- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Mar 1 2024
Pushed the change in: rGf50c543326c2: agent: Allow simple KEYINFO command when restricted.
Apply the change in: rPTH417abd56fd7b: Fix INSERT_EXPOSE_RWLOCK_API for musl C library.
It looks like hardware problem or card reader problem.
Please test with debug-ccid-driver line in scdaemon.conf to see lower-lever (driver debug) message.
Since I don't like to introduce hppa specific workaround in a way like pragma (and I have no time to fix compiler itself), I tried to improve the ec-nist.c for hppa so that register pressure can be lower.
Here is my solution.
Feb 29 2024
@thesamesam Thank you for the report.
Thanks a lot for your quick testing.
The commit rGff42ed0d69bb: gpg: Enhance agent_probe_secret_key to return bigger value. of GnuPG 2.2 introduced this bug.
Alternatively (more narrow workaround), when I add a line:
#pragma GCC optimize("O1")
before the function _gcry_mpi_ec_nist256_mod in mpi/ec-nist.c, it works for me on panama.debian.net (Debian porterbox for hppa).
Fixed in libksba 1.6.6.
Fixed in npth 1.7.
Feb 28 2024
You can get more information by applying a patch below (and also tests/json/Makefile.in):
diff --git a/tests/json/Makefile.am b/tests/json/Makefile.am index 90fba79e..7523bb6b 100644 --- a/tests/json/Makefile.am +++ b/tests/json/Makefile.am @@ -106,6 +106,8 @@ gpg-agent.conf: # a key from a smartcard reader (error might be: Unusable secret key) echo pinentry-program $(abs_srcdir)/../gpg/pinentry > ./gpg-agent.conf echo disable-scdaemon >> ./gpg-agent.conf + echo debug-all >> ./gpg-agent.conf + echo log-file /tmp/gpg-agent-logfile.log >> ./gpg-agent.conf
T4820 is not related (it's a failure of t-keylist-secret in t-json), while this is failure of t-decrypt.
It looks like computation for NIST P-256 failed on hppa (32-bit big-endian, actually running on 64-bit machine, IIUC).
powerpc is similar (32-bit big-endian, actually running on 64-bit machine), but no failures.
Feb 26 2024
Feb 21 2024
This is a group of tasks of dirmngr and gpgsm.
Feb 17 2024
Feb 16 2024
I was wrong for the semantics of proxy->outtoken. It is zero when run_proxy_connect is called and enabled during the negotiation.
@hlein Thanks a lot for quick testing.
IIUC, the code for keep_alive is for negotiation of proxy. If so, something like this is the fix:
Right. I was wrong assuming the code in 2.2 branch is stable (that is: well tested).
Feb 15 2024
Thank you for the report. There was a problem in: rG845d5e61d8e1: dirmngr: Cleanup the http module.
Pushed the fix in: rG04cbc3074aa9: dirmngr: Fix proxy with TLS.
In master, I applied changes for include files which don't harm current target of MinGW-64.
It's true that under $GNUPGHOME (~/.gnupg/), there are multiple things: configuration files, user-specific data files (private keys, public keys, the trust database, and revocation certificates), user-specific state files (like the lock files and random seed), possibly runtime sockets, and executable/script for card reader. Some careful handling might be needed for making backup and doing version control for that.
Feb 14 2024
Thank you, applied.
Feb 13 2024
Feb 9 2024
Applied the change. I write the ChangeLog entry by commit message.
Feb 1 2024
Thank you for the fix. Pushed the change modifying the commit log for the ChangeLog entry.
I'm afraid that your particular configuration would cause the problem of the negotiation.
Jan 31 2024
Jan 30 2024
Fixed in master.
Thanks for your report. It seems the linker for Android is more strict.
Fixed in GnuPG 2.4.4.
AFAIK, we don't have any option to control the lower-level detail of GnuTLS for dirmngr of GnuPG.
Jan 29 2024
I can do correct handshake with GnuTLS, if specified.
Please configure your server so that an application with GnuTLS can interoperate. It is not GnuPG specific.
It looks like a failure of GnuTLS negotiation.
$ wget --server-response --spider https://openpgpkey.sapience.com/.well-known/openpgpkey/sapience.com/hu/me5xnfhbf3w9djpmxa3keq5q8s3rcgf1?l=arch Spider mode enabled. Check if remote file exists. --2024-01-29 11:35:15-- https://openpgpkey.sapience.com/.well-known/openpgpkey/sapience.com/hu/me5xnfhbf3w9djpmxa3keq5q8s3rcgf1?l=arch Resolving openpgpkey.sapience.com (openpgpkey.sapience.com)... 72.84.236.69 Connecting to openpgpkey.sapience.com (openpgpkey.sapience.com)|72.84.236.69|:443... connected. GnuTLS: A TLS fatal alert has been received. GnuTLS: received alert [47]: Illegal parameter Unable to establish SSL connection.
Thank you. I recently fixed for use of egrep rC656ca459e3d8: m4: Update acinclude.m4 to use $GREP., but overlooked this one.
Jan 26 2024
Fixed in GnuPG 2.4.4.
For the particular issue reopened for GnuPG 2.2.41 is fixed in GnuPG 2.2.42.
Please note that we can't fix the cause itself, the hardware problem.
Fixed in 0.3.2.
Fixed in NtbTLS 0.3.2.
Fixed in 2.4.4.
Jan 25 2024
Jan 24 2024
Jan 23 2024
Jan 22 2024
i still observe the same behavior:
Thank you for the report.
Jan 18 2024
Currently, there is no support for gpg-agent to keep private key not on disk, but only on memory of gpg-agent. Given the situation,
I think that it is good to:
Jan 16 2024
Push the change as rE4a9def77488f: estream: Fix call to string filter for estream-printf..