- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Dec 19 2023
Dec 18 2023
@jukivili Thanks a lot. Please push the change to 1.10 branch and master.
Dec 15 2023
Thank you for your report.
Dec 12 2023
Ah... it fails by make check because it does change the text in tests/basic.c which requires update of hash value.
I'm going to take care of this regressions.
Thank you. All applied and pushed to master.
In 2.4, a user need to specify disable-ccid in scdaemon.conf when scdaemon is built with integrated CCID driver (using libusb) but the user wants to use PC/SC driver instead.
Dec 8 2023
Dec 7 2023
Dec 1 2023
Nov 30 2023
Nov 27 2023
It's true that for KEYTOCARD command, there is optional argument for ECDH.
My point is that for PKDECRYPT command, it will be needed to add mechanism for getting such a parameter (when we use KEM API in gpg-agent).
Considering the design of gpg-agent which focuses on private key operations and data, it would be better to enhance the gpg-agent protocol to inquire public key data of any format defined by the client (including ECDH KDF parameters of OpenPGP). I mean, instead of storing data in the key file (originally designed for private key + some additional data), we will enhance the protocol.
Nov 22 2023
Nov 20 2023
Nov 17 2023
Applied to 2.4, too.
Nov 16 2023
To align the documentation of GnuPG, we should not use GNUPGHOME in FILES section.
It may be controlled by --homedir as well as GNUPGHOME.
GNUPGHOME is addressed in the ENVIRONMENT section, so, I don't think it makes sense using $GNUPGHOME}/trustedkeys.kbx.
Thank you. Applied and pushed in: rG260004747016: gpgv: Update used keyrings in doc FILES section
Nov 15 2023
@item handling with @table has been pushed.
RSA improvement is not that worth now.
OK. When we will need and do, I will open new one.
The fix is in 1.10.3.
Fix is in 1.10.3.
Nov 14 2023
I learned about how @item is handled by TeX. By @table command, user specifies how to handle the item line. In the case of GnuPG, it is like:
@table @gnupgtabopt @item --version ... @item --help
(Emacs uses @table @samp, while GCC uses @table @gcctabopt.)
And @gnupgtabopt is a macro which is expanded to @code{\body\}
Nov 10 2023
I think that tried_password_cache in the documentation is wrong. The text:
and @code{tried_password_cache} is false
Nov 9 2023
Pushed the change to master/2.4.
Nov 8 2023
I guess that it's a case of specifying static passphrase. If so, here is the patch:
diff --git a/g10/call-agent.c b/g10/call-agent.c index cb7053396..c44c1cddb 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -161,6 +161,7 @@ default_inq_cb (void *opaque, const char *line) || has_leading_keyword (line, "NEW_PASSPHRASE")) && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK) { + assuan_begin_confidential (parm->ctx); if (have_static_passphrase ()) { s = get_static_passphrase (); @@ -187,6 +188,7 @@ default_inq_cb (void *opaque, const char *line) err = assuan_send_data (parm->ctx, pw, strlen (pw)); xfree (pw); } + assuan_end_confidential (parm->ctx); } else if ((s = has_leading_keyword (line, "CONFIRM")) && opt.pinentry_mode == PINENTRY_MODE_LOOPBACK diff --git a/sm/call-agent.c b/sm/call-agent.c index 883c0c644..7f7205f26 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -222,7 +222,9 @@ default_inq_cb (void *opaque, const char *line) && have_static_passphrase ()) { const char *s = get_static_passphrase (); + assuan_begin_confidential (parm->ctx); err = assuan_send_data (parm->ctx, s, strlen (s)); + assuan_end_confidential (parm->ctx); } else log_error ("ignoring gpg-agent inquiry '%s'\n", line);
(I also found similar case for gpg as well as gpgsm.)
Pushed the changes for ...sc_op_failure routines to master/2.4.
We would need to revise tools/card-call-scd.c:status_sc_op_failure and g10/card-util.c:write_sc_op_status to catch GPG_ERR_PIN_BLOCKED and GOG_ERR_NO_RESET_CODE.
I found two places in scdaemon which return GPG_ERR_BAD_PIN. GPG_ERR_PIN_BLOCKED is relevant here.
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 66ec9f4a9..77d428786 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2859,7 +2859,7 @@ build_enter_admin_pin_prompt (app_t app, char **r_prompt, int *r_remaining) if (!remaining) { log_info (_("card is permanently locked!\n")); - return gpg_error (GPG_ERR_BAD_PIN); + return gpg_error (GPG_ERR_PIN_BLOCKED); }
Possible approach for source texinfo files and yat2m would be:
Nov 7 2023
Applied a patch from 2.4/master to 2.2 for SEGV when card gives bogus data. rG600e69b46149: scd:openpgp: Fix a segv for cards supporting unknown curves.
Nov 6 2023
@desultory Thank you for your report.
Please open a new ticket for your problem. If you can, please show the result of https://dev.gnupg.org/T5963#157724
Nov 2 2023
I found a regression for @item --version; It emits \[en]version for roff.
Pushed my fix to support them.
Nov 1 2023
Oct 31 2023
In master, when fixing padding issue, libgcrypt/src/const-time.h is just introduced.
I will replace your functions.
Oct 30 2023
Oct 27 2023
Oct 16 2023
For length information, we can find that Simon's patch (let me call it v1) has length argument:
https://gitlab.com/jas/libgcrypt/-/commit/3af635afca052a9575912b257fe7518a58bfe810
Oct 11 2023
@fse Thank you for your comment (quick ! :-).
Oct 10 2023
Oct 9 2023
Please send us patches (to this branch).
Oct 6 2023
Pushed the change into kem-kyber branch.
https://dev.gnupg.org/source/libgcrypt/history/kem-kyber/