1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

8725 Commits

Author SHA1 Message Date
Werner Koch
4f6e0e12cb
card: Improve openpgp key writing in "writecert".
* tools/card-keys.c (struct export_key_status_parm_s): New.
(export_key_status_cb): New.
(get_minimal_openpgp_key): New.
* tools/gpg-card.c (cmd_writecert): Allow writing a keyblock directly
from an existing gpg key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 16:25:59 +02:00
Werner Koch
48251cf9a7
gpg: Improve generation of keys stored on card (brainpool,cv25519).
* g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
legacy curves.
(ask_algo): Tweak mapping of ECC to OpenPGP algos
(parse_key_parameter_part): Ditto.
(generate_subkeypair): Create the subkey with the time stored on the
card.
--

This fixes two problems with generating keys from a card:

1. The key usage is now set correctly for brainpool curves.

2. The add-key and --quick-add-key commands now also take the creation
   time from the time stored on the card.  Without that we would need
   to update the creation time and fingerprint already stored on the
   card which is a no-go if another key has already been created using
   that on-card key.

Note: To create a key on a card without an OpenPGP keyblock use
gpg-card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 16:22:42 +02:00
Werner Koch
7558128e16
sm: Fix recently introduced regression in CSR creation.
* sm/certreqgen.c (create_request): Also set SIGKEYLEN.
--

Fixes-commit: 44676819f2873705b78849e7b2fd22214b691642
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 11:21:10 +02:00
NIIBE Yutaka
f3df8dbb69 scd: Fix condition for C5 data object for newer Yubikey.
* scd/app-openpgp.c (compare_fingerprint): Relax the condition.

GnuPG-bug-id: 4957
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-29 11:18:50 +09:00
Werner Koch
2d9592e78f
card: Allow to store and retrieve keyblocks in OpenPGP cards.
* tools/gpg-card.c: Include tlv.h.
(cmd_writecert): Add option --openpgp.
(cmd_readcert): Ditto.
--

We use the CERT object for this and encapsulate the key block in a CMS
object.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-28 15:55:54 +02:00
Werner Koch
ed0759f39b
card: New command "apdu"
* tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
* tools/gpg-card.c (cmd_apdu): New.
(enum cmdids): Add cmdAPDU.
(dispatch_command): Add command "apdu".
(interactive_loop): Ditto.
--

This command is hidden because it can be used to brick a card.  The
command is basically the same as sending "scd apdu" in
gpg-connect-agent but here we do full decoding and printing in hex.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-28 13:00:27 +02:00
Werner Koch
94d31660c6
card: Update card info after "generate".
* tools/gpg-card.c (cmd_generate): Re-read the card on success.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-27 13:48:20 +02:00
Werner Koch
2149676122
scd:openpgp: New KEY-STATUS attribute.
* scd/app-openpgp.c (do_getattr): Return KEY-STATUS
2020-05-27 13:47:13 +02:00
Werner Koch
08310849a2
card: Add command "bye"
* tools/gpg-card.c: Add command "bye" as alias for "quit".
* tools/gpg-connect-agent.c (main): Add "/quit" as alias for "/bye"
2020-05-27 11:43:14 +02:00
Werner Koch
46a3de4b5a
card: Take care of removed and re-inserted cards.
* tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
(cmd_factoryreset): Clear that flag.
(dispatch_command): Set flag after a reset and after a
CARD_NOT_PRESENT error.
--
2020-05-27 11:27:32 +02:00
Werner Koch
c2a47475ba
card: Implement UID command and print capabilities.
* tools/card-call-scd.c (learn_status_cb): Return the full value for
UIF.  Add info about SM, MCL3, and PD.
* tools/gpg-card.h (struct card_info_s): Add corresponding fields.
* tools/gpg-card.c (list_openpgp): Print capabilities.  Print the
permanent flag for UIF.
(cmd_uif): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
Werner Koch
11f0700282
scd:openpgp: Add attribute "UIF" for convenience.
* scd/app-openpgp.c (do_getattr): New attrubute "UIF".
(do_learn_status): Use that.
--

Actually this is not just convenience but will make it easier to add
new keys to an openpgp card - we will need to change this only at one
place.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
Werner Koch
2009088670
scd: Fix Yubikey app switching problem
* scd/app.c (select_all_additional_applications_internal): Re-select
first app.  Add arg 'ctrl'.
--

Usually keygrip based access to the Yubikey does a switching back and
forth and thus keeps the card and scdaemon's internal state in sync.
However, if we do only a listing scdaemon did not reselect the first
application (e.g. OpenPGP) after adding other applications (e.g. PIV)
and thus led to wrong info returned in a listing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
NIIBE Yutaka
510bda7d37 gpg: Clean up ECDH code path (5).
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
encrytion.
(pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
code path in original pk_ecdh_encrypt_with_shared_point here.
* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
* g10/pkglue.c (pk_encrypt): Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:58:21 +09:00
NIIBE Yutaka
64d93271bf gpg: Clean up ECDH code path (4).
* g10/ecdh.c (prepare_ecdh_with_shared_point): New.
(pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
the cipher handle, use prepare_ecdh_with_shared_point.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:44:36 +09:00
NIIBE Yutaka
80c02d13d9 gpg: Clean up ECDH code path (3).
* g10/ecdh.c (derive_kek): New.
(pk_ecdh_encrypt_with_shared_point): Use derive_kek.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:24:38 +09:00
NIIBE Yutaka
a973d91138 gpg: Clean up ECDH code path (2).
* g10/ecdh.c (build_kdf_params): New.
(pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
things before extract_secret_x.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 10:40:47 +09:00
NIIBE Yutaka
960d37644c gpg: Clean up ECDH code path (1).
* g10/ecdh.c (extract_secret_x): New.
(pk_ecdh_encrypt_with_shared_point): Use extract_secret_x.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 10:04:35 +09:00
NIIBE Yutaka
30eef28bc0 dirmngr: dns: Fix allocation of string buffer in stack.
* dirmngr/dns.h (dns_strsection, dns_strclass)
(dns_strtype): Change APIs.
* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
(dns_rr_print): Use __dst for dns_strclass and dns_strtype.
(dns_trace_dump): Likewise.
(dns_ai_print): Use __dst for dns_strtype.
(dns_strsection): Add an argument __dst for storage.
(dns_strclass, dns_strtype): Likewise.
(parse_packet): Use __dst for dns_strsection.
(send_query): Use __dst for dns_strtype.
(isection): Use __dst for dns_strsection.
(iclass): Use __dst for dns_strclass.
(itype): Use __dst for dns_strtype.

GnuPG-bug-id: 4934
Reported-by: Tomas Mraz
Fixes-commit: 455ef62d29a112de05897139716265d07e4c6ae3
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-20 19:44:38 +09:00
Werner Koch
44676819f2
sm: Create ECC certificates with AKI and SKI by default.
* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--
GnuPG-bug-id: 4098

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-19 14:30:24 +02:00
Werner Koch
3cd9dac7e0
common: New function to extract Q from an ECC key.
* common/sexputil.c (get_ecc_q_from_canon_sexp): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-19 14:28:48 +02:00
Werner Koch
6dc3846d78
sm: Support creation of EdDSA certificates.
* sm/misc.c (transform_sigval): Support EdDSA.
* sm/certreqgen.c (create_request): Support EdDSA cert creation.
* sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
hash algos.
* sm/call-agent.c (struct sethash_inq_parm_s): New.
(sethash_inq_cb): New.
(gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
--

Tested using a parameter file

    Key-Type: EdDSA
    Key-Length: 1024
    Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test ed25519

where the keygrip is from a gpg generated Ed25519 key.  ECDSA was
tested using

    Key-Type: ECDSA
    Key-Length: 1024
    Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test nistp256

and RSA using

    Key-Type: RSA
    Key-Length: 2048
    Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test rsa

The command used in all cases is

  gpgsm -v --gen-key --batch  a.parm >a.crt
  gpgsm -v --import <a.crt

More support, in particular in the user interface, is required and
will follow soon.

GnuPG-bug-id: 4888
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-18 19:32:30 +02:00
Werner Koch
b18fb0264a
agent: Allow to use SETHASH for arbitrary data.
* agent/agent.h (struct server_control_s): Add field digest.data.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
* agent/command.c (reset_notify): Ditto.
(start_command_handler): ditto.
(cmd_sethash): Add new option --inquire.
* agent/call-scd.c (agent_card_pksign): For now return an error if
inquire mode was used.
* agent/command-ssh.c (ssh_handler_sign_request): Make sure
digest.data is cleared.
* agent/divert-scd.c (divert_pksign): Implement inquire mode.
* agent/pksign.c (agent_pksign_do): Ditto.
--

This is required to support EdDSA according to RFC8410.

GnuPG-bug-id: 4888
2020-05-18 19:24:41 +02:00
Werner Koch
b1694987bb
sm: Support import and verification of EdDSA certificates.
* sm/certdump.c (gpgsm_get_serial): New.
* sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures.
--

Note that this does not work with the self-signed RFC-8410 sample
certificate; see the code for comments.

The Ed488 case has not been tested due to a lack of support in
Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-13 21:22:28 +02:00
Werner Koch
f44d395bdf
sm: Support signing using ECDSA.
* sm/gpgsm.h (struct certlist_s): Add helper field pk_algo.
* sm/sign.c (gpgsm_sign): Store the public key algo.  Take the hash
algo from the curve.  Improve diagnostic output in verbose mode.
--

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-11 18:41:21 +02:00
Werner Koch
68b857df13
sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
* sm/decrypt.c (ecdh_decrypt): Support
dhSinglePass-stdDH-sha1kdf-scheme.  Factor key derive code out to ...
(ecdh_derive_kek): new global function.  Allow for hashs shorter than
the key.
(hash_ecc_cms_shared_info): Make file-only.
* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
new ecdh_derive_kek.  Add test code to create data using
dhSinglePass-stdDH-sha1kdf-scheme.
* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
--

I did some test against

  Governikus_Signer:       2.9.2.0
  MCard security Provider: 2.4.0
  Algorithm catalog from:  05.12.2019

using a Signature Card v2.0 and a nistp256 certificate.  Encrypting
with Governikus used the stdDH-sha1kdf scheme which we can now
decrypt.  Encrypting with GPGSM uses for that curve the recommended
scheme sha256kdf but Governikus was not able to decrypt this (no
usable error message).  Encrypting using stdDH-sha1kdf with GPGSM by
using the new --debug-force-ecdh-sha1kdf option showed that
Governikus was able to decrypt this.

FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms)
has this requirement:

   Implementations that support EnvelopedData with the
   ephemeral-static ECDH standard primitive:

   - MUST support the dhSinglePass-stdDH-sha256kdf-scheme key
     agreement algorithm, the id-aes128-wrap key wrap algorithm, and
     the id-aes128-cbc content encryption algorithm; and

which Governikus seems not to fulfill.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 18:08:50 +02:00
Werner Koch
439c9b5cb5
sm: Print algorithm infos in data decryption mode.
* common/sexputil.c (cipher_mode_to_string): New.
* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
(gpgsm_decrypt): Show key algo and fingerprint

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 15:21:51 +02:00
Werner Koch
34b628db46
sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA.  Use new pubkey
algo name function

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 15:10:13 +02:00
Werner Koch
a759fa963a
sm: Improve readability of the data verification output.
* sm/verify.c (gpgsm_verify): Print the used algorithms.
--

Note that we now use the full fingerprint instead of the certificate
id.  This better aligns with what we do in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 13:42:51 +02:00
Werner Koch
9496634745
card: Allow listing of NKS cards.
* tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
* tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
chvmaxlen.
* tools/gpg-card.c (list_nks): New.
(print_a_version): Support single part version numbers.
(list_card): Call list_nks.
--

Note that chvmaxlen is not yet used with NKS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 19:47:07 +02:00
Werner Koch
1f6a39092f
scd:nks: Add framework to support IDKey cards.
* scd/app-nks.c (NKS_APP_IDLM): New.
(struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
(do_learn_status): Always send CHV-STATUS.
(find_fid_by_keyref): Basic support for IDLM only use.
(do_learn_status_core): Ditto.
(do_readcert): Ditto.
(verify_pin): Ditto.
(parse_pwidstr): Ditto.
(do_with_keygrip): Ditto.
(switch_application): Ditto.
(app_select_nks): Fallback to IDLM.
--
2020-05-07 19:44:45 +02:00
Werner Koch
549998d1d0
sm: Fix annoying warning about not yet implemented --attribute.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 14:04:43 +02:00
Werner Koch
aecc008acb
scd:nks: Get the PIN prompts right for the Signature Card
* scd/app-nks.c (get_dispserialno): Move more to the top.
(do_getattr): Add $DISPSERIALNO and SERIALNO.  Make CHV-STATUS work
with NKS15.
(verify_pin): Use dedicated min. PIN lengths.
(parse_pwidstr): Support NKS15
--

GnuPG-bug-id: 4938
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 14:03:38 +02:00
Werner Koch
5c29d25e6c
sm: Print the key types as standard key algorithm strings.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
(gpgsm_pubkey_algo_string): New.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--

It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 09:45:49 +02:00
Werner Koch
af45d884aa
scd:nks: Support decryption using ECDH.
* scd/app-nks.c (struct fid_cache_s): Add field 'algo'.
(keygripstr_from_pk_file): Add arg 'r_algo' to return the algo.
(find_fid_by_keyref): Ditto.
(get_dispserialno): New.
(make_prompt): New.
(verify_pin): Provide better prompts.
(do_decipher): Support ECDH.
(parse_pwidstr): Add hack tospecify any pwid..
(do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN.
Provide a better prompt.
--

GnuPG-bug-id: 4938
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 08:18:28 +02:00
Werner Koch
ee6d29f179
sm: Support decryption of ECDH data using a smartcard.
* sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret.
(prepare_decryption): Add arg nbits and pass on.
(gpgsm_decrypt): Pass size of curve to prepare_decryption.
--

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 08:03:26 +02:00
Werner Koch
314859d7e7
scd: Extend an internal function to also return the algo.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_algo.  Change all callers.
(app_help_get_keygrip_string): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-05 08:07:11 +02:00
Werner Koch
1e72a1a218
scd:nks: Add do_with_keygrip and implement a cache.
* scd/app-nks.c (struct fid_cache_s): New.
(struct app_local_s): Add field 'fid_cache'.
(do_deinit): Release the cache.
(keygripstr_from_pk_file): Implement the cache.
(find_fid_by_keyref): New
(do_sign, do_decipher): Use new function.
(do_with_keygrip): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-04 19:01:16 +02:00
Werner Koch
d5051e31a8
sm: Support encryption using ECDH keys.
* sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
* sm/encrypt.c (ecdh_encrypt): New.
(encrypt_dek): Add arg PK_ALGO and support ECDH.
(gpgsm_encrypt): Pass PK_ALGO.
--

Note: This has only been tested with a messages created and decrypted
by GnuPG.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-04 14:58:37 +02:00
Werner Koch
9bc9d0818b
doc: Typo fixes in code comments
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-04 14:55:34 +02:00
Werner Koch
5da6925a33
sm: Add support to export ECC private keys.
* sm/minip12.c [TEST]: Remove test code.  Include util.h, tlv.h. and
openpgpdefs.h.  Remove the class and tag constants and replace them by
those from tlv.h.
(builder_add_oid, builder_add_mpi): New.
(build_key_sequence): Rename to ...
(build_rsa_key_sequence): this.
(build_ecc_key_sequence): New.
(p12_build): Call RSA or ECC builder.
(p12_raw_build): Ditto.
* sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
(sexp_to_kparms): Support ECC.

* sm/t-minip12.c: New to replace the former TEST code in minip12.h.
--

GnuPG-bug-id: 4921
2020-04-27 19:54:39 +02:00
Werner Koch
5ea878274e
common: Add an easy to use DER builder.
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--

Such code should actually go into libksba and we will eventually do
that.  However, for now it is easier to keep it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-24 15:37:48 +02:00
Werner Koch
c03f80dc19
sm: Minor debug output format changes.
--
2020-04-23 10:00:18 +02:00
Werner Koch
95d83cf906
sm: Support decryption of ECDH data.
* sm/decrypt.c: Include tlv.h.
(string_from_gcry_buffer): New.
(hash_ecc_cms_shared_info): New.
(ecdh_decrypt): New.
(prepare_decryption): Support ECDH.  Add arg pk_algo.
(gpgsm_decrypt): Lift some variables from an inner code block.
--

Note: This has only been tested with a single messages created by
OpenSSL and taken from the Mozilla bug tracker.  In particular the
code to included UserKeyingMaterial (ukm) has not been tested.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-23 09:59:13 +02:00
Werner Koch
5d015b38eb
common: Add functions to help create DER objects.
* common/tlv.c (put_tlv_to_membuf): New.
(get_tlv_length): New.
* common/tlv.h: Include membuf.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-23 09:51:15 +02:00
Werner Koch
8dfef5197a
sm: Support import of PKCS#12 encoded ECC private keys.
* sm/minip12.c: Include ksba.h.
(oid_pcPublicKey): New const.
(parse_bag_data): Add arg 'r-curve'.  Support parsing of ECC private
keys.
(p12_parse): Add arg 'r_curve'.
* sm/import.c (parse_p12): Support ECC import.
--

GnuPG-bug-id: 4921
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-21 21:05:39 +02:00
Werner Koch
a6d2f31337
sm: Replace some debug message by log_error or log_info
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-21 21:05:32 +02:00
Werner Koch
f05a32e5c9
scd:nks: Allow retrieving certificates from a Signature Card v.20
* scd/app-nks.c: Major rework to support non-RSA cards.
--

This is a fist step so support this ECC card.  The code has been
reworked while taking care that old cards should keep on working.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-17 16:09:58 +02:00
Werner Koch
3633ca6e21
scd: Detect missing card in "getinfo all_active_apps".
* scd/app.c (send_card_and_app_list): Detect no app case.
--

This is a minor nug fix to return a better error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-17 16:09:54 +02:00
Werner Koch
bbb7edb880
sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
* sm/certchain.c (find_up): Disable external lookups in offline mode.
Always allow AKI lookup if CRLs are also enabled.
--

GnuPG-bug-id: 4898
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 19:05:49 +02:00