Yubikey: scdaemon causes libc segfault and clashes with ECC keys
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	oddlama
	May 2 2022, 11:21 PM

Description

Actions and expected behavior

Hi! I've been trying to use gpg exclusively via pcsc-lite by adding disable-ccid to ~/.gnupg/scdaemon.conf.
Unfortunately, I'm experiencing quite weird behavior when trying to use my Yubikey.
My simple test case is to just execute gpg --card-status, which ideally should work instantly at any time.

What I experience instead

The first gpg --card-status fails with:

gpg: selecting card failed: End of file
gpg: OpenPGP card not available: End of file

while the following is logged to the syslog:

May 01 13:08:05 kernel: pipe-connection[1877414]: segfault at 0 ip 00007f39626622de sp 00007f3962434b18 error 4 in libc.so.6[7f396251c000+169000]
May 01 13:08:05 kernel: Code: 00 00 00 00 00 0f 1f 80 00 00 00 00 89 f8 31 d2 c5 c1 ef ff 09 f0 25 ff 0f 00 00 3d 80 0f 00 00 0f 8f 56 03 00 00 c5 fe 6f 0f <c5> f5 74 06 c5 fd da c1 c5 fd 74 c7 c5 fd d7 c8 85 c9 74 7e f3 0f
May 01 13:08:05 systemd[1]: Started Process Core Dump (PID 1878669/UID 0).
May 01 13:08:05 systemd-coredump[1878670]: Resource limits disable core dumping for process 1877413 (scdaemon).
May 01 13:08:05 systemd-coredump[1878670]: [🡕] Process 1877413 (scdaemon) of user 1000 dumped core.
May 01 13:08:05 systemd[1]: systemd-coredump@49-1878669-0.service: Deactivated successfully.

The second try always succeeds when a fresh pcsc daemon was started by udev.
When unplugging the yubikey, pcsc throws a bunch of errors and will cause
any subsequently inserted yubikeys to be unusable until pcsc is killed.

At first I thought this is related to pcsc-lite, please see the detailed bug report over on
their issue tracker (https://github.com/LudovicRousseau/PCSC/issues/125). It includes my detailed syslog
messaged and exact descriptions of what I did. At the end of the main post I've also included pcsc logs.

My intentions are to use my yubikey via pcsc so I can also use it with PAM and firefox,
which is why I used disable-ccid to avoid gpg from using the device. I'm unsure what
causes this issue, but I have observed it since at least Februrary 2022 (I don't remember having any problems for years before that using this exact same setup)
A fresh system re-setup didn't solve it. I'm trying a shot in the dark here, but since I don't have any problems using the same software on a different computer,
I guess it could be related to my laptop's USB host controller, as I'm seeing a lot of usb errors when removing the yubikey (see the pcsc bug report for details).

System information

I'm on a freshly setup gentoo system.

ccid-1.5.0
pcsc-lite-1.9.5
libusb 1.0.26
gpg (GnuPG) 2.3.5
libgcrypt 1.10.1
Using my Yubikey 5C NFC (also occurs with any other yubikey I had at hand)

Revisions and Commits

rG GnuPG
	rG600e69b46149 scd:openpgp: Fix a segv for cards supporting unknown curves.
	rG225c66f13b87 scd: Fail when no good algorithm attribute.
	rGa5217c90003c scd: Add workaround for ECC attribute on Yubikey.
	rG53eddf9b9ea0 scd: Fail when no good algorithm attribute.
	rG054d14887ef8 scd: Add workaround for ECC attribute on Yubikey.
	rG385f4841330e scd:openpgp: Fix a segv for cards supporting unknown curves.

Related Objects
Search...

		Status	Assigned	Task
		Resolved	• gniibe	T5963 Yubikey: scdaemon causes libc segfault and clashes with ECC keys
		Open	• gniibe	T5971 Yubikey: Removal of device is not detected by PC/SC

Event Timeline

oddlama created this task.May 2 2022, 11:21 PM

oddlama created this object in space S1 Public.

What I would do in this case is to stop the gnupg daemon amd anything whiuch might start them and run scdaemon under valgrind.

valgrind /usr/local/libexec/scdaemon --server --disable-ccid --debug cardio

and then enter

SERIALNO

and if this succeeds

LEARN --keypairinfo

It segfaults on SERIALNO. Here's what valgrind outputs:

==9162== Memcheck, a memory error detector
==9162== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9162== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==9162== Command: /usr/libexec/scdaemon --server --disable-ccid --debug cardio
==9162== 
--9162-- WARNING: unhandled amd64-linux syscall: 334
--9162-- You may be able to write your own handler.
--9162-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--9162-- Nevertheless we consider this a bug.  Please report
--9162-- it at http://valgrind.org/support/bug_reports.html.
scdaemon[9162]: reading options from '/home/malte/.gnupg/scdaemon.conf'
scdaemon[9162]: reading options from '[cmdline]'
scdaemon[9162]: enabled debug flags: cardio
scdaemon[9162]: handler for fd -1 started
OK GNU Privacy Guard's Smartcard server ready
SERIALNO
==9162== Thread 2:
==9162== Conditional jump or move depends on uninitialised value(s)
==9162==    at 0x58BCFAE: SCardListReaders (in /usr/lib64/libpcsclite.so.1.0.0)
==9162==    by 0x11D78A: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x1245EF: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x117AFF: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5)
==9162==    by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5)
==9162==    by 0x11854C: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x114C03: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x4A2F49D: ??? (in /usr/lib64/libnpth.so.0.1.2)
==9162==    by 0x4ABD3E9: start_thread (pthread_create.c:442)
==9162==    by 0x4B3F0DF: clone (clone.S:100)
==9162== 
scdaemon[9162]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
scdaemon[9162]: reader slot 0: not connected
scdaemon[9162]: DBG: feature: code=12, len=4, v=42330012
scdaemon[9162]: DBG: TLV properties: tag=01, len=2, v=00000000
scdaemon[9162]: DBG: TLV properties: tag=03, len=1, v=00000000
scdaemon[9162]: DBG: TLV properties: tag=09, len=1, v=00000000
scdaemon[9162]: DBG: TLV properties: tag=0B, len=2, v=00001050
scdaemon[9162]: DBG: TLV properties: tag=0C, len=2, v=00000407
scdaemon[9162]: DBG: TLV properties: tag=0A, len=4, v=00010000
scdaemon[9162]: reader slot 0: active protocol: T1
scdaemon[9162]: slot 0: ATR=3bfd1300008131fe158073c021c057597562694b657940
scdaemon[9162]: DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
scdaemon[9162]: DBG:   PCSC_data: 00a4000c023f00
scdaemon[9162]: DBG:  response: sw=6D00  datalen=0
scdaemon[9162]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=8 le=-1 em=0
scdaemon[9162]: DBG:   PCSC_data: 00a4040008a000000527471117
scdaemon[9162]: DBG:  response: sw=9000  datalen=30
scdaemon[9162]: DBG:      dump: 5669727475616c206d6772202d2046572076657273696f6e20352e322e37
scdaemon[9162]: DBG:   PCSC_data: 001d000000
scdaemon[9162]: DBG:  response: sw=9000  datalen=47
scdaemon[9162]: DBG:       dump:  2e0102023f0302023f020400e812d604010305030502070602000007010f0801 \
scdaemon[9162]: DBG:  000d02023f0e02023b0a01000f01009000
scdaemon[9162]: Yubico: config=2e0102023f0302023f020400e812d604010305030502070602000007010f0801000d02023f0e02023b0a01000f0100
scdaemon[9162]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
scdaemon[9162]: DBG:   PCSC_data: 00a4040006d27600012401
scdaemon[9162]: DBG:  response: sw=9000  datalen=0
scdaemon[9162]: DBG:      dump: [all zero]
scdaemon[9162]: DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0
scdaemon[9162]: DBG:   PCSC_data: 00ca004f00
scdaemon[9162]: DBG:  response: sw=9000  datalen=16
scdaemon[9162]: DBG:      dump: d2760001240103040006152091740000
scdaemon[9162]: AID: d2760001240103040006152091740000
scdaemon[9162]: DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0
scdaemon[9162]: DBG:   PCSC_data: 00ca5f5200
scdaemon[9162]: DBG:  response: sw=9000  datalen=8
scdaemon[9162]: DBG:      dump: 00730000e0059000
scdaemon[9162]: Historical Bytes: 00730000e0059000
scdaemon[9162]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0
scdaemon[9162]: DBG:   PCSC_data: 00ca00c400
scdaemon[9162]: DBG:  response: sw=9000  datalen=7
scdaemon[9162]: DBG:      dump: ff7f7f7f030003
scdaemon[9162]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0
scdaemon[9162]: DBG:   PCSC_data: 00ca006e00
scdaemon[9162]: DBG:  response: sw=614B  datalen=256
scdaemon[9162]: DBG: apdu_send_simple(0): 75 more bytes available
scdaemon[9162]: DBG:   PCSC_data: 00c000004b
scdaemon[9162]: DBG:      more: sw=9000  datalen=75
scdaemon[9162]: DBG:      dump: 6e8201474f10d27600012401030400061520917400005f520800730000e00590 \
scdaemon[9162]: DBG:  007f740381012073820120c00a7d000bfe080000ff0000c10b162b06010401da \
scdaemon[9162]: DBG:  470f0102c20c122b06010401975501050131c30b162b06010401da470f01feda \
scdaemon[9162]: DBG:  06010800001100c407ff7f7f7f030003c5507ccda9d8f56174609c5eccb514ef \
scdaemon[9162]: DBG:  e510775fe39aef5c0e983fab4a68c9d1a1e542559f6dcfdce3453149208fa48c \
scdaemon[9162]: DBG:  ef74fe4de5f813e04797a940eb5c000000000000000000000000000000000000 \
scdaemon[9162]: DBG:  0000c65000000000000000000000000000000000000000000000000000000000 \
scdaemon[9162]: DBG:  0000000000000000000000000000000000000000000000000000000000000000 \
scdaemon[9162]: DBG:  0000000000000000000000000000000000000000cd106006ee156006ee2b6006 \
scdaemon[9162]: DBG:  ee4000000000de0801020202030281027f660802020bfe02020bfed6020320d7 \
scdaemon[9162]: DBG:  020320d8020320d9020020
scdaemon[9162]: DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=65534 em=255
scdaemon[9162]: DBG:   PCSC_data: 00ca005e00fffe
scdaemon[9162]: DBG:  response: sw=9000  datalen=7
scdaemon[9162]: DBG:      dump: 6f64646c616d61
scdaemon[9162]: Version-2+ .....: yes
scdaemon[9162]: Version-3+ .....: yes
scdaemon[9162]: Button .........: yes
scdaemon[9162]: SM-Support .....: no
scdaemon[9162]: Get-Challenge ..: yes (3070 bytes max)
scdaemon[9162]: Key-Import .....: yes
scdaemon[9162]: Change-Force-PW1: yes
scdaemon[9162]: Private-DOs ....: yes
scdaemon[9162]: Algo-Attr-Change: yes
scdaemon[9162]: Symmetric Crypto: no
scdaemon[9162]: KDF-Support ....: yes
scdaemon[9162]: Max-Cert-Len ...: 2048
scdaemon[9162]: PIN-Block-2 ....: no
scdaemon[9162]: MSE-Support ....: no
scdaemon[9162]: Max-Special-DOs : 255
scdaemon[9162]: Cmd-Chaining ...: yes
scdaemon[9162]: Ext-Lc-Le ......: yes
scdaemon[9162]: Status-Indicator: 05
scdaemon[9162]: GnuPG-No-Sync ..: no
scdaemon[9162]: GnuPG-Def-PW2 ..: no
scdaemon[9162]: Key-Attr-sign ..: 
scdaemon[9162]: DBG: Curve with OID not supported:  2b06010401da470f0102
==9162== Invalid read of size 1
==9162==    at 0x484A7C2: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==9162==    by 0x48794E2: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==9162==    by 0x487AEC0: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==9162==    by 0x16567F: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x129253: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x133DF5: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x1248CE: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x117AFF: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5)
==9162==    by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5)
==9162==    by 0x11854C: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x114C03: ??? (in /usr/libexec/scdaemon)
==9162==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==9162== 
==9162== 
==9162== Process terminating with default action of signal 11 (SIGSEGV)
==9162==  Access not within mapped region at address 0x0
==9162==    at 0x484A7C2: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==9162==    by 0x48794E2: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==9162==    by 0x487AEC0: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==9162==    by 0x16567F: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x129253: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x133DF5: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x1248CE: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x117AFF: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5)
==9162==    by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5)
==9162==    by 0x11854C: ??? (in /usr/libexec/scdaemon)
==9162==    by 0x114C03: ??? (in /usr/libexec/scdaemon)
==9162==  If you believe this happened as a result of a stack
==9162==  overflow in your program's main thread (unlikely but
==9162==  possible), you can try to increase the size of the
==9162==  main thread stack using the --main-stacksize= flag.
==9162==  The main thread stack size used in this run was 8388608.
==9162== 
==9162== HEAP SUMMARY:
==9162==     in use at exit: 74,623 bytes in 115 blocks
==9162==   total heap usage: 173 allocs, 58 frees, 168,877 bytes allocated
==9162== 
==9162== LEAK SUMMARY:
==9162==    definitely lost: 33 bytes in 1 blocks
==9162==    indirectly lost: 0 bytes in 0 blocks
==9162==      possibly lost: 2,907 bytes in 3 blocks
==9162==    still reachable: 71,683 bytes in 111 blocks
==9162==         suppressed: 0 bytes in 0 blocks
==9162== Rerun with --leak-check=full to see details of leaked memory
==9162== 
==9162== Use --track-origins=yes to see where uninitialised values come from
==9162== For lists of detected and suppressed errors, rerun with: -s
==9162== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

And the corresponding syslog:

May 04 12:43:33 kernel: pcieport 0000:00:1d.0: pciehp: Slot(16): Card present
May 04 12:43:33 kernel: pcieport 0000:00:1d.0: pciehp: Slot(16): Link Up
May 04 12:43:33 kernel: pci 0000:05:00.0: [8086:15da] type 01 class 0x060400
May 04 12:43:33 kernel: pci 0000:05:00.0: enabling Extended Tags
May 04 12:43:33 kernel: pci 0000:05:00.0: supports D1 D2
May 04 12:43:33 kernel: pci 0000:05:00.0: PME# supported from D0 D1 D2 D3hot D3cold
May 04 12:43:33 kernel: pci 0000:05:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
May 04 12:43:33 kernel: pci 0000:06:00.0: [8086:15da] type 01 class 0x060400
May 04 12:43:33 kernel: pci 0000:06:00.0: enabling Extended Tags
May 04 12:43:33 kernel: pci 0000:06:00.0: supports D1 D2
May 04 12:43:33 kernel: pci 0000:06:00.0: PME# supported from D0 D1 D2 D3hot D3cold
May 04 12:43:33 kernel: pci 0000:06:01.0: [8086:15da] type 01 class 0x060400
May 04 12:43:33 kernel: pci 0000:06:01.0: enabling Extended Tags
May 04 12:43:33 kernel: pci 0000:06:01.0: supports D1 D2
May 04 12:43:33 kernel: pci 0000:06:01.0: PME# supported from D0 D1 D2 D3hot D3cold
May 04 12:43:33 kernel: pci 0000:06:02.0: [8086:15da] type 01 class 0x060400
May 04 12:43:33 kernel: pci 0000:06:02.0: enabling Extended Tags
May 04 12:43:33 kernel: pci 0000:06:02.0: supports D1 D2
May 04 12:43:33 kernel: pci 0000:06:02.0: PME# supported from D0 D1 D2 D3hot D3cold
May 04 12:43:33 kernel: pci 0000:05:00.0: PCI bridge to [bus 06-3d]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [io  0x0000-0x0fff]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [mem 0x00000000-0x000fffff]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [mem 0x00000000-0x000fffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
May 04 12:43:33 kernel: pci 0000:06:01.0: bridge configuration invalid ([bus 00-00]), reconfiguring
May 04 12:43:33 kernel: pci 0000:06:02.0: bridge configuration invalid ([bus 00-00]), reconfiguring
May 04 12:43:33 kernel: pci 0000:06:00.0: PCI bridge to [bus 07-3d]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [io  0x0000-0x0fff]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [mem 0x00000000-0x000fffff]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [mem 0x00000000-0x000fffff 64bit pref]
May 04 12:43:33 kernel: pci_bus 0000:07: busn_res: [bus 07-3d] end is updated to 07
May 04 12:43:33 kernel: pci 0000:06:01.0: PCI bridge to [bus 08-3d]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [io  0x0000-0x0fff]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [mem 0x00000000-0x000fffff]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [mem 0x00000000-0x000fffff 64bit pref]
May 04 12:43:33 kernel: pci_bus 0000:08: busn_res: [bus 08-3d] end is updated to 3c
May 04 12:43:33 kernel: pci 0000:3d:00.0: [8086:15db] type 00 class 0x0c0330
May 04 12:43:33 kernel: pci 0000:3d:00.0: reg 0x10: [mem 0x00000000-0x0000ffff]
May 04 12:43:33 kernel: pci 0000:3d:00.0: supports D1 D2
May 04 12:43:33 kernel: pci 0000:3d:00.0: PME# supported from D0 D1 D2 D3hot D3cold
May 04 12:43:33 kernel: pci 0000:3d:00.0: 8.000 Gb/s available PCIe bandwidth, limited by 2.5 GT/s PCIe x4 link at 0000:06:02.0 (capable of 31.504 Gb/s with 8.0 GT/s PCIe x4 link)
May 04 12:43:33 kernel: pci 0000:06:02.0: PCI bridge to [bus 3d]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [io  0x0000-0x0fff]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [mem 0x00000000-0x000fffff]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [mem 0x00000000-0x000fffff 64bit pref]
May 04 12:43:33 kernel: pci_bus 0000:3d: busn_res: [bus 3d] end is updated to 3d
May 04 12:43:33 kernel: pci_bus 0000:06: busn_res: [bus 06-3d] end is updated to 3d
May 04 12:43:33 kernel: pci 0000:06:01.0: bridge window [mem 0x00100000-0x001fffff 64bit pref] to [bus 08-3c] add_size 100000 add_align 100000
May 04 12:43:33 kernel: pci 0000:06:01.0: bridge window [mem 0x00100000-0x001fffff] to [bus 08-3c] add_size 100000 add_align 100000
May 04 12:43:33 kernel: pci 0000:05:00.0: bridge window [mem 0x00100000-0x003fffff 64bit pref] to [bus 06-3d] add_size 100000 add_align 100000
May 04 12:43:33 kernel: pci 0000:05:00.0: bridge window [mem 0x00100000-0x003fffff] to [bus 06-3d] add_size 100000 add_align 100000
May 04 12:43:33 kernel: pci 0000:05:00.0: BAR 14: assigned [mem 0x94000000-0xaa0fffff]
May 04 12:43:33 kernel: pci 0000:05:00.0: BAR 15: assigned [mem 0x50000000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:05:00.0: BAR 13: assigned [io  0x6000-0x7fff]
May 04 12:43:33 kernel: pci 0000:06:00.0: BAR 14: assigned [mem 0x94000000-0x940fffff]
May 04 12:43:33 kernel: pci 0000:06:00.0: BAR 15: assigned [mem 0x50000000-0x500fffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:01.0: BAR 14: assigned [mem 0x94100000-0xa9ffffff]
May 04 12:43:33 kernel: pci 0000:06:01.0: BAR 15: assigned [mem 0x50100000-0x71efffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:02.0: BAR 14: assigned [mem 0xaa000000-0xaa0fffff]
May 04 12:43:33 kernel: pci 0000:06:02.0: BAR 15: assigned [mem 0x71f00000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:00.0: BAR 13: assigned [io  0x6000-0x6fff]
May 04 12:43:33 kernel: pci 0000:06:01.0: BAR 13: assigned [io  0x7000-0x7fff]
May 04 12:43:33 kernel: pci 0000:06:02.0: BAR 13: no space for [io  size 0x1000]
May 04 12:43:33 kernel: pci 0000:06:02.0: BAR 13: failed to assign [io  size 0x1000]
May 04 12:43:33 kernel: pci 0000:06:00.0: PCI bridge to [bus 07]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [io  0x6000-0x6fff]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [mem 0x94000000-0x940fffff]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [mem 0x50000000-0x500fffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:01.0: PCI bridge to [bus 08-3c]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [io  0x7000-0x7fff]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [mem 0x94100000-0xa9ffffff]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [mem 0x50100000-0x71efffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:3d:00.0: BAR 0: assigned [mem 0xaa000000-0xaa00ffff]
May 04 12:43:33 kernel: pci 0000:06:02.0: PCI bridge to [bus 3d]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [mem 0xaa000000-0xaa0fffff]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [mem 0x71f00000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:05:00.0: PCI bridge to [bus 06-3d]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [io  0x6000-0x7fff]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [mem 0x94000000-0xaa0fffff]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [mem 0x50000000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0: PCI bridge to [bus 05-3d]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0:   bridge window [io  0x6000-0x7fff]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0:   bridge window [mem 0x94000000-0xaa0fffff]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0:   bridge window [mem 0x50000000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: PCI: No. 2 try to assign unassigned res
May 04 12:43:33 kernel: pci 0000:06:00.0: resource 13 [io  0x6000-0x6fff] released
May 04 12:43:33 kernel: pci 0000:06:00.0: PCI bridge to [bus 07]
May 04 12:43:33 kernel: pci 0000:06:01.0: resource 13 [io  0x7000-0x7fff] released
May 04 12:43:33 kernel: pci 0000:06:01.0: PCI bridge to [bus 08-3c]
May 04 12:43:33 kernel: pci 0000:05:00.0: resource 13 [io  0x6000-0x7fff] released
May 04 12:43:33 kernel: pci 0000:05:00.0: PCI bridge to [bus 06-3d]
May 04 12:43:33 kernel: pci 0000:05:00.0: BAR 13: assigned [io  0x6000-0x7fff]
May 04 12:43:33 kernel: pci 0000:06:00.0: BAR 13: assigned [io  0x6000-0x6fff]
May 04 12:43:33 kernel: pci 0000:06:01.0: BAR 13: assigned [io  0x7000-0x7fff]
May 04 12:43:33 kernel: pci 0000:06:02.0: BAR 13: no space for [io  size 0x1000]
May 04 12:43:33 kernel: pci 0000:06:02.0: BAR 13: failed to assign [io  size 0x1000]
May 04 12:43:33 kernel: pci 0000:06:00.0: PCI bridge to [bus 07]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [io  0x6000-0x6fff]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [mem 0x94000000-0x940fffff]
May 04 12:43:33 kernel: pci 0000:06:00.0:   bridge window [mem 0x50000000-0x500fffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:01.0: PCI bridge to [bus 08-3c]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [io  0x7000-0x7fff]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [mem 0x94100000-0xa9ffffff]
May 04 12:43:33 kernel: pci 0000:06:01.0:   bridge window [mem 0x50100000-0x71efffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:06:02.0: PCI bridge to [bus 3d]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [mem 0xaa000000-0xaa0fffff]
May 04 12:43:33 kernel: pci 0000:06:02.0:   bridge window [mem 0x71f00000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pci 0000:05:00.0: PCI bridge to [bus 06-3d]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [io  0x6000-0x7fff]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [mem 0x94000000-0xaa0fffff]
May 04 12:43:33 kernel: pci 0000:05:00.0:   bridge window [mem 0x50000000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0: PCI bridge to [bus 05-3d]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0:   bridge window [io  0x6000-0x7fff]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0:   bridge window [mem 0x94000000-0xaa0fffff]
May 04 12:43:33 kernel: pcieport 0000:00:1d.0:   bridge window [mem 0x50000000-0x71ffffff 64bit pref]
May 04 12:43:33 kernel: pcieport 0000:05:00.0: enabling device (0000 -> 0003)
May 04 12:43:33 kernel: pcieport 0000:06:00.0: enabling device (0000 -> 0003)
May 04 12:43:33 kernel: pcieport 0000:06:01.0: enabling device (0000 -> 0003)
May 04 12:43:33 kernel: pcieport 0000:06:01.0: pciehp: Slot #1 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+
May 04 12:43:33 kernel: pcieport 0000:06:02.0: enabling device (0000 -> 0002)
May 04 12:43:33 kernel: pci 0000:3d:00.0: enabling device (0000 -> 0002)
May 04 12:43:33 kernel: xhci_hcd 0000:3d:00.0: xHCI Host Controller
May 04 12:43:33 kernel: xhci_hcd 0000:3d:00.0: new USB bus registered, assigned bus number 3
May 04 12:43:33 kernel: xhci_hcd 0000:3d:00.0: hcc params 0x200077c1 hci version 0x110 quirks 0x0000000200009810
May 04 12:43:33 kernel: usb usb3: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.17
May 04 12:43:33 kernel: usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
May 04 12:43:33 kernel: usb usb3: Product: xHCI Host Controller
May 04 12:43:33 kernel: usb usb3: Manufacturer: Linux 5.17.4-gentoo-dist xhci-hcd
May 04 12:43:33 kernel: usb usb3: SerialNumber: 0000:3d:00.0
May 04 12:43:33 kernel: hub 3-0:1.0: USB hub found
May 04 12:43:33 kernel: hub 3-0:1.0: 2 ports detected
May 04 12:43:33 kernel: xhci_hcd 0000:3d:00.0: xHCI Host Controller
May 04 12:43:33 kernel: xhci_hcd 0000:3d:00.0: new USB bus registered, assigned bus number 4
May 04 12:43:33 kernel: xhci_hcd 0000:3d:00.0: Host supports USB 3.1 Enhanced SuperSpeed
May 04 12:43:33 kernel: usb usb4: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.17
May 04 12:43:33 kernel: usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
May 04 12:43:33 kernel: usb usb4: Product: xHCI Host Controller
May 04 12:43:33 kernel: usb usb4: Manufacturer: Linux 5.17.4-gentoo-dist xhci-hcd
May 04 12:43:33 kernel: usb usb4: SerialNumber: 0000:3d:00.0
May 04 12:43:33 kernel: hub 4-0:1.0: USB hub found
May 04 12:43:33 kernel: hub 4-0:1.0: 2 ports detected
May 04 12:43:34 kernel: usb 3-1: new full-speed USB device number 2 using xhci_hcd
May 04 12:43:34 kernel: usb 3-1: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.27
May 04 12:43:34 kernel: usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
May 04 12:43:34 kernel: usb 3-1: Product: YubiKey OTP+FIDO+CCID
May 04 12:43:34 kernel: usb 3-1: Manufacturer: Yubico
May 04 12:43:34 kernel: input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:1d.0/0000:05:00.0/0000:06:02.0/0000:3d:00.0/usb3/3-1/3-1:1.0/0003:1050:0407.000F/input/input34
May 04 12:43:34 kernel: hid-generic 0003:1050:0407.000F: input,hidraw0: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:3d:00.0-1/input0
May 04 12:43:34 kernel: hid-generic 0003:1050:0407.0010: hiddev96,hidraw1: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:3d:00.0-1/input1
May 04 12:43:34 systemd[1]: Started PC/SC Smart Card Daemon.
May 04 12:43:35 kernel: pci_bus 0000:07: Allocating resources
May 04 12:43:35 kernel: pci_bus 0000:3d: Allocating resources
May 04 12:43:41 systemd[1]: Started Process Core Dump (PID 9258/UID 0).
May 04 12:43:41 systemd-coredump[9258]: Failed to get EXE, ignoring: No such process
May 04 12:43:41 systemd-coredump[9259]: Resource limits disable core dumping for process 9162 (memcheck-amd64-).
May 04 12:43:41 systemd-coredump[9259]: [🡕] Process 9162 (memcheck-amd64-) of user 1000 dumped core.
May 04 12:43:41 systemd[1]: systemd-coredump@5-9258-0.service: Deactivated successfully.

I am not sure about the crash but the unknown curve is
1.3.6.1.4.1.11591.15.1.2 which seems to be a GNU OID for curve448

@gniibe: Did you already stumbled on this too? Is @jas responsible for this assignment?

I've taken the liberty to regenerate the valgrind report including libc and gnupg debugsyms. Maybe it'll help.

==35605== Memcheck, a memory error detector
==35605== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==35605== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==35605== Command: /usr/libexec/scdaemon --server --disable-ccid --debug cardio
==35605==
--35605-- WARNING: unhandled amd64-linux syscall: 334
--35605-- You may be able to write your own handler.
--35605-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--35605-- Nevertheless we consider this a bug.  Please report
--35605-- it at http://valgrind.org/support/bug_reports.html.
scdaemon[35605]: reading options from '/home/malte/.gnupg/scdaemon.conf'
scdaemon[35605]: reading options from '[cmdline]'
scdaemon[35605]: enabled debug flags: cardio
scdaemon[35605]: handler for fd -1 started
OK GNU Privacy Guard's Smartcard server ready
SERIALNO
==35605== Thread 2:
==35605== Conditional jump or move depends on uninitialised value(s)
==35605==    at 0x58BCFAE: SCardListReaders (in /usr/lib64/libpcsclite.so.1.0.0)
==35605==    by 0x11D78A: apdu_dev_list_start (apdu.c:2031)
==35605==    by 0x1245EF: select_application (app.c:817)
==35605==    by 0x117AFF: open_card_with_request (command.c:281)
==35605==    by 0x117AFF: cmd_serialno (command.c:358)
==35605==    by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5)
==35605==    by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5)
==35605==    by 0x11854C: scd_command_handler (command.c:2521)
==35605==    by 0x114C03: start_connection_thread (scdaemon.c:1202)
==35605==    by 0x4A2F49D: ??? (in /usr/lib64/libnpth.so.0.1.2)
==35605==    by 0x4ABD3E9: start_thread (pthread_create.c:442)
==35605==    by 0x4B3F0DF: clone (clone.S:100)
==35605==
scdaemon[35605]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
scdaemon[35605]: reader slot 0: not connected
scdaemon[35605]: DBG: feature: code=12, len=4, v=42330012
scdaemon[35605]: DBG: TLV properties: tag=01, len=2, v=00000000
scdaemon[35605]: DBG: TLV properties: tag=03, len=1, v=00000000
scdaemon[35605]: DBG: TLV properties: tag=09, len=1, v=00000000
scdaemon[35605]: DBG: TLV properties: tag=0B, len=2, v=00001050
scdaemon[35605]: DBG: TLV properties: tag=0C, len=2, v=00000407
scdaemon[35605]: DBG: TLV properties: tag=0A, len=4, v=00010000
scdaemon[35605]: reader slot 0: active protocol: T1
scdaemon[35605]: slot 0: ATR=3bfd1300008131fe158073c021c057597562694b657940
scdaemon[35605]: DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
scdaemon[35605]: DBG:   PCSC_data: 00a4000c023f00
scdaemon[35605]: DBG:  response: sw=6D00  datalen=0
scdaemon[35605]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=8 le=-1 em=0
scdaemon[35605]: DBG:   PCSC_data: 00a4040008a000000527471117
scdaemon[35605]: DBG:  response: sw=9000  datalen=30
scdaemon[35605]: DBG:      dump: 5669727475616c206d6772202d2046572076657273696f6e20352e322e37
scdaemon[35605]: DBG:   PCSC_data: 001d000000
scdaemon[35605]: DBG:  response: sw=9000  datalen=47
scdaemon[35605]: DBG:       dump:  2e0102023f0302023f020400e812d604010305030502070602000007010f0801 \
scdaemon[35605]: DBG:  000d02023f0e02023b0a01000f01009000
scdaemon[35605]: Yubico: config=2e0102023f0302023f020400e812d604010305030502070602000007010f0801000d02023f0e02023b0a01000f0100
scdaemon[35605]: DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
scdaemon[35605]: DBG:   PCSC_data: 00a4040006d27600012401
scdaemon[35605]: DBG:  response: sw=9000  datalen=0
scdaemon[35605]: DBG:      dump: [all zero]
scdaemon[35605]: DBG: send apdu: c=00 i=CA p1=00 p2=4F lc=-1 le=256 em=0
scdaemon[35605]: DBG:   PCSC_data: 00ca004f00
scdaemon[35605]: DBG:  response: sw=9000  datalen=16
scdaemon[35605]: DBG:      dump: d2760001240103040006152091740000
scdaemon[35605]: AID: d2760001240103040006152091740000
scdaemon[35605]: DBG: send apdu: c=00 i=CA p1=5F p2=52 lc=-1 le=256 em=0
scdaemon[35605]: DBG:   PCSC_data: 00ca5f5200
scdaemon[35605]: DBG:  response: sw=9000  datalen=8
scdaemon[35605]: DBG:      dump: 00730000e0059000
scdaemon[35605]: Historical Bytes: 00730000e0059000
scdaemon[35605]: DBG: send apdu: c=00 i=CA p1=00 p2=C4 lc=-1 le=256 em=0
scdaemon[35605]: DBG:   PCSC_data: 00ca00c400
scdaemon[35605]: DBG:  response: sw=9000  datalen=7
scdaemon[35605]: DBG:      dump: ff7f7f7f030003
scdaemon[35605]: DBG: send apdu: c=00 i=CA p1=00 p2=6E lc=-1 le=256 em=0
scdaemon[35605]: DBG:   PCSC_data: 00ca006e00
scdaemon[35605]: DBG:  response: sw=614B  datalen=256
scdaemon[35605]: DBG: apdu_send_simple(0): 75 more bytes available
scdaemon[35605]: DBG:   PCSC_data: 00c000004b
scdaemon[35605]: DBG:      more: sw=9000  datalen=75
scdaemon[35605]: DBG:      dump: 6e8201474f10d27600012401030400061520917400005f520800730000e00590 \
scdaemon[35605]: DBG:  007f740381012073820120c00a7d000bfe080000ff0000c10b162b06010401da \
scdaemon[35605]: DBG:  470f01bac20c122b060104019755010501efc30b162b06010401da470f013fda \
scdaemon[35605]: DBG:  06010800001100c407ff7f7f7f030003c5507ccda9d8f56174609c5eccb514ef \
scdaemon[35605]: DBG:  e510775fe39aef5c0e983fab4a68c9d1a1e542559f6dcfdce3453149208fa48c \
scdaemon[35605]: DBG:  ef74fe4de5f813e04797a940eb5c000000000000000000000000000000000000 \
scdaemon[35605]: DBG:  0000c65000000000000000000000000000000000000000000000000000000000 \
scdaemon[35605]: DBG:  0000000000000000000000000000000000000000000000000000000000000000 \
scdaemon[35605]: DBG:  0000000000000000000000000000000000000000cd106006ee156006ee2b6006 \
scdaemon[35605]: DBG:  ee4000000000de0801020202030281027f660802020bfe02020bfed6020320d7 \
scdaemon[35605]: DBG:  020320d8020320d9020020
scdaemon[35605]: DBG: send apdu: c=00 i=CA p1=00 p2=5E lc=-1 le=65534 em=255
scdaemon[35605]: DBG:   PCSC_data: 00ca005e00fffe
scdaemon[35605]: DBG:  response: sw=9000  datalen=7
scdaemon[35605]: DBG:      dump: 6f64646c616d61
scdaemon[35605]: Version-2+ .....: yes
scdaemon[35605]: Version-3+ .....: yes
scdaemon[35605]: Button .........: yes
scdaemon[35605]: SM-Support .....: no
scdaemon[35605]: Get-Challenge ..: yes (3070 bytes max)
scdaemon[35605]: Key-Import .....: yes
scdaemon[35605]: Change-Force-PW1: yes
scdaemon[35605]: Private-DOs ....: yes
scdaemon[35605]: Algo-Attr-Change: yes
scdaemon[35605]: Symmetric Crypto: no
scdaemon[35605]: KDF-Support ....: yes
scdaemon[35605]: Max-Cert-Len ...: 2048
scdaemon[35605]: PIN-Block-2 ....: no
scdaemon[35605]: MSE-Support ....: no
scdaemon[35605]: Max-Special-DOs : 255
scdaemon[35605]: Cmd-Chaining ...: yes
scdaemon[35605]: Ext-Lc-Le ......: yes
scdaemon[35605]: Status-Indicator: 05
scdaemon[35605]: GnuPG-No-Sync ..: no
scdaemon[35605]: GnuPG-Def-PW2 ..: no
scdaemon[35605]: Key-Attr-sign ..:
scdaemon[35605]: DBG: Curve with OID not supported:  2b06010401da470f01ba
==35605== Invalid read of size 1
==35605==    at 0x484A7C2: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==35605==    by 0x48794E2: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==35605==    by 0x487AEC0: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==35605==    by 0x16567F: get_keyalgo_string (openpgp-oid.c:675)
==35605==    by 0x129253: parse_algorithm_attribute (app-openpgp.c:6251)
==35605==    by 0x133DF5: app_select_openpgp (app-openpgp.c:6483)
==35605==    by 0x1248CE: app_new_register (app.c:766)
==35605==    by 0x1248CE: select_application (app.c:841)
==35605==    by 0x117AFF: open_card_with_request (command.c:281)
==35605==    by 0x117AFF: cmd_serialno (command.c:358)
==35605==    by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5)
==35605==    by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5)
==35605==    by 0x11854C: scd_command_handler (command.c:2521)
==35605==    by 0x114C03: start_connection_thread (scdaemon.c:1202)
==35605==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==35605==
==35605==
==35605== Process terminating with default action of signal 11 (SIGSEGV)
==35605==  Access not within mapped region at address 0x0
==35605==    at 0x484A7C2: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==35605==    by 0x48794E2: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==35605==    by 0x487AEC0: ??? (in /usr/lib64/libgcrypt.so.20.4.1)
==35605==    by 0x16567F: get_keyalgo_string (openpgp-oid.c:675)
==35605==    by 0x129253: parse_algorithm_attribute (app-openpgp.c:6251)
==35605==    by 0x133DF5: app_select_openpgp (app-openpgp.c:6483)
==35605==    by 0x1248CE: app_new_register (app.c:766)
==35605==    by 0x1248CE: select_application (app.c:841)
==35605==    by 0x117AFF: open_card_with_request (command.c:281)
==35605==    by 0x117AFF: cmd_serialno (command.c:358)
==35605==    by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5)
==35605==    by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5)
==35605==    by 0x11854C: scd_command_handler (command.c:2521)
==35605==    by 0x114C03: start_connection_thread (scdaemon.c:1202)
==35605==  If you believe this happened as a result of a stack
==35605==  overflow in your program's main thread (unlikely but
==35605==  possible), you can try to increase the size of the
==35605==  main thread stack using the --main-stacksize= flag.
==35605==  The main thread stack size used in this run was 8388608.
==35605==
==35605== HEAP SUMMARY:
==35605==     in use at exit: 74,623 bytes in 115 blocks
==35605==   total heap usage: 173 allocs, 58 frees, 168,877 bytes allocated
==35605==
==35605== LEAK SUMMARY:
==35605==    definitely lost: 33 bytes in 1 blocks
==35605==    indirectly lost: 0 bytes in 0 blocks
==35605==      possibly lost: 2,907 bytes in 3 blocks
==35605==    still reachable: 71,683 bytes in 111 blocks
==35605==         suppressed: 0 bytes in 0 blocks
==35605== Rerun with --leak-check=full to see details of leaked memory
==35605==
==35605== Use --track-origins=yes to see where uninitialised values come from
==35605== For lists of detected and suppressed errors, rerun with: -s
==35605== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
[1]    35605 segmentation fault (core dumped)  valgrind /usr/libexec/scdaemon --server --disable-ccid --debug cardio

Your Yubikey's firmware version is 5.2.7 - let me see what versions we have in stock to test my fix.

• werner added a commit: rG385f4841330e: scd:openpgp: Fix a segv for cards supporting unknown curves..May 5 2022, 9:55 AM

Ours are even newer (5.4.3). Did you the Yubico tools to switch to curve443?
In any case, is it possible that you apply my fix and test again?

I've applied the patch and can confirm that the segfault is fixed, but gpg still has severe problems communicating with the Yubikey over pcsc-lite.

[No gpg-agent running]

Start gpg-agent
Plug in the Yubikey
pcsc_scan succeeds and reports 1 Yubikey
gpg --card-status succeeds
Remove yubikey (Previous gpg-agent now still running)
Plug in the Yubikey again
pcsc_scan still succeeds and reports 1 Yubikey
gpg --card-status fails on every try with gpg: OpenPGP card not available: Card error

Fixed by killing and restarting gpg-agent. The problem is still perfectly reproducible, so I'll keep my Yubikey at the old version for now until we can find the cause.

For bcdDevice 5.24, I can replicate the symptom, but only once. After second invocation of gpg --card-status, it works well.

The problem is that, for some unknown reason, the data objects for c1, c2, c3 returned were wrong. They must be like:

c1 0b
   16
   2b06010401da470f01
   00
c2 0c
   12
   2b060104019755010501
   00
c3 0b
   16
   2b06010401da470f01
   00

But when it failed, the last byte is not zero.

For my environment, it is not PC/SC-specific. It also occurs when CCID driver is used.

• gniibe claimed this task.May 6 2022, 8:56 AM

• gniibe triaged this task as Normal priority.

• gniibe added a project: scd.

• gniibe added a project: yubikey.May 6 2022, 10:07 AM

I pushed a workaround.

• gniibe added a commit: rG054d14887ef8: scd: Add workaround for ECC attribute on Yubikey..May 6 2022, 11:30 AM

jas removed a subscriber: jas.May 6 2022, 11:31 AM

With the patch and after starting a new gpg-agent, gpg --card-status now works immediately.
But when I re-plug the yubikey, gpg reports gpg: OpenPGP card not available: Card error until either gpg-agent is restarted, or pcscd is restarted.
pcsc-lite in debug mode reports no errors, but one log is obviously much shorter as gpg fails early (I've attached both, same pcscd and gpg-agent instance).

pcsc-lite-freshly-plugged-works.log44 KBDownload

pcsc-lite-replug-fails.log9 KBDownload

The patch rG054d14887ef8: scd: Add workaround for ECC attribute on Yubikey. fixes a particular problem of Yubikey implementation where it returns bogus octet for its data object of C1, C2, and C3.

For another problem of yours, I can't replicate. My environment is on Debian testing and development version of libgcrypt and GnuPG.

• gniibe added a project: backport.May 9 2022, 6:52 AM

I've applied the linked patch, but still experience the error. Most of the times, I cannot access my yubikey at all and I am not sure what is blocking it.
I've tried to include as much debugging output as I could below. Please let me know if there is anything else I can do to debug this.

While a faulty gpg-agent is running as my user (this can also happen immediately after it is killed and restarted), I always get the following outputs for the specified commands:

$ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Yubico YubiKey OTP+FIDO+CCID 00 00
 
Mon May  9 12:46:49 2022
 Reader 0: Yubico YubiKey OTP+FIDO+CCID 00 00
  Event number: 0
  Card state: Card inserted, Exclusive Mode, 
  ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40

ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40
+ TS = 3B --> Direct Convention
+ T0 = FD, Y(1): 1111, K: 13 (historical bytes)
  TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
    43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
+ Historical bytes: 80 73 C0 21 C0 57 59 75 62 69 4B 65 79
  Category indicator byte: 80 (compact TLV data object)
    Tag: 7, len: 3 (card capabilities)
      Selection methods: C0
        - DF selection by full DF name
        - DF selection by partial DF name
      Data coding byte: 21
        - Behaviour of write functions: proprietary
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: C0
        - Command chaining
        - Extended Lc and Le fields
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 1
    Tag: 5, len: 7 (card issuer's data)
      Card issuer data: 59 75 62 69 4B 65 79
+ TCK = 40 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40
	Yubico YubiKey 5 NFC (PKI)
	https://www.yubico.com/product/yubikey-5-nfc

$ gpg --debug-all --card-status
gpg: reading options from '/home/myuser/.gnupg/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [no clock] start
gpg: DBG: chan_3 <- OK Pleased to meet you, process 731337
gpg: DBG: connection to the gpg-agent established
gpg: DBG: chan_3 -> RESET
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttyname=/dev/pts/0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION display=:0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=WAYLAND_DISPLAY=wayland-0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=XDG_SESSION_TYPE=wayland
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-g8ElN9xByY,guid=f5ff6b584fb2429b81f4ac0762751049
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-ctype=C.utf8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-messages=C.utf8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.3.6
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION allow-pinentry-notify
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD GETINFO version
gpg: DBG: chan_3 <- D 2.3.6
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD SERIALNO
gpg: DBG: chan_3 <- S SERIALNO D2760001240100000006152091740000
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> LEARN --sendinfo
gpg: DBG: chan_3 <- ERR 100663404 Card error <SCD>
gpg: OpenPGP card not available: Card error
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/65536 bytes in 0 blocks

If i get lucky (~50% of the time), the gpg-agent starts working and the outputs then change to:

(same for pcsc_scan)

$ gpg --debug-all --card-status
gpg: reading options from '/home/myuser/.gnupg/gpg.conf'
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [no clock] start
gpg: DBG: chan_3 <- OK Pleased to meet you, process 733205
gpg: DBG: connection to the gpg-agent established
gpg: DBG: chan_3 -> RESET
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttyname=/dev/pts/0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION display=:0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=WAYLAND_DISPLAY=wayland-0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=XDG_SESSION_TYPE=wayland
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-g8ElN9xByY,guid=f5ff6b584fb2429b81f4ac0762751049
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-ctype=C.utf8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-messages=C.utf8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.3.6
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION allow-pinentry-notify
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD GETINFO version
gpg: DBG: chan_3 <- D 2.3.6
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD SERIALNO
gpg: DBG: chan_3 <- S SERIALNO D2760001240100000006152091740000
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> LEARN --sendinfo
gpg: DBG: chan_3 <- S PROGRESS learncard k 0 0
gpg: DBG: chan_3 <- S PROGRESS learncard k 0 0
gpg: DBG: chan_3 <- S PROGRESS learncard k 0 0
gpg: DBG: chan_3 <- S UIF-3 %03+
gpg: DBG: chan_3 <- S UIF-2 %03+
gpg: DBG: chan_3 <- S UIF-1 %03+
gpg: DBG: chan_3 <- S KDF %01%00
gpg: DBG: chan_3 <- S SIG-COUNTER 4870
gpg: DBG: chan_3 <- S CHV-STATUS +255+127+127+127+3+0+3
gpg: DBG: chan_3 <- S KEY-TIME 3 1611066944
gpg: DBG: chan_3 <- S KEY-TIME 2 1611066923
gpg: DBG: chan_3 <- S KEY-TIME 1 1611066901
gpg: DBG: chan_3 <- S KEY-FPR 3 3149208FA48CEF74FE4DE5F813E04797A940EB5C
gpg: DBG: chan_3 <- S KEY-FPR 2 EF5C0E983FAB4A68C9D1A1E542559F6DCFDCE345
gpg: DBG: chan_3 <- S KEY-FPR 1 7CCDA9D8F56174609C5ECCB514EFE510775FE39A
gpg: DBG: chan_3 <- S LOGIN-DATA oddlama
gpg: DBG: chan_3 <- S DISP-SEX 9
gpg: DBG: chan_3 <- S DISP-LANG en
gpg: DBG: chan_3 <- S DISP-NAME <<oddlama
gpg: DBG: chan_3 <- S MANUFACTURER 6 Yubico
gpg: DBG: chan_3 <- S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0+si=5+dec=0+bt=1+kdf=1
gpg: DBG: chan_3 <- S APPVERSION 304
gpg: DBG: chan_3 <- S APPTYPE openpgp
gpg: DBG: chan_3 <- S CARDVERSION 50207
gpg: DBG: chan_3 <- S CARDTYPE yubikey
gpg: DBG: chan_3 <- S SERIALNO D2760001240100000006152091740000
gpg: DBG: chan_3 <- S READER Yubico YubiKey OTP+FIDO+CCID 00 00
gpg: DBG: chan_3 <- S KEYPAIRINFO C5D490AD408E56C45C6B3DD3502542A908E6745E OPENPGP.3
gpg: DBG: chan_3 <- S KEYPAIRINFO 04FCFFC3CFA897FA47396FAE3CE6BBCC3E782F28 OPENPGP.2
gpg: DBG: chan_3 <- S KEYPAIRINFO D09E9AD03E1096F5B2B7A8965C059C26B20FC394 OPENPGP.1
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD GETATTR KEY-ATTR
gpg: DBG: chan_3 <- S KEY-ATTR 1 22 Ed25519
gpg: DBG: chan_3 <- S KEY-ATTR 2 18 Curve25519
gpg: DBG: chan_3 <- S KEY-ATTR 3 22 Ed25519
gpg: DBG: chan_3 <- OK
gpg: DBG: [no clock] keydb_new
gpg: DBG: [no clock] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: FPR20: '7CCD A9D8 F561 7460 9C5E  CCB5 14EF E510 775F E39A'
gpg: DBG: internal_keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: internal_keydb_search: searched keybox (resource 0 of 1) => Success
gpg: DBG: [no clock] keydb_search leave (found)
gpg: DBG: [no clock] keydb_get_keyblock enter
gpg: DBG: parse_packet(iob=1): type=6 length=51 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=12 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=13 length=29 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=12 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=2 length=147 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=13 length=36 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=12 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=2 length=144 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=13 length=39 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=12 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=2 length=144 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=14 length=51 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=2 length=239 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=14 length=56 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=2 length=120 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=14 length=51 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=2 length=120 (parse.keydb.c.1161)
gpg: DBG: parse_packet(iob=1): type=12 length=6 (parse.keydb.c.1161)
gpg: DBG: iobuf-1.0: underflow: buffer size: 1357; still buffered: 0 => space for 1357 bytes
gpg: DBG: [no clock] keydb_get_keyblock leave
gpg: DBG: iobuf-2.0: close '?'
gpg: DBG: ecc_verify info: Edwards/Ed25519+EdDSA
gpg: DBG: ecc_verify name: Ed25519
gpg: DBG: ecc_verify    p:+7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed
gpg: DBG: ecc_verify    a:+7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec
gpg: DBG: ecc_verify    b:+52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3
gpg: DBG: ecc_verify  g.X:+216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a
gpg: DBG: ecc_verify  g.Y:+6666666666666666666666666666666666666666666666666666666666666658
gpg: DBG: ecc_verify  g.Z:+01
gpg: DBG: ecc_verify    n:+1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed
gpg: DBG: ecc_verify    h:+08
gpg: DBG: ecc_verify    q: [264 bit]
gpg: DBG:                  40d24679d20e87950db16d0839e1499bf705c43506ab8f99a48b5179ce2b5ee3 \
gpg: DBG:                  4f
gpg: DBG: ecc_verify data: [256 bit]
gpg: DBG:                  9533ff5aa55dc4df98a3b5c9706fb39670ce4b86f050159133eb189daeca1bee
gpg: DBG: ecc_verify  s_r: [256 bit]
gpg: DBG:                  fd68a1c75121a51da92c0fc8ef3336c48e39e5373cf55b9a839c1197f36b9c2f
gpg: DBG: ecc_verify  s_s: [256 bit]
gpg: DBG:                  6d8bc7ede47c505fe1260a9faf7ab015d6e87f1e8f5c8fb75744a1aa9d23a208
gpg: DBG:   e_pk: d24679d20e87950db16d0839e1499bf705c43506ab8f99a48b5179ce2b5ee34f
gpg: DBG:      m: 9533ff5aa55dc4df98a3b5c9706fb39670ce4b86f050159133eb189daeca1bee
gpg: DBG:      r: fd68a1c75121a51da92c0fc8ef3336c48e39e5373cf55b9a839c1197f36b9c2f
gpg: DBG:  H(R+): 8f4624c1461969cd8bfe0c038886f6107f0dab311072538932925aa49a5e7257 \
gpg: DBG:         e76e83f5a8ff95f3183e5408ef5b51cee006258f4d0e3956f1f1c0cafa109a0e
gpg: DBG:      s: 08a2239daaa14457b78f5c8f1e7fe8d615b07aaf9f0a26e15f507ce4edc78b6d
gpg: DBG: ecc_verify    => Good
gpg: DBG: finish_lookup: checking key 84104B0A (one)(req_usage=0)
gpg: DBG: 	using key 775FE39A
gpg: using subkey 0x14EFE510775FE39A instead of primary key 0x503F6C0684104B0A
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= f739a950af4c1dd2e76cc7345f5cb19ffdf1f534
gpg: DBG: chan_3 -> KEYINFO F739A950AF4C1DD2E76CC7345F5CB19FFDF1F534
gpg: DBG: chan_3 <- ERR 67108891 Not found <GPG Agent>
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= d09e9ad03e1096f5b2b7a8965c059c26b20fc394
gpg: DBG: chan_3 -> KEYINFO D09E9AD03E1096F5B2B7A8965C059C26B20FC394
gpg: DBG: chan_3 <- S KEYINFO D09E9AD03E1096F5B2B7A8965C059C26B20FC394 T D2760001240103040006152091740000 OPENPGP.1 - - - - A
gpg: DBG: chan_3 <- OK
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= 04fcffc3cfa897fa47396fae3ce6bbcc3e782f28
gpg: DBG: chan_3 -> KEYINFO 04FCFFC3CFA897FA47396FAE3CE6BBCC3E782F28
gpg: DBG: chan_3 <- S KEYINFO 04FCFFC3CFA897FA47396FAE3CE6BBCC3E782F28 T D2760001240103040006152091740000 OPENPGP.2 - - - - A
gpg: DBG: chan_3 <- OK
gpg: DBG: get_keygrip for public key
gpg: DBG: keygrip= c5d490ad408e56c45c6b3dd3502542a908e6745e
gpg: DBG: chan_3 -> KEYINFO C5D490AD408E56C45C6B3DD3502542A908E6745E
gpg: DBG: chan_3 <- S KEYINFO C5D490AD408E56C45C6B3DD3502542A908E6745E T D2760001240103040006152091740000 OPENPGP.3 - - - - A
gpg: DBG: chan_3 <- OK
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: DBG: [no clock] keydb_release
gpg: DBG: iobuf-1.0: close '?'
gpg: DBG: [no clock] stop
gpg: keydb: handles=1 locks=0 parse=1 get=1
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=1 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=6 cached=6 good=6 bad=0
gpg: objcache: keys=4/4/0 chains=379,1..1 buckets=383/20 attic=252
gpg: objcache: uids=1/1/0 chains=106,1..1 buckets=107/20
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/65536 bytes in 0 blocks
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: D2760001240100000006152091740000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 15209174
Name of cardholder: oddlama
Language prefs ...: en
Salutation .......: 
URL of public key : [not set]
Login data .......: oddlama
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 4870
KDF setting ......: off
UIF setting ......: Sign=on Decrypt=on Auth=on
Signature key ....: 7CCD A9D8 F561 7460 9C5E  CCB5 14EF E510 775F E39A
      created ....: 2021-01-19 14:35:01
Encryption key....: EF5C 0E98 3FAB 4A68 C9D1  A1E5 4255 9F6D CFDC E345
      created ....: 2021-01-19 14:35:23
Authentication key: 3149 208F A48C EF74 FE4D  E5F8 13E0 4797 A940 EB5C
      created ....: 2021-01-19 14:35:44
General key info..: sub  ed25519/0x14EFE510775FE39A 2021-01-19 oddlama <oddlama@oddlama.org>
sec#  ed25519/0x503F6C0684104B0A  created: 2021-01-19  expires: never     
ssb>  ed25519/0x14EFE510775FE39A  created: 2021-01-19  expires: never     
                                  card-no: 0006 15209174
ssb>  cv25519/0x42559F6DCFDCE345  created: 2021-01-19  expires: never     
                                  card-no: 0006 15209174
ssb>  ed25519/0x13E04797A940EB5C  created: 2021-01-19  expires: never     
                                  card-no: 0006 15209174

I examined all log files you gave us, and I think that scdaemon with PC/SC fails to detect the removal of the USB device.

I created new ticket for this problem. Please continue on: T5971: Yubikey: Removal of device is not detected by PC/SC

You have .gnupg/scdaemon.conf with a line disable-ccid, please add following lines for debug log:

debug-all
verbose
verbose
verbose
log-file <SOMEWHERE/scdaemon-pcsc.log>

And please have a look at kernel log for removal of the USB device. In my case, I see something like:

[ 5876.245850] usb 1-4: USB disconnect, device number 8

and then, when I inserted, I see:

[ 5936.065568] usb 1-4: new full-speed USB device number 9 using xhci_hcd
[ 5936.215677] usb 1-4: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.24
[ 5936.215682] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 5936.215684] usb 1-4: Product: YubiKey OTP+FIDO+CCID
[ 5936.215686] usb 1-4: Manufacturer: Yubico
[ 5936.220935] input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4:1.0/0003:1050:0407.0005/input/input17
[ 5936.277998] hid-generic 0003:1050:0407.0005: input,hidraw2: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-4/input0
[ 5936.278897] hid-generic 0003:1050:0407.0006: hiddev0,hidraw3: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-4/input1

• gniibe removed a project: Info Needed.May 10 2022, 3:50 AM

Applied to 2.2 branch, too.

• gniibe added a commit: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute..May 11 2022, 4:23 AM

The change improve error handling for possible other errors by device: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute.

ludovic mentioned this in T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s).May 13 2022, 11:16 AM

• gniibe added a commit: rGa5217c90003c: scd: Add workaround for ECC attribute on Yubikey..May 17 2022, 3:57 AM

• werner mentioned this in T5949: Release GnuPG 2.2.36.Jul 6 2022, 8:30 PM

Fixed in 2.2.36.

And 2.3.7.

• gniibe added a commit: rG225c66f13b87: scd: Fail when no good algorithm attribute..Jul 13 2022, 3:54 AM

• gniibe mentioned this in T6070: Yubikey 5C 'not available: card error' regression.Jul 14 2022, 6:32 AM

• werner mentioned this in T5947: Release GnuPG 2.3.7.Jul 26 2022, 7:40 PM

This is still an issue for me:

gpg (GnuPG) 2.2.41
libgcrypt 1.10.2-unknown

Yubikey Firmware version: 5.4.3

Using disable-ccid so pcscd is used does not help.

If I repeatedly gpgconf -R scdaemon && gpg --card-status I get the mentioned segfault. This behavior is worse without udev running.

thesamesam added a subscriber: thesamesam.Nov 5 2023, 7:43 PM

@desultory Thank you for your report.
Please open a new ticket for your problem. If you can, please show the result of https://dev.gnupg.org/T5963#157724

• gniibe added a commit: rG600e69b46149: scd:openpgp: Fix a segv for cards supporting unknown curves..Nov 7 2023, 9:49 AM

Applied a patch from 2.4/master to 2.2 for SEGV when card gives bogus data. rG600e69b46149: scd:openpgp: Fix a segv for cards supporting unknown curves.

For the particular issue reopened for GnuPG 2.2.41 is fixed in GnuPG 2.2.42.
Please note that we can't fix the cause itself, the hardware problem.

Yubikey: scdaemon causes libc segfault and clashes with ECC keysClosed, ResolvedPublicActions