Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Dec 9 2021

Albert Astals Cid <aacid@kde.org> committed rKLEOPATRA46f871e4ac41: GIT_SILENT Update Appstream for new release (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Update Appstream for new release
Dec 9 2021, 5:33 PM
Jakuje created T5726: Setting "compliance de-vs" in gpg.conf with libgcrypt 1.9.0 and newer causes confusing error messages.
Dec 9 2021, 5:33 PM · Not A Bug, libgcrypt, gnupg
werner committed rW1ddf9b9a3841: build: Fix encryption of installers (authored by werner).
build: Fix encryption of installers
Dec 9 2021, 5:15 PM
Jakuje added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

It turned out that the new *.inp files are not part of the release tarball, which makes the tests from generated tarball fail. The attached patch should fix this issue.

Dec 9 2021, 5:06 PM · FIPS, libgcrypt, Feature Request
Yuri Chornoivan <yurchor@ukr.net> committed rKLEOPATRA9f75889b3e36: Fix minor typo (authored by Yuri Chornoivan <yurchor@ukr.net>).
Fix minor typo
Dec 9 2021, 9:24 AM
gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.

A patch created:

0001-gpg-Emit-compatible-Ed25519-signature.patch3 KBDownload

Dec 9 2021, 7:30 AM · gnupg (gpg23), Bug Report
gniibe committed rC7d8403b59a10: tests,fips: Align the use of variable in_fips_mode. (authored by gniibe).
tests,fips: Align the use of variable in_fips_mode.
Dec 9 2021, 1:53 AM
gniibe committed rC5b82f4b4dbf3: Adjust tests for proper disablement of non-approve PK operations (authored by Jakuje).
Adjust tests for proper disablement of non-approve PK operations
Dec 9 2021, 1:53 AM
gniibe added a comment to T5710: FIPS: disable DSA for FIPS.

Thank you, applied.

Dec 9 2021, 1:53 AM · FIPS, libgcrypt

Dec 8 2021

Laurent Montel <montel@kde.org> committed rLIBKLEO11cb53668995: GIT_SILENT: fix some reuse lint warning (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: fix some reuse lint warning
Dec 8 2021, 7:33 PM
ikloecker created T5725: Kleopatra: Certificate lookup shows only one result even if there are 100s matches.
Dec 8 2021, 5:00 PM · Restricted Project, kleopatra, Bug Report
Jakuje added a comment to T5710: FIPS: disable DSA for FIPS.

Sorry for the noise. There were couple of other places which I missed initially and which are covered in the v2 patch which follows:

Dec 8 2021, 1:25 PM · FIPS, libgcrypt
Jakuje added a comment to T5710: FIPS: disable DSA for FIPS.

It turns out together with rCe96980022e5e some tests are failing in FIPS mode. The attached patch should handle the failures.

Dec 8 2021, 12:39 PM · FIPS, libgcrypt
gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.

GnuPG 2.2 does:

  • In g10/sign.c:do_sign, it keeps leading zeros for Ed25519 signature, as opaque MPI
  • In g10/build-packet.c:do_signature which calls gpg_mpi_write to output the (opaque) MPI, leading zeros are removed.
Dec 8 2021, 12:20 PM · gnupg (gpg23), Bug Report
gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS.

Let me explain concretely.

Dec 8 2021, 12:18 PM · gpgrt, Bug Report
aheinecke added a comment to T5690: Kleopatra: Custom placeholder text in newcertificatewizard.

While testing I noticed that another requirement was to hide the advanced button. I have added this myself.

Dec 8 2021, 10:44 AM · kleopatra, Restricted Project
aheinecke committed rKLEOPATRA2dd2f9820f55: Add setting to hide advanced options for new keys (authored by aheinecke).
Add setting to hide advanced options for new keys
Dec 8 2021, 10:44 AM
outer added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS.

Excuse me NIBE san. What if any action do you expect me to take on this matter?
__outer

Dec 8 2021, 10:22 AM · gpgrt, Bug Report
gniibe closed T4951: Support point compression in Libgcrypt as Resolved.

Reading compressed point format has been done.
If writing support is needed, please open another task.

Dec 8 2021, 9:12 AM · Feature Request, libgcrypt
gniibe added a project to T5215: gnugp1: Fix build errors with gcc-10: Restricted Project.
Dec 8 2021, 9:10 AM · gnupg (gpg14), patch, Bug Report
gniibe added a project to T5393: gnupg coverity static analysis reports: Restricted Project.
Dec 8 2021, 9:09 AM · gnupg (gpg23), Bug Report
gniibe added a project to T5572: gnupg1: Missing extern-inline.m4 for gl_EXTERN_INLINE: Restricted Project.
Dec 8 2021, 9:07 AM · gnupg (gpg14)
gniibe added a project to T5579: libksba parallel build error (windows): Restricted Project.
Dec 8 2021, 9:07 AM · libksba, Bug Report
gniibe added a project to T5617: fips: Check library integrity before running selftests: Restricted Project.
Dec 8 2021, 9:06 AM · FIPS, libgcrypt, Bug Report
gniibe closed T5623: gpg2 hangs on many tasks on OpenIndiana (Illumos) as Resolved.
Dec 8 2021, 9:06 AM · Solaris, gnupg (gpg23)
gniibe renamed T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS from libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl to libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS.
Dec 8 2021, 9:05 AM · gpgrt, Bug Report
gniibe added a project to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS: Restricted Project.
Dec 8 2021, 9:04 AM · gpgrt, Bug Report
gniibe added a project to T5714: tests: Do not run tests for algorithms that are not built-in: Restricted Project.
Dec 8 2021, 9:03 AM · libgcrypt, Bug Report
gniibe added a project to T5723: libgcrypt: Remove random-fips.c: Restricted Project.
Dec 8 2021, 9:03 AM · FIPS, libgcrypt
gniibe added a project to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation: Restricted Project.
Dec 8 2021, 9:00 AM · FIPS, libgcrypt, Feature Request
gniibe added a project to T5244: libgcrypt: Restrict MD5 use: Restricted Project.
Dec 8 2021, 8:59 AM · Bug Report, FIPS, libgcrypt
gniibe triaged T5636: Run integrity checks + selftests from library constructor in FIPS as Normal priority.
Dec 8 2021, 8:57 AM · FIPS, libgcrypt, Bug Report
Laurent Montel <montel@kde.org> committed rKLEOPATRA8458194b302f: GIT_SILENT: fix some reuse lint warnings (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: fix some reuse lint warnings
Dec 8 2021, 8:54 AM
gniibe lowered the priority of T5576: New set of API for public key cryptography from High to Wishlist.
Dec 8 2021, 2:51 AM · libgcrypt, Feature Request
gniibe added a comment to T5576: New set of API for public key cryptography.

This new API is not for FIPS directly (any more), as we introduced pk_hash_sign/verify for FIPS.

Dec 8 2021, 2:51 AM · libgcrypt, Feature Request
gniibe removed a subtask for T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation: T5576: New set of API for public key cryptography.
Dec 8 2021, 2:49 AM · FIPS, libgcrypt, Feature Request
gniibe removed a parent task for T5576: New set of API for public key cryptography: T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.
Dec 8 2021, 2:49 AM · libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Pushed the backport.

Dec 8 2021, 2:48 AM · FIPS, libgcrypt, Feature Request
gniibe committed rCa0a2b6796f58: tests: Add tests for gcry_pk_hash_sign/verify API. (authored by gniibe).
tests: Add tests for gcry_pk_hash_sign/verify API.
Dec 8 2021, 2:48 AM
gniibe changed the status of T5710: FIPS: disable DSA for FIPS from Open to Testing.
Dec 8 2021, 1:54 AM · FIPS, libgcrypt
gniibe added a comment to T5710: FIPS: disable DSA for FIPS.

I have been convinced disabling DSA makes more sense.

Dec 8 2021, 1:54 AM · FIPS, libgcrypt
gniibe committed rCea362090fc11: fips: Disable DSA in FIPS mode. (authored by Jakuje).
fips: Disable DSA in FIPS mode.
Dec 8 2021, 1:52 AM
gniibe changed the status of T5723: libgcrypt: Remove random-fips.c from Open to Testing.

Done.
(Actually, it's not in the tarball.)

Dec 8 2021, 1:50 AM · FIPS, libgcrypt
gniibe committed rC5521cac32d75: random: Remove random-fips.c from repo. (authored by gniibe).
random: Remove random-fips.c from repo.
Dec 8 2021, 1:50 AM

Dec 7 2021

dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Hi jukivili,
I ran some basic tests and it did show the errors. I am in the process investigating what went wrong. In the meantime, i also included test result that I have used in my testing from bench-slope. In this test, I captured the message with 272 bytes buffer from the original libgcrypt repo and my optimized repo. Note that the bulk version of my code do 8x unrolling and the rest will do 16 bytes. So the first 2 128 bytes ran thru gcry_ppc_aes_gcm_encrypt and the rest of the 16 bytes thru gcm_ctr_encrypt (cipher-gcm.c).

libgcrypt_test_opt.log4 KBDownload

Dec 7 2021, 5:36 PM · patch, ppc, libgcrypt, Feature Request
werner added a member for g10code: ebo.
Dec 7 2021, 4:06 PM
Laurent Montel <montel@kde.org> committed rLIBKLEOe3187458cdd9: GIT_SILENT: prepare for the future CMakePreset qt6 build (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare for the future CMakePreset qt6 build
Dec 7 2021, 2:11 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRAf2c49b452b11: GIT_SILENT: prepare for the future CMakePreset qt6 build (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare for the future CMakePreset qt6 build
Dec 7 2021, 1:52 PM
werner added a project to T5724: gpgconf --show-configs does not show the registry values : Windows.
Dec 7 2021, 12:36 PM · Windows, gnupg (gpg22), Bug Report
werner claimed T5724: gpgconf --show-configs does not show the registry values .
Dec 7 2021, 12:36 PM · Windows, gnupg (gpg22), Bug Report
werner triaged T5724: gpgconf --show-configs does not show the registry values as Normal priority.
Dec 7 2021, 12:36 PM · Windows, gnupg (gpg22), Bug Report
ikloecker closed T5722: GpgME::Context::engineInfo() always returns engine info of first engine as Resolved.
Dec 7 2021, 12:15 PM · Restricted Project, gpgme, Bug Report
Jakuje renamed T5720: The libgpg-error is using old inet_addr() unconditionally from The libgpg-error is using old inet_pton() unconditionally to The libgpg-error is using old inet_addr() unconditionally.
Dec 7 2021, 12:12 PM · gpgrt, Bug Report
ikloecker committed rM1a1e9145877a: cpp: Factor out common code of GpgME::engineInfo() overloads (authored by ikloecker).
cpp: Factor out common code of GpgME::engineInfo() overloads
Dec 7 2021, 12:05 PM
ikloecker committed rM0eddc867c31d: cpp: Return engine info for engine used by the context (authored by ikloecker).
cpp: Return engine info for engine used by the context
Dec 7 2021, 12:05 PM
werner set Due Date to Jan 17 2022, 12:00 AM on T5691: Release libgcrypt 1.10.0.
Dec 7 2021, 11:17 AM · FIPS, Release Info, libgcrypt
gniibe moved T5723: libgcrypt: Remove random-fips.c from Backlog to Next on the FIPS board.
Dec 7 2021, 11:15 AM · FIPS, libgcrypt
gniibe triaged T5723: libgcrypt: Remove random-fips.c as Normal priority.
Dec 7 2021, 11:15 AM · FIPS, libgcrypt
gniibe moved T5710: FIPS: disable DSA for FIPS from Backlog to Next on the FIPS board.
Dec 7 2021, 11:13 AM · FIPS, libgcrypt
ikloecker claimed T5722: GpgME::Context::engineInfo() always returns engine info of first engine.
Dec 7 2021, 11:00 AM · Restricted Project, gpgme, Bug Report
ikloecker created T5722: GpgME::Context::engineInfo() always returns engine info of first engine.
Dec 7 2021, 11:00 AM · Restricted Project, gpgme, Bug Report
aheinecke committed rWbabeaddd496e: Bump LTS version to 3.1.21 (authored by aheinecke).
Bump LTS version to 3.1.21
Dec 7 2021, 10:27 AM
aheinecke committed rWef2a45a9dd72: Minor spelling fix in l10n (authored by aheinecke).
Minor spelling fix in l10n
Dec 7 2021, 10:27 AM
ikloecker added a comment to T5718: Provide list of supported/compliant key algorithms.

Hmm,

$ gpg --with-colons --list-config curve
cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1

How would Kleopatra know that cv* is for encryption, ed* is for signing, and all other curves are for both uses? Or are the cv/ed prefixes a (de facto) standard?

Dec 7 2021, 9:37 AM · gnupg24, gnupg (gpg23), Feature Request
gniibe committed rC05472c1882df: build: cipher/Makefile.am, doc/Makefile.am: add a missing space (authored by Alexander Kanavin <alex.kanavin@gmail.com>).
build: cipher/Makefile.am, doc/Makefile.am: add a missing space
Dec 7 2021, 8:08 AM
gniibe committed rG4cf8bdb04855: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Dec 7 2021, 8:07 AM
gniibe committed rG14de7b1e5904: gpg: Accept Ed25519 private key in SOS which reserves leading zeros. (authored by gniibe).
gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
Dec 7 2021, 8:07 AM
gniibe triaged T5721: gpg22: Update *.m4 to prefer use of gpgrt-config and *.pc to *-config as Wishlist priority.
Dec 7 2021, 8:00 AM · gnupg (gpg22)
gniibe renamed T5034: dev: Deprecate libassuan-config, libgcrypt-config, ksba-config, ntbtls-config, npth-config, and gpg-error-config from dev: Deprecate libassuan-config, libgcrypt-config, ksba-config, ntbtls-config, npth-config, ang gpg-error-config to dev: Deprecate libassuan-config, libgcrypt-config, ksba-config, ntbtls-config, npth-config, and gpg-error-config.
Dec 7 2021, 7:54 AM
gniibe added a project to T5120: Incompatible Ed25519 secret key (no-encryption): Restricted Project.
Dec 7 2021, 7:43 AM · gnupg (gpg22), Bug Report
werner added a comment to T5718: Provide list of supported/compliant key algorithms.

You may run

Dec 7 2021, 7:40 AM · gnupg24, gnupg (gpg23), Feature Request
gniibe added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

For GnuPG 2.2, it's better to be conservative (least change of behavior, if any).

Dec 7 2021, 7:17 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

We have tests in gniibe/new-pk-api, which can be backported.

  • t-dsa
  • t-ecdsa
  • t-rsa-pss
  • t-rsa-15
Dec 7 2021, 6:02 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5512: Implement service indicators.

Thank you, applied.

Dec 7 2021, 3:37 AM · Feature Request, FIPS, libgcrypt
gniibe committed rC8ca3fe07d03e: md: Fix disabled check. (authored by gniibe).
md: Fix disabled check.
Dec 7 2021, 3:35 AM
gniibe committed rCe96980022e5e: Properly enforce disablement in other pubkey API (authored by Jakuje).
Properly enforce disablement in other pubkey API
Dec 7 2021, 3:32 AM
gniibe committed rCbea8b9672c3c: tests: Add paren for readability. (authored by gniibe).
tests: Add paren for readability.
Dec 7 2021, 3:32 AM
gniibe committed rC3152a565d9a4: md: Fix checking to use ->disabled instead of ->fips directly. (authored by gniibe).
md: Fix checking to use ->disabled instead of ->fips directly.
Dec 7 2021, 3:32 AM
gniibe added a comment to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon.

The patch has been applied.

Dec 7 2021, 2:35 AM · libgcrypt
gniibe committed rE7fac8e02d80d: configure: Add missing check for logging (authored by Jakuje).
configure: Add missing check for logging
Dec 7 2021, 2:18 AM
gniibe committed rC754ad5815b5b: random: Remove use of experimental random daemon. (authored by gniibe).
random: Remove use of experimental random daemon.
Dec 7 2021, 2:13 AM
gniibe added a project to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon: Restricted Project.
Dec 7 2021, 2:12 AM · libgcrypt
gniibe claimed T5720: The libgpg-error is using old inet_addr() unconditionally.

Thank you, applied.

Dec 7 2021, 1:56 AM · gpgrt, Bug Report

Dec 6 2021

werner committed rW40738a133052: appimage: Obviously we need to fix libexec before building the image. (authored by werner).
appimage: Obviously we need to fix libexec before building the image.
Dec 6 2021, 10:29 PM
werner committed rW2fc66e79fe42: appimage: Fix RUNPATH for libexec (authored by werner).
appimage: Fix RUNPATH for libexec
Dec 6 2021, 9:24 PM
werner committed rWf8c6c8473c9b: NEWS: Fix a version number (authored by werner).
NEWS: Fix a version number
Dec 6 2021, 9:24 PM
Jakuje created T5720: The libgpg-error is using old inet_addr() unconditionally.
Dec 6 2021, 8:54 PM · gpgrt, Bug Report
werner committed rDc6b0875c83b2: verein: Update board to the last election. (authored by werner).
verein: Update board to the last election.
Dec 6 2021, 7:17 PM
ikloecker placed T5592: AppImage of Kleopatra up for grabs.
Dec 6 2021, 4:23 PM · Restricted Project, kleopatra, Feature Request
ikloecker placed T5697: Kleopatra: Crashes or hangs on circular certificate chains up for grabs.
Dec 6 2021, 4:22 PM · Restricted Project, kleopatra, Bug Report
dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Thanks jukivili for the review.

Dec 6 2021, 3:37 PM · patch, ppc, libgcrypt, Feature Request
Saturneric added a project to T5719: Notice an error of tofu_info_t introduction in gpgme document : gpgme.
Dec 6 2021, 1:38 PM · Documentation, gpgme, Bug Report
Saturneric created T5719: Notice an error of tofu_info_t introduction in gpgme document .
Dec 6 2021, 1:37 PM · Documentation, gpgme, Bug Report
Jakuje added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

I have just a note about this issue, that it would be helpful to exercise this new API in some tests. Right now, only the old API is tested.

Dec 6 2021, 12:38 PM · FIPS, libgcrypt, Feature Request
Jakuje added a comment to T5512: Implement service indicators.

It turns out that the asymmetric key operations are not yet properly enforced with the .disabled flag. While the other key crypto usually has some "open" api, where this can be simply captured, the pubkey API has several entry points and the "test_algo" is not enough to check for disabled key types.

Dec 6 2021, 11:56 AM · Feature Request, FIPS, libgcrypt
werner added a comment to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon.

Yeah, remove it.

Dec 6 2021, 11:28 AM · libgcrypt
ikloecker changed the status of T5717: Kleopatra: Case insensitive algo compare in Kleopatras new key dialog from Open to Testing.
Dec 6 2021, 11:18 AM · Feature Request, kleopatra, Restricted Project
ikloecker committed rKLEOPATRA8f87d82ecd62: Use primary algo also for encryption subkey if not specified otherwise (authored by ikloecker).
Use primary algo also for encryption subkey if not specified otherwise
Dec 6 2021, 11:16 AM
ikloecker committed rKLEOPATRAf22bcf8e7168: Use cv25519 for subkey if default key algo is "ed25519" (authored by ikloecker).
Use cv25519 for subkey if default key algo is "ed25519"
Dec 6 2021, 11:16 AM
ikloecker committed rKLEOPATRAa310e16f6521: Use case-insensitive string matching to find curve (authored by ikloecker).
Use case-insensitive string matching to find curve
Dec 6 2021, 11:16 AM
First
Prev
Next