This new API is not for FIPS directly (any more), as we introduced pk_hash_sign/verify for FIPS.

Pushed the backport.

I have been convinced disabling DSA makes more sense.

Done.
(Actually, it's not in the tarball.)

Hi jukivili,
I ran some basic tests and it did show the errors. I am in the process investigating what went wrong. In the meantime, i also included test result that I have used in my testing from bench-slope. In this test, I captured the message with 272 bytes buffer from the original libgcrypt repo and my optimized repo. Note that the bulk version of my code do 8x unrolling and the rest will do 16 bytes. So the first 2 128 bytes ran thru gcry_ppc_aes_gcm_encrypt and the rest of the 16 bytes thru gcm_ctr_encrypt (cipher-gcm.c).

Hmm,

$ gpg --with-colons --list-config curve
cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1

How would Kleopatra know that cv* is for encryption, ed* is for signing, and all other curves are for both uses? Or are the cv/ed prefixes a (de facto) standard?

You may run

For GnuPG 2.2, it's better to be conservative (least change of behavior, if any).

We have tests in gniibe/new-pk-api, which can be backported.

• t-dsa
• t-ecdsa
• t-rsa-pss
• t-rsa-15

Thank you, applied.

The patch has been applied.

Thank you, applied.

Thanks jukivili for the review.

I have just a note about this issue, that it would be helpful to exercise this new API in some tests. Right now, only the old API is tested.

It turns out that the asymmetric key operations are not yet properly enforced with the .disabled flag. While the other key crypto usually has some "open" api, where this can be simply captured, the pubkey API has several entry points and the "test_algo" is not enough to check for disabled key types.

Yeah, remove it.

Thank you. My local tests (in emulated fips mode and normal mode) do not show any errors with current master branch.

Hi guys, I just tested the git version (426d82fcf1c133bfc1d5c931109d71db3f3815a9) and it works well thank you.

Just to be correct: Kleopatra takes the default key algorithm from gpg's default_pubkey_algo pseudo option. (Technically, this pseudo option probably uses gpg's --default-new-key-algo option, but only if the latter is set.)

I get

Access Denied: Restricted Application

Ingo: Exactly we have the problem that we don't compile build tools before building for the target. So we take the build tooling like kconfig_compiler from the system we compile on. This means that we compile with the tooling from debian buster. Except for Qt which handles stuff like that directly and builds for example moc and the other tools correcly for the build system first.

And please let me know the change rC751fcadd34ed: random: Release memory in DRBG. affects t-secmem failure.

IIUC, one of the causes for the failure of secmem was resource release of DRBG memory.

Thank you for testing.

Applied. Thank you.

Fixed in 2.2.33.

An application should use syshd, instead.