  || (name[1] == 'S' && (prkdf->usageflags.sign
+                                         || prkdf->usageflags.sign_recover)))
+                break;
+            }
         }
       if (prkdf)
         {
author	Werner Koch <[email protected]>	2021-03-24 10:41:57 +0000
committer	Werner Koch <[email protected]>	2021-03-24 11:27:36 +0000
commit	964363e788210f96a471e31ffa8fd17b534c0aa8 (patch)
tree	59630c842b8fe62d826e5e417a64759d7d80d6b9 /scd/app-p15.c
parent	sm: Add a few more OIDs to the table for nicer keylistings (diff)
download	gnupg-964363e788210f96a471e31ffa8fd17b534c0aa8.tar.gz gnupg-964363e788210f96a471e31ffa8fd17b534c0aa8.zip