From 8489b12211098ad58c008cfb74b5cb91849cf68d Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 29 Nov 2016 19:19:45 +0100
Subject: [PATCH] gpgsm: Allow decryption with a card returning a PKCS#1
 stripped key.

* sm/decrypt.c (prepare_decryption): Handle a 16 byte session key.
--

GnuPG-bug-id: 2230
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 sm/decrypt.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sm/decrypt.c b/sm/decrypt.c
index 11c1cf844..a2907f668 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -74,10 +74,12 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
     log_printhex ("pkcs1 encoded session key:", seskey, seskeylen);
 
   n=0;
-  if (seskeylen == 24)
+  if (seskeylen == 24 || seskeylen == 16)
     {
-      /* Smells like a 3-des key.  This might happen because a SC has
-         already done the unpacking. */
+      /* Smells like a 3-DES or AES-128 key.  This might happen
+       * because a SC has already done the unpacking.  A better
+       * solution would be to test for this only after we triggered
+       * the GPG_ERR_INV_SESSION_KEY. */
     }
   else
     {