I think I am doing to try to do this on top of the work of Szabolcs Nagy[1] with the goal of making it portable, and also serving as a test cast to my carry-less multiplication intrinsic RFC[2]. Hopefully I can also remove the manual register allocation that makes it still a derivitive work of Andy, however this algorithm takes advantage of the communicative properties of carry-less multiplication, which is mult(H) on page 5 of the gcm spec[3], this communicative property works differently than with addition and multiplication in a way I do not entirely understand.

In T3362#103156, @gniibe wrote:

@werner , I understand your poiont.

So, the best approach would be:
(1) Define some DO (Data-Object) or attribute/flag per key to control timeout or "force" by the card itself.
(2) Modify scdaemon so that it always ask authentication state to the card before doing crypto operation.
(3) Modify gpg frontend so that it shows those attribute/flag and setup.

Then, it is the card itself to control timeout or "force".

Yes, I do have a signing key (that is distinct from the primary key, primary key I don't store on the smartcard).

As a workaround please run

Ah, I see the situation of the regression.
When the token is not yet accessed at all, scdaemon misunderstood as no signing key.

Do you have a signing key in your card or not?

Let's continue discussion at T5040

There seems to be a problem with Gnuk and thus Nitrokey tokens with 2.2.22. We are investigating this. See T5039.

and Andy is the sole author, and he even told me personally by e-mail this
a long time ago when I was interested in the libcrypt library of glibc is .
He also licensed cryptogams for the Linux kernel (because of WireGuard)
however that did not make it into the version the version that was merged
(some of his code is already there, and IIRC includes the ghash at issue
here).

If we can use the code please first commit the original code to the repo and only then apply code style fixes.

We need to clarify two things:

So, things I see are needed to be done for inclusion of this patch are:

1. GNU C coding style fixes.
2. Adding comment about that this implementation is based on GHASH implementation by Andy Polyakov with original license. This needs to be checked with @werner , but I think following would be sufficient:

FWIW, here an example of warnings we use. Yes it starts with -Wall but there are a couple of more specific warnings and at a few places we even use pragmas to disable warnings. And it depends on the compiler version used.

-Wall is not a good idea in general because it is too unspecific. This is why we have a list of useful warning and >warnings we ignore with gcc.

Hmm. Now, even with a fresh session, dirmngr, GNUPGHOME not set, etc. it seems to work. It correctly uses the config file and the keyserver, and the logs show the Home and Config variables are set and communicated correctly.

-Wall is not a good idea in general because it is too unspecific. This is why we have a list of useful warning and warnings we ignore with gcc.

I found the bug by compiling the package with C/C++ compiler clang and flag -Wall.

Fixed in gnupg and gpgme. it is not serious because that is just a failsafe check; libksba creates these strings and it does it correctly.

We have the same flaw in gnupg.

I think we should make zlib a mandatory dependency.

I mean:

diff --git a/common/utf8conv.c b/common/utf8conv.c
index 7804dbfcd..bdab225a9 100644
--- a/common/utf8conv.c
+++ b/common/utf8conv.c
@@ -138,7 +138,7 @@ handle_iconv_error (const char *to, const char *from, int use_fallback)
          native encoding.  Nowadays this seems to be the best bet in
          case of errors from iconv or nl_langinfo.  */
       active_charset_name = "utf-8";
-      no_translation = 0;
+      no_translation = 1;
       use_iconv = 0;
     }
 }

In T4977: dirmngr not working with linux kernel parameter ipv6.disable=1, EAFNOSUPPORT fix was applied in 2.2.22.
I think that original problem in this report is fixed.
Please test with 2.2.22.

Actually, configure already has the check.
If it's really needed to build without zlib, you can use this patch:

From 76920ac034490e4860ad6abe9891e3b1c0813363 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 28 Aug 2020 11:02:13 +0900
Subject: [PATCH] Until compression is implemented, build with no ZLIB can be
 done.

Thanks. Applied to 2.2 and master.

I still don't think that it is correct. We would also need to turn fd from an int to a gnupg_fd_t (ie. a HANDLE under Windows) which requires other changes and should be done in the other parts of the code as well. assuan_sock_close also delegates to the system specific function and on Windows removes the fd also from the cygwin table. This may trigger other bugs so I'd like to keep it as it is to go with the code which has been in active use for a long time - at least for 2.2

0.2.0 was just released with support for GCM. Tested against openpgpkeys.pm.me

I am always glad to fix such bugs before a release (I am about to prepare 2.2.22).

I am always glad to fix such bugs before a release (I am about to prepare 2.2.22).

It worked! You were right!

Thank you for your prompt help. It's much appreciated.

rG4c8d5eb0bdd3: agent: Allow TERM="".

I see. Thank you @werner . For clarity could you please link the patch that was not backported to 2.2.?

Mails crossed ;-)

But @werner what's the value $TERM *supposed* to have? When gpg is invoked straight by Gnome? I can run the command sh -c 'env | grep TERM > ~/gnome-term.env' in Gnome's "Run Command: interface and then the file ~/gnome-term.env says TERM is set to nothing (It is set, but the contents is a "" string).