Feed All Stories

Jun 25 2019

werner renamed T4581: Kleopatra stuck in loading the certificate cache from not opening to Kleopatra stuck in loading the certificate cache.
Jun 25 2019, 3:33 PM · gpg4win, kleopatra, Bug Report
werner added projects to T4581: Kleopatra stuck in loading the certificate cache: kleopatra, gpg4win.
Jun 25 2019, 3:32 PM · gpg4win, kleopatra, Bug Report
allpond created T4581: Kleopatra stuck in loading the certificate cache.
Jun 25 2019, 2:27 PM · gpg4win, kleopatra, Bug Report
werner closed T4579: RSA CRT decryption occasional failure as Invalid.
Jun 25 2019, 1:28 PM · OpenPGP, Not A Bug
Anthony added a comment to T4579: RSA CRT decryption occasional failure.

I see. Thanks for your explanation.

Jun 25 2019, 12:07 PM · OpenPGP, Not A Bug
werner triaged T4580: Update the password checking algorithm as Low priority.
Jun 25 2019, 10:24 AM · gpgagent, Feature Request
werner committed rGc8e62965bc90: scd: Return a stable list with "getinfo card_list". (authored by werner).
scd: Return a stable list with "getinfo card_list".
Jun 25 2019, 9:51 AM
werner committed rG92ba831758cf: scd: Do not conflict if a card with another serialno is demanded. (authored by werner).
scd: Do not conflict if a card with another serialno is demanded.
Jun 25 2019, 9:51 AM
werner committed rGd803b3bb3c08: scd: Add an re-select mechanism to switch apps. (authored by werner).
scd: Add an re-select mechanism to switch apps.
Jun 25 2019, 9:51 AM
gniibe committed rCab57613f10ad: sexp: Support reading base64. (authored by gniibe).
sexp: Support reading base64.
Jun 25 2019, 7:36 AM
gniibe changed the status of T4274: Fail selftests when checksum file is missing in FIPS mode only from Open to Testing.
Jun 25 2019, 6:01 AM · Testing, libgcrypt, Bug Report
gniibe changed the status of T4274: Fail selftests when checksum file is missing in FIPS mode only, a subtask of T4294: Release Libgcrypt 1.9.0, from Open to Testing.
Jun 25 2019, 6:01 AM · Release Info, libgcrypt
gniibe changed the status of T4293: Add dedicated X25519 function to Libcgrypt from Open to Testing.
Jun 25 2019, 5:46 AM · Testing, libgcrypt
gniibe changed the status of T4293: Add dedicated X25519 function to Libcgrypt , a subtask of T4294: Release Libgcrypt 1.9.0, from Open to Testing.
Jun 25 2019, 5:46 AM · Release Info, libgcrypt
gniibe committed rC1caaedf3ecf8: ecc: Add Curve448. (authored by gniibe).
ecc: Add Curve448.
Jun 25 2019, 3:21 AM
dkg added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

I'm unlikely to put a windows-specific patch into the debian source, as
i have no good way of testing it, and it wouldn't affect any binary that
we ship.

Jun 25 2019, 2:57 AM · gpgagent, gnupg, Bug Report
equwal created T4580: Update the password checking algorithm.
Jun 25 2019, 2:44 AM · gpgagent, Feature Request

Jun 24 2019

werner edited projects for T4579: RSA CRT decryption occasional failure, added: Not A Bug, OpenPGP; removed Bug Report.

I see. Thus the problem is that IPWorksOpenPGP does not create proper OpenPGP private keys. I guess they use OpenSSL with their different CRT parameter style and do not convert them correctly. RFC-4880 says this in 5.5.3:

The secret key is this series of multiprecision integers:
o  MPI of RSA secret exponent d;
o  MPI of RSA secret prime value p;
o  MPI of RSA secret prime value q (p < q);
o  MPI of u, the multiplicative inverse of p, mod q.
Jun 24 2019, 2:37 PM · OpenPGP, Not A Bug
Valodim added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

It's been a while, any word on this? I sent the DCO as requested. Are there any technical concerns left to address?

Jun 24 2019, 12:48 PM · gnupg (gpg23), Feature Request
JJworx added a comment to T4278: Signed mails not visible in Exchange web interface (owa).

I just received answer that this is still a problem in the current release.

Jun 24 2019, 8:34 AM · gpgol, Bug Report, gpg4win
werner closed T4549: git pushing to playfair yields "error: invalid key: hooks.denypush.branch.XXX" and "error: invalid key: hooks.denymerge.XXX" as Resolved.

@dkg: Please keep using slashes. The problem was that slashes are not allowed in git config keys. We use the branch name in some git config keys and thus they need to be mapped to soemthing different (ie. '-').

Jun 24 2019, 8:18 AM · dev.gnupg.org
Laurent Montel <montel@kde.org> committed rKLEOPATRAd17f03e7c671: GIT_SILENT: Prepare 5.11.3 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.11.3
Jun 24 2019, 7:02 AM
Laurent Montel <montel@kde.org> committed rLIBKLEO059cd707b017: GIT_SILENT: Prepare 5.11.3 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.11.3
Jun 24 2019, 7:01 AM
gniibe added a comment to E505: Weekly Standup.

Topics:

  • (simpler workaround to change the order of killing) Fix to race condition gpgconf --kill : T4577

Last week:

This week:

  • libgcrypt adding X448 curve
  • Gnuk adding X448 curve: 32-bit limb or 28-bit limb?
Jun 24 2019, 4:31 AM
gniibe is attending E505: Weekly Standup.
Jun 24 2019, 4:27 AM
gniibe committed rCb4a1114dc776: ecc: Correctly return an error. (authored by gniibe).
ecc: Correctly return an error.
Jun 24 2019, 4:23 AM
gniibe added a comment to rCa658c9ccc2c7: ecc: Improve new ECDH API..

Thanks for your review.

Jun 24 2019, 4:18 AM
gniibe added a comment to T4549: git pushing to playfair yields "error: invalid key: hooks.denypush.branch.XXX" and "error: invalid key: hooks.denymerge.XXX".

It works for me.

Jun 24 2019, 4:03 AM · dev.gnupg.org
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

@dkg, for your patch, it can be improved for Windows by using its event mechanism. You can see gnupg/scd/scdaemon.c.

Jun 24 2019, 4:00 AM · gpgagent, gnupg, Bug Report
dkg updated subscribers of T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

Hm, T4521 suggests that the two different cases should not be treated differently. If you think that they *should* cause distinct behavior, please do mention it over there!

Jun 24 2019, 2:24 AM · gpgagent, gnupg, Bug Report
dkg committed rGd7d1ff45574e: spelling: Fix "synchronize" (authored by dkg).
spelling: Fix "synchronize"
Jun 24 2019, 2:21 AM
dkg committed rG520f5d70e412: spelling: Fix "synchronize" (authored by dkg).
spelling: Fix "synchronize"
Jun 24 2019, 2:20 AM
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

There are two different cases: (1) By SIGTERM and (2) By KILLAGENT. It's true that the agent stops accepting on the listening socket for (1), but it's not the case for (2).
This particular problem is for the case (2).

Jun 24 2019, 1:59 AM · gpgagent, gnupg, Bug Report

Jun 23 2019

slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Werner, I interpreted jwilik's patch as admission of a problem from upstream, and reported it as such to CVE. I felt that since this does not effect the main platforms (ARM and x86_64) it would not be a big deal. If I interpreted wrong, I am sorry.

Jun 23 2019, 7:52 PM · side-channel, libgcrypt, Bug Report
slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

I assigned the CVE, but yes it needs more facts.

Jun 23 2019, 5:48 PM · side-channel, libgcrypt, Bug Report
werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Andreas, I wonder on which grounds you assigned a CVE for this claimed side-channel attack. The mentioned paper is about an old RSA side-channel and not on AES. I would like to see more facts than the reference to a guy who knows PPC pretty well.

Jun 23 2019, 5:45 PM · side-channel, libgcrypt, Bug Report
Anthony added a comment to T4579: RSA CRT decryption occasional failure.

The gpg --version shows:

Jun 23 2019, 5:17 PM · OpenPGP, Not A Bug
werner added a comment to T4579: RSA CRT decryption occasional failure.

Which Libgcrypt version is used (gpg --version shows it).

Jun 23 2019, 12:09 PM · OpenPGP, Not A Bug
Laurent Montel <montel@kde.org> committed rKLEOPATRA7c4fbbda0062: GIT_SILENT: time to update version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to update version
Jun 23 2019, 12:10 AM
Laurent Montel <montel@kde.org> committed rLIBKLEO661c76f5055f: GIT_SILENT: time to update version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to update version
Jun 23 2019, 12:10 AM

Jun 22 2019

ametzler1 added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

This bug has been assigned CVE-2019-12904. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904

Jun 22 2019, 6:36 AM · side-channel, libgcrypt, Bug Report
slandden added a comment to D493: AES block modes for PPC.

I will work on OCB mode, eventually. Perhaps you could review what I have, but leave T4529 open until OCB mode is completed.

Jun 22 2019, 1:52 AM

Jun 21 2019

dkg added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

@gniibe, thanks for the diagnosis! I agree that restarting or shutting down the backends should be done in the reverse order as a simple workaround.

Jun 21 2019, 6:24 PM · gpgagent, gnupg, Bug Report
werner committed rG0400a4eb1782: scd: Take the lock earlier in the function dispatchers. (authored by werner).
scd: Take the lock earlier in the function dispatchers.
Jun 21 2019, 2:54 PM
werner committed rGb304c006a3c9: scd: Take the card look while running app->with_keygrip. (authored by werner).
scd: Take the card look while running app->with_keygrip.
Jun 21 2019, 2:54 PM
Anthony created T4579: RSA CRT decryption occasional failure.
Jun 21 2019, 11:50 AM · OpenPGP, Not A Bug
werner committed rG1b78e4951ed7: scd: Add code to check whether app switching is possible. (authored by werner).
scd: Add code to check whether app switching is possible.
Jun 21 2019, 11:45 AM
werner committed rG43dcf93407d6: scd: Simplify inclusion of app-common.h. (authored by werner).
scd: Simplify inclusion of app-common.h.
Jun 21 2019, 11:45 AM
werner committed rG91e2931caac9: scd: Track the currently selected app. (authored by werner).
scd: Track the currently selected app.
Jun 21 2019, 11:45 AM
werner committed rG9551275857c1: scd: Use enums for cardtype and apptype. (authored by werner).
scd: Use enums for cardtype and apptype.
Jun 21 2019, 11:45 AM
werner committed rG4256e9f0f1bf: gpg: Very minor code cleanup. (authored by werner).
gpg: Very minor code cleanup.
Jun 21 2019, 11:45 AM
Valodim added a comment to T4493: Default to HKPS, not HKP.

A possible exception here is that .onion TLDs should stick with HKP by default

Jun 21 2019, 11:16 AM · dirmngr, Feature Request
jukivili added inline comments to rCa658c9ccc2c7: ecc: Improve new ECDH API..
Jun 21 2019, 10:09 AM
werner triaged T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one as Normal priority.
Jun 21 2019, 10:04 AM · gpgme, Python, Feature Request
gniibe committed rG062417f4b80f: tools: Fix gpg-pair-tool to follow new API. (authored by gniibe).
tools: Fix gpg-pair-tool to follow new API.
Jun 21 2019, 5:08 AM
gniibe committed rC6934711d572e: tests: Fix the Curve25519 test. (authored by gniibe).
tests: Fix the Curve25519 test.
Jun 21 2019, 4:56 AM
gniibe committed rCa658c9ccc2c7: ecc: Improve new ECDH API. (authored by gniibe).
ecc: Improve new ECDH API.
Jun 21 2019, 4:53 AM
gniibe added a comment to T4293: Add dedicated X25519 function to Libcgrypt .

Thanks, that's a good point. I'm adding gcry_ecc_get_algo_keylen.
I also changing the API for output (not allocating a buffer, but filling the buffer provided).

Jun 21 2019, 4:53 AM · Testing, libgcrypt
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

Correct solution is to implement KILLAGENT synchronously, but it's somehow harder to implement.
Easier workaround is modifying gpgconf like:

Jun 21 2019, 3:47 AM · gpgagent, gnupg, Bug Report
gniibe edited projects for T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32, added: gnupg, gpgagent; removed gnupg (gpg22).

I found a race condition between KILLAGENT command and accepting another request.
Here is a patch to replicate the race condition :

Jun 21 2019, 2:33 AM · gpgagent, gnupg, Bug Report
gniibe claimed T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

I took this task as it has errors of gpg-connect-agent scd killscd. But, it seems for me that it's not the direct cause.
Anyway, I investigate the bug.

Jun 21 2019, 1:45 AM · gpgagent, gnupg, Bug Report

Jun 20 2019

jukivili added a comment to T4293: Add dedicated X25519 function to Libcgrypt .

Would it be good to have interface for getting buffer size for different algos in this new interface? ... Similar as 'gcry_md_get_algo_dlen' for digest results.

Jun 20 2019, 11:37 AM · Testing, libgcrypt
gniibe committed rG0ccb5ddef18f: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Jun 20 2019, 8:11 AM
gniibe committed rGe09ecd260d63: tools: Don't prepare G in gpg-pair-tool. (authored by gniibe).
tools: Don't prepare G in gpg-pair-tool.
Jun 20 2019, 6:45 AM
gniibe committed rC6d77c2054ea0: ecc: X25519 API change to allow NULL for POINT. (authored by gniibe).
ecc: X25519 API change to allow NULL for POINT.
Jun 20 2019, 6:09 AM
gniibe committed rGe34bae5286d7: tools: Use new API of libgcrypt for gpg-pair-tool. (authored by gniibe).
tools: Use new API of libgcrypt for gpg-pair-tool.
Jun 20 2019, 5:03 AM
gniibe added a comment to T4293: Add dedicated X25519 function to Libcgrypt .

Perhaps, returning allocated memory is not good. Filling the buffer for output would be better.

Jun 20 2019, 5:02 AM · Testing, libgcrypt
gniibe added a comment to T4293: Add dedicated X25519 function to Libcgrypt .

Shall we use secure buffer?

Jun 20 2019, 4:38 AM · Testing, libgcrypt
gniibe committed rGd5287f43fd4d: tools: Fix error handling for gpg-pair-tool. (authored by gniibe).
tools: Fix error handling for gpg-pair-tool.
Jun 20 2019, 4:30 AM
gniibe committed rCec8c2cdf977a: ecc: Add an API for X25519 function as gcry_ecc_mul_point. (authored by gniibe).
ecc: Add an API for X25519 function as gcry_ecc_mul_point.
Jun 20 2019, 4:02 AM
gniibe added a commit to T4293: Add dedicated X25519 function to Libcgrypt : rCec8c2cdf977a: ecc: Add an API for X25519 function as gcry_ecc_mul_point..
Jun 20 2019, 4:02 AM · Testing, libgcrypt
huowen added a comment to T4395: Kleopatra: Missing error handling when changing expiry.

Hello,
when can we fix it?

Jun 20 2019, 2:12 AM · gpa, gnupg, gpgme, gpg4win, kleopatra

Jun 19 2019

dkg added a comment to T3464: successful decryption with session key reports failure if public key is unknown.

without feedback, i have no idea what you want to do here as upstream. I believe this issue has identified a specific failing use case, and it has a patch that fixes the problem. if there's a problem, please let me know what it is. If there's no problem, please consider merging.

Jun 19 2019, 11:21 PM · gpgme, Bug Report
Laurent Montel <montel@kde.org> committed rKLEOPATRA17d9412806a4: Remove unused includes (authored by Laurent Montel <montel@kde.org>).
Remove unused includes
Jun 19 2019, 9:33 PM
dkg added a comment to T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one.

I note that "the best" seems like it might be a pretty subjective thing. The standard GnuPG framing asks about the validity of keys for the User ID in question. Perhaps the caller could indicate whether they want to require full validity for each key to make this key selection more strict.

Jun 19 2019, 7:22 PM · gpgme, Python, Feature Request
dkg added a comment to T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one.

The function would do something like:

  • from msg, extract all e-mail addresses from to, cc, bcc fields
  • find "the best" keys that match these addresses, storing them in keylist
  • copy msg to tmp, remove bcc header from tmp
  • wrap armored output of gpg.Context.encrypt(bytes(tmp), recipients=keylist) in the necessary RFC 3156 cladding, copying most headers from msg (maybe stubbing out the subject), producing an email.message.EmailMessage object.
Jun 19 2019, 7:19 PM · gpgme, Python, Feature Request
dkg added a comment to T4566: dirmngr fails with HTTP 302 redirection to hkps.

Any word on this? i've pushed a fix for this into debian experimental as a part of 2.2.16-2, but i am concerned that there's no adoption from upstream. If there's a reason that this is the wrong fix, please do let me know!

Jun 19 2019, 7:06 PM · gnupg (gpg22), dirmngr, Bug Report
dkg created T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one.
Jun 19 2019, 6:59 PM · gpgme, Python, Feature Request
werner added a comment to D493: AES block modes for PPC.

I can't see any specific claim to the GPL. License 1 grants a royality free license for all open source implementations defined by the OSI. This includes the LGPL.
If you use Libgcrypt in non-open-source software you may get a free license using License 2.

Jun 19 2019, 6:07 PM
slandden updated the summary of D493: AES block modes for PPC.
Jun 19 2019, 5:38 PM
slandden updated the diff for D493: AES block modes for PPC.

fix building with hard ware acceleration off.

Jun 19 2019, 5:32 PM
slandden updated the diff for D492: Add PowerPC crypto acceleration support for SHA2..

rebase

Jun 19 2019, 5:32 PM
slandden updated the diff for D491: Support for PowerPC's AES acceleration..

fix running with hardware acceleration off.

Jun 19 2019, 5:32 PM
werner triaged T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32 as Normal priority.
Jun 19 2019, 5:01 PM · gpgagent, gnupg, Bug Report
dkg created T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.
Jun 19 2019, 3:54 PM · gpgagent, gnupg, Bug Report
mrdave19 renamed T4573: Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra from Files encrypted on another platform using password base encryption (-c) intermittently fail to decrypt on Kleopatra to Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra.
Jun 19 2019, 3:40 PM · gnupg (gpg22), Bug Report
Laurent Montel <montel@kde.org> committed rLIBKLEOb9d2087da001: Remove unused includes (authored by Laurent Montel <montel@kde.org>).
Remove unused includes
Jun 19 2019, 2:11 PM
mkrambach committed rMf5e27a12d3fd: js: Error handling for browser errors (authored by mkrambach).
js: Error handling for browser errors
Jun 19 2019, 1:09 PM
CarlosRamos closed T4575: GpgOL: Doesn't open encrypted messages as Invalid.

I'm so sorry. It was a problem with mail server, not a GpgOL bug.

Jun 19 2019, 11:58 AM · gpgol
werner committed rG5a5288d051a5: scd: Split data structures into app and card related objects. (authored by werner).
scd: Split data structures into app and card related objects.
Jun 19 2019, 8:52 AM
gniibe changed the status of T4574: Change #!/bin/sh to #!/bin/bash in libgpg-error-1.36/src/gpg-error-config-test.sh from Open to Testing.

Fixed in master, by using /usr/xpg4/bin/sh on Solaris.
Perhaps, some old Unix system like Tru64 would need same care.

Jun 19 2019, 2:18 AM · Bug Report

Jun 18 2019

JJworx added a comment to T4576: Outlook window de-(half-)maximizes and misplaced after writing answer.

I noticed it happens after entering the passphrase, and only using the
inline editor to answer.

Jun 18 2019, 5:13 PM · Bug Report, gpg4win
werner added a project to T4575: GpgOL: Doesn't open encrypted messages: gpgol.
Jun 18 2019, 3:52 PM · gpgol
JJworx created T4576: Outlook window de-(half-)maximizes and misplaced after writing answer.
Jun 18 2019, 2:55 PM · Bug Report, gpg4win
dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

we now have a DCO from @Valodim

Jun 18 2019, 2:05 PM · gnupg (gpg23), Feature Request
CarlosRamos created T4575: GpgOL: Doesn't open encrypted messages in the S1 Public space.
Jun 18 2019, 12:17 PM · gpgol
gniibe committed rE6c2fc52d72b4: tests: Skip the test when pkg-config is too old. (authored by gniibe).
tests: Skip the test when pkg-config is too old.
Jun 18 2019, 9:51 AM
gniibe committed rE10ae655db223: Portability fix for PID. (authored by gniibe).
Portability fix for PID.
Jun 18 2019, 9:51 AM
gniibe added a commit to T4574: Change #!/bin/sh to #!/bin/bash in libgpg-error-1.36/src/gpg-error-config-test.sh: rE7a7caf4ba1c4: build: Take care of POSIX shell path..
Jun 18 2019, 9:51 AM · Bug Report
gniibe committed rE7a7caf4ba1c4: build: Take care of POSIX shell path. (authored by gniibe).
build: Take care of POSIX shell path.
Jun 18 2019, 9:51 AM