Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Apr 20 2022

gniibe added a comment to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.

Here is my proposal patch:

diff --git a/random/random-drbg.c b/random/random-drbg.c
index 5a46fd92..f1cfe286 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -341,6 +341,9 @@ enum drbg_prefixes
  * Global variables
  ***************************************************************/
Apr 20 2022, 2:39 AM · backport, FIPS, libgcrypt
gniibe created T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.
Apr 20 2022, 2:37 AM · backport, FIPS, libgcrypt

Apr 19 2022

gniibe moved T5918: Disable RSA PKCS #1.5 encryption in FIPS mode from Backlog to Next on the FIPS board.
Apr 19 2022, 11:27 AM · backport, libgcrypt, FIPS, Bug Report
gniibe claimed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode.
Apr 19 2022, 11:27 AM · backport, libgcrypt, FIPS, Bug Report
gniibe moved T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" from Backlog to Next on the FIPS board.
Apr 19 2022, 11:07 AM · backport, FIPS, libgcrypt, Bug Report
gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Backlog to Next on the FIPS board.
Apr 19 2022, 11:07 AM · FIPS, gnupg (gpg23), Bug Report
gniibe claimed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".
Apr 19 2022, 11:01 AM · backport, FIPS, libgcrypt, Bug Report
gniibe committed rC9e9f30733699: Use offsetof instead of null ptr calculation. (authored by gniibe).
Use offsetof instead of null ptr calculation.
Apr 19 2022, 6:10 AM

Apr 18 2022

gniibe committed rC51754fa2ed06: cipher: Fix rsa key generation. (authored by gniibe).
cipher: Fix rsa key generation.
Apr 18 2022, 4:09 AM
gniibe added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

I checked FIPS 186-4 (and FIPS 186-5-draft). It is Appendix A 1.3.

Apr 18 2022, 3:35 AM · backport, FIPS, libgcrypt, Bug Report

Apr 14 2022

gniibe added a comment to D551: po: Update Simplified Chinese Translation..

In computer, binary representation is used (generally), binary digits 0110 1110 (hex value 6e, 110) is rounded up to 1000 0000 (hex value 80, 128), when only one significant binary digit (bit) is required.
https://en.wikipedia.org/wiki/Rounding

Apr 14 2022, 6:41 AM
gniibe added a comment to D551: po: Update Simplified Chinese Translation..

Thanks for your explanation.

Apr 14 2022, 6:35 AM
gniibe committed rG1f0651dbfbab: tests: Honor FIPS mode (authored by Jakuje).
tests: Honor FIPS mode
Apr 14 2022, 4:47 AM
gniibe committed rG5e508ffcab18: tests: Fix common/t-ssh-utils. (authored by gniibe).
tests: Fix common/t-ssh-utils.
Apr 14 2022, 4:47 AM
gniibe committed rGc4436ebfa58f: agent: Ignore MD5 Fingerprints for ssh keys (authored by Jakuje).
agent: Ignore MD5 Fingerprints for ssh keys
Apr 14 2022, 4:47 AM
gniibe claimed T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1.

Patches applied and pushed. For the common/t-ssh-utils, I applied my fix for the use case with key on command line when FIPS mode is enabled (MD5 error is OK, in this case).

Apr 14 2022, 4:45 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added inline comments to D551: po: Update Simplified Chinese Translation..
Apr 14 2022, 3:31 AM

Apr 12 2022

gniibe committed rC922f9957f94a: build: Fix make dist after socklen.m4 removal (authored by neverpanic).
build: Fix make dist after socklen.m4 removal
Apr 12 2022, 2:44 AM

Apr 9 2022

gniibe added a comment to T5835: libgcrypt: More robust/portable integrity check.

I just copied the value of 0xcafe2a8e and the name .note.fdo.integrity from Daiki's implementation. No other reason.

Apr 9 2022, 9:16 AM · Bug Report, libgcrypt, FIPS

Apr 8 2022

gniibe committed rA84ae2b1d27ce: Add assuan_sock_accept function. (authored by gniibe).
Add assuan_sock_accept function.
Apr 8 2022, 4:39 AM
gniibe updated the task description for T5925: libassuan: Add assuan_sock_accept function to the API.
Apr 8 2022, 4:30 AM · Feature Request, libassuan
gniibe triaged T5925: libassuan: Add assuan_sock_accept function to the API as Wishlist priority.
Apr 8 2022, 4:24 AM · Feature Request, libassuan
gniibe added a comment to T5924: libassuan: uses of socklen_t in assuan.h are inconsistent.

I think that good approach as of 2022 is:

Apr 8 2022, 3:55 AM · libassuan
gniibe triaged T5924: libassuan: uses of socklen_t in assuan.h are inconsistent as Wishlist priority.
Apr 8 2022, 3:38 AM · libassuan
gniibe committed rCe5260b6b9f38: build: Remove configure checking for socklen_t. (authored by gniibe).
build: Remove configure checking for socklen_t.
Apr 8 2022, 3:18 AM
gniibe committed rMb10791b055f0: doc: Remove explanation about AM_PATH_GPGME_PTH for GNU Pth. (authored by gniibe).
doc: Remove explanation about AM_PATH_GPGME_PTH for GNU Pth.
Apr 8 2022, 2:21 AM
gniibe closed T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS as Resolved.

libgpg-error 1.45 is out with the fix.

Apr 8 2022, 2:10 AM · gpgrt, Bug Report

Apr 7 2022

gniibe committed rG90000819641c: agent: Fix for possible support of Cygwin OpenSSH. (authored by gniibe).
agent: Fix for possible support of Cygwin OpenSSH.
Apr 7 2022, 9:44 AM
gniibe added projects to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime": libgcrypt, FIPS.

I think that it is OK to loop forever until we find a prime.

Apr 7 2022, 9:19 AM · backport, FIPS, libgcrypt, Bug Report
gniibe committed rE74e6afcc36b2: logging: Fix the previous commit. (authored by gniibe).
logging: Fix the previous commit.
Apr 7 2022, 9:00 AM
gniibe committed rE5ef201c10b1c: logging: Fix gpgrt_log_get_fd for file. (authored by gniibe).
logging: Fix gpgrt_log_get_fd for file.
Apr 7 2022, 9:00 AM
gniibe added projects to T5921: No sharing of log_fd between child process: gnupg (gpg23), Bug Report.
Apr 7 2022, 8:39 AM · Bug Report, gnupg (gpg23)
gniibe added projects to T5922: libgpg-error: gpgrt_log_get_fd always returns -1 even if it's not tcp/socket.: gpgrt, Bug Report.
Apr 7 2022, 8:38 AM · Bug Report, gpgrt
gniibe triaged T5922: libgpg-error: gpgrt_log_get_fd always returns -1 even if it's not tcp/socket. as Normal priority.
Apr 7 2022, 8:38 AM · Bug Report, gpgrt
gniibe updated the task description for T5921: No sharing of log_fd between child process.
Apr 7 2022, 6:33 AM · Bug Report, gnupg (gpg23)
gniibe triaged T5921: No sharing of log_fd between child process as Normal priority.
Apr 7 2022, 6:25 AM · Bug Report, gnupg (gpg23)
gniibe updated the task description for T5920: libassuan: Don't inherit handles for Windows.
Apr 7 2022, 3:58 AM · libassuan
gniibe triaged T5920: libassuan: Don't inherit handles for Windows as Wishlist priority.
Apr 7 2022, 3:57 AM · libassuan

Apr 6 2022

gniibe committed rAc93eb901e58d: w32: Store a flag if it's socket or not in Assuan CTX. (authored by gniibe).
w32: Store a flag if it's socket or not in Assuan CTX.
Apr 6 2022, 7:06 AM
gniibe committed rGb47a23f5fac5: w32: Exclude tests with HOME. (authored by gniibe).
w32: Exclude tests with HOME.
Apr 6 2022, 6:33 AM
gniibe committed rG39d478f5ba5d: w32: Fix for make check. (authored by gniibe).
w32: Fix for make check.
Apr 6 2022, 4:33 AM

Apr 5 2022

gniibe added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

I don't know the exact procedure by FIPS, but just setting the least significant bit in the generation (after _gcry_mpi_randomize) can reduce the probability by half.

Apr 5 2022, 1:05 PM · backport, FIPS, libgcrypt, Bug Report
gniibe committed rA5b77d39672ac: Fix API break. (authored by gniibe).
Fix API break.
Apr 5 2022, 10:35 AM
gniibe committed rC5f357784662a: doc: Update yat2m from libgpg-error. (authored by gniibe).
doc: Update yat2m from libgpg-error.
Apr 5 2022, 10:19 AM
gniibe committed rMa36d71a8e33e: core: Don't use internal __assuan functions. (authored by gniibe).
core: Don't use internal __assuan functions.
Apr 5 2022, 7:45 AM
gniibe committed rM110a37540187: core: Don't keep using deprecated ath_ API. (authored by gniibe).
core: Don't keep using deprecated ath_ API.
Apr 5 2022, 7:45 AM
gniibe committed rA9260fb12509a: build: Remove unused putc_unlocked.c. (authored by gniibe).
build: Remove unused putc_unlocked.c.
Apr 5 2022, 6:30 AM
gniibe committed rA0fae5823f6e6: Take advantage of gpgrt_get_syscall_clamp function. (authored by gniibe).
Take advantage of gpgrt_get_syscall_clamp function.
Apr 5 2022, 5:11 AM
gniibe committed rAa43090e38843: build: Fix listing m4 files. (authored by gniibe).
build: Fix listing m4 files.
Apr 5 2022, 5:11 AM
gniibe added a comment to T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH.

GPGME has its own system hooks to provide a (different) solution for portability (Windows and POSIX).

Apr 5 2022, 3:31 AM · Feature Request, libassuan
gniibe triaged T5917: gpg-agent: Not writing password into file as Normal priority.
Apr 5 2022, 2:29 AM · Bug Report, gpgagent

Apr 4 2022

gniibe committed rG48ee11722dd0: agent:w32: Fix for use of socket. (authored by gniibe).
agent:w32: Fix for use of socket.
Apr 4 2022, 9:48 AM
gniibe committed rE018ea46a30cf: w32: Add ES_SYSHD_SOCK support for gpgrt_sysopen. (authored by gniibe).
w32: Add ES_SYSHD_SOCK support for gpgrt_sysopen.
Apr 4 2022, 7:36 AM
gniibe committed rA28a40a298661: w32: Fix assuan_socket_connect_fd to be usable. (authored by gniibe).
w32: Fix assuan_socket_connect_fd to be usable.
Apr 4 2022, 3:03 AM

Apr 1 2022

gniibe updated the task description for T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH.
Apr 1 2022, 4:12 AM · Feature Request, libassuan
gniibe triaged T5914: libassuan: Introduce use of gpgrt_get_syscall_clamp, no use of system_hooks for nPTH as Normal priority.
Apr 1 2022, 4:11 AM · Feature Request, libassuan
gniibe committed rAa054a0a7cfb0: build: Better cross build support. (authored by gniibe).
build: Better cross build support.
Apr 1 2022, 4:00 AM

Mar 31 2022

gniibe committed rGf584ad950482: scd,tpm2d: Fix for consistent use of socket FD. (authored by gniibe).
scd,tpm2d: Fix for consistent use of socket FD.
Mar 31 2022, 2:08 PM
gniibe committed rAa8125eba05be: Fix internal socket API to be consistent for SOCKET. (authored by gniibe).
Fix internal socket API to be consistent for SOCKET.
Mar 31 2022, 12:02 PM
gniibe added a comment to T5891: EOPNOTSUPP is not defined in mingw.org's MinGW, fails compilation of libgcrypt-1.10.0.

you also use the CPU cache size on GNU/Linux. Is it important to have that information on MS-Windows?

Mar 31 2022, 9:36 AM · backport, libgcrypt, Bug Report
gniibe committed rCdf7879a86b1d: random:drbg: Fix the behavior for child process. (authored by gniibe).
random:drbg: Fix the behavior for child process.
Mar 31 2022, 9:12 AM
gniibe committed rK41000330cdba: build: When no gpg-error-config, not install ksba-config. (authored by gniibe).
build: When no gpg-error-config, not install ksba-config.
Mar 31 2022, 9:08 AM
gniibe committed rPTH2b6a8e5369ed: build: Don't install npth-config by default. (authored by gniibe).
build: Don't install npth-config by default.
Mar 31 2022, 8:43 AM
gniibe committed rT6c961671c1d7: build: When no gpg-error-config, not install ntbtls-config. (authored by gniibe).
build: When no gpg-error-config, not install ntbtls-config.
Mar 31 2022, 8:22 AM
gniibe committed rC2db5b5e995c2: build: When no gpg-error-config, not install libgcrypt-config. (authored by gniibe).
build: When no gpg-error-config, not install libgcrypt-config.
Mar 31 2022, 8:11 AM
gniibe triaged T5912: libgpg-error: Drop WindowsCE support as Wishlist priority.
Mar 31 2022, 8:03 AM · gpgrt
gniibe closed T5911: libassuan: Remove GNU Pth support as Resolved.
Mar 31 2022, 4:12 AM
gniibe committed rA9de02ca16d30: build: When no gpg-error-config, not install libassuan-config. (authored by gniibe).
build: When no gpg-error-config, not install libassuan-config.
Mar 31 2022, 4:11 AM
gniibe committed rAeeda9ac0a719: Remove GNU Pth support. (authored by gniibe).
Remove GNU Pth support.
Mar 31 2022, 4:01 AM
gniibe triaged T5911: libassuan: Remove GNU Pth support as Normal priority.
Mar 31 2022, 3:50 AM
gniibe added a comment to T4655: Windows 64-bit: gnupg_fd_t, assuan_fd_t and int for fd in the API, and casts.

SOCKET handle is UINT_PTR on Windows. It is u_int on original MinGW, it is UINT_PTR (and unsinged __int64_t) on MinGW-W64.

Mar 31 2022, 3:39 AM · Memo

Mar 30 2022

gniibe requested review of D550: gnupg: No writing passphrase as a file.
Mar 30 2022, 8:48 AM · gpgagent
gniibe claimed T5899: Fix compilation of dirmngr with mingw.org's MinGW.

Last part is applied. Let me consider how to solve, for other parts.

Mar 30 2022, 6:07 AM · patch, Feature Request, Windows, toolchain
gniibe committed rG01ade6945d6c: dirmngr: Fix for SOCK. (authored by gniibe).
dirmngr: Fix for SOCK.
Mar 30 2022, 6:07 AM
gniibe committed rG18eff31496a3: tpm2d: Fix socket resource leak on Windows. (authored by gniibe).
tpm2d: Fix socket resource leak on Windows.
Mar 30 2022, 6:01 AM
gniibe committed rG2189b4bb638c: common,w32: Fix handle_to_fd to match use of _open_osfhandle. (authored by gniibe).
common,w32: Fix handle_to_fd to match use of _open_osfhandle.
Mar 30 2022, 4:51 AM

Mar 29 2022

gniibe committed rA564e0d94f21f: w32: Fix definition of type to be generated into assuan.h. (authored by gniibe).
w32: Fix definition of type to be generated into assuan.h.
Mar 29 2022, 12:00 PM
gniibe committed rC564739a58426: kdf:argon2: Fix for the case output > 64. (authored by gniibe).
kdf:argon2: Fix for the case output > 64.
Mar 29 2022, 9:20 AM
gniibe added a comment to T4656: Windows 64-bit: functions which use pid_t.

Original MinGW and MinGW-w64 handle differently.
For MinGW-w64 on 64-bit machine, pid_t is 64-bit integer.
For original MinGW on 64-bit machine, pid_t is 32-bit integer.

Mar 29 2022, 8:18 AM · Memo
gniibe committed rE660db9c9a90f: w32: Fix handle_to_pid for MinGW-w64. (authored by gniibe).
w32: Fix handle_to_pid for MinGW-w64.
Mar 29 2022, 7:46 AM
gniibe committed rGd05221065faf: dirmngr: Clean up for not supporting WindowsCE. (authored by gniibe).
dirmngr: Clean up for not supporting WindowsCE.
Mar 29 2022, 6:43 AM
gniibe committed rG2cebba72749c: gpg,tools: Remove use of repo only zlib-riscos.h. (authored by gniibe).
gpg,tools: Remove use of repo only zlib-riscos.h.
Mar 29 2022, 5:09 AM
gniibe added a comment to T5809: Expire subkey violates assertion "! sig->hashed".

Not applying the change to GnuPG 2.2, users can use GnuPG 2.3 for that.

Mar 29 2022, 4:28 AM · Restricted Project, gnupg (gpg22), Bug Report
gniibe committed rGd9a8d3353afd: common,unix: Backport dotlock changes from GnuPG 2.3. (authored by gniibe).
common,unix: Backport dotlock changes from GnuPG 2.3.
Mar 29 2022, 4:27 AM
gniibe added projects to T5029: server socket/pipe handling in GnuPG: Restricted Project, Windows.
Mar 29 2022, 2:59 AM · Windows, scd, gnupg (gpg23)
gniibe committed rGa67a09be30f5: scd,w32: Fix socket resource leak. (authored by gniibe).
scd,w32: Fix socket resource leak.
Mar 29 2022, 2:59 AM
gniibe added a project to T5029: server socket/pipe handling in GnuPG: scd.
Mar 29 2022, 2:59 AM · Windows, scd, gnupg (gpg23)
gniibe added a comment to T5029: server socket/pipe handling in GnuPG.

The patch I proposed was partial one, not fully solved the problem of socket resource leak on Windows.

Mar 29 2022, 2:59 AM · Windows, scd, gnupg (gpg23)
gniibe merged T5396: Remove USE_RANDOM_DAEMON support from libgcrypt into T5706: libgcrypt: random: Remove the feature getting randomness from random daemon.
Mar 29 2022, 1:41 AM · libgcrypt
gniibe merged task T5396: Remove USE_RANDOM_DAEMON support from libgcrypt into T5706: libgcrypt: random: Remove the feature getting randomness from random daemon.
Mar 29 2022, 1:41 AM · libgcrypt
gniibe closed T5396: Remove USE_RANDOM_DAEMON support from libgcrypt as Resolved.

Done in master to be 1.11 for server side rC754ad5815b5b: random: Remove use of experimental random daemon.

Mar 29 2022, 1:37 AM · libgcrypt
gniibe closed T5835: libgcrypt: More robust/portable integrity check as Resolved.

Done in 1.10.1.

Mar 29 2022, 1:32 AM · Bug Report, libgcrypt, FIPS

Mar 28 2022

gniibe committed rCe24fe6786561: test: Fix cast for Windows 64-bit. (authored by gniibe).
test: Fix cast for Windows 64-bit.
Mar 28 2022, 9:09 AM
gniibe committed rC5d6a1c396396: build: Fix for build for Windows. (authored by gniibe).
build: Fix for build for Windows.
Mar 28 2022, 9:09 AM
gniibe added a comment to T5882: Cross signing certificate in X.509 support.

I read OpenSSL implementation.
It does NOT implement backtracking.
In openssl/crypto/x509/x509_vfy.c, it has a function find_issuer which does:

  • exclude a issuer when it's already in ctx->chain (can avoid recursion forever)
  • prefer the first non-expired one, else take the most recently expired one.
Mar 28 2022, 8:37 AM
gniibe committed rE6e17e70bb7ee: core: Fix support of posix-lock for FreeBSD. (authored by gniibe).
core: Fix support of posix-lock for FreeBSD.
Mar 28 2022, 6:42 AM
gniibe closed T5428: PC/SC detecting removal of card as Resolved.

When we will find reproducible test case, please reopen.

Mar 28 2022, 3:51 AM · Info Needed, Windows, scd, Bug Report
gniibe committed rC1517a31ea476: tests: Fix null pointer arithmetic. (authored by gniibe).
tests: Fix null pointer arithmetic.
Mar 28 2022, 3:08 AM
gniibe committed rE70489b4f75c0: yat2m: Only emit a message of the page with --verbose option. (authored by gniibe).
yat2m: Only emit a message of the page with --verbose option.
Mar 28 2022, 3:00 AM
gniibe committed rGf0a1c79f60ce: agent: KEYTOCARD prefers to specified time. (authored by gniibe).
agent: KEYTOCARD prefers to specified time.
Mar 28 2022, 2:15 AM
First
Prev
Next