Today
Today
• werner committed rG987c6a398a95: scd:p15: Add support for D-Trust Card 6.1/6.4 (authored by hamarituc).
scd:p15: Add support for D-Trust Card 6.1/6.4
• werner committed rGeb4a805de46f: scd: allow to query FCP when selecting an application (authored by hamarituc).
scd: allow to query FCP when selecting an application
timegrid added a comment to T8052: GnuPG: First listing of secret keys is empty.
I added the gpgsm log output (same error as in the gpg log)
timegrid updated the task description for T8052: GnuPG: First listing of secret keys is empty.
Ah, thanks for the pointer, I did not expect gpgsm to behave differently here. Then it's probably intentional and I'll close this as invalid.
tfry committed rOJf8204f1f9f1b: Document extra info MS may ask for in bug reports (authored by tfry).
Document extra info MS may ask for in bug reports
• werner committed rC65998903f6d1: Bumb version number to prepare the 1.10 branch (authored by • werner).
Bumb version number to prepare the 1.10 branch
kdf: Improve new KDF API.
• werner committed rC005fbb863a7a: Merge branch 'master' into LIBGCRYPT-1.10-BRANCH (authored by • werner).
Merge branch 'master' into LIBGCRYPT-1.10-BRANCH
build: Fix accidental SO number bump.
• werner committed rC72e104d7686d: Merge branch 'master' into LIBGCRYPT-1.10-BRANCH (authored by • werner).
Merge branch 'master' into LIBGCRYPT-1.10-BRANCH
Release 1.10.0
• werner committed rCf33510d93b1c: Merge branch 'master' into LIBGCRYPT-1.10-BRANCH (authored by • werner).
Merge branch 'master' into LIBGCRYPT-1.10-BRANCH
Post release updates.
Register DCO for Clemens Lang.
• gniibe committed rCffaef0be6131: jitterentropy: Include <fcntl.h> and <limits.h> (authored by heirecka).
jitterentropy: Include <fcntl.h> and <limits.h>
kdf: Use u64.
• gniibe committed rCa60f8e43dd1b: fips: Fix memory leaks in FIPS mode (authored by Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org>).
fips: Fix memory leaks in FIPS mode
build: Fix m4/gpg-error.m4.
• gniibe committed rC2bdc6614c866: hmac: Fix memory leak (authored by Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org>).
hmac: Fix memory leak
• gniibe committed rC64fef2140259: Silence compiler warnings for possible alignment problem. (authored by • gniibe).
Silence compiler warnings for possible alignment problem.
• gniibe committed rC4ed49a917212: fips: Use ELF header to find hmac file offset (authored by neverpanic).
fips: Use ELF header to find hmac file offset
fips: Fix previous commit.
• gniibe committed rC974f4c7e698b: fips: Integrity check improvement, with only loadable segments. (authored by • gniibe).
fips: Integrity check improvement, with only loadable segments.
• gniibe committed rCad8b67f9e219: fips: Fix gen-note-integrity.sh script not to use cmp utility. (authored by • gniibe).
fips: Fix gen-note-integrity.sh script not to use cmp utility.
fips: More portable integrity check.
• werner committed rCeeddd578120c: tests: Add brainpoolP256r1 to bench-slope. (authored by • werner).
tests: Add brainpoolP256r1 to bench-slope.
• gniibe committed rC9fa4c8946ac5: fips: Clarify what to be hashed for the integrity check. (authored by • gniibe).
fips: Clarify what to be hashed for the integrity check.
hash: Add more OIDs.
Release 1.10.1
doc: Typo and grammar fixes.
Post release updates
• gniibe committed rC13b5454d2620: kdf:argon2: Fix for the case output > 64. (authored by • gniibe).
kdf:argon2: Fix for the case output > 64.
cipher: Fix rsa key generation.
jukivili committed rCe073f0ed4466: hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature (authored by jukivili).
hwf-ppc: fix missing HWF_PPC_ARCH_3_10 in HW feature
• gniibe committed rC9452640125d2: random: Not use secure memory for DRBG instance. (authored by • gniibe).
random: Not use secure memory for DRBG instance.
• gniibe committed rC9c55ba3bc1ce: tests: Replace custom bit with more generic flags (authored by Jakuje).
tests: Replace custom bit with more generic flags
• gniibe committed rCd8a13d97ccb6: Do not allow PKCS #1.5 padding for encryption in FIPS (authored by Jakuje).
Do not allow PKCS #1.5 padding for encryption in FIPS
• gniibe committed rCf6a67c221531: cipher: Change the bounds for RSA key generation round. (authored by • gniibe).
cipher: Change the bounds for RSA key generation round.
• gniibe committed rC019a40c99011: random:drbg: Fix the behavior for child process. (authored by • gniibe).
random:drbg: Fix the behavior for child process.
• gniibe committed rC03af3d5cc5d5: mpi: Fix for 64-bit for _gcry_mpih_cmp_ui. (authored by • gniibe).
mpi: Fix for 64-bit for _gcry_mpih_cmp_ui.
• gniibe committed rC1a270cda2ee5: tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode (authored by Jakuje).
tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode
• gniibe committed rC6d3708942f84: Fix internal declaration of _gcry_kdf_compute. (authored by • gniibe).
Fix internal declaration of _gcry_kdf_compute.
• gniibe committed rC468ffa8f9c47: cipher: Allow verification of small RSA signatures in FIPS mode (authored by Jakuje).
cipher: Allow verification of small RSA signatures in FIPS mode
tests: Fix copy paste error
Fix memory leaks in tests
random: Fix rndjent for Windows.
• gniibe committed rCd1cb2599e9d7: mpi: Allow building with --disable-asm for HPPA. (authored by • gniibe).
mpi: Allow building with --disable-asm for HPPA.
• gniibe committed rC04960f5179cd: tests: Test gcry_pk_hash_sign w/explicit hash algo (authored by neverpanic).
tests: Test gcry_pk_hash_sign w/explicit hash algo
tests/t-kdf: Test KDF FIPS indicator
hmac: Allow use of shorter salt.
• gniibe committed rC06c9350165d7: fips: Run digest&sign self tests for RSA and ECC in FIPS mode. (authored by Jakuje).
fips: Run digest&sign self tests for RSA and ECC in FIPS mode.
• gniibe committed rC1d3a90a4d118: cipher: Fix gcry_pk_hash_verify for explicit hash. (authored by • gniibe).
cipher: Fix gcry_pk_hash_verify for explicit hash.
• gniibe committed rC822ee57f07ca: fips: Add function-name based FIPS indicator. (authored by Jakuje).
fips: Add function-name based FIPS indicator.
ecc: Run PCT also with the digest step
• gniibe committed rC78151e6d6bbb: rsa: Run PCT in FIPS mode also with digest step. (authored by Jakuje).
rsa: Run PCT in FIPS mode also with digest step.
• gniibe committed rCcf10c74bd9d5: random: Use getrandom (GRND_RANDOM) in FIPS mode. (authored by Jakuje).
random: Use getrandom (GRND_RANDOM) in FIPS mode.
Simplify the PCT for RSA and ECDSA
gcrypt.h: Fix function name in comment.
• gniibe committed rCe5bfda492ab9: fips: Disable RSA-OAEP padding in FIPS mode. (authored by Jakuje).
fips: Disable RSA-OAEP padding in FIPS mode.
• gniibe committed rC658679e0ec8b: tests: Expect the OEAP tests to fail in FIPS mode. (authored by Jakuje).
tests: Expect the OEAP tests to fail in FIPS mode.
Fix _gcry_err_code_to_errno.
build: Fix configure script.
• gniibe committed rC4963c127ae69: fips: Skip PCT if RSA keygen test-parms specified (authored by neverpanic).
fips: Skip PCT if RSA keygen test-parms specified
• gniibe committed rC1524b60a7ccc: build: Skip PK-specific tests if algo is disabled (authored by neverpanic).
build: Skip PK-specific tests if algo is disabled
• gniibe committed rC9ee2d56e806b: keccak: Use size_t to avoid integer overflow (authored by Jakuje).
keccak: Use size_t to avoid integer overflow
• gniibe committed rC52d48b710470: kdf:pkdf2: Check minimum allowed key size when running in FIPS mode. (authored by tobhe).
kdf:pkdf2: Check minimum allowed key size when running in FIPS mode.
• gniibe committed rCd09d3d33c79d: kdf:pkdf2: Require longer input when FIPS mode. (authored by • gniibe).
kdf:pkdf2: Require longer input when FIPS mode.
• gniibe committed rCce0df08bbab7: random: Get maximum 32B of entropy at once in FIPS Mode (authored by Jakuje).
random: Get maximum 32B of entropy at once in FIPS Mode
• gniibe committed rC96615490c7b1: random: Extend the comment about FIPS specifics (authored by Jakuje).
random: Extend the comment about FIPS specifics
• gniibe committed rCe235f38f9b9f: tests: Reproducer for short dklen in FIPS mode (authored by Jakuje).
tests: Reproducer for short dklen in FIPS mode
build: Update gpg-error.m4.
• gniibe committed rCe7b1fbda6a9e: hmac,hkdf: Check the HMAC key length in FIPS mode. (authored by Jakuje).
hmac,hkdf: Check the HMAC key length in FIPS mode.
• gniibe committed rC5191379da3ad: build: Prefer gpgrt-config when available. (authored by • gniibe).
build: Prefer gpgrt-config when available.
• gniibe committed rC7f4fafb5564d: Revert "kdf:pkdf2: Require longer input when FIPS mode." (authored by Jakuje).
Revert "kdf:pkdf2: Require longer input when FIPS mode."
• gniibe committed rC44789af6c23b: doc: Update document for pkg-config and libgcrypt.m4. (authored by • gniibe).
doc: Update document for pkg-config and libgcrypt.m4.
pkdf2: Add checks for FIPS.
fips: Mark AES key wrapping as approved.
• gniibe committed rCfdd2a8b3329e: rsa: Prevent usage of long salt in FIPS mode (authored by Jakuje).
rsa: Prevent usage of long salt in FIPS mode
• gniibe committed rC392e0ccd25f3: fips,rsa: Prevent usage of X9.31 keygen in FIPS mode. (authored by Jakuje).
fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
• gniibe committed rCbdeea2a53e9e: t-rsa-testparm: fix 'function declaration isn’t a prototype' warning (authored by jukivili).
t-rsa-testparm: fix 'function declaration isn’t a prototype' warning
doc: Minor fix up.
• werner committed rC6b5cfc2a37a9: build: Silence libtool warnings on Windows. (authored by • werner).
build: Silence libtool warnings on Windows.
build: Fix configure.ac for strict C99.
• gniibe committed rCb1a3424e7f80: build: Fix m4 macros for strict C compiler. (authored by • gniibe).
build: Fix m4 macros for strict C compiler.
• gniibe committed rC1540698389ba: fips: Remove GCM mode from the allowed FIPS indicators. (authored by Jakuje).
fips: Remove GCM mode from the allowed FIPS indicators.
• gniibe committed rC44a3f26539f7: ecc: Do not allow skipping tests in FIPS Mode. (authored by Jakuje).
ecc: Do not allow skipping tests in FIPS Mode.
• gniibe committed rCc41d4f502f1b: ecc: Make the PCT recoverable in FIPS mode and consistent with RSA. (authored by Jakuje).
ecc: Make the PCT recoverable in FIPS mode and consistent with RSA.
• gniibe committed rCfc19b27b5439: visibility: Check FIPS operational status for MD+Sign operation. (authored by Jakuje).
visibility: Check FIPS operational status for MD+Sign operation.
• gniibe committed rC397ff085749e: kdf: Update tests in regards to the allowed parameters in FIPS mode. (authored by Jakuje).
kdf: Update tests in regards to the allowed parameters in FIPS mode.
fips: Check return value from ftell
random: Remove unused SHA384 DRBGs.
• gniibe committed rCa51f0e66842a: fips: Add explicit indicators for md and mac algorithms. (authored by tobhe).
fips: Add explicit indicators for md and mac algorithms.
• gniibe committed rC0024db5afee8: fips: Unblock MD5 in fips mode but mark non-approved in indicator. (authored by tobhe).
fips: Unblock MD5 in fips mode but mark non-approved in indicator.
fips: Fix fips indicator function.
fips: Explicitly allow only some PK flags.
doc: Document the new FIPS indicators.