I can replicate the error by 2.2.35, but I cannot replicate it with rG7b1db7192.
I tested:
- GNU/Linux
- i686
- x86_64
- Windows
- i686
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jun 20 2022
Jun 20 2022
Don't access NULL by wipememory.
Fix the previous commit.
Jun 16 2022
Jun 16 2022
I pushed the change needed for GnuPG to t5964 branch.
See: https://dev.gnupg.org/rGc281bd94349e4f7997a89927aaa2c2f45004b902
Added HKDF implementation to master.
kdf: Add HKDF of RFC5869.
• gniibe added a comment to T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd').
Applied to 1.10 branch.
• gniibe added a comment to T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd').
didn't seem to work with 1.9.x
Jun 15 2022
Jun 15 2022
Add constant from PKCS#11 3.0.
Tweak for GetSlotList for firefox.
Allow SeedRandom.
• gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.
• gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.
In the branch https://dev.gnupg.org/source/Scute/history/t6002/ , by the commit rS123d617ebefe: Less administration of devices by scute., things has been changed.
Less administration of devices by scute.
Jun 14 2022
Jun 14 2022
Fix sign/decrypt operation.
Add back LABEL to cert.
Fix keyinfo listing.
Change the slot allocation logic.
Fix slot_get_status.
Fix C_GetSlotInfo.
Add back the LABEL object.
Fix for valid tokens.
Fix for CKA_ID.
• gniibe committed rS07848a48bb11: Remove doc/version.texi from repo, as it's a generated file. (authored by • gniibe).
Remove doc/version.texi from repo, as it's a generated file.
Allow development with no VPATH build.
Experiment with KEYGRIP approach.
Use serialno of the card for the label.
Use the grip for scute_agent_get_cert.
No CERTREF any more. Use the grip.
keygen: Fix reading AEAD preference
• gniibe added a project to T6019: Parsing AEAD preference string parsing causes reads uninitialized memory: Restricted Project.
Thank you. Applied.
Jun 13 2022
Jun 13 2022
• gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.
I realized that we need to invent a way to represent KEYGRIP (40-byte string) in the scheme of PKCS#11; PKCS#11 uses fixed-size string (space padded) for it's label (32) and serialno (16). Basically, it identifies the device by slot number.
Jun 10 2022
Jun 10 2022
• gniibe committed rS60f19aa4977e: First step for multiple device support. Use keygrip. (authored by • gniibe).
First step for multiple device support. Use keygrip.
Remove $DISPSERIALNO support.
Only use the first slot for now.
• gniibe committed rGdd600bbc84dd: scd: Support specifying keygrip for learn command. (authored by • gniibe).
scd: Support specifying keygrip for learn command.
• gniibe committed rG273b8ec1931d: scd,openpgp: Support READCERT by keygrip. (authored by • gniibe).
scd,openpgp: Support READCERT by keygrip.
Jun 9 2022
Jun 9 2022
• gniibe added a comment to T5804: Using empty passphrase key pair, gpg2.3.4 fails to decrypt with error "No passphrase given" on a gpg1.4/2.0 keyring format even though the secret keys migration was successful .
Because it's the library which refuses null passphrase as input, only possible options are either:
• gniibe committed rGaeee62593ae9: agent,scd: Make sure to set CONFIDENTIAL flag in Assuan. (authored by • gniibe).
agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
Backported to GnuPG 2.2.
Jun 8 2022
Jun 8 2022
Applied the changes.
config: Remove 18 years unused variable
tests: Remove dead code
• gniibe committed rA70b465e0bf65: tests: Avoid leaking file descriptors on errors (authored by Jakuje).
tests: Avoid leaking file descriptors on errors
• gniibe committed rC6d32bf80846a: kdf: Add support for One-Step KDF with MAC. (authored by • gniibe).
kdf: Add support for One-Step KDF with MAC.
• gniibe renamed T5912: libgpg-error: Drop WindowsCE support from libgpg-err: Drop WindowsCE support to libgpg-error: Drop WindowsCE support.
• gniibe renamed T5862: authentication with USB token from authentication with USB token, ~~screen lock on token removal~~ to authentication with USB token.
• gniibe renamed T5862: authentication with USB token from authentication with USB token, screen lock on token removal to authentication with USB token, ~~screen lock on token removal~~.
Now, it also supports a reader with pinpad.
Jun 7 2022
Jun 7 2022
Remove WindowsCE support.
More for WindowsCE support removal.
Created gniibe/t5912 branch.
It works for me.
kdf: Add One-Step KDF with hash.
Fix for struct gcry_thread_cbs.
I can only find this one: https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors
Jun 6 2022
Jun 6 2022
Jun 2 2022
Jun 2 2022
• gniibe added a project to T6012: gpg-agent: Add --format=ssh option for READKEY: Restricted Project.
• gniibe committed rGd7a3c455c5e2: agent: Support --format=ssh option for READKEY. (authored by • gniibe).
agent: Support --format=ssh option for READKEY.
• gniibe added a project to T6010: gpg-connect-agent: /definqprog semantics enhancement: Restricted Project.
• gniibe committed rG5a327e8001c4: tools: Add a way to cancell INQUIRE for gpg-connect-agent. (authored by • gniibe).
tools: Add a way to cancell INQUIRE for gpg-connect-agent.
See https://github.com/google/xsecurelock/blob/master/helpers/authproto.h
for the interaction between xsecurelock and the helper.
I changed gpg-connect-agent (added --unbuffered option) so that we can write shell script interacting gpg-agent.
Wrote a shell script for xsecurelock's authproto (helper executable):
authproto-gpg-auth.sh2 KBDownload
• gniibe committed rG24d02b8a3275: tools: Add --unbuffered option to gpg-connect-agent. (authored by • gniibe).
tools: Add --unbuffered option to gpg-connect-agent.
Jun 1 2022
Jun 1 2022
• gniibe committed rP523a4f2d5d1c: Remove old code which makes sure NUL-termination of strings. (authored by • gniibe).
Remove old code which makes sure NUL-termination of strings.
Remove USE_CAPABILITIES.
secmem: Remove use of cap_set_proc.
pinentry: Remove dead code
• gniibe committed rPcd753c8560cd: pinentry: Terminate the buffer in the right place (authored by Jakuje).
pinentry: Terminate the buffer in the right place
• gniibe committed rPc2e7cc560bdb: secmem: Do not pass negative values to strerr (authored by Jakuje).
secmem: Do not pass negative values to strerr
secmem: Clean up ERRNO handling.
secmem: Remove RISC OS support.
• gniibe committed rC43f51d0ec6b5: secmem: Remove getting cap_ipc_lock by capabilities support. (authored by • gniibe).
secmem: Remove getting cap_ipc_lock by capabilities support.
I take this ticket. The way to go is removing all such cases.
May 31 2022
May 31 2022
Reference to a CVE for old MinGW-W64: https://nvd.nist.gov/vuln/detail/CVE-2018-1000101
https://sourceforge.net/p/mingw-w64/bugs/709/
• gniibe moved T5975: Allow signature verification using specific RSA keys <2k in FIPS mode from Next to Ready for release on the FIPS board.
Also applied to 1.10.
tests: Fix copy paste error
Fix memory leaks in tests
• gniibe added a project to T5973: libgcrypt: Minor test issues reported by coverity: Restricted Project.
Applied and pushed.
I learned that it's now called "OneStep KDF" in SP 800-56Cr2.
It's "SSKDF" in OpenSSL (Single Step KDF, perhaps).
May 27 2022
May 27 2022
• gniibe committed rG9f1dcfc7a7b4: agent: New field "Prompt" to prevent asking card key insertion. (authored by • gniibe).
agent: New field "Prompt" to prevent asking card key insertion.
• gniibe added a project to T5987: card: New field to specify refusing operations when card/token is not available: Restricted Project.