I can't see how it occurs. "SCE KEYINFO" and "SCD READKEY" with keygrip both goes exactly same code path (the difference is only the "action" argument).

In T5163#139750, @werner wrote:

You better wipe ecc_d_padded or use xtrymalloc_secure.

Given that this is limited to macOS I have neither objections for 1.8 nor for master

You better wipe ecc_d_padded or use xtrymalloc_secure.

Here is a patch:

In future, please try to minimize your log. Your log actually includes information of the session of keytocard before setting key attributes correctly.

I created D513: Support macOS build with SIP by using posix_spawn in tests/random, which is more conservative; It only affects build under macOS.

I created a different user on the same machine.
I logged with the addons enabled and disabled.

In T5159#139739, @werner wrote:

Put

extern char **environ;

after the the include directives.

Put

extern char **environ;

after the the include directives.

After applying @gniibe 's patch:

Changing this to priority low until I see a second report from a different user with a similar log.
This looks more like a broken Outlook setup on this users account then a problem where we can actually help.

No, which addons are active is a user property. So maybe you can try disabling all others but GpgOL, and then basically bisect which one it is that is conflicting.

Go ahead (but w/o the /*if (keytime*)*/ line ;-)

The problem is that posix_spawn is not portable enough for libgcrypt. It is really time that we move the spawn functions from gnupg to gpgrt so that we can use them also in Libgcrypt.

BTW, I'm not sure if the claim in T5009#136688 is correct.

See also: https://dev.gnupg.org/T5009#136688

See my comment in: https://dev.gnupg.org/T5024#139701

For macOS, with SIP, some program like libgcrypt/tests/random fails, because the hack for DYLD_LIBRARY_PATH by libtool doesn't work for child process:
https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/RuntimeProtections/RuntimeProtections.html

The following (probably not entirely correct) patch fixes the problem because it marks the PIV card key as pCARDKEY even though keytime is 0.

diff --git a/g10/keygen.c b/g10/keygen.c
index b510525e3..03c929c0b 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -4720,7 +4720,8 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,

After disabling SIP, now all checks pass without having the library symlinked to /usr/local/lib. So it might be T2056: libgcrypt: make check fails "random" test on OS X 10.11 with link error after all.

After doing:

Wouldn't the incompatibility cause all the users to have the same problem, rather than one not and all others to have the problem?
Attached is the file that you requested.

@s7r Thanks for testing and letting us know!

In general there always might be problems with incompatibilities of other addins installed on a system.

The error comes form using READKEY which is processed by gpg-agent. At this time the agent does not yet know the stub key and thus returns ENOENT. At the places before we used "SCD READKEY" which works directly with scdameon and does not need a stub file. We need to review the new(?) way of creating stub files, describe that and then fix this by either making sure tha the stub key is created first or that we use SCD READKEY there too.

Done.

I am running in a setup where my GnuPG 2.3 is connected to a gpg-agent / scdaemon running at GnuPG 2.2.12.

Okay, I usually only keep hitting crl+w in that case. But I see the point when doing imports this can be annoying.

there was an issue that has been fixed in 3.1.14 which was creating problems / crashes when the home directory of a user had a unicode character in it. So maybe your one user had such a username?

Seems to work now. I'm not sure whether I should close this issue because it's marked for backport.

Works now. Thanks.

Another issue that comes in to mind is that current ARM/ARM64 HW feature detection most likely wont work on MacOS. Thus HW accelerated AES&SHA&GHASH implementation wont be used.

IIUC, for the build of Homebrew, it is the issue of in: https://github.com/Homebrew/homebrew-core/commit/e7da1e2157b2e8373c3b39ea6398f51588ea537c

Please have a look at T5024: libtool problem for some platforms for 'make check' (program built with -no-install won't work without installation), if make check works after the installation of libgcrypt.

See T2056: libgcrypt: make check fails "random" test on OS X 10.11 with link error, if test with 'random' fails.

HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is never defined on ARM64 as it depends on "$mpi_cpu_arch" == "x86". Instead I think new check for GCC assembly ELF directives would be needed in configure.ac, similar to HAVE_GCC_ASM_CFI_DIRECTIVES check. Following check should work, but I have not yet tested it:

ARM64 has been only tested on platforms which support ELF.

I confirm I have tried with latest 3.1.14 on two different computers (Windows) where I had this "Unknown version" bug going on and they both properly show 3.1.14 version as it should.

I am quite aware of that each user has there own keys and configurations.
I added a third user to the computer, configured them the same as the first user, and was not able to sign or encrypt any emails.
When I clicked on the lock nothing happened.

Yes, I did. Identical result.

Why the hell do they that? The standard compiler on a system is called cc which may translated to whatever the system installs for it. gcc is a specific implementation with certain properties. Di you try CC=clang to override this?

And the arm64 cross-compiler:

Sorry, I forgot to mention that Apple ships a gcc-wrapper for clang. It just accepts gcc command lines parameters and translates them to clang parameters.
Here is the output of gcc --version:

You say that you build using clang but the log shows that you invoke gcc.

The problem is meanwhile solved. Thanks a lot
Heinrich

No more problems reported, so I assume like @aheinecke that it has been resolved in Windows.

This has been fixed for Unix on 2.2 and 2.3. The command line fix for Windows is a larger thing already tracked by T4398.

We changed the fallback to utf-8 in 2.2 and 2.3 and thus this bug can be closed. On Windows there is still the problem with the command line. However, this is better tracked with T5038 and its related tasks.