diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 05e1f3977..439052f8c 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -5490,6 +5490,11 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
           exmode = 1;    /* Use extended length.  */
           le_value = app->app_local->keyattr[2].rsa.n_bits / 8;
         }
+      else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
+        {
+          exmode = -254; /* Command chaining with max. 254 bytes.  */
+          le_value = 0;
+        }
       else if (indatalen > 255)
         {
           if (!app->app_local->cardcap.ext_lc_le)

Apr 21 2022, 6:43 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd

• gniibe claimed T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

Apr 21 2022, 6:41 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd

• gniibe set External Link to https://bugs.debian.org/1008573 on T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

Apr 21 2022, 6:41 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd

• gniibe created T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

Apr 21 2022, 6:41 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd

• gniibe committed rG3560cd0d9d79: po: Update Simplified Chinese Translation. (authored by • gniibe).

po: Update Simplified Chinese Translation.

Apr 21 2022, 6:36 AM

• gniibe accepted D551: po: Update Simplified Chinese Translation..

Apr 21 2022, 6:29 AM

• gniibe committed rC299e2f934159: tests: Replace custom bit with more generic flags (authored by Jakuje).

tests: Replace custom bit with more generic flags

Apr 21 2022, 3:25 AM

• gniibe committed rCf736f3c70182: tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode (authored by Jakuje).

tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode

Apr 21 2022, 3:25 AM

• gniibe committed rCc7709f7b2384: Do not allow PKCS #1.5 padding for encryption in FIPS (authored by Jakuje).

Do not allow PKCS #1.5 padding for encryption in FIPS

Apr 21 2022, 3:25 AM

• gniibe committed rCf436bf4451cb: random: Not use secure memory for DRBG instance. (authored by • gniibe).

random: Not use secure memory for DRBG instance.

Apr 21 2022, 3:21 AM

Apr 20 2022

• gniibe committed rCcd30ed3c0d71: cipher: Change the bounds for RSA key generation round. (authored by • gniibe).

cipher: Change the bounds for RSA key generation round.

Apr 20 2022, 8:12 AM

• gniibe added a comment to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.

Here is my proposal patch:

diff --git a/random/random-drbg.c b/random/random-drbg.c
index 5a46fd92..f1cfe286 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -341,6 +341,9 @@ enum drbg_prefixes
  * Global variables
  ***************************************************************/

Apr 20 2022, 2:39 AM · backport, FIPS, libgcrypt

• gniibe created T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.

Apr 20 2022, 2:37 AM · backport, FIPS, libgcrypt

Apr 19 2022

• gniibe moved T5918: Disable RSA PKCS #1.5 encryption in FIPS mode from Backlog to Next on the FIPS board.

Apr 19 2022, 11:27 AM · backport, libgcrypt, FIPS, Bug Report

• gniibe claimed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode.

Apr 19 2022, 11:27 AM · backport, libgcrypt, FIPS, Bug Report

• gniibe moved T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" from Backlog to Next on the FIPS board.

Apr 19 2022, 11:07 AM · backport, FIPS, libgcrypt, Bug Report

• gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Backlog to Next on the FIPS board.

Apr 19 2022, 11:07 AM · FIPS, gnupg (gpg23), Bug Report

• gniibe claimed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

Apr 19 2022, 11:01 AM · backport, FIPS, libgcrypt, Bug Report

• gniibe committed rC9e9f30733699: Use offsetof instead of null ptr calculation. (authored by • gniibe).

Use offsetof instead of null ptr calculation.

Apr 19 2022, 6:10 AM

Apr 18 2022

• gniibe committed rC51754fa2ed06: cipher: Fix rsa key generation. (authored by • gniibe).

cipher: Fix rsa key generation.

Apr 18 2022, 4:09 AM

• gniibe added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

I checked FIPS 186-4 (and FIPS 186-5-draft). It is Appendix A 1.3.

Apr 18 2022, 3:35 AM · backport, FIPS, libgcrypt, Bug Report

Apr 14 2022

• gniibe added a comment to D551: po: Update Simplified Chinese Translation..

In computer, binary representation is used (generally), binary digits 0110 1110 (hex value 6e, 110) is rounded up to 1000 0000 (hex value 80, 128), when only one significant binary digit (bit) is required.
https://en.wikipedia.org/wiki/Rounding

Apr 14 2022, 6:41 AM

• gniibe added a comment to D551: po: Update Simplified Chinese Translation..

Thanks for your explanation.

Apr 14 2022, 6:35 AM

• gniibe committed rG1f0651dbfbab: tests: Honor FIPS mode (authored by Jakuje).

tests: Honor FIPS mode

Apr 14 2022, 4:47 AM

• gniibe committed rG5e508ffcab18: tests: Fix common/t-ssh-utils. (authored by • gniibe).

tests: Fix common/t-ssh-utils.

Apr 14 2022, 4:47 AM

• gniibe committed rGc4436ebfa58f: agent: Ignore MD5 Fingerprints for ssh keys (authored by Jakuje).

agent: Ignore MD5 Fingerprints for ssh keys

Apr 14 2022, 4:47 AM

• gniibe claimed T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1.

Patches applied and pushed. For the common/t-ssh-utils, I applied my fix for the use case with key on command line when FIPS mode is enabled (MD5 error is OK, in this case).

Apr 14 2022, 4:45 AM · FIPS, gnupg (gpg23), Bug Report

• gniibe added inline comments to D551: po: Update Simplified Chinese Translation..

Apr 14 2022, 3:31 AM

Apr 12 2022

• gniibe committed rC922f9957f94a: build: Fix make dist after socklen.m4 removal (authored by neverpanic).

build: Fix make dist after socklen.m4 removal

Apr 12 2022, 2:44 AM

Apr 9 2022

• gniibe added a comment to T5835: libgcrypt: More robust/portable integrity check.

I just copied the value of 0xcafe2a8e and the name .note.fdo.integrity from Daiki's implementation. No other reason.

Apr 9 2022, 9:16 AM · Bug Report, libgcrypt, FIPS

Apr 8 2022

• gniibe committed rA84ae2b1d27ce: Add assuan_sock_accept function. (authored by • gniibe).

Add assuan_sock_accept function.

Apr 8 2022, 4:39 AM

• gniibe updated the task description for T5925: libassuan: Add assuan_sock_accept function to the API.

Apr 8 2022, 4:30 AM · Feature Request, libassuan

• gniibe triaged T5925: libassuan: Add assuan_sock_accept function to the API as Wishlist priority.

Apr 8 2022, 4:24 AM · Feature Request, libassuan

• gniibe added a comment to T5924: libassuan: uses of socklen_t in assuan.h are inconsistent.

I think that good approach as of 2022 is:

Apr 8 2022, 3:55 AM · libassuan

• gniibe triaged T5924: libassuan: uses of socklen_t in assuan.h are inconsistent as Wishlist priority.

Apr 8 2022, 3:38 AM · libassuan

• gniibe committed rCe5260b6b9f38: build: Remove configure checking for socklen_t. (authored by • gniibe).

build: Remove configure checking for socklen_t.

Apr 8 2022, 3:18 AM

• gniibe committed rMb10791b055f0: doc: Remove explanation about AM_PATH_GPGME_PTH for GNU Pth. (authored by • gniibe).

doc: Remove explanation about AM_PATH_GPGME_PTH for GNU Pth.

Apr 8 2022, 2:21 AM

• gniibe closed T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS as Resolved.

libgpg-error 1.45 is out with the fix.

Apr 8 2022, 2:10 AM · gpgrt, Bug Report

Apr 7 2022

• gniibe committed rG90000819641c: agent: Fix for possible support of Cygwin OpenSSH. (authored by • gniibe).

agent: Fix for possible support of Cygwin OpenSSH.

Apr 7 2022, 9:44 AM

• gniibe added projects to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime": libgcrypt, FIPS.

I think that it is OK to loop forever until we find a prime.

Apr 7 2022, 9:19 AM · backport, FIPS, libgcrypt, Bug Report

• gniibe committed rE74e6afcc36b2: logging: Fix the previous commit. (authored by • gniibe).

logging: Fix the previous commit.

Apr 7 2022, 9:00 AM

• gniibe committed rE5ef201c10b1c: logging: Fix gpgrt_log_get_fd for file. (authored by • gniibe).

logging: Fix gpgrt_log_get_fd for file.

Apr 7 2022, 9:00 AM

• gniibe added projects to T5921: No sharing of log_fd between child process: gnupg (gpg23), Bug Report.

Apr 7 2022, 8:39 AM · Bug Report, gnupg (gpg23)

• gniibe added projects to T5922: libgpg-error: gpgrt_log_get_fd always returns -1 even if it's not tcp/socket.: gpgrt, Bug Report.

Apr 7 2022, 8:38 AM · Bug Report, gpgrt

• gniibe triaged T5922: libgpg-error: gpgrt_log_get_fd always returns -1 even if it's not tcp/socket. as Normal priority.

Apr 7 2022, 8:38 AM · Bug Report, gpgrt

• gniibe updated the task description for T5921: No sharing of log_fd between child process.

Apr 7 2022, 6:33 AM · Bug Report, gnupg (gpg23)

• gniibe triaged T5921: No sharing of log_fd between child process as Normal priority.

Apr 7 2022, 6:25 AM · Bug Report, gnupg (gpg23)

• gniibe updated the task description for T5920: libassuan: Don't inherit handles for Windows.

Apr 7 2022, 3:58 AM · libassuan

• gniibe triaged T5920: libassuan: Don't inherit handles for Windows as Wishlist priority.

Apr 7 2022, 3:57 AM · libassuan

Apr 6 2022

• gniibe committed rAc93eb901e58d: w32: Store a flag if it's socket or not in Assuan CTX. (authored by • gniibe).

w32: Store a flag if it's socket or not in Assuan CTX.

Apr 6 2022, 7:06 AM

• gniibe committed rGb47a23f5fac5: w32: Exclude tests with HOME. (authored by • gniibe).

w32: Exclude tests with HOME.

Apr 6 2022, 6:33 AM

• gniibe committed rG39d478f5ba5d: w32: Fix for make check. (authored by • gniibe).

w32: Fix for make check.

Apr 6 2022, 4:33 AM

Apr 5 2022

• gniibe added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

I don't know the exact procedure by FIPS, but just setting the least significant bit in the generation (after _gcry_mpi_randomize) can reduce the probability by half.

Apr 5 2022, 1:05 PM · backport, FIPS, libgcrypt, Bug Report

• gniibe committed rA5b77d39672ac: Fix API break. (authored by • gniibe).

Fix API break.

Apr 5 2022, 10:35 AM

• gniibe committed rC5f357784662a: doc: Update yat2m from libgpg-error. (authored by • gniibe).

doc: Update yat2m from libgpg-error.

Apr 5 2022, 10:19 AM

• gniibe committed rMa36d71a8e33e: core: Don't use internal __assuan functions. (authored by • gniibe).

core: Don't use internal __assuan functions.

Apr 5 2022, 7:45 AM

• gniibe committed rM110a37540187: core: Don't keep using deprecated ath_ API. (authored by • gniibe).

core: Don't keep using deprecated ath_ API.

Apr 5 2022, 7:45 AM

• gniibe committed rA9260fb12509a: build: Remove unused putc_unlocked.c. (authored by • gniibe).

build: Remove unused putc_unlocked.c.

Apr 5 2022, 6:30 AM

• gniibe committed rA0fae5823f6e6: Take advantage of gpgrt_get_syscall_clamp function. (authored by • gniibe).

Take advantage of gpgrt_get_syscall_clamp function.

Apr 5 2022, 5:11 AM

• gniibe committed rAa43090e38843: build: Fix listing m4 files. (authored by • gniibe).

build: Fix listing m4 files.

Apr 5 2022, 5:11 AM

• gniibe added a comment to T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH.

GPGME has its own system hooks to provide a (different) solution for portability (Windows and POSIX).

Apr 5 2022, 3:31 AM · Feature Request, libassuan

• gniibe triaged T5917: gpg-agent: Not writing password into file as Normal priority.

Apr 5 2022, 2:29 AM · Bug Report, gpgagent

Apr 4 2022

• gniibe committed rG48ee11722dd0: agent:w32: Fix for use of socket. (authored by • gniibe).

agent:w32: Fix for use of socket.

Apr 4 2022, 9:48 AM

• gniibe committed rE018ea46a30cf: w32: Add ES_SYSHD_SOCK support for gpgrt_sysopen. (authored by • gniibe).

w32: Add ES_SYSHD_SOCK support for gpgrt_sysopen.

Apr 4 2022, 7:36 AM

• gniibe committed rA28a40a298661: w32: Fix assuan_socket_connect_fd to be usable. (authored by • gniibe).

w32: Fix assuan_socket_connect_fd to be usable.

Apr 4 2022, 3:03 AM

Apr 1 2022

• gniibe updated the task description for T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH.

Apr 1 2022, 4:12 AM · Feature Request, libassuan

• gniibe triaged T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH as Normal priority.

Apr 1 2022, 4:11 AM · Feature Request, libassuan

• gniibe committed rAa054a0a7cfb0: build: Better cross build support. (authored by • gniibe).

build: Better cross build support.

Apr 1 2022, 4:00 AM

Mar 31 2022

• gniibe committed rGf584ad950482: scd,tpm2d: Fix for consistent use of socket FD. (authored by • gniibe).

scd,tpm2d: Fix for consistent use of socket FD.

Mar 31 2022, 2:08 PM

• gniibe committed rAa8125eba05be: Fix internal socket API to be consistent for SOCKET. (authored by • gniibe).

Fix internal socket API to be consistent for SOCKET.

Mar 31 2022, 12:02 PM

• gniibe added a comment to T5891: EOPNOTSUPP is not defined in mingw.org's MinGW, fails compilation of libgcrypt-1.10.0.

you also use the CPU cache size on GNU/Linux. Is it important to have that information on MS-Windows?

Mar 31 2022, 9:36 AM · backport, libgcrypt, Bug Report

• gniibe committed rCdf7879a86b1d: random:drbg: Fix the behavior for child process. (authored by • gniibe).

random:drbg: Fix the behavior for child process.

Mar 31 2022, 9:12 AM

• gniibe committed rK41000330cdba: build: When no gpg-error-config, not install ksba-config. (authored by • gniibe).

build: When no gpg-error-config, not install ksba-config.

Mar 31 2022, 9:08 AM

• gniibe committed rPTH2b6a8e5369ed: build: Don't install npth-config by default. (authored by • gniibe).

build: Don't install npth-config by default.

Mar 31 2022, 8:43 AM

• gniibe committed rT6c961671c1d7: build: When no gpg-error-config, not install ntbtls-config. (authored by • gniibe).

build: When no gpg-error-config, not install ntbtls-config.

Mar 31 2022, 8:22 AM

• gniibe committed rC2db5b5e995c2: build: When no gpg-error-config, not install libgcrypt-config. (authored by • gniibe).

build: When no gpg-error-config, not install libgcrypt-config.

Mar 31 2022, 8:11 AM

• gniibe triaged T5912: libgpg-error: Drop WindowsCE support as Wishlist priority.

Mar 31 2022, 8:03 AM · gpgrt

• gniibe closed T5911: libassuan: Remove GNU Pth support as Resolved.

Mar 31 2022, 4:12 AM

• gniibe committed rA9de02ca16d30: build: When no gpg-error-config, not install libassuan-config. (authored by • gniibe).

build: When no gpg-error-config, not install libassuan-config.

Mar 31 2022, 4:11 AM

• gniibe committed rAeeda9ac0a719: Remove GNU Pth support. (authored by • gniibe).

Remove GNU Pth support.

Mar 31 2022, 4:01 AM

• gniibe triaged T5911: libassuan: Remove GNU Pth support as Normal priority.

Mar 31 2022, 3:50 AM

• gniibe added a comment to T4655: Windows 64-bit: gnupg_fd_t, assuan_fd_t and int for fd in the API, and casts.

SOCKET handle is UINT_PTR on Windows. It is u_int on original MinGW, it is UINT_PTR (and unsinged __int64_t) on MinGW-W64.

Mar 31 2022, 3:39 AM · Memo

Mar 30 2022

• gniibe requested review of D550: gnupg: No writing passphrase as a file.

Mar 30 2022, 8:48 AM · gpgagent

• gniibe claimed T5899: Fix compilation of dirmngr with mingw.org's MinGW.

Last part is applied. Let me consider how to solve, for other parts.

Mar 30 2022, 6:07 AM · patch, Feature Request, Windows, toolchain

• gniibe committed rG01ade6945d6c: dirmngr: Fix for SOCK. (authored by • gniibe).

dirmngr: Fix for SOCK.

Mar 30 2022, 6:07 AM

• gniibe committed rG18eff31496a3: tpm2d: Fix socket resource leak on Windows. (authored by • gniibe).

tpm2d: Fix socket resource leak on Windows.

Mar 30 2022, 6:01 AM

• gniibe committed rG2189b4bb638c: common,w32: Fix handle_to_fd to match use of _open_osfhandle. (authored by • gniibe).

common,w32: Fix handle_to_fd to match use of _open_osfhandle.

Mar 30 2022, 4:51 AM

Mar 29 2022

• gniibe committed rA564e0d94f21f: w32: Fix definition of type to be generated into assuan.h. (authored by • gniibe).

w32: Fix definition of type to be generated into assuan.h.

Mar 29 2022, 12:00 PM

• gniibe committed rC564739a58426: kdf:argon2: Fix for the case output > 64. (authored by • gniibe).

kdf:argon2: Fix for the case output > 64.

Mar 29 2022, 9:20 AM

• gniibe added a comment to T4656: Windows 64-bit: functions which use pid_t.

Original MinGW and MinGW-w64 handle differently.
For MinGW-w64 on 64-bit machine, pid_t is 64-bit integer.
For original MinGW on 64-bit machine, pid_t is 32-bit integer.

Mar 29 2022, 8:18 AM · Memo

• gniibe committed rE660db9c9a90f: w32: Fix handle_to_pid for MinGW-w64. (authored by • gniibe).

w32: Fix handle_to_pid for MinGW-w64.

Mar 29 2022, 7:46 AM

• gniibe committed rGd05221065faf: dirmngr: Clean up for not supporting WindowsCE. (authored by • gniibe).

dirmngr: Clean up for not supporting WindowsCE.

Mar 29 2022, 6:43 AM

• gniibe committed rG2cebba72749c: gpg,tools: Remove use of repo only zlib-riscos.h. (authored by • gniibe).

gpg,tools: Remove use of repo only zlib-riscos.h.

Mar 29 2022, 5:09 AM

• gniibe added a comment to T5809: Expire subkey violates assertion "! sig->hashed".

Not applying the change to GnuPG 2.2, users can use GnuPG 2.3 for that.