Page MenuHome GnuPG
Feed Advanced Search

Jun 21 2023

gniibe added a comment to T6547: gpgme: conf/config.h dependency.

Thank you. Now, I see the reason for conf/ sub directory.

Jun 21 2023, 3:51 AM

Jun 20 2023

gniibe triaged T6547: gpgme: conf/config.h dependency as Wishlist priority.
Jun 20 2023, 8:22 AM
gniibe closed T6495: kbx/keybox-dump.c: close file handle when return as Resolved.

Thank you.
Applied to master, 2.4 branch and 2.2 branch.

Jun 20 2023, 2:23 AM · gnupg
gniibe committed rG3efd0052854d: kbx: Close file handle when return. (authored by zhangguangzhi).
kbx: Close file handle when return.
Jun 20 2023, 2:23 AM
gniibe committed rG06aeb2b45c60: kbx: Close file handle when return. (authored by zhangguangzhi).
kbx: Close file handle when return.
Jun 20 2023, 2:23 AM
gniibe committed rG28a4d0d4f5c5: kbx: Close file handle when return. (authored by zhangguangzhi).
kbx: Close file handle when return.
Jun 20 2023, 2:23 AM
gniibe closed T6482: Delete redundant characters as Resolved.

Thank you.
Applied to master, 2.4 branch, and 2.2 branch.

Jun 20 2023, 2:10 AM · gnupg
gniibe committed rG96e3579f6dfa: delete redundant characters (authored by zhangguangzhi).
delete redundant characters
Jun 20 2023, 2:09 AM
gniibe committed rG40090dbbf9ea: delete redundant characters (authored by zhangguangzhi).
delete redundant characters
Jun 20 2023, 2:09 AM
gniibe committed rGbe77c0553203: delete redundant characters (authored by zhangguangzhi).
delete redundant characters
Jun 20 2023, 2:09 AM

Jun 19 2023

gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Here is a possible change (... to master, assuming it's good to support use case of RFC 8702):

diff --git a/cipher/keccak.c b/cipher/keccak.c
index 22c40302..76e08cb5 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -1630,8 +1630,8 @@ const gcry_md_spec_t _gcry_digest_spec_sha3_512 =
 const gcry_md_spec_t _gcry_digest_spec_shake128 =
   {
     GCRY_MD_SHAKE128, {0, 1},
-    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 0,
-    shake128_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 32,
+    shake128_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake128_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
@@ -1639,8 +1639,8 @@ const gcry_md_spec_t _gcry_digest_spec_shake128 =
 const gcry_md_spec_t _gcry_digest_spec_shake256 =
   {
     GCRY_MD_SHAKE256, {0, 1},
-    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 0,
-    shake256_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 64,
+    shake256_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake256_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
Jun 19 2023, 4:53 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Reading RFC 8702, I realized that it defines the hash size in the use of CMS as: SHAKE128 : 32-byte SHAKE256 : 64-byte.

Jun 19 2023, 4:47 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Applied rC8cdd0d353e19: cipher:pubkey: Check digest size which should not be zero. for 1.10.

Jun 19 2023, 4:36 AM · libgcrypt, FIPS, Bug Report

Jun 16 2023

gniibe claimed T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Jun 16 2023, 9:36 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

I found this use case: RFC 8702
"Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)": https://www.rfc-editor.org/rfc/rfc8702.html

Jun 16 2023, 9:35 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Another possibility for digest&sign API: it is possible to determine the length of required hash function by the underlining field Fp of the curve in use. Then, use this length instead. It's better than to (try to) get the length by _gcry_md_get_algo_dlen (for SHAKE, it's undefined).

Jun 16 2023, 9:16 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6507: SCRYPT does not work in FIPS mode from Open to Testing.

Fixed in both of master and 1.10 branch.

Jun 16 2023, 8:11 AM · libgcrypt, FIPS, Bug Report
gniibe committed rC70b1b036f3ee: tests: Allow KDF measurement in FIPS mode. (authored by gniibe).
tests: Allow KDF measurement in FIPS mode.
Jun 16 2023, 8:04 AM
gniibe committed rCf4bff832c7f5: cipher:kdf: Move FIPS mode check to _gcry_kdf_derive. (authored by gniibe).
cipher:kdf: Move FIPS mode check to _gcry_kdf_derive.
Jun 16 2023, 8:04 AM
gniibe changed the status of T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution from Open to Testing.
Jun 16 2023, 7:28 AM · FIPS, Bug Report
gniibe claimed T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution.

For libgcrypt, initially when the code was put, it made some sense.
Now, it's useless, so, let's simply remove the message.

Jun 16 2023, 7:28 AM · FIPS, Bug Report
gniibe committed rC6c79dcddd151: Remove out of core handler setting message in FIPS mode. (authored by gniibe).
Remove out of core handler setting message in FIPS mode.
Jun 16 2023, 7:26 AM
gniibe changed the status of T6511: EdDSA support in FIPS mode from Open to Testing.

Added: rC547dfb5aecc1: cipher:ecc: Add selftests for EdDSA.
Added: rC3ac2bba4a4b1: cipher:ecc: Implement PCT for EdDSA.

Jun 16 2023, 7:12 AM · FIPS, libgcrypt, Bug Report
gniibe committed rC3ac2bba4a4b1: cipher:ecc: Implement PCT for EdDSA. (authored by gniibe).
cipher:ecc: Implement PCT for EdDSA.
Jun 16 2023, 7:12 AM
gniibe committed rC97f4a94d5960: build: Detect broken GCC for x86/AVX512 intrinsics. (authored by gniibe).
build: Detect broken GCC for x86/AVX512 intrinsics.
Jun 16 2023, 6:13 AM
gniibe committed rC547dfb5aecc1: cipher:ecc: Add selftests for EdDSA. (authored by gniibe).
cipher:ecc: Add selftests for EdDSA.
Jun 16 2023, 5:05 AM
gniibe committed rC73d2f5d93541: tests: EdDSA keys work in FIPS mode (authored by Jakuje).
tests: EdDSA keys work in FIPS mode
Jun 16 2023, 4:49 AM
gniibe committed rCc08ea202d916: ecc: Enable Ed25519 and Ed448 in FIPS mode (authored by Jakuje).
ecc: Enable Ed25519 and Ed448 in FIPS mode
Jun 16 2023, 4:49 AM

Jun 15 2023

gniibe committed rG0f8e5f1c1db0: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Jun 15 2023, 11:17 AM
gniibe committed rG6a2cb8cfd714: agent,w32: Fix resource leak for a process. (authored by gniibe).
agent,w32: Fix resource leak for a process.
Jun 15 2023, 11:17 AM
gniibe committed rCed879d832659: cipher:ecc: Fix EdDSA secret key check. (authored by gniibe).
cipher:ecc: Fix EdDSA secret key check.
Jun 15 2023, 6:42 AM
gniibe committed rCf4019ed225bf: context: Make the context chain-able. (authored by gniibe).
context: Make the context chain-able.
Jun 15 2023, 4:27 AM
gniibe added a comment to rCc160e1a85f82: cipher:pubkey: Fix non-use of flexible array member..

I agree that the "future" won't come, ever. (for libgcrypt)

Jun 15 2023, 2:02 AM

Jun 14 2023

gniibe committed rCc160e1a85f82: cipher:pubkey: Fix non-use of flexible array member. (authored by gniibe).
cipher:pubkey: Fix non-use of flexible array member.
Jun 14 2023, 10:13 AM
gniibe committed rC86fcf8292208: cipher:ecc: Support gcry_pk_hash_sign/verify for EdDSA. (authored by gniibe).
cipher:ecc: Support gcry_pk_hash_sign/verify for EdDSA.
Jun 14 2023, 7:59 AM
gniibe added a comment to T6511: EdDSA support in FIPS mode.

I found that for EdDSA other than pure Ed25519, it can supply context.
I changed the semantics and API for adding context and input data, as we need to support both simultaneously.

Jun 14 2023, 7:49 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6511: EdDSA support in FIPS mode.

I changed the lg-input-data.diff patch not to break the ABI, reusing the published symbol of gcry_pk_random_override_new.
With this approach, if/when needed, backporting may be easier.
Drawback is debugging internal of libgcrypt will be a bit confusing.

Jun 14 2023, 4:50 AM · FIPS, libgcrypt, Bug Report

Jun 13 2023

gniibe committed rC469919751d6e: cipher:ecc: Fix public key computation for EdDSA. (authored by gniibe).
cipher:ecc: Fix public key computation for EdDSA.
Jun 13 2023, 7:49 AM
gniibe added a comment to T6511: EdDSA support in FIPS mode.

Before adding FIPS support flag and tests, we need to modify implementation:

  • Adding PCT check for EdDSA
  • Adding support of gcry_pk_hash_sign/verify API for EdDSA
Jun 13 2023, 6:33 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6271: The old FSF address in libgcrypt source code.

Thanks. I think that it was the oldest one: FSF used to be there in Cambridge, then moved to Tremont St. in Boston, and now it's in Franklin St.

Jun 13 2023, 3:10 AM · Documentation, libgcrypt, Bug Report

Jun 12 2023

gniibe committed rC263aa80b39dc: cipher:pubkey: Factor out data SEXP preparation. (authored by gniibe).
cipher:pubkey: Factor out data SEXP preparation.
Jun 12 2023, 6:08 AM
gniibe added a comment to T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

To summarize, here is the situation:

  • Ideally, it would be good to modify GnuPG and Emacs EasyPG to implement status handling and input handling in better way.
Jun 12 2023, 2:13 AM · Emacs, gnupg, Bug Report

Jun 9 2023

gniibe committed rCe0f7e927c594: cipher: Factor functions for ECC selftests. (authored by gniibe).
cipher: Factor functions for ECC selftests.
Jun 9 2023, 9:34 AM
gniibe committed rG5170c366eec2: common: Update t-exechelp to write/read smaller chunks. (authored by gniibe).
common: Update t-exechelp to write/read smaller chunks.
Jun 9 2023, 4:27 AM

Jun 8 2023

gniibe added a comment to T6511: EdDSA support in FIPS mode.

I'm going to add selftest of EdDSA with test vectors from RFC 8032.

Jun 8 2023, 8:32 AM · FIPS, libgcrypt, Bug Report
gniibe changed the status of T6512: keyboxd with data pipe from Open to Testing.

With the fix of T6523, make check goes all well (on Wine emulation and on Windows, for i686 and for x86_64).

Jun 8 2023, 7:45 AM · gnupg26, Bug Report
gniibe committed rG1b0ce9918c32: tests: Fix call-with-io deadlock. (authored by gniibe).
tests: Fix call-with-io deadlock.
Jun 8 2023, 7:44 AM
gniibe changed the status of T6523: gpgscm: call-with-io deadlock when larger stderr output from Open to Testing.

Fixed in master.

Jun 8 2023, 7:43 AM · gnupg26, Bug Report
gniibe changed the status of T6523: gpgscm: call-with-io deadlock when larger stderr output, a subtask of T6512: keyboxd with data pipe, from Open to Testing.
Jun 8 2023, 7:43 AM · gnupg26, Bug Report
gniibe added a comment to T6523: gpgscm: call-with-io deadlock when larger stderr output.

I modified ffi.c, to have renamed process-spawn-io function doing I/O by C.

Jun 8 2023, 7:39 AM · gnupg26, Bug Report
gniibe triaged T6523: gpgscm: call-with-io deadlock when larger stderr output as Low priority.
Jun 8 2023, 7:37 AM · gnupg26, Bug Report

Jun 7 2023

gniibe committed rGf5656ff363a0: kbx: Fix datastream_thread and use the data pipe. (authored by gniibe).
kbx: Fix datastream_thread and use the data pipe.
Jun 7 2023, 8:33 AM
gniibe added a comment to T6512: keyboxd with data pipe.

Calling assuan_release before kbx_client_data_release is the best (and we join the thread).

Jun 7 2023, 8:24 AM · gnupg26, Bug Report
gniibe committed rG9433dfa5dd4b: common: Add test case for IPC with spawned process. (authored by gniibe).
common: Add test case for IPC with spawned process.
Jun 7 2023, 2:12 AM

Jun 6 2023

gniibe committed rA2f0232b15fdc: w32: Fix closing for non-socket HANDLE. (authored by gniibe).
w32: Fix closing for non-socket HANDLE.
Jun 6 2023, 8:32 AM

Jun 5 2023

gniibe added a comment to T6512: keyboxd with data pipe.

tests/openpgp/import.scm hangs with 4096*4.

Jun 5 2023, 7:03 AM · gnupg26, Bug Report

Jun 2 2023

gniibe added a comment to T6512: keyboxd with data pipe.

Test with Wine (i686) emulation, I encountered another hang at: Checking armored_key_8192

Jun 2 2023, 8:33 AM · gnupg26, Bug Report
gniibe added a comment to T6512: keyboxd with data pipe.

It looks like having the datastream_thread may be not worth.
One possibility is to implement synchronous read from pipe in kbx_client_data_wait, instead of datastream_thread.

Jun 2 2023, 8:29 AM · gnupg26, Bug Report

Jun 1 2023

gniibe claimed T6511: EdDSA support in FIPS mode.
Jun 1 2023, 9:46 AM · FIPS, libgcrypt, Bug Report
gniibe committed rA592f6bb89ad1: w32: Fix hello_line parsing for fd passing. (authored by gniibe).
w32: Fix hello_line parsing for fd passing.
Jun 1 2023, 6:41 AM
gniibe added a comment to T6512: keyboxd with data pipe.

The problem of hang of tests/openpgp/multisig.scm is solved by rGef4f22b9d98b: gpg: Graceful exit for signature checking with --batch.
But the problem itself is not yet solved.

Jun 1 2023, 5:04 AM · gnupg26, Bug Report
gniibe committed rGef4f22b9d98b: gpg: Graceful exit for signature checking with --batch. (authored by gniibe).
gpg: Graceful exit for signature checking with --batch.
Jun 1 2023, 5:03 AM
gniibe added a comment to T6512: keyboxd with data pipe.

It is reproducible by testing tests/openpgp/multisig.scm with keyboxd enabled (it hangs), with the modification of following.

Jun 1 2023, 4:58 AM · gnupg26, Bug Report
gniibe created T6512: keyboxd with data pipe.
Jun 1 2023, 4:51 AM · gnupg26, Bug Report
gniibe committed rG0fba0bbc6215: w32: Fix use of assuan_sendfd. (authored by gniibe).
w32: Fix use of assuan_sendfd.
Jun 1 2023, 2:16 AM

May 31 2023

gniibe committed rAc69578bc248e: w32: Always include process information in HELLO. (authored by gniibe).
w32: Always include process information in HELLO.
May 31 2023, 9:49 AM
gniibe committed rAefccdb36ec33: w32: Fix error return for sending fd. (authored by gniibe).
w32: Fix error return for sending fd.
May 31 2023, 9:49 AM

May 30 2023

gniibe added a comment to rPTHa075e11080bf: w32: Initialize variable to silence compiler warning..

Possibly, it may consider the case where errno==0 when failure.

May 30 2023, 10:43 AM
gniibe committed rPTHa075e11080bf: w32: Initialize variable to silence compiler warning. (authored by gniibe).
w32: Initialize variable to silence compiler warning.
May 30 2023, 8:27 AM
gniibe committed rTee3cbee5a24d: Fix the previous change. (authored by gniibe).
Fix the previous change.
May 30 2023, 8:12 AM
gniibe committed rT2977b554dec9: Use -no-fast-install LDFLAGS for Windows. (authored by gniibe).
Use -no-fast-install LDFLAGS for Windows.
May 30 2023, 8:12 AM

May 26 2023

gniibe committed rGf15a643a2d45: agent,dirmngr: Shutdown fix for supervised mode. (authored by gniibe).
agent,dirmngr: Shutdown fix for supervised mode.
May 26 2023, 8:32 AM
gniibe committed rGfe881167c5b8: agent,w32: Fix resource leak for a process. (authored by gniibe).
agent,w32: Fix resource leak for a process.
May 26 2023, 3:10 AM
gniibe committed rE6877540eb1fc: Add GNU system support for cross compilation. (authored by gniibe).
Add GNU system support for cross compilation.
May 26 2023, 2:13 AM

May 25 2023

gniibe added a comment to T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.

Since it's ABI change, I created a branch: https://dev.gnupg.org/source/libassuan/history/gniibe%252Ft6487/

May 25 2023, 7:05 AM · libassuan, Memo
gniibe committed rA3bccb33ccd90: Add new pipe functions to control its server process. (authored by gniibe).
Add new pipe functions to control its server process.
May 25 2023, 7:03 AM
gniibe committed rG39a437378015: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
May 25 2023, 6:44 AM
gniibe committed rG6984ddc6ebf5: common,w32: Fix gnupg_process_release. (authored by gniibe).
common,w32: Fix gnupg_process_release.
May 25 2023, 6:44 AM

May 24 2023

gniibe committed rA8d83aea214a1: Allow use of global system hooks with API version 2. (authored by gniibe).
Allow use of global system hooks with API version 2.
May 24 2023, 7:35 AM
gniibe added a comment to T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.

I conclude that adding two public functions for pipe connection of client will be useful (and solve the pid_t issue, by successfully hiding those use cases).

May 24 2023, 7:32 AM · libassuan, Memo
gniibe added a comment to T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

I pushed the change which keeps old status report behavior to master.
Let me test the change.

May 24 2023, 3:48 AM · Emacs, gnupg, Bug Report
gniibe committed rG2f872fa68c65: gpg: Report BEGIN_* status before examining the input. (authored by gniibe).
gpg: Report BEGIN_* status before examining the input.
May 24 2023, 3:48 AM
gniibe added a comment to T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

looks simpler to me.

May 24 2023, 3:24 AM · Emacs, gnupg, Bug Report

May 23 2023

gniibe added a comment to T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

Orthogonally, here is possible change for GnuPG, if we need to support the workaround of compress-level 0 in ~/.gnupg/gpg.conf.

May 23 2023, 2:11 PM · Emacs, gnupg, Bug Report
gniibe added a comment to T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

OK, here is my changes which always use make-temp-file (to avoid confusion between data input and passphrase input).

May 23 2023, 10:47 AM · Emacs, gnupg, Bug Report
gniibe claimed T6481: BEGIN_ENCRYPTION status output happens later in 2.4.1 (breaks Emacs's EasyPG).

I use epg.el with the change of removing the wait:

May 23 2023, 9:23 AM · Emacs, gnupg, Bug Report

May 17 2023

gniibe added a comment to T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.

For (2-2), there are two use cases in GnuPG.
(A) In call-daemon.c (for SCD and TPM2D), wait_child_thread cares about daemon termination to clean up resources. In this case, it calls waitpid/WaitForSingleObject.
(B) In call-pinentry.c, watch_sock cares about dangling pinentry. When it detects client's EOF on the socket (between the client and gpg-agent), it kills pinentry process. In this case, it calls kill/TerminateProcess.

May 17 2023, 9:02 AM · libassuan, Memo
gniibe committed rGb789ada2b07a: scd: Fix send_client_notifications for Windows. (authored by gniibe).
scd: Fix send_client_notifications for Windows.
May 17 2023, 8:31 AM
gniibe committed rAaf34d84651b6: doc: Update documentation for the method spawn and waitpid. (authored by gniibe).
doc: Update documentation for the method spawn and waitpid.
May 17 2023, 6:25 AM
gniibe committed rE89e53ad90f3a: w32: Use _putenv_s when available. (authored by gniibe).
w32: Use _putenv_s when available.
May 17 2023, 5:27 AM
gniibe added a comment to T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.

Finished the step to have cleaner semantics of the implementation by: rA6350f796fdd1: w32: Cleaner semantics for PID and Process handle.
Clarified the fact (1-1).
And as a bonus, when it's "cygwin" mode, peer (client) process ID is now available.

May 17 2023, 5:06 AM · libassuan, Memo
gniibe closed T6293: w32: putenv in Microsoft runtime doesn't support GNU extension as Resolved.
May 17 2023, 4:37 AM · gnupg, Bug Report
gniibe committed rA316fae440197: w32: File handle passing to server is now supported. (authored by gniibe).
w32: File handle passing to server is now supported.
May 17 2023, 4:33 AM
gniibe committed rA5d1cdaaa03c6: Don't use ASSUAN_INVALID_PID for assuan_pid_t value. (authored by gniibe).
Don't use ASSUAN_INVALID_PID for assuan_pid_t value.
May 17 2023, 4:33 AM
gniibe committed rA6350f796fdd1: w32: Cleaner semantics for PID and Process handle. (authored by gniibe).
w32: Cleaner semantics for PID and Process handle.
May 17 2023, 4:07 AM
gniibe committed rAf3b3ddfd7ffb: Fix comments. (authored by gniibe).
Fix comments.
May 17 2023, 4:07 AM

May 16 2023

gniibe committed rGd22106276947: w32: Also use _putenv_s for gnupg_unsetenv. (authored by gniibe).
w32: Also use _putenv_s for gnupg_unsetenv.
May 16 2023, 12:13 PM
gniibe committed rG86cdb49097a1: w32: Use _putenv_s. (authored by gniibe).
w32: Use _putenv_s.
May 16 2023, 9:27 AM
gniibe renamed T6487: libassuan: Clear semantics for assuan_get_pid and improve use cases for process control from libassuan: Deprecate assuan_get_pid and improve use cases for process control to libassuan: Clear semantics for assuan_get_pid and improve use cases for process control.
May 16 2023, 8:06 AM · libassuan, Memo
gniibe committed rA18edc4f89f9a: Fix wrong return type for functions. (authored by gniibe).
Fix wrong return type for functions.
May 16 2023, 7:55 AM