Page MenuHome GnuPG
Feed Advanced Search

Jun 22 2023

gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

I found the case of X.509, which also uses fixed length output for RSA-PSS and ECDSA: https://www.rfc-editor.org/rfc/rfc8692.html

Jun 22 2023, 7:29 AM · libgcrypt, FIPS, Bug Report

Jun 20 2023

Jakuje added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Thank you for having a look into that! The proposed patch looks good. Should we have this change also in master?

Jun 20 2023, 1:58 PM · libgcrypt, FIPS, Bug Report

Jun 19 2023

gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Here is a possible change (... to master, assuming it's good to support use case of RFC 8702):

diff --git a/cipher/keccak.c b/cipher/keccak.c
index 22c40302..76e08cb5 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -1630,8 +1630,8 @@ const gcry_md_spec_t _gcry_digest_spec_sha3_512 =
 const gcry_md_spec_t _gcry_digest_spec_shake128 =
   {
     GCRY_MD_SHAKE128, {0, 1},
-    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 0,
-    shake128_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 32,
+    shake128_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake128_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
@@ -1639,8 +1639,8 @@ const gcry_md_spec_t _gcry_digest_spec_shake128 =
 const gcry_md_spec_t _gcry_digest_spec_shake256 =
   {
     GCRY_MD_SHAKE256, {0, 1},
-    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 0,
-    shake256_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 64,
+    shake256_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake256_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
Jun 19 2023, 4:53 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Reading RFC 8702, I realized that it defines the hash size in the use of CMS as: SHAKE128 : 32-byte SHAKE256 : 64-byte.

Jun 19 2023, 4:47 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Applied rC8cdd0d353e19: cipher:pubkey: Check digest size which should not be zero. for 1.10.

Jun 19 2023, 4:36 AM · libgcrypt, FIPS, Bug Report

Jun 16 2023

gniibe claimed T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Jun 16 2023, 9:36 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

I found this use case: RFC 8702
"Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)": https://www.rfc-editor.org/rfc/rfc8702.html

Jun 16 2023, 9:35 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Another possibility for digest&sign API: it is possible to determine the length of required hash function by the underlining field Fp of the curve in use. Then, use this length instead. It's better than to (try to) get the length by _gcry_md_get_algo_dlen (for SHAKE, it's undefined).

Jun 16 2023, 9:16 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6507: SCRYPT does not work in FIPS mode from Open to Testing.

Fixed in both of master and 1.10 branch.

Jun 16 2023, 8:11 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6511: EdDSA support in FIPS mode from Open to Testing.

Added: rC547dfb5aecc1: cipher:ecc: Add selftests for EdDSA.
Added: rC3ac2bba4a4b1: cipher:ecc: Implement PCT for EdDSA.

Jun 16 2023, 7:12 AM · FIPS, libgcrypt, Bug Report

Jun 15 2023

Jakuje created T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Jun 15 2023, 5:34 PM · libgcrypt, FIPS, Bug Report

Jun 14 2023

gniibe added a comment to T6511: EdDSA support in FIPS mode.

I found that for EdDSA other than pure Ed25519, it can supply context.
I changed the semantics and API for adding context and input data, as we need to support both simultaneously.

Jun 14 2023, 7:49 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6511: EdDSA support in FIPS mode.

I changed the lg-input-data.diff patch not to break the ABI, reusing the published symbol of gcry_pk_random_override_new.
With this approach, if/when needed, backporting may be easier.
Drawback is debugging internal of libgcrypt will be a bit confusing.

Jun 14 2023, 4:50 AM · FIPS, libgcrypt, Bug Report

Jun 13 2023

Jakuje added a comment to T6511: EdDSA support in FIPS mode.

Another approach would be having "non-hash" algo for gcry_md_open.

Jun 13 2023, 9:53 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6511: EdDSA support in FIPS mode.

Before adding FIPS support flag and tests, we need to modify implementation:

  • Adding PCT check for EdDSA
  • Adding support of gcry_pk_hash_sign/verify API for EdDSA
Jun 13 2023, 6:33 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6271: The old FSF address in libgcrypt source code.

Thanks. I think that it was the oldest one: FSF used to be there in Cambridge, then moved to Tremont St. in Boston, and now it's in Franklin St.

Jun 13 2023, 3:10 AM · Documentation, libgcrypt, Bug Report

Jun 12 2023

Jakuje added a comment to T6271: The old FSF address in libgcrypt source code.

FYI, while going through the licenses again I noticed one of the pinentry files have even older address that so if you would do sed, this would not be matched:

Jun 12 2023, 4:11 PM · Documentation, libgcrypt, Bug Report

Jun 8 2023

gniibe added a comment to T6511: EdDSA support in FIPS mode.

I'm going to add selftest of EdDSA with test vectors from RFC 8032.

Jun 8 2023, 8:32 AM · FIPS, libgcrypt, Bug Report

Jun 1 2023

gniibe claimed T6511: EdDSA support in FIPS mode.
Jun 1 2023, 9:46 AM · FIPS, libgcrypt, Bug Report
werner raised the priority of T6511: EdDSA support in FIPS mode from Normal to High.

They re-used the same file name for the update from March and no history section. Anyway that looks promising and may solve the problem of having different algorithms allowed for restricted communication in the EU and the US.

Jun 1 2023, 9:26 AM · FIPS, libgcrypt, Bug Report
Jakuje added a comment to T6511: EdDSA support in FIPS mode.

Correct, but the last revision of FIPS 140-3 lists the EdDSA already. The same for the IG for FIPS 140-3:

Jun 1 2023, 9:08 AM · FIPS, libgcrypt, Bug Report
werner triaged T6511: EdDSA support in FIPS mode as Normal priority.

My understanding is that FIPS 186-x lists more algorithms than approved for FIPS 140-y; the approved algorithms for 140-y are in the latest revisions of SP800-140. I have not checked the latter document, though.

Jun 1 2023, 9:05 AM · FIPS, libgcrypt, Bug Report

May 31 2023

Jakuje created T6511: EdDSA support in FIPS mode.
May 31 2023, 4:51 PM · FIPS, libgcrypt, Bug Report

May 30 2023

werner triaged T6507: SCRYPT does not work in FIPS mode as Normal priority.
May 30 2023, 1:42 PM · libgcrypt, FIPS, Bug Report
Jakuje created T6507: SCRYPT does not work in FIPS mode.
May 30 2023, 11:33 AM · libgcrypt, FIPS, Bug Report
werner edited projects for T5964: gnupg should use the KDFs implemented in libgcrypt, added: gnupg26; removed gnupg24.

Let's schedule that for 2.6

May 30 2023, 10:57 AM · gnupg26, FIPS, Feature Request

May 16 2023

werner added a comment to T5576: New set of API for public key cryptography.

Just let me note that we used to have such an API : the former gcry_ac_ functions. However, it turned out that they were more complicated to use.

May 16 2023, 6:00 PM · libgcrypt, Feature Request

May 5 2023

werner added a comment to T5691: Release libgcrypt 1.10.0.

If you experience build problems on macOS see T6442

May 5 2023, 10:47 AM · FIPS, Release Info, libgcrypt

May 2 2023

werner closed T6442: libgcrypt-1.10.2: getrandom() is not available everywhere as Resolved.

I don't see a reason backing off the original commit. A fix for macOS is now available (rCfa21ddc158b5) and will be in the next release. No reason for other changes.

May 2 2023, 8:49 AM · MacOS, libgcrypt, Bug Report

Apr 27 2023

gniibe changed the status of T6271: The old FSF address in libgcrypt source code from Open to Testing.

Fixed for libgcrypt, updating copyright notices and license files.

Apr 27 2023, 7:09 AM · Documentation, libgcrypt, Bug Report

Apr 23 2023

jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Here's fix for mode specific setkey clearing error code:

Apr 23 2023, 2:38 PM · Debian, libgcrypt, Bug Report

Apr 21 2023

werner added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

There is still a buglet because in some modes the weak key error can be swallowed by other errors. A fix would be something like:

Apr 21 2023, 9:09 AM · Debian, libgcrypt, Bug Report
gniibe added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

@jukivili Yes, please go ahead for both branches. Thank you.

Apr 21 2023, 5:06 AM · Debian, libgcrypt, Bug Report

Apr 20 2023

jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

About error code. You need to use gcry_err_code(error_code) to get the GPG_ERR_WEAK_KEY value.

Apr 20 2023, 6:22 PM · Debian, libgcrypt, Bug Report

Apr 17 2023

Wolff17 added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Ok sorry, my bad, I have to use DES Keying option 2 to have 45 de ae ae e1 f4 6a 29, problem solved.

Apr 17 2023, 3:02 PM · Debian, libgcrypt, Bug Report
werner added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Reading the commit rC5beadf201312: Add gcry_cipher_ctl command to allow weak keys in testing use-cases,
The test code in basic.c assumes that it is an application responsibility to confirm&ignore GPG_ERR_WEAK_KEY error when using GCRYCTL_SET_ALLOW_WEAK_KEY.

Apr 17 2023, 1:25 PM · Debian, libgcrypt, Bug Report
Wolff17 added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Thank you for you responses! :)

Apr 17 2023, 9:50 AM · Debian, libgcrypt, Bug Report
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

I'll add documentation about GCRYCTL_SET_ALLOW_WEAK_KEY which was missing from be original commit.

Apr 17 2023, 8:36 AM · Debian, libgcrypt, Bug Report
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

tests/basic now actually fail because setkey not returning GPG_ERR_WEAK_KEY for weak keys with GCRYCTL_SET_ALLOW_WEAK_KEY.

Apr 17 2023, 8:34 AM · Debian, libgcrypt, Bug Report
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

That's right. With GCRYCTL_SET_ALLOW_WEAK_KEY, setkey still returns GPG_ERR_WEAK_KEY when weak key is detected. However, cipher handle can still be used as if setkey succeeded.

Apr 17 2023, 8:31 AM · Debian, libgcrypt, Bug Report
gniibe added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Reading the commit rC5beadf201312: Add gcry_cipher_ctl command to allow weak keys in testing use-cases,
The test code in basic.c assumes that it is an application responsibility to confirm&ignore GPG_ERR_WEAK_KEY error when using GCRYCTL_SET_ALLOW_WEAK_KEY.

Apr 17 2023, 2:50 AM · Debian, libgcrypt, Bug Report

Apr 16 2023

werner triaged T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY as Low priority.

Thanks for the report. Fix is easy. I only wonder why you want to use a weak DES key.

Apr 16 2023, 8:31 PM · Debian, libgcrypt, Bug Report

Apr 14 2023

Wolff17 created T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
Apr 14 2023, 6:17 PM · Debian, libgcrypt, Bug Report

Apr 13 2023

gniibe closed T5891: EOPNOTSUPP is not defined in mingw.org's MinGW, fails compilation of libgcrypt-1.10.0 as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:47 AM · backport, libgcrypt, Bug Report
gniibe closed T5973: libgcrypt: Minor test issues reported by coverity as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:47 AM · backport, patch, libgcrypt, Bug Report
gniibe closed T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd') as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:46 AM · backport, hppa, libgcrypt, Gentoo, Bug Report
gniibe closed T5980: compilation error libgcrypt 1.10.1 as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:46 AM · backport, ppc, AIX, libgcrypt, Bug Report
gniibe closed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:39 AM · backport, libgcrypt, Bug Report
gniibe closed T6384: libgcrypt link error if cipher chacha20 is not included as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:37 AM · patch, libgcrypt, Bug Report
gniibe closed T6417: FIPS service indicator regarding the public key algorithm flags and objects as Resolved.
Apr 13 2023, 3:33 AM · libgcrypt, FIPS
gniibe closed T6219: Ensure minimum key length for KDF in FIPS mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:31 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF as Resolved.
Apr 13 2023, 3:31 AM · backport, libgcrypt, FIPS
gniibe closed T5512: Implement service indicators as Resolved.
Apr 13 2023, 3:22 AM · Feature Request, FIPS, libgcrypt
gniibe closed T6048: Test suite fixes with --enable-pubkey-ciphers=ecc as Resolved.
Apr 13 2023, 3:21 AM · FIPS, libgcrypt
gniibe closed T5975: Allow signature verification using specific RSA keys <2k in FIPS mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:20 AM · backport, patch, libgcrypt, FIPS, Feature Request
gniibe closed T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:20 AM · backport, FIPS, libgcrypt
gniibe closed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:19 AM · backport, FIPS, libgcrypt, Bug Report
gniibe closed T6127: FIPS 140-3 final review comments as Resolved.
Apr 13 2023, 3:17 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6394: FIPS requires running PCT tests unconditionally as Resolved.
Apr 13 2023, 3:17 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6127: FIPS 140-3 final review comments.

Fixed in 1.10.2.

Apr 13 2023, 3:16 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:16 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6394: FIPS requires running PCT tests unconditionally.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6397: PCT failures inconsistency in regards to the FIPS error state as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6417: FIPS service indicator regarding the public key algorithm flags and objects.

Fixed in 1.10.2.

Apr 13 2023, 3:14 AM · libgcrypt, FIPS
gniibe closed T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:13 AM · libgcrypt, Feature Request, Ubuntu, Debian, FIPS
gniibe closed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode as Resolved.
Apr 13 2023, 3:12 AM · backport, libgcrypt, FIPS, Bug Report
gniibe closed T5970: gcry_mpi_invm producing wrong result as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:11 AM · backport, libgcrypt, Bug Report

Apr 12 2023

debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

This problem was introduced by commit cf10c74bd9d5aa80798f1c0e23a9126f381b26b3. Perhaps that change should be backed out in the interim so that a portable fix can be considered for the original issue?

Apr 12 2023, 11:25 PM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

It is a bit complicated. Let me describe the situation.

Apr 12 2023, 10:41 AM · MacOS, libgcrypt, Bug Report
werner added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Actually Linux already returns ENOSYS on older kernels where there is no getrandom libc call. Thus returning ENOSYS if we don't have the libc version of that syscall (i.e. getrandom) in FIPS mode seems to be the Right Thing to do. My whole comment was about fips mode - it does not make much sense to enable FIPS mode if the system is not appropriate for it.

Apr 12 2023, 8:58 AM · MacOS, libgcrypt, Bug Report
debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

I see, your issue is with the use of getrandom for FIPS. I understand now.

Apr 12 2023, 3:32 AM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

ENOSYS is POSIX. My point is that: getrandom was introduced in Linux kernel with flags for particular purpose (differentiate use of /dev/random and /dev/urandom), but that feature has gone.
But, for FIPS behavior, RHEL and related OS use (possibly, some would say misuse) getrandom with GRND_RANDOM. This use is RHEL specific (not for other GNU/Linux). Use of getrandom is non-POSIX.

Apr 12 2023, 3:22 AM · MacOS, libgcrypt, Bug Report
debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Returning ENOSYS is too strict, in my opinion; It doesn't work for machines other than CentOS/Fedora/RHEL.

Apr 12 2023, 2:41 AM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Returning ENOSYS is too strict, in my opinion; Because the code in question doesn't work for machines other than CentOS/Fedora/RHEL. For other machines, it would be natural to just rely on getentropy (rather standard call).

Apr 12 2023, 2:27 AM · MacOS, libgcrypt, Bug Report

Apr 11 2023

ikloecker added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

What Werner wrote was also my thought. If getrandom is mandatory for FIPS, then it must not be possible to disable it silently.

Apr 11 2023, 9:16 AM · MacOS, libgcrypt, Bug Report
werner added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

What about

Apr 11 2023, 8:19 AM · MacOS, libgcrypt, Bug Report

Apr 10 2023

gniibe changed the status of T6442: libgcrypt-1.10.2: getrandom() is not available everywhere from Open to Testing.
Apr 10 2023, 7:19 AM · MacOS, libgcrypt, Bug Report
gniibe claimed T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.
Apr 10 2023, 7:18 AM · MacOS, libgcrypt, Bug Report
gniibe closed T6257: Without gpg-error-config installed (libgpg-error-1.46) libgcrypt-1.10.1 does not configure as Resolved.
Apr 10 2023, 7:17 AM · MacOS, libgcrypt, gpgrt
gniibe added a comment to T6257: Without gpg-error-config installed (libgpg-error-1.46) libgcrypt-1.10.1 does not configure.

Fixed in libgcrypt 1.10.2.

Apr 10 2023, 7:17 AM · MacOS, libgcrypt, gpgrt
debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Tested. I applied the above diff to libgcrypt-1.10.2, and it builds and runs.

Apr 10 2023, 5:05 AM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Thank you for the report.

Apr 10 2023, 4:54 AM · MacOS, libgcrypt, Bug Report
debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

Here is the git diff that I used:

Apr 10 2023, 4:41 AM · MacOS, libgcrypt, Bug Report

Apr 8 2023

debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

I just ran into this, too, on macOS.

Apr 8 2023, 6:45 PM · MacOS, libgcrypt, Bug Report

Apr 7 2023

werner triaged T6442: libgcrypt-1.10.2: getrandom() is not available everywhere as High priority.
Apr 7 2023, 10:02 PM · MacOS, libgcrypt, Bug Report
gniibe closed T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC as Resolved.

Fixed in 1.10.2.

Apr 7 2023, 2:16 AM · gpgrt, patch, libgcrypt, Bug Report

Apr 6 2023

acollier added a comment to T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC .

Thank you for the bug report.

I see your problem. We need to improve the patch, as we cannot use Bash-only feature in configure.
[...]
That is, prefer possible_libdir1 when not used. Please test this.

Apr 6 2023, 5:45 PM · gpgrt, patch, libgcrypt, Bug Report

Apr 4 2023

gniibe changed the status of T6384: libgcrypt link error if cipher chacha20 is not included from Open to Testing.

Fixed in master and 1.10 branch.

Apr 4 2023, 9:08 AM · patch, libgcrypt, Bug Report

Apr 3 2023

Wolff17 added a comment to T6435: libgcrypt | gcry_mpi_ec_mul return a truncated point coordinate.

Your quick support solve my problem, I am thanking you :)
Bye bye

Apr 3 2023, 10:25 AM · Debian, libgcrypt, Bug Report
werner closed T6435: libgcrypt | gcry_mpi_ec_mul return a truncated point coordinate as Resolved.

I added a remark to the print function. Thanks for the suggestion.

Apr 3 2023, 10:22 AM · Debian, libgcrypt, Bug Report
Wolff17 added a comment to T6435: libgcrypt | gcry_mpi_ec_mul return a truncated point coordinate.

You are right, w.y should be "00039E2C9AEC146C5799651C42691A3E35E291B6BC45FF079DDA3E70E709BF33".

Apr 3 2023, 9:39 AM · Debian, libgcrypt, Bug Report
werner added a comment to T6435: libgcrypt | gcry_mpi_ec_mul return a truncated point coordinate.

Can you please share the expected result with us? Note that Libgcrypt strips leading zeroes except when it is required to keep the value positive.

Apr 3 2023, 9:30 AM · Debian, libgcrypt, Bug Report
Wolff17 created T6435: libgcrypt | gcry_mpi_ec_mul return a truncated point coordinate.
Apr 3 2023, 9:24 AM · Debian, libgcrypt, Bug Report

Mar 25 2023

gniibe added a comment to T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC .

@tlaurion Thank you for the report, but your particular problem is irrelevant to this ticket.
I lightly looked the log and noticed that the cross build would have some confusions for pkg-config, however, that's not our problem but yours.
For the particular failures in your build, the issues look like a problem of musl linker. It seems that it requires all dependency of libraries to be used, even if an executable doesn't use a library directly.
If it is the case, we need a patch... something like:

Mar 25 2023, 2:59 AM · gpgrt, patch, libgcrypt, Bug Report

Mar 24 2023

tlaurion added a comment to T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC .

@gniibe
Trying to crosscompile newer 2.4 gpg toolstack from Heads OSF under PR https://github.com/osresearch/heads/pull/1350

Mar 24 2023, 9:24 PM · gpgrt, patch, libgcrypt, Bug Report
gniibe changed the status of T6417: FIPS service indicator regarding the public key algorithm flags and objects from Open to Testing.

Pushed the change.

Mar 24 2023, 5:17 AM · libgcrypt, FIPS

Mar 23 2023

gniibe changed the status of T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC from Open to Testing.

Fixed in master (of libgpg-error).
Pushed the change to libgcrypt (master and 1.10 branch).

Mar 23 2023, 6:51 AM · gpgrt, patch, libgcrypt, Bug Report

Mar 22 2023

gniibe added a comment to T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC .

Thank you for the bug report.

Mar 22 2023, 4:20 AM · gpgrt, patch, libgcrypt, Bug Report

Mar 21 2023

werner triaged T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC as Normal priority.
Mar 21 2023, 3:25 PM · gpgrt, patch, libgcrypt, Bug Report