2021-04-20  Werner Koch  <wk@gnupg.org>

	Release 2.3.1.
	+ commit cbbdb88627fe57ebf02b8b4bf9002d356e57e2e4


	Support log-file option from common.conf for all daemon.
	+ commit 45918813f0599505e4f84bd44b09fb708b4e7f23
	* agent/gpg-agent.c: Include comopt.h.
	(main): Read log-file option from common.conf.
	(reread_configuration): Ditto.
	* dirmngr/dirmngr.c: Include comopt.h.
	(main): Read log-file option from common.conf.
	(reread_configuration): Ditto.
	* kbx/keyboxd.c: Include comopt.h.
	(main): Read log-file option from common.conf.
	(reread_configuration): Ditto.
	* scd/scdaemon.c: Include comopt.h.
	(main): Read log-file option from common.conf.

	gpgconf: Fix a diagnostic output.
	+ commit b657d6c3bd8103d40d511a3293313a891a26a9f5
	* tools/gpgconf-comp.c (gc_component_launch): Fix diagnostic.
	* doc/examples/common.conf: Fix example.

	sm: New command --show-certs.
	+ commit 51419d63415ae2aa029f8829099b6789b264edc5
	* sm/keylist.c (do_show_certs): New.
	(gpgsm_show_certs): New.
	* sm/gpgsm.c (aShowCerts): New.
	(opts): Add --show-certs.
	(main): Call gpgsm_show_certs.

2021-04-19  Werner Koch  <wk@gnupg.org>

	build: Fix build problems on macOS for gpgsm tests and gpg-card.
	+ commit 5fe60576d50f7c857d0a865a9630212422fa1ad1
	* tools/gpg-card.c: Include ctype.h.
	* sm/Makefile.am (t_common_ldadd): Add LIBICONV.

2021-04-19  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>

	build: Allow selection of TSS library.
	+ commit 93c88d0af36b70a406997b40c49bfc14c17b4cd2
	* configure.ac: New option --with-tss to force the use of a
	specific TSS library.

	gpg: Fix showpref to list AEAD feature.
	+ commit 86f446fd446fcc7295ecf6b37a3f4cca45a165f1
	* g10/keyedit.c (show_prefs): Show 'AEAD' if flags.aead is set.

2021-04-19  Werner Koch  <wk@gnupg.org>

	gpg,gpgsm: Move use-keyboxd to the new conf file common.conf.
	+ commit d13c5bc244ce1daed285424d920171fc2bcd7290
	* common/comopt.c, common/comopt.h: New.
	* common/Makefile.am: Add them.
	* g10/gpg.c: Include comopt.h.
	(main): Also parse common.conf.
	* sm/gpgsm.c: Include comopt.h.
	(main): Set a flag for the --no-logfile option.  Parse common.conf.

	* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
	pseudo option "use_keyboxd".
	(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
	(known_options_gpgsm): Remove "use-keyboxd".

	* tests/openpgp/defs.scm (create-gpghome): Create common.conf.

	* doc/examples/common.conf: New.

2021-04-16  Werner Koch  <wk@gnupg.org>

	gpg: Lookup a missing public key of the current card via LDAP.
	+ commit d7e707170fbe2956deb3d81e2802d21352079722
	* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
	key from the current card via LDAP.
	* g10/call-dirmngr.c: Include keyserver-intetnal.h.
	(gpg_dirmngr_ks_get): Rename arg quick into flags.  Take care of the
	new LDAP flag.
	* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
	Replace the use of the value 1 for the former quick arg.
	(KEYSERVER_IMPORT_FLAG_LDAP): New.
	* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
	length.
	* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
	* dirmngr/server.c (cmd_ks_get): Add option --ldap.

	scd:p15: Support attribute KEY-FPR.
	+ commit 30f90fc8574be4c48ac8d3ff41479481414c0dee
	* scd/app-p15.c: Include openpgpdefs.h.
	(struct prkdf_object_s): Add fields have_keytime and ecdh_kdf.
	(read_p15_info): Set ecdh_kdf.
	(keygrip_from_prkdf): Flag that we have the keytime.
	(send_keypairinfo): Send the key time only if valid.
	(send_key_fpr_line): New.
	(send_key_fpr): New.
	(do_getattr): Add KEY-FPR.

	common: New module to compute openpgp fingerprints.
	+ commit 2f2bdd9c0894eb43f719da8b529b4c7a46f742a0
	* common/openpgp-fpr.c: New.
	* common/Makefile.am (common_sources): Add it.

2021-04-13  Werner Koch  <wk@gnupg.org>

	gpg: Do not use self-sigs-only for LDAP keyserver imports.
	+ commit 6c26e593df51475921410ac97e9227df6b258618
	* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
	* g10/options.h (opts): New field expl_import_self_sigs_only.
	* g10/import.c (parse_import_options): Set it.
	* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.

2021-04-13  Jakub Jelen  <jjelen@redhat.com>

	common: Fix memory leaks.
	+ commit a16f726f9404f173705cc3bef71daee38d2c094b
	* common/name-value.c (do_nvc_parse): Free NAME.
	* common/recsel.c (recsel_parse_expr): Release SE_HEAD and EXPR_BUFFER.

	kbx: Fix memory leak.
	+ commit 51bbd99a3c9b09a78e766a312d97a1d40372c6cd
	* kbx/keybox-update.c (blob_filecopy): Goto leave instead of return.

	tools: Fix memory leaks.
	+ commit 4c8be54cc430bbebd41fd7c452ff4ff9e8ff2bd5
	* tools/gpgsplit.c (write_part): Free BLOB on error.

	scd: Fix memory leaks.
	+ commit 7cbe29c4fb4f593e194b6c25cb31633b4a6e0b2b
	* scd/apdu.c (apdu_dev_list_start): Free DL.
	* scd/app-nks.c (pubkey_from_pk_file): Fix typo in condition.

	agent,kbx: Add LIBASSUAN_CLFAGS.
	+ commit cd66b2eb0d34b135175899362e191fff81588608
	* agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS):
	Add LIBASSUAN_CFLAGS.
	* kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS):
	Likewise.

2021-04-12  Werner Koch  <wk@gnupg.org>

	scd:p15: Match private keys with certificates also by labels.
	+ commit ecb9265b8dc03a153044e19be804d4c2d2caa4e8
	* scd/app-p15.c (cdf_object_from_label): New.
	(cdf_object_from_certid): Fallback to label matching.
	(read_p15_info): Ditto.
	(keygrip_from_prkdf): Ditto.  Replace duplicated code by a call to
	cdf_object_from_objid.

2021-04-08  Werner Koch  <wk@gnupg.org>

	scd:nks: Handle APP_READKEY_FLAG_INFO.
	+ commit 63320ba2f8147ee86f4406c9590f6b28cad4771d
	* scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
	(get_nks_tag): New.
	(do_learn_status_core): Use it.  Make sure not to mange the
	KEYPAIRINFO line if no usage is known.
	(do_readkey): Output the KEYPAIRINFO for the keygrip case.

	scd: Fix duplicate output of KEYPAIRINFO by readkey command.
	+ commit 22fd48e48d007a0cba6c8a8f6ad6cb4fe7470534
	* scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
	parm optional.
	* scd/command.c (do_readkey): Remove duplicate output of keypairinfo
	lines.

2021-04-08  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Ed448 and X448 are only for v5.
	+ commit 36355394d865f5760075e62267d70f7a7d5dd671
	* g10/keygen.c (parse_key_parameter_part): Generate with version 5
	packet, when it's Ed448 or X448.

	scd: Fix CCID driver for SCM SPR332/SPR532.
	+ commit ab66c4357595b8a10ca25fd735f439fe795919b2
	* scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
	(ccid_vendor_specific_setup): Only send CLEAR_HALT.
	(ccid_transceive_secure): Each time, use send_escape_cmd.

	common: Fix gnupg_wait_processes, by skipping invalid PID.
	+ commit d82dae5d2229a30dbc78aadc4d544d30dac76a1c
	* common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.

2021-04-07  Werner Koch  <wk@gnupg.org>

	Release GnuPG 2.3.0.
	+ commit c922a798a341261f1aafaf7c1c0217e4ce3e3acf


2021-04-01  Werner Koch  <wk@gnupg.org>

	gpgconf: Return a new pseudo option compliance_de_vs.
	+ commit a78475fbb7b60ca96137fbe179d8b939cfe2cd89
	* tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
	"compliance_de_vs".
	* g10/gpg.c (gpgconf_list): Returh that pseudo option.

	common: Make the compliance check more robust.
	+ commit 1d1ec1146c04415c7051af62e133459a4537c945
	* common/compliance.c (get_compliance_cache): New.
	(gnupg_rng_is_compliant): Use per mode cache.
	(gnupg_gcrypt_is_compliant): Ditto.

	card: New flag --reread for LIST.
	+ commit c727951a2440913bbab5b250c9bd2bb1d35ab0d7
	* tools/gpg-card.c (cmd_list): Add flag --reread.
	* tools/card-call-scd.c (scd_learn): New arg reread.

	* tools/card-call-scd.c (release_card_info): Fix releasing of the new
	label var.

	scd: New flag --reread for LEARN.
	+ commit ff87f4e578f412332ae59fdab016f0a5304baaf9
	* scd/command.c (cmd_learn): Add flag --reread.
	* scd/app-common.h (struct app_ctx_s): New field need_reset.
	* scd/app.c (write_learn_status_core): Set need_reset if we notice an
	error after returning from a reread.  Change all callers of card
	functions to return GPG_ERR_CARD_RESET so that that app is not anymore
	used.

	scd:p15: New flag APP_LEARN_FLAG_REREAD.
	+ commit e17d3f866057543d142d63379fd4f4a36d79147f
	* scd/app-p15.c (do_deinit): Factor code out to ...
	(release_lists, release_tokeninfo): new.
	(read_ef_tokeninfo): Reset all data before reading.
	(read_p15_info): Ditto.
	(do_learn_status): Implement reread flag.

2021-03-31  Werner Koch  <wk@gnupg.org>

	scd: Replace all assert macros by the log_assert macro.
	+ commit 1c16878efd0bcf036f56abef93d64ac41ce9e95b


	build: Require automake 1.16.3.
	+ commit 6ca540715139899137e1f86c7e1dcbd0288f15b3
	* configure.ac (min_automake_version): Bump to 1.16.3

2021-03-31  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit 8d6152a4cfd8a4cf176c01f99e1d49eeecab4367
	* m4/gpg-error.m4: Update from libgpg-error.

2021-03-30  Werner Koch  <wk@gnupg.org>

	card: Print the key's label if available.
	+ commit 0d6f276f61c583d776687029c715b1ee4280e4ed
	* tools/gpg-card.h (struct key_info_s): Add field 'label'.
	* tools/card-call-scd.c (learn_status_cb): Parse KEY-LABEL.
	(scd_learn): Always request KEY-LABEL.
	* tools/gpg-card.c (nullnone): New.
	(list_one_kinfo, list_card): Use it.  Print the label.

	scd:p15: Return labels for keys and certificates.
	+ commit 7f9126363265a6b6fe4223d68fc4e87678c4ddfc
	* scd/app-p15.c (send_certinfo): Extend certinfo.
	(do_getattr): Support KEY-LABEL.

	scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.
	+ commit 651c07a7301c33229af051d83edbf898bae52e8b
	* scd/app-p15.c (verify_pin): Take care of verify status.

	scd:p15: Return the creation time of the keys.
	+ commit de4d3c99aa58ee06ae978d59e7e3aa7bace1c440
	* scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr.
	(keygrip_from_prkdf): Set them.
	(send_keypairinfo): Extend KEYPAIRINFO.

2021-03-30  NIIBE Yutaka  <gniibe@fsij.org>

	build: Fix for make distcheck, no EPS support.
	+ commit d1bac0a3be7081a4bfc7f813f9d626e1396ad5c1
	* Makefile.am (AM_DISTCHECK_DVI_TARGET): Specify 'pdf'.
	* doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Remove EPS files.
	(gnupg.dvi): Remove.

2021-03-29  Werner Koch  <wk@gnupg.org>

	scd:p15: Make RSA with SHA512 work with CardOS.
	+ commit 592f48011790e30d4bcfd9093eb58b786c8c9a8b
	* scd/app-p15.c (do_sign): Rewrite.

	agent: Skip unknown unknown ssh curves seen on cards.
	+ commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304
	* agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
	curves.

	scd:p15: Support ECDSA and ECDH for CardOS.
	+ commit a494b29af9cc9c4c8c8323bae20e845d5a390448
	* scd/iso7816.c (iso7816_pso_csv): New.
	* scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
	needed.

	* scd/app-p15.c (CARD_PRODUCT_RSCS): New.
	(struct prkdf_object_s): Add fields is_ecc, token_label, and
	tokenflags.
	(do_deinit): Free new fields.
	(cardproduct2str): New.
	(read_ef_prkdf): Set new is_ecc flag.
	(read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
	(read_p15_info): here.  set the product info here after all data has
	been gathered.
	(send_keypairinfo): Chnage the way the gpgusage flags are used.
	(make_pin_prompt): If the token has a label and the current cert has
	no CN, show the label as holder info.
	(do_sign): Support ECDSA.  Take care of the gpgusage flags.
	(do_decipher): Support ECDH.  Take care of the gpgusage flags.

	gpg: Allow ECDH with a smartcard returning just the x-ccordinate.
	+ commit f129b0e97730b47d62482fba9599db39b526f3d2
	* g10/ecdh.c (extract_secret_x): Add extra safety check. Allow for
	x-only coordinate.

2021-03-28  Werner Koch  <wk@gnupg.org>

	gpgconf: Do not i18n an empty string to the PO files meta data.
	+ commit 18d884f8411a0ca263a8aa588bb49eb0dae9ee19
	* tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.

2021-03-26  Werner Koch  <wk@gnupg.org>

	tests: Make sure the built keyboxd is used by the tests.
	+ commit a5e72b663b3649c939d32d6526b5e2b3347dedd9
	* tests/openpgp/defs.scm (tool): Add keyboxd.
	* tests/openpgp/setup.scm: Ditto.

	gpgconf: Fix another argv overflow if --homedir is used.
	+ commit 057131159b445d2d49392e95c677ad7b4cd4ae9c
	* tools/gpgconf-comp.c (gc_component_check_options): Increase array.

	gpgconf: Fix argv overflow if --homedir is used.
	+ commit d3d57a1bc88ece0c12c91f54b089482cce92c5a0
	* tools/gpgconf-comp.c (gc_component_launch): Fix crasg due to too
	small array.
	(gpg_agent_runtime_change): Fix error message.
	(scdaemon_runtime_change): Ditto.
	(tpm2daemon_runtime_change): Ditto.
	(dirmngr_runtime_change): Ditto.
	(keyboxd_runtime_change): Ditto.

	agent: Add debug output for failed RSA signature verification.
	+ commit 6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281
	* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
	and print some debug info in the error case.

	common: New function to uncompress an ECC public key.
	+ commit 935765b451aadc63fbba763a4a00f4efa0254436
	* common/sexputil.c (ec2os): New.
	(uncompress_ecc_q_in_canon_sexp): New.

	* common/t-sexputil.c (fail2): new.
	(test_ecc_uncompress): New.
	(main): Run new test.

2021-03-26  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix PC/SC error handling at apdu_dev_list_start.
	+ commit d4e5979c630c2960cf1fd5796f1060419e71cb04
	* scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): Add.
	(pcsc_error_to_sw): Handle PCSC_E_NO_READERS_AVAILABLE.
	(apdu_dev_list_start): Return error correctly.

2021-03-24  Werner Koch  <wk@gnupg.org>

	card: Add option --use-default-pin to command "login".
	+ commit 73bad368dacf5334bf78af15b243d06fd1273849
	* tools/gpg-card.c (cmd_login): Add option.

	scd:p15: Make $SIGNKEY et al determination more fault tolerant.
	+ commit 964363e788210f96a471e31ffa8fd17b534c0aa8
	* scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out
	the keys to use.

2021-03-24  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Fix v5 signature for clearsign.
	+ commit 14ef703ad65850fa22d394c4d521ba602ff2cc8d
	* g10/sign.c (clearsign_file): Prepare EXTRAHASH.

	gpg: Support ECDH with v5 key.
	+ commit 90a5b4e648b3c8a6fe645df7e61654dfdb3548be
	* g10/ecdh.c (build_kdf_params): Use the first 20 octets.
	* g10/pkglue.c (pk_encrypt): Remove length check to 20.
	* g10/pubkey-enc.c (get_it): Likewise.

2021-03-23  Werner Koch  <wk@gnupg.org>

	gpgconf: Fix listing of default_pubkey_algo.
	+ commit a107b24ddb45c9eef432d456f302c1acea3af27c
	* tools/gpgconf-comp.c (known_options_gpg, known_options_gpgsm): No
	flags needed for pseudo options.
	(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
	(gc_component): Add field known_pseudo_options.
	(struct read_line_wrapper_parm_s): New.
	(read_line_wrapper): New.
	(retrieve_options_from_program): Use read_line_wrapper to handle
	pseudo options.

2021-03-22  Werner Koch  <wk@gnupg.org>

	kbxd: Group the options.
	+ commit ed82ef91459f72b955f4e342ab88a7a0949c436b
	* kbx/keyboxd.h (opt): Remove unused field 'batch'.
	* kbx/keyboxd.c (opts): Remove --batch.  Add group descriptions.

2021-03-22  NIIBE Yutaka  <gniibe@fsij.org>

	gpg: Support exporting Ed448 SSH key.
	+ commit 1524a942b645d9facbedd9ed4a472e343838b6a1
	* common/openpgp-oid.c (oid_ed448, openpgp_oidbuf_is_ed448): New.
	(openpgp_oid_is_ed448): New.
	* common/util.h (openpgp_oid_is_ed448): New.
	* g10/export.c (export_one_ssh_key): Support Ed448 key.

	gpg: Fix exporting SSH key.
	+ commit 0b45c5a9941094bd4529c3bf5b1cb8ce2584b9a4
	* g10/export.c (export_one_ssh_key): Finish base 64 encoder before
	writing out the comment string.

2021-03-19  Werner Koch  <wk@gnupg.org>

	card: Support OpenPGP.1 and OpenPGP.2 for readcert and writecert.
	+ commit 475644e049436c49de7620a1539515479ad2aa4f
	* tools/gpg-card.c (cmd_writecert): Allow the other key references.
	(cmd_readcert): Ditto.

	scd:openpgp: Allow reading and writing user certs for keys 1 and 2.
	+ commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f
	* scd/iso7816.c (CMD_SELECT_DATA): New.
	(iso7816_select_data): New.
	* scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2
	(do_writecert): Ditto.
	(do_setattr): Add CERT-1 and CERT-2.

	scd:openpgp: Rename an internal variable.
	+ commit bbdb48ec0ddd99ce23fcba42949c00a2594fb9a5
	* scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/.
	s/max_certlen_3/max_certlen.  Change users.

	scd:openpgp: Small speedup reading card properties.
	+ commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19
	* scd/app-openpgp.c (struct app_local_s): Add new flag.
	(get_cached_data): Force chace use if flag is set.
	(app_select_openpgp): Avoid reading DO 6E multiple times.

2021-03-18  Werner Koch  <wk@gnupg.org>

	scd:p15: Allow to use an auth object label with cmd CHECKPIN.
	+ commit 85082a83c2c1bda50fe6b7aa2ac68cef4faca4c7
	* scd/app-p15.c (prepare_verify_pin): Allow for PRKDF to be NULL.
	(make_pin_prompt): Ditto.
	(verify_pin): Ditto.
	(do_check_pin): Allow using the Label to specify a PIN.

	card: Print PIN descriptions and fix number of printed retry counters.
	+ commit 1ac189f2df6cedab3a133baca69558fdf6a908d4
	* tools/gpg-card.h (struct card_info_s): Add fields nmaxlen, nchvinfo,
	and chvlabels.
	* tools/card-call-scd.c (release_card_info): Free chvlabels.
	(learn_status_cb): Parse CHV-LABEL.  Set nmaxlen and nchvinfo.
	* tools/gpg-card.c (list_retry_counter): Print CHV labels.

	scd:p15: New attribute CHV-LABEL.
	+ commit ef29a960bf06005c34093cd9a6bca5a202ed359a
	* scd/app-p15.c (parse_common_obj_attr): Map spaces in the lapel to
	underscores.
	(read_ef_aodf): Prettify printing of the type.
	(do_getattr): New attribute CHV-LABEL
	(do_learn_status): Emit CHV-LABEL.
	(verify_pin): Distinguish the PIN prompts.

	agent: Simplify a function.
	+ commit 26215cb211ad93ad9cc51fb4f8257b9e3c254a4e
	* agent/findkey.c (agent_public_key_from_file): Use a membuf instead
	of handcounting space.

2021-03-16  Werner Koch  <wk@gnupg.org>

	scd:p15: Implement CHV-STATUS attribute.
	+ commit bf1d7bc3697c7d650994ba94d3704af189594657
	* scd/command.c (send_status_direct): Return an error.
	* scd/app-p15.c (do_learn_status): Emit CHV-STATUS.
	(compare_aodf_objid): New.
	(do_getattr): Implement CHV-STATUS.

	card: Generalize the CHV counter printing.
	+ commit e4c2d7be22ffb47b41a3b6c1152bd75dceed74e2
	* tools/gpg-card.c (list_retry_counter): New.  Factored out from the
	other functions.
	(cmd_verify): Re-read the chv status.

2021-03-16  Damien Goutte-Gattat via Gnupg-devel  <gnupg-devel@gnupg.org>

	build: Check for the IBM TSS tools to run the tpm2d tests.
	+ commit c0f50811fcf81e5ebe2df326342081cfdacfbbfc
	* configure.ac (TEST_LIBTSS): Make that conditional depend on the
	detection of tssstartup.

	build: Fix distcheck when tpm2dtests are run.
	+ commit ad481666ea6ef3743041ec6d043a3e6901ebab33
	* tests/tpm2dtests/Makefile.am (EXTRA_DIST): Distribute test files.
	(CLEANFILES): Make sure to remove log files.

2021-03-15  James Bottomley  <James.Bottomley@HansenPartnership.com>

	tests:tpm2d: add missing start_sw_tpm.sh script.
	+ commit a788f2e8306d80f7f3df34eb62ec7ce1a62d48e1
	* tests/tpm2dtests/start_sw_tpm.sh: New.
	* tests/tpm2dtests/Makefile.am: Add.

2021-03-15  Werner Koch  <wk@gnupg.org>

	gpg: New option --no-auto-trust-new-key.
	+ commit 1523b5f76f6e600c4f2d153b49a807ff2dc8d268
	* g10/gpg.c (oNoAutoTrustNewKey): New.
	(opts): Add --no-auto-trust-new-key.
	(main): Set it.
	* g10/options.h (opt): Add flags.no_auto_trust_new_key.

	build: new option to disable building of tpm2daemon.
	+ commit 8d6123faa8cae0bad6f82c9021e9ac6686b2f55d
	* configure.ac (build_tpmd): New configure option --disable-tpm2d
	(BUILD_WITH_TPM2D): New.
	* Makefile.am (tests): Use conditionally BUILD_TPM2D instead of
	HAVE_LIBTSS.
	* build-aux/speedo.mk (speedo_pkg_gnupg_configure) [W32]: Do not build
	tpm2d.
	* autogen.rc: Ditto.

2021-03-15  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Add handling of Ed448 key.
	+ commit b743942a9719be59f1da67cd338248fe7ee5aeab
	* scd/app-openpgp.c (struct app_local_s): Add ecc.algo field.
	(send_key_attr): Use ecc.algo field.
	(ecc_read_pubkey): Use ecc.algo field.
	(ecc_writekey): Ed448 means EdDSA.
	(parse_algorithm_attribute): Set ecc.algo field from card.
	Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag.

	scd: Fix count_sos_bits handling.
	+ commit f482e4bd121ff2862bfb53a82f1d5c2cf3524a10
	* scd/app-openpgp.c (count_sos_bits): Handle an exceptional case.

	common: Fix the NBITS of Ed448in OIDTABLE.
	+ commit 373b52e69a6ca609a663a0c4a018358fdf52dc7e
	common/openpgp-oid.c (oidtable): Ed448 uses 456-bit signature.

2021-03-12  Werner Koch  <wk@gnupg.org>

	scd: New option --pcsc-shared.
	+ commit 5732e7a8e97cebf8e850c472e644e2a9b040836f
	* scd/scdaemon.h (opt): Add field opcsc_shared.
	* scd/scdaemon.c (opcscShared): New.
	(opts): Add "--pcsc-shared".
	(main): Set flag.
	* scd/apdu.c (connect_pcsc_card): Use it.
	(pcsc_get_status): Take flag in account.
	* scd/app-openpgp.c (cache_pin): Bypass in shared mode.
	(verify_chv2: Do not auto verify chv1 in shared mode.
	* scd/app-piv.c (cache_pin): By pass caceh in shared mode.

2021-03-12  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix computing fingerprint for ECC with SOS.
	+ commit 95156ef9bfb6a3a525454d50ae2f5b538ccbd774
	* scd/app-openpgp.c (count_sos_bits): New.  Count as sos_write does.
	(store_fpr): For ECC, use count_sos_bits.

	gpg: Fix compute_fingerprint for ECC with SOS.
	+ commit cfc1497efa8c98cf490f5efc9b280a6ec44514bd
	* g10/keyid.c (hash_public_key): Tweak NBITS just as sos_write does.

2021-03-11  Valtteri Vuorikoski  <vuori@notcom.org>

	scd:piv: Improve APT parser compatibility.
	+ commit 8cad11d13b15b0ef672545b06450dfbea1fef18e
	* scd/app-piv.c (app_select_piv): Allow for full AID.

2021-03-11  Werner Koch  <wk@gnupg.org>

	gpg: New option --force-sign-key.
	+ commit fe02ef04500c1b35cd27132fb99ac1961f555193
	* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
	(main): Set it.
	* g10/options.h (opt): New flag flags.force_sign_key.
	* g10/keyedit.c (sign_uids): Use new flag.

2021-03-11  James Bottomley via Gnupg-devel  <gnupg-devel@gnupg.org>

	tpmd2: Add Support for the Intel TSS.
	+ commit b9c560e3a400da83073b232ee12fae090b21d20c
	* configure.ac: Check for Intel TSS.
	* tpm2d/intel-tss.h: New.
	* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.

2021-03-10  James Bottomley  <James.Bottomley@HansenPartnership.com>

	tpm2d: add tests for the tpm2daemon.
	+ commit 6720f1343aef9342127380b155c19e12c92d65ac
	* configure.ac: Detect TPM emulator and enable tests.
	* tests/tpm2dtests/: New test suite.
	* tests/Makefile.am: Run tests.

	gpg: Add new command keytotpm to convert a private key to TPM format.
	+ commit 92b601fceec7da64939591001dba94e202f6e6a0
	* agent/command.c (cmd_keytotpm): New.
	(agent/command.c): Register new command KEYTOTPM.
	* g10/call-agent.c (agent_keytotpm): New.
	* g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
	(keyedit_menu): Implement.

	agent: Add new shadow key type and functions to call tpm2daemon.
	+ commit 1f995b9ba42b76c1d83b484e5362548a54a70dab
	* agent/call-tpm2d.c: New.
	* divert-tpm2.c: New.
	* agent/Makefile.am: Add new files.
	* agent/agent.h (DAEMON_TPM2D): New.  Add stub fucntions.
	* agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
	* agent/command.c (do_one_keyinfo): Handle tpmv2.
	* agent/gpg-agent.c (oTpm2daemonProgram): New.
	(opts): New option --tpm2daemon-program.
	(parse_rereadable_options): Handle option.
	* agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
	(agent_pksign_do): Ditto.
	---

	A new shadow key type: "tpm2-v1" is introduced signalling that the
	shadowed key is handled by the tpm2daemon.  A function to identify
	this type is introduced and diversions to the tpm2daemon functions are
	conditioned on this function for pkign and pkdecrypt where the same
	diversions to scd are currently done.  The (info) field of the
	shadowed key stores the actual TPM key.  The TPM key is encrypted so
	only the physical TPM it was created on can read it (so no special
	protection is required for the info filed), but if the (info) field
	becomes corrupt or damaged, the key will be lost (unlike the token
	case, where the key is actually moved inside the token).

	Note, this commit adds handling for existing TPM format shadow keys,
	but there is still no way to create them.


	Additional changes:
	* Add ChangeLog entries.
	* Some minor indentation fixes.
	* agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
	  work.
	* agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
	  gpg_error_t.  Mark args as unused.
	* agent/protect.c (agent_is_tpm2_key): Free BUF.

	tpm2d: Add tpm2daemon code.
	+ commit 62a7854816b8f3661fb41f05463289e5b96663ee
	* tpm2d: New directory.
	* Makefile.am (SUBDIRS): Add directory.
	* configure.ac: Detect libtss and decide whether to build tpm2d.
	* am/cmacros.am: Add a define.
	* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
	* common/homedir.c (gnupg_module_name): Add tpm2d.
	* common/mapstrings.c (macros): Add "TPM2DAEMON".
	* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
	* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
	(gc_component): Add TPM2.
	(tpm2daemon_runtime_change): New.
	* tpm2d/Makefile.am: New.
	* tpm2d/command.c: New.
	* tpm2d/ibm-tss.h: New.
	* tpm2d/tpm2.c: New.
	* tpm2d/tpm2.h: New.
	* tpm2d/tpm2daemon.c: New.
	* tpm2d/tpm2daemon.h: New.

	---
	This commit adds and plumbs in a tpm2daemon to the build to mirror the
	operation of scdaemon.  The architecture of the code is that
	tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
	updated function prefixes (this argues there could be some further
	consolidation of the daemon handling code).  Note that although this
	commit causes the daemon to be built and installed, nothing actually
	starts it or uses it yet.

	Command handling
	----------------

	command.c is copied from the command handler in scd.c except that the
	command implementation is now done in terms of tpm2 commands and the
	wire protocol is far simpler.  The tpm2daemon only responds to 4
	commands

	IMPORT:    import a standard s-expression private key and export it to
	           TPM2 format.  This conversion cannot be undone and the
	           private key now can *only* be used by the TPM2.  To anyone
	           who gets hold of the private key now, it's just an
	           encrypted binary blob.

	PKSIGN:    create a signature from the tpm2 key.  The TPM2 form private
	           key is retrieved by KEYDATA and the hash to be signed by
	           EXTRA.  Note there is no hash specifier because the tpm2
	           tss deduces the hash type from the length of the EXTRA
	           data.  This is actually a limitation of the tpm2 command
	           API and it will be interesting to see how this fares if the
	           tpm2 ever supports say sha3-256 hashes.

	PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
		   The tpm2 for private key is retrieved by KEYDATA and the
		   information used to create the symmetric key by EXTRA.

	KILLTPM2D: stop the daemon

	All the tpm2 primitives used by command.c are in tpm2.h and all the
	tpm2 specific gunk is confined to tpm2.c, which is the only piece of
	this that actually does calls into the tss library.


	Changes from James' patch:

	- gpgconf: The displayed name is "TPM" and not "TPM2".  That
	  string is used by GUIs and should be something the user
	  understands.  For example we also use "network" instead
	  of "Dirmngr".
	- Removed some commented includes.
	- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
	- Silenced a C90 compiler warning and flags unused parameters.
	- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
	  files so that make distcheck works.

2021-03-10  Werner Koch  <wk@gnupg.org>

	scd:p15: Support special extended usage flags for OpenPGP keys.
	+ commit 08b5ac492afc6c6e7eaaa1f70d67c81cbda2c9be
	* scd/app-p15.c (struct gpgusage_flags_s): New.
	(struct prkdf_object_s): Add field gpgusage.
	(struct app_local_s): Add field any_gpgusage.
	(dump_gpgusage_flags): New.
	(read_p15_info): Parse athe gpgusage flags.
	(do_getattr): Take care of the gpgusage flags.

2021-03-08  Werner Koch  <wk@gnupg.org>

	sm: Init nPth which might be used by some helper code.
	+ commit a4021d9be4aeac7429bf6a8e9f336dbb62cacfc4
	* sm/gpgsm.c: Include npth.h.
	(main): Init nPth.

	w32: Cleanup use of pid_t in call-daemon.
	+ commit 33c492dcb955bff01fffae31fb7750f88e07b8ff
	* agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
	use HANDLE for pid_t.
	(wait_child_thread): Ditto.

	w32: Change spawn functions to use Unicode version of CreateProcess.
	+ commit cf2f6d8a3f0594c03c383b4989a3041e9c4536d7
	* common/exechelp-w32.c (gnupg_spawn_process): Change to use
	CreateProcessW.
	(gnupg_spawn_process_fd): Ditto.
	(gnupg_spawn_process_detached): Ditto.
	* g10/exec.c (w32_system): Ditto.

2021-03-08  NIIBE Yutaka  <gniibe@fsij.org>

	scd: Fix for X448.
	+ commit fc99f77b14b6c2cdfb547607651922c16863dcf0
	* scd/app-openpgp.c (do_decipher): Support with no prefix.

2021-03-05  Werner Koch  <wk@gnupg.org>

	w32: Always use Unicode for console input and output.
	+ commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8
	* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
	UTF-8 for input and putput.  Switch gettext to UTF-8.
	* tools/gpgconf.c (main): Display the input and output codepage if
	they differ.
	* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.

	w32: Free memory allocated by new function w32_write_console.
	+ commit 31b708e268ebb725307856865f34a61670a35586
	* common/ttyio.c (w32_write_console): Free buffer.

	common,w32: Allow Unicode input and output with the console.
	+ commit f165c8a737cc968554c9d78932c69869456108ff
	* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
	(w32_write_console): New.
	(tty_printf, tty_fprintf) [W32]: Use new function.

	common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
	+ commit 8622f53994249d8fb49a488cfe480ffbeb8cbfba
	* common/ttyio.c: Remove cruft like EMX and RISCOS support.  Translate
	a few strings.  Re-indent.

2021-03-04  Werner Koch  <wk@gnupg.org>

	common: Rename w32-misc.c to w32-cmdline.c.
	+ commit 7262d602d802c4a3840097d5de217fcfb9728b49
	* common/w32-misc.c: Rename to ....
	* common/w32-cmdline.c: this.
	* common/Makefile.am: Adjust.

	common,w32: Implement globing of command line args.
	+ commit 089c9439674e8ecbc64f0ba924e6fb447bbc2b9d
	* common/w32-misc.c [W32]: Include windows.h
	(struct add_arg_s): New.
	(add_arg): New.
	(glob_arg): New.
	(parse_cmdstring): Add arg argvflags and set it.
	(w32_parse_commandline): Add arg r_itemsalloced.  Add globing.

	* common/init.c (prepare_w32_commandline): Mark glob created items as
	leaked.

	* common/t-w32-cmdline.c : Include windows.h
	(test_all): Add simple glob test for Unix.
	(main): Add manual test mode for Windows.

	common,w32: Refine the command line parsing for \ in quotes.
	+ commit 20c60076866904187a09393de596deef286116f8
	* common/t-w32-cmdline.c (test_all): Add new test cases.
	* common/w32-misc.c (strip_one_arg): Add arg endquote.
	(parse_cmdstring): Take care of backslashes in quotes.

	gpg: Prepare for globing with UTF-8.
	+ commit 8e15506d6680bbee85bc01453da28fc90b4cb673
	* g10/gpg.c (_dowildcard): Remove.
	(my_strusage): Enable wildcards using our new system.

	common: First take on handling Unicode command line args.
	+ commit deb6c94362c0f179de1cac18707aad2f51a21e10
	* common/w32-misc.c: New.
	* common/t-w32-cmdline.c: New.
	* common/init.c: Include w32help.h.
	(prepare_w32_commandline): New.
	(_init_common_subsystems) [W32]: Call prepare_w32_commandline.

	* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
	(module_tests): Add t-w32-cmdline
	(t_w32_cmdline_LDADD): New.

2021-03-01  Nicolas Fella via Gnupg-devel  <gnupg-devel@gnupg.org>

	gpg: Keep temp files when opening images via xdg-open.
	+ commit be2da244565822ad1f268f84dc88a23e5aa8d26a
	* g10/photoid.c (get_default_photo_command): Change parameter for
	xdg-open.

2021-02-25  Werner Koch  <wk@gnupg.org>

	scd:p15: Read out the access flags.
	+ commit d51a5ca1084c69c0ed304126a7aaa0a648b2eba6
	* scd/app-p15.c (struct keyaccess_flags_s): New.
	(struct prkdf_object_s): Add field accessflags.
	(dump_keyusage_flags): New.
	(dump_keyaccess_flags): New.
	(parse_keyaccess_flags): New.
	(parse_common_key_attr): Return access flags.
	(read_ef_prkdf): Parse the access flags.  Allow for ECkeys.
	(read_ef_pukdf): Ditto.  Use new functions for printing.
	(read_p15_info): Use new fucntion for printing.

	sm: Do not print certain issuer not found diags in quiet mode.
	+ commit a170f0e73f38e474b6d4463433fe344eca865fa5
	* sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
	verbose mode.  Do not print issuer not found diags in quiet mode.
	* sm/minip12.c (parse_bag_data): Add missing verbose condition.

	sm: Fix issuer certificate look error due to legacy error code.
	+ commit 473b83d1b9efe51fcca68708580597dddf3f50b7
	* sm/certchain.c (find_up): Get rid of the legacy return code -1 and
	chnage var name rc to err.
	(gpgsm_walk_cert_chain): Change var name rc to err.
	(do_validate_chain): Get rid of the legacy return code -1.

2021-02-24  Werner Koch  <wk@gnupg.org>

	scd:p15: Get the label value of all objects for better diagnostics.
	+ commit cfdaf2bcc85b3b6f16904006f239b400a3487ff8
	* scd/app-p15.c (struct cdf_object_s): Add fields authid, authidlen,
	and label.
	(struct prkdf_object_s): Add field label.
	(struct aodf_object_s): Ditto.
	(release_cdflist): Free new fields.
	(release_prkdflist): Free new field.
	(release_aodf_object): Ditto.
	(parse_common_obj_attr): Return the label.
	(read_ef_prkdf): Store the label.
	(read_ef_pukdf): Ditto.
	(read_ef_cdf): Use parse_common_obj_attr and store authid and label.
	Print them im verbose mode.
	(read_ef_aodf): Store the label and print it.

	sm: Silence some output on --quiet.
	+ commit 615d2e4fb15859320ea0ebec1bb457c692c57f0a
	* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
	* sm/gpgsm.c: Include minip12.h.
	(set_debug): Call p12_set_verbosity.
	* sm/import.c (parse_p12): Dump keygrip only in debug mode.
	* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
	(parse_bag_encrypted_data): Print info messages only in verbose mode.

2021-02-23  Werner Koch  <wk@gnupg.org>

	scd:p15: Make it code work again for D-Trust cards.
	+ commit 33aaa37e5bc0beb75305cdf9d8be850daccaee5e
	* scd/app-p15.c (select_and_read_binary): Allow to skip the select.
	(select_and_read_record): Return the statusword.  Silence error
	message for SW_FILE_STRUCT.
	(select_ef_by_path): Fix selection with a home_DF.
	(read_first_record): Fallback to read_binary for CardOS and return
	info about this.
	(read_ef_prkdf): Use info from read_first_record to decide whether to
	use record or binary mode.
	(read_ef_pukdf): Ditto.
	(read_ef_aodf): Ditto.
	(read_ef_cdf): Ditto.  New arg cdftype for diagnostics.
	(read_p15_info): Pass cdftype.

	* scd/apdu.h (SW_FILE_STRUCT): New.
	* scd/apdu.c (apdu_strerror): Map that one to a string.
	* scd/iso7816.c (map_sw): and to a gpg-error.

2021-02-22  Werner Koch  <wk@gnupg.org>

	scd: Fix readkey --info in case a readkey command is available.
	+ commit 2490f4e8e1d1feecb44aefa79bd71f5f8b06c9a4
	* scd/command.c (do_readkey): Make --info also work if a readkey
	command is available.

	* scd/app-p15.c (cdf_object_from_certid): Fix a but introduced with
	the previous commit.

	scd:p15: Extract extended usage flagsand act upon them.
	+ commit 488eaedc9a332d8164dea22e469354fc10b0a253
	* scd/app-p15.c: Add a couple of oid constants.
	(struct cdf_object_s): Replace fields image and imagelen by cert.
	(struct prkdf_object_s): Add extusage flags
	(send_keypairinfo): Use them.
	(cdf_object_from_certid): Factor parts out to ...
	(cdf_object_from_objid): new function.
	(read_ef_prkdf): Move info printing to ...
	(read_p15_info): here.  Fill the extusage flags.
	(readcert_by_cdf): Cache the ksba cert object instead of the binary
	cert.
	* scd/app.c (select_additional_application): Fix a log_debug call.
	(scd_update_reader_status_file): Ditto.

	sm: Extend the list of known OIDs.
	+ commit 4c9b509d2402f79668e502a9db5879280a4f683b
	* sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for
	key usage.

2021-02-19  Werner Koch  <wk@gnupg.org>

	build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.
	+ commit 5573ab714b92f6ee899a816998e56e1238f4c573
	* configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
	* tools/Makefile.am (gpg_pair_tool_SOURCES):  We build it always.

	scd: Minor tweak for easier backporting.
	+ commit 6d4280b13ddc928ff6bc41bdf482030f0f814fdb
	* scd/app-common.h (APP_CARD): New.  Use it in app-*.c to access
	app->card.

2021-02-18  Werner Koch  <wk@gnupg.org>

	po: Change translatability of a fallback string.
	+ commit 0be4861762c21ebfb4c2e28bb9a3e5cfbc08e1a9
	* agent/call-pinentry.c (setup_genpin): Do not make the fallback
	translatable.

	speedo: Update w32 stuff from 2.2.
	+ commit 919a969354d4021f2e64a948b4c224cd37323713
	* build-aux/speedo.mk: Update from 2.2.  Add target w32-msi-release.
	* build-aux/speedo/w32/inst.nsi: Fix location of doc files.
	* build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
	* Makefile.am (release): Support a WITH_MSI variable.
	(wixlibfile): Improve copying to archive.
	(release): Use AMTAR instead of TAR.

2021-02-17  Werner Koch  <wk@gnupg.org>

	dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
	+ commit ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe
	* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
	extension.
	* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
	hostname - which is NULL and thus the same if not given.  Fix minor
	error in error code handling.

2021-02-16  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4 again.
	+ commit 3fa1fa747b61867076e344c3eb07a66826c1983a
	* m4/gpg-error.m4: Update from libgpg-error.

2021-02-15  NIIBE Yutaka  <gniibe@fsij.org>

	build: Update gpg-error.m4.
	+ commit 985e85dc0e6c54aa465a2af610c5a04fc10649a0
	* m4/gpg-error.m4: Update from libgpg-error.

