1 files changed, 20 insertions, 7 deletions

diff --git a/g10/call-agent.c b/g10/call-agent.c
index 19deb73d7..9e510ae98 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -367,7 +367,9 @@ start_agent (ctrl_t ctrl, int flag_for_card)
       if (!(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
         rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
       if (!rc)
-        rc = assuan_transact (agent_ctx, "SCD SERIALNO",
+        rc = assuan_transact (agent_ctx,
+                              opt.flags.use_only_openpgp_card?
+                              "SCD SERIALNO openpgp" : "SCD SERIALNO",
                               NULL, NULL, NULL, NULL,
                               learn_status_cb, &info);
       if (rc && !(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
@@ -740,7 +742,15 @@ learn_status_cb (void *opaque, const char *line)
     }
   else if (keywordlen == 3 && !memcmp (keyword, "KDF", 3))
     {
-      parm->kdf_do_enabled = 1;
+      unsigned char *data = unescape_status_string (line);
+
+      if (data[2] != 0x03)
+        parm->kdf_do_enabled = 0;
+      else if (data[22] != 0x85)
+        parm->kdf_do_enabled = 1;
+      else
+        parm->kdf_do_enabled = 2;
+      xfree (data);
     }
   else if (keywordlen == 5 && !memcmp (keyword, "UIF-", 4)
            && strchr("123", keyword[4]))
@@ -2315,25 +2325,28 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
       return err;
     }
 
-  put_membuf (&data, "", 1); /* Make sure it is 0 terminated.  */
   buf = get_membuf (&data, &len);
   if (!buf)
     return gpg_error_from_syserror ();
-  log_assert (len); /* (we forced Nul termination.)  */
 
-  if (*buf != '(')
+  if (len == 0 || *buf != '(')
     {
       xfree (buf);
       return gpg_error (GPG_ERR_INV_SEXP);
     }
 
-  if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
+  if (len < 12 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)" */
     {
       xfree (buf);
       return gpg_error (GPG_ERR_INV_SEXP);
     }
-  len -= 10;   /* Count only the data of the second part. */
+  while (buf[len-1] == 0)
+    len--;
+  if (buf[len-1] != ')')
+    return gpg_error (GPG_ERR_INV_SEXP);
+  len--; /* Drop the final close-paren. */
   p = buf + 8; /* Skip leading parenthesis and the value tag. */
+  len -= 8;   /* Count only the data of the second part. */
 
   n = strtoul (p, &endp, 10);
   if (!n || *endp != ':')