[PATCH] scd: Improve KDF-DO support

NIIBE Yutaka gniibe at fsij.org
Thu Feb 8 01:19:57 CET 2018


Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr> writes:
> The attached patch fixes two issues:
> - when the KDF-DO algorithm is set to NONE (... 81 01 00 ...), no KDF
> should be applied which is not the case in the current implementation
> where KDF is applied as soon as the bit is set in extended capabilities
> and a DO exists (which is required by the spec) whatever its content
> (which is not compliant with the spec);

I will apply this part.  It's good if you submit this part only, at first.

> - the specification says the KDF-DO is encapsulated in a tag F9 + length
> object, but the current implementation assumes the F9 tag + length are
> not present; so the currently used offsets in the DO buffer must be
> incremented by 2.

My interpretation is different.  It is a constructed DO.  For all other
constructed DOs, OpenPGPcard responds with the constructed DO's
tag+length omitted.  For example, 65 or 6E.  Is F9 special?

More information about the Gnupg-devel mailing list