To be conservative, given the situation most implementations already support zero-removal and zero-recovery, it's better to output zero-removed signature, that is, signature with well-formed MPI.

My proposal is applying SOS (MPI with leading zero octets) patches, for 2.2, because there may be existing keys with SOS already.

It's not yet solved.

Reading the documentation of musl, it seems that there are no equivalent feature which detects if an application is single-threaded or not.

In the libgpg-error implementation, it may skip synchronization when it can detect an application is single threaded. The t-lock-single-thread test checks if it really skips as intended.

Thank you.

(forgot to upload the patch to the last comment)

I am fine with either way. The memcmp variant is probably cleaner to make sure all works as expected in all cases.

Thanks for the well written bug report and the fix.

So that you don't need to chase the downstream bug report, the problem from a user's perspective looks like this:

Thank you. Extending the semantics of GCRYCTL_CLOSE_RANDOM_DEVICE sounds good to me. I think the deinit functions were created initially especially not to change the semantics of existing code using GCRYCTL_CLOSE_RANDOM_DEVICE, but I agree that it will probably not be an issue.

I guess this is solved. Feel free to re-open and schedule for 2.2.34

Second issue is also fixed.

Here's a patch against b091a250d1411f9962385d1338c13481da2e0f9e.

PS, knowing little about it, I tend to look at builds scripts here https://github.com/msys2/MINGW-packages on how to do things.
eg https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-libgcrypt

Thank you, it successfully cross-compiles from latest git commit (not sure if it "runs", not tested it).

Part 1 was applied. Part 3, Part 4, and Part 7 are irrelevant now, because we now have rndgetentropy which doesn't use device.

It was in the middle of merging jitterentropy. Please see T5692 (newer jitterentropy uses pthread by default, which was disabled now).

First issue is fixed.

Rating as High because this can be used for a DoS attack on individual users.

Following patch should prevent assembly files being built at all with --disable-asm:

Thanks for your report.

Please see T5696.

cross-compilation settings:

The cross-compilation settings:

{ # 2019.12.13 # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=summary
	#'repo_type' : 'archive',
	'#url' : 'https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.43.tar.bz2',
	#
	'repo_type' : 'git',
	'recursive_git' : True,
	'url' : 'git://git.gnupg.org/libgpg-error.git', # https://git.gnupg.org/ # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=summary
	##'url' : 'https://dev.gnupg.org/source/libgpg-error.git', # https://git.gnupg.org/ # https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=summary
	#
	'configure_options': '--host={target_host} --prefix={target_prefix} --disable-shared --enable-static --disable-rpath --disable-doc --disable-tests --with-libiconv-prefix={target_prefix}', # --with-libintl=no --with-libpth=no',
	'custom_cflag' : ' ', # 2019.12.13 it fails to build with anything other than this, eg it crashes with -O3 and -fstack-protector-all -D_FORTIFY_SOURCE=2 
	'run_post_regexreplace' : (
		'autoreconf -fiv',
		'./autogen.sh --build-w64 ', 								 
	),
	'depends_on' : (
		'iconv', 
	),
}

Pinentry: pinentry-curses (pinentry) 1.2.0
OS: macOS 12.0
Terminal: xterm-256color (via zsh in the default Terminal.app)

Additionally, poly1305-s390x.S is being compiled despite running/targeting a PC system:

What is your Pinentry version, which OS is that, and which terminal type?

In the documentation, I found:

Please also refer to https://github.com/microsoft/vcpkg/discussions/20755 where we discuss on how to approach GnuPG libraries for a native Windows compilation.

In T5687#151853, @werner wrote:

FWIW, the gnupg installer comes with dll, header and import files. You may use them.

No, our admin left us and took all scripts and docs with him. We need to set it up again. You better use this system anyway, patches etc on GitHib are not used.

GnuPG requires a Unix system to build. We do not support building natively on Windows. Sorry.

Adding the check on host side, I pushed the change: rGa575b0aba542: scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.

Or, we can use memcmp to avoid arguing semantics of strncmp, and make it a bit cleaner to avoid calling strlen multple times by put_membuf_str.

diff --git a/g10/export.c b/g10/export.c
index 98c4623cf..c7cfcfaa4 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -2133,14 +2133,15 @@ key_to_sshblob (membuf_t *mb, const char *identifier, ...)
   size_t buflen;
   gcry_mpi_t a;

We know that problematic strncmp implementation: T5443
So, I don't blame Coverity. But I think that it's better to fix strncmp implementation.

I tried following the README instructions, but getting:

I just read https://github.com/gpg/libgpg-error/blob/master/README#L119 and realize this is by design...

Okay, I revisited the code:

The internal hashing of ed25519 is not used by OpenPGP but instead we pass the hash of the message to the ed25519 function and thus to the card. Pushing a message through a card is a no-go - way too slow for any normal sized message.

Since hashing happens on-card for ed25519 I'm not sure what limits gpg wants to impose, currently the data is passed straight through and scdaemon will happily try to send more than 255 bytes of data as a short apdu here. My patch is probably not correct, I assume it needs to care about cardcap.ext_lc_le and chunking as well.

That does not seem to be right. You don't need 255 bytes for an ECC key. It would be best to get scdaemon logs simialr to the gpg-agent logs. Set "debug ipc,cardio" into scdaemon.conf.

Under C11, it seems OK (strncmp).
https://stackoverflow.com/questions/38878195/does-this-usage-of-strncmp-contain-an-out-of-bounds-read

I applied most of gnupg-coverity.patch.

• Part 1 is not applied; It should be handled later.
• Part 2: applied
• Part 3: applied
• Part 4: applied, but spell fixes not require ChangeLog entry
• Part 5
  • ecdh part is fixed differently
  • export.c part is not applied for now, because of semantics/interpretation of strncmp; POSIX says differently although it says it's ISO C standard which defines. https://pubs.opengroup.org/onlinepubs/9699919799/functions/strncmp.html
• Part 6: applied
• Part 7: applied, but empty initializer is GNU extension (or the way of C++), so first 0
• Part 8: applied
• Part 9: applied, but one more fix

I just wanted to add one more note that i just found out that the tests --disable-hwf or gcry_control GCRYCTL_DISABLE_HWF have no effect in case the global_init() is called from constructor.

Friendly ping @werner

We will have rnd-getentropy.c

Let me clean up rndlinux.c for current use case, at first.

Firstly, applied uncontroversial part in rC976673425784: doc: Reference the new FIPS 140-3

Fixed and tested on Linux. Thanks.

I suppose you have rebooted the PC after installing GnuPG 2.3.32. Just to make sure. And double check that there is only one dirmngr.exe with version 2.2.32 installed on your system.

I did a complete reinstall after cleaning out the complete system incl. registry.
No change in behavior of Gpg4win.

THX for the quick reply Ingo...