Query: All Stories

kbx: Close file handle when return.

	Include stories about projects I am a member of.

Thank you.
Applied to master, 2.4 branch, and 2.2 branch.

delete redundant characters

qt: Support writing signed/encrypted archives directly to a file

core: Support writing the sign/encrypt output directly to a file

qt: Add a generic hook to start a job

qt: Rename JobPrivate::start to JobPrivate::startNow

qt: Make the run methods of ThreadedJobMixin public

qt: Return const pointer to JobPrivate class for const pointer to Job

Fix crash for strange Attachments

edited placeholder text in paypal donation form

rGb1ecc8353ae3 is just what I meant, so that we can recommend such an option in the future as a workaround until a new update becomes available which supports such an extension.

dirmngr: New option --ignore-crl-extensions.

gpgsm: Support SENDCERT_SKI for --call-dirmngr

Nah, the description for that extension is pretty strict and I won't feel comfortable to just ignore it. BTW there is also T6398 (nameConstraints) which needs support. But for debugging a ignore extension makes sense.

For support reasons I would say that it might make sense to also ignore the extensions from "ignore-cert-extension" when checking CRLs?

Post release updates

Correctly detect write errors while creating CMS objects.

Update libksba and libassuan

removed email address as text from support page

swdb: libassuan 2.5.6

Post release updates

replaced image for intro and let users click on it to open it

SVN_SILENT made messages (.desktop file) - always resolve ours

Here is a possible change (... to master, assuming it's good to support use case of RFC 8702):

diff --git a/cipher/keccak.c b/cipher/keccak.c
index 22c40302..76e08cb5 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -1630,8 +1630,8 @@ const gcry_md_spec_t _gcry_digest_spec_sha3_512 =
 const gcry_md_spec_t _gcry_digest_spec_shake128 =
   {
     GCRY_MD_SHAKE128, {0, 1},
-    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 0,
-    shake128_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 32,
+    shake128_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake128_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
@@ -1639,8 +1639,8 @@ const gcry_md_spec_t _gcry_digest_spec_shake128 =
 const gcry_md_spec_t _gcry_digest_spec_shake256 =
   {
     GCRY_MD_SHAKE256, {0, 1},
-    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 0,
-    shake256_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 64,
+    shake256_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake256_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests

Reading RFC 8702, I realized that it defines the hash size in the use of CMS as: SHAKE128 : 32-byte SHAKE256 : 64-byte.

GIT_SILENT Sync po/docbooks with svn

SVN_SILENT made messages (.desktop file) - always resolve ours

GIT_SILENT made messages (after extraction)

GIT_SILENT Sync po/docbooks with svn

Merge remote-tracking branch 'origin' into kf6

GIT_SILENT Sync po/docbooks with svn

Use Kleopatra which constructs the DN for you ;-).

I tested this with OpenPGP and 2.4.3-beta19 on Windows. Worked nicely.

qt, cpp: Support larger size-hint on 32 bit builds

cpp: Expose gpgme_data_set_flag through cpp API

Flush data before clearing the confidential flag.

build: Fix listing m4 files.

build: Better cross build support.

tests: Use -no-fast-install LDFLAGS for Windows.

build: Update gpg-error.m4.

doc: Update the description about pkg-config.

build: Update config.guess, config.sub, and config.rpath.

build: Update gpg-error.m4.

Fix an explanation for socket on Windows.

Don't access NULL by wipememory.

build: Update gpg-error.m4.

Fix the previous commit.

server,client: Wipe the outbound buffer when CONFIDENTIAL.

client: Wipe the inbound buffer when CONFIDENTIAL.

server: Wipe out the memory used by assuan_inquire if CONFIDENTIAL.

Next release will be 3.0

Flush data before clearing the confidential flag.

I found this use case: RFC 8702
"Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)": https://www.rfc-editor.org/rfc/rfc8702.html

Another possibility for digest&sign API: it is possible to determine the length of required hash function by the underlining field Fp of the curve in use. Then, use this length instead. It's better than to (try to) get the length by _gcry_md_get_algo_dlen (for SHAKE, it's undefined).

Fixed in both of master and 1.10 branch.

tests: Allow KDF measurement in FIPS mode.

cipher:kdf: Move FIPS mode check to _gcry_kdf_derive.

For libgcrypt, initially when the code was put, it made some sense.
Now, it's useless, so, let's simply remove the message.

Remove out of core handler setting message in FIPS mode.

cipher:ecc: Implement PCT for EdDSA.

build: Detect broken GCC for x86/AVX512 intrinsics.

cipher:ecc: Add selftests for EdDSA.

tests: EdDSA keys work in FIPS mode

ecc: Enable Ed25519 and Ed448 in FIPS mode

GIT_SILENT Sync po/docbooks with svn

All Stories
Use Results
Edit Query
Hide Query

Jun 20 2023

Jun 19 2023

Jun 18 2023

Jun 17 2023

Jun 16 2023

All StoriesUse ResultsEdit QueryHide Query

Jun 20 2023

Jun 19 2023

Jun 18 2023

Jun 17 2023

Jun 16 2023

All Stories
Use Results
Edit Query
Hide Query