* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.

--

This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

--

BTW, we should add a function to read out the entire table so that you
can ask scdaemon for that list.  iirc,  Kleopatra still uses a copy of
the table.

* dirmngr/http.c (EHOSTUNREACH, EAFNOSUPPORT): Define when not
available.
[HTTP_USE_GNUTLS] (my_gnutls_read): Use recv for Windows.
[HTTP_USE_GNUTLS] (my_gnutls_write): Use send for Windows.

--

Reported-by: Eli Zaretskii
GnuPG-bug-id: 5899
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* tests/gpgscm/tests.scm (in-objdir): Move from...
* g13/all-tests.scm: ... here.
* tests/openpgp/all-tests.scm (keyboxd-enabled?): New.
(tests): Enable when keyboxd-enabled?.

--

GnuPG-bug-id: 5966
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
--

This works with my test cards and now reflects what's printed on the
front matter of the card.

* scd/app-p15.c (any_control_or_space): Fix loop.
--

This check is only done to avoid printing wrongly encoded S/N for
human consumption.
e

* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.

--

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info.  Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.

* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
--

Some information from parsing the card are often very helpful.
However, the card_io triggered APDU dumps are in most cases too heavy.
Thus this new debug flag.

* common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL.
--

GnuPG-bug-id: 5963

* tests/gpgscm/ffi.c (do_chdir): Use gpg_error_from_syserror.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* tests/openpgp/run-tests.scm: Check if *args* is null or not.

--

Fixes-commit: ba2f2085

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* tests/openpgp/issue5120.scm: New.

--

GnuPG-bug-id: 5120, 5953
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* kbx/keyboxd.h (kbxd_status_printf): New.
* kbx/backend-support.c (be_return_pubkey): Use kbxd_status_printf.
* kbx/kbxserver.c (kbxd_status_printf): New.
* kbxd_start_command_handler (kbxd_start_command_handler): Don't
use set_assuan_context_func, because the function pointer is
shared by multiple threads.

--

GnuPG-bug-id: 5948
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--

This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.

GnuPG-bug-id: 5936

* tests/gpgscm/init.scm (*exit-status*): New.
(exit): Set *exit-status*.
* tests/gpgscm/tests.scm (mkdtemp-autoremove): Check
exit-status and only remove the directory if not zero.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* tests/openpgp/run-tests.scm: Add GPGSCM_TEST_VARIANT support.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* dirmngr/dirmngr.c (main): Declaration before a statement.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* Makefile.am (TESTS_ENVIRONMENT): Add GNUPG_BUILD_ROOT.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* agent/Makefile.am (module_test): New.
* agent/all-tests.scm: Use module_tests instead of TESTS.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* g13/all-tests.scm: Skip the test by examining $objdir/Makefile.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* tests/openpgp/Makefile.am: Revert the change by DISABLE_REGEXP.
* tests/openpgp/all-tests.scm: Likewise.

--

Fixes-commit: ba247a11

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

--

--

--

--

* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
--

GnuPG-bug-id: 5940, 5946

* sm/verify.c (gpgsm_verify): use gpg_err_code instead of 'rc == -1'
comparison.
--

In ed6ebb69

 (sm: Implement initial support for keyboxd., 2020-09-10),
the return of keydb_search() was changed to use gpg_err_code().  Adjust
gpgsm_verify() to use it.  This provides a nicer error message to users
when a certificate is not found -- the same error that is seen from 2.2.

Prior to this change, when a cert was not found, gpgsm output:

    gpgsm: failed to find the certificate: Not found

as opposed to the more human-readable message from 2.2:

    gpgsm: certificate not found

They now return the same message.
Signed-off-by: Todd Zullinger <tmz@pobox.com>

* agent/gpg-agent.c (main): Mark --supervised as deprecated.
* dirmngr/dirmngr.c (main): Ditto.
--

The supervised thing causes more trouble than it pretends to solve.

* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943

* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.

--

GnuPG-bug-id: 5941
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.

--

OpenPGPcard specification says that it will be rejected by the card
when it's larger.  We have been the check on host side too, but it was
written when it only had a support for RSA-2048.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* g10/keyedit.c (menu_adduid): Move linefeed character to the format
string.
--

This fixes a literal '\n' in the error message and a missing line feed
after the error message.

* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.

--

GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

* scd/app-openpgp.c (do_auth): Use command chaining if available.

--

GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

--

--

--