Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

May 28 2025

gniibe added a comment to T7668: gnupg: regexp and build with -fsanitize=address.

The issue is the routines of regcomp, regexec, regerror and regfree are in C library and the sanitizer library replaces them (and it's not compatible for the use case of GnuPG).

May 28 2025, 9:09 AM · Bug Report, gnupg
gniibe triaged T7668: gnupg: regexp and build with -fsanitize=address as Normal priority.
May 28 2025, 9:06 AM · Bug Report, gnupg
gniibe committed rE98d8f3d396b5: yat2m: Release the memory after the use. (authored by gniibe).
yat2m: Release the memory after the use.
May 28 2025, 3:03 AM
gniibe committed rEba7ed54668e4: argparse: Fix a memory leak. (authored by gniibe).
argparse: Fix a memory leak.
May 28 2025, 3:03 AM

May 27 2025

gniibe added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

Another possible change will be use of KEM interface for gpgsm.
Not high priority, but for long term code maintenance.

May 27 2025, 3:38 AM · gnupg26
gniibe changed the status of T7664: tests/openpgp/ecc.scm fails when building GPG with address sanitizer from Open to Testing.
May 27 2025, 3:36 AM · gnupg, Bug Report

May 26 2025

gniibe added a parent task for T5964: gnupg should use the KDFs implemented in libgcrypt: T7649: gnupg: Use KEM interface for encryption/decryption.
May 26 2025, 6:34 AM · gnupg26, FIPS, Feature Request
gniibe added a subtask for T7649: gnupg: Use KEM interface for encryption/decryption: T5964: gnupg should use the KDFs implemented in libgcrypt.
May 26 2025, 6:34 AM · gnupg26
gniibe added a parent task for T7014: agent: Enhancement of PKDECRYPT for KEM interface: T7649: gnupg: Use KEM interface for encryption/decryption.
May 26 2025, 6:33 AM · gnupg26, gpgagent, Feature Request
gniibe added a subtask for T7649: gnupg: Use KEM interface for encryption/decryption: T7014: agent: Enhancement of PKDECRYPT for KEM interface.
May 26 2025, 6:33 AM · gnupg26
gniibe changed the status of T5964: gnupg should use the KDFs implemented in libgcrypt, a subtask of T6191: FIPS: Supporting running FIPS enabled machine, from Open to Testing.
May 26 2025, 6:32 AM · gnupg24, FIPS, Bug Report
gniibe changed the status of T5964: gnupg should use the KDFs implemented in libgcrypt from Open to Testing.

Done by T7649: gnupg: Use KEM interface for encryption/decryption

May 26 2025, 6:32 AM · gnupg26, FIPS, Feature Request
gniibe committed rG0c7e7ec0c846: gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves. (authored by gniibe).
gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves.
May 26 2025, 4:34 AM
gniibe added a comment to T7664: tests/openpgp/ecc.scm fails when building GPG with address sanitizer.

Thank you.

May 26 2025, 4:32 AM · gnupg, Bug Report
gniibe claimed T7664: tests/openpgp/ecc.scm fails when building GPG with address sanitizer.
May 26 2025, 1:54 AM · gnupg, Bug Report

May 23 2025

gniibe added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

Clean up finished by rG681d75404300: gpg,agent: Clean up around using ECC KEM.
Tested by make check and decrypting tests/openpgp/samplemsgs/pqc-sample-*.enc.asc.

May 23 2025, 10:27 AM · gnupg26
gniibe committed rG681d75404300: gpg,agent: Clean up around using ECC KEM. (authored by gniibe).
gpg,agent: Clean up around using ECC KEM.
May 23 2025, 10:21 AM
gniibe committed rG37bec0df7bf1: common: Fix argument name of gnupg_ecc_kem_kdf. (authored by gniibe).
common: Fix argument name of gnupg_ecc_kem_kdf.
May 23 2025, 10:21 AM
gniibe closed T7457: gpg --full-gen-key doesn't show list of keys on card (regression) as Resolved.
May 23 2025, 10:18 AM · gnupg26, gnupg24, Bug Report

May 22 2025

gniibe changed the status of T7649: gnupg: Use KEM interface for encryption/decryption from Open to Testing.

Pushed all changes needed. Actually, agent side too.
Clean up will be done.

May 22 2025, 8:05 AM · gnupg26
gniibe committed rG07e8ca2a9b54: gpg: Use ECC KEM interface for decryption. (authored by gniibe).
gpg: Use ECC KEM interface for decryption.
May 22 2025, 7:46 AM
gniibe committed rG04782e7fd629: agent: Add support for TPM2 for ECC KEM. (authored by gniibe).
agent: Add support for TPM2 for ECC KEM.
May 22 2025, 7:46 AM
gniibe committed rGb956f47e2ab0: agent: Finish ECC KEM, adding support for NIST curves. (authored by gniibe).
agent: Finish ECC KEM, adding support for NIST curves.
May 22 2025, 7:46 AM

May 21 2025

gniibe committed rG57a3d2392539: agent: Support ECC KEM by PKDECRYPT --kem. (authored by gniibe).
agent: Support ECC KEM by PKDECRYPT --kem.
May 21 2025, 7:57 AM

May 20 2025

gniibe committed rGeb9c39ac5bb5: agent: Refactor ECC KEM decap operation. (authored by gniibe).
agent: Refactor ECC KEM decap operation.
May 20 2025, 9:33 AM

May 19 2025

gniibe committed rGd1c3bfda2a8c: gpg: Use the KEM API for ECC encryption. (authored by gniibe).
gpg: Use the KEM API for ECC encryption.
May 19 2025, 8:01 AM
gniibe added a comment to T7640: ML-DSA for libgcrypt.

Looking the FIPS 204 document, using the following functions (API) is good:

May 19 2025, 7:47 AM · PQC, libgcrypt
gniibe renamed T7649: gnupg: Use KEM interface for encryption/decryption from gnupg: Use KEM interface for decryption to gnupg: Use KEM interface for encryption/decryption.
May 19 2025, 2:35 AM · gnupg26

May 16 2025

gniibe committed rG40cfa71281db: common: Add KEM constants for NIST curves. (authored by gniibe).
common: Add KEM constants for NIST curves.
May 16 2025, 7:08 AM

May 15 2025

gniibe committed rC0bd4c77be6e0: mpi:ec: Least leak with k^(-1) for ECDSA. (authored by gniibe).
mpi:ec: Least leak with k^(-1) for ECDSA.
May 15 2025, 2:51 AM
gniibe committed rCaa089ec89bad: mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. (authored by gniibe).
mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine.
May 15 2025, 2:51 AM
gniibe changed the status of T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token from Open to Testing.
May 15 2025, 1:54 AM · PQC, Bug Report
gniibe closed T7621: libgpg-error: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, as Resolved.
May 15 2025, 1:51 AM · libgcrypt, Bug Report
gniibe closed T7621: libgpg-error: __non_string for GCC 15 or later as Resolved.
May 15 2025, 1:51 AM · gpgrt, Bug Report

May 14 2025

gniibe added a comment to T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token.

For prompting, I pushed a fix in rG45a11327f3bd: agent: Support the use case of composite PQC for prompting.
Thank you for testing.

May 14 2025, 4:48 AM · PQC, Bug Report
gniibe committed rG45a11327f3bd: agent: Support the use case of composite PQC for prompting. (authored by gniibe).
agent: Support the use case of composite PQC for prompting.
May 14 2025, 4:47 AM

May 13 2025

gniibe added a comment to T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token.

Thank you for the concrete test case, it helps me.

May 13 2025, 8:47 AM · PQC, Bug Report
gniibe committed rG309cfb3a4c91: agent: Fix ECC key on smartcard for composite KEM with PQC. (authored by gniibe).
agent: Fix ECC key on smartcard for composite KEM with PQC.
May 13 2025, 8:46 AM
gniibe claimed T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token.
May 13 2025, 4:42 AM · PQC, Bug Report
gniibe closed T6512: keyboxd with data pipe as Resolved.
May 13 2025, 3:07 AM · gnupg26, Bug Report
gniibe closed T7486: libgcrypt: Remove WindowsCE support as Resolved.
May 13 2025, 3:05 AM · libgcrypt
gniibe added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

NIST has an initial public draft for KEM: https://csrc.nist.gov/pubs/sp/800/227/ipd

May 13 2025, 2:18 AM · gnupg26
gniibe committed rG5fb338168ed6: agent: Recover the old behavior with max-cache-ttl=0. (authored by gniibe).
agent: Recover the old behavior with max-cache-ttl=0.
May 13 2025, 2:03 AM
gniibe claimed T7649: gnupg: Use KEM interface for encryption/decryption.
May 13 2025, 2:01 AM · gnupg26
gniibe triaged T7649: gnupg: Use KEM interface for encryption/decryption as High priority.
May 13 2025, 2:01 AM · gnupg26

May 11 2025

gniibe closed T7490: libgcrypt: constant-time modular exponentiation, a subtask of T3264: Possible RSA improvement, as Resolved.
May 11 2025, 3:25 AM · libgcrypt
gniibe closed T7490: libgcrypt: constant-time modular exponentiation as Resolved.

It's in 1.11.1.

May 11 2025, 3:25 AM · libgcrypt
gniibe closed T7338: Revamp the FIPS service indicator as Resolved.

Included in 1.11.1.

May 11 2025, 3:24 AM · libgcrypt, FIPS, Feature Request

May 9 2025

gniibe added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).

(2) Update the documentation of default-cache-ttl zero value disabling caching.

May 9 2025, 10:02 AM · keyboxd, gpgagent, gnupg26
gniibe added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).

I am going to do:
(1) Recover old behavior with max-cache-ttl = 0
(2) Update the documentation of default-cache-ttl zero value disabling caching.

May 9 2025, 4:37 AM · keyboxd, gpgagent, gnupg26

May 8 2025

gniibe added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).

It's not my intention. I didn't know the feature of disabling caching by max-cache-ttl to 0.
Well, it's a regression if a user intends so.

May 8 2025, 4:00 AM · keyboxd, gpgagent, gnupg26

May 7 2025

gniibe triaged T7640: ML-DSA for libgcrypt as Wishlist priority.
May 7 2025, 7:43 AM · PQC, libgcrypt
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

In libgcrypt/cipher/ecc-ecdsa.c, we have:

mpi_mulm (s, k_1, sum, ec->n);    /* s = k^(-1)*(hash+(d*r)) mod n */
May 7 2025, 3:48 AM · libgcrypt, Bug Report

Apr 23 2025

gniibe committed rK58b389a192d3: Mark with __nonstring__ attribute for GCC 15 and later. (authored by gniibe).
Mark with __nonstring__ attribute for GCC 15 and later.
Apr 23 2025, 5:30 AM
gniibe committed rG0070c2e3b422: gpgscm: Fix for CHARNAMES. (authored by gniibe).
gpgscm: Fix for CHARNAMES.
Apr 23 2025, 3:21 AM
gniibe committed rG97583cf81ab0: gpgscm: Fix initialization for fixed size chars. (authored by gniibe).
gpgscm: Fix initialization for fixed size chars.
Apr 23 2025, 3:21 AM
gniibe changed the status of T7624: libksba: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, from Open to Testing.
Apr 23 2025, 3:21 AM · libgcrypt, Bug Report
gniibe changed the status of T7624: libksba: __non_string for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:21 AM · libksba, Bug Report
gniibe triaged T7624: libksba: __non_string for GCC 15 or later as Normal priority.
Apr 23 2025, 3:18 AM · libksba, Bug Report
gniibe changed the status of T7621: libgpg-error: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, from Open to Testing.
Apr 23 2025, 3:17 AM · libgcrypt, Bug Report
gniibe changed the status of T7621: libgpg-error: __non_string for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:17 AM · gpgrt, Bug Report
gniibe changed the status of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:16 AM · libgcrypt, Bug Report
gniibe changed the status of T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later) from Open to Testing.
Apr 23 2025, 3:16 AM · gnupg, gpgrt, Bug Report
gniibe changed the status of T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later), a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, from Open to Testing.
Apr 23 2025, 3:16 AM · libgcrypt, Bug Report
gniibe added inline comments to rE1c58363541fc: Mark the initializations with __nonstring__ attribute..
Apr 23 2025, 3:08 AM

Apr 22 2025

gniibe added a comment to T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later).

doc/HACKING says it's OK to use variadic arg macros (from C99 features).
If it's OK, this patch can fix the initialization (which silences GCC 15 warnings):

0002-gpgscm-Fix-initialization-for-fixed-size-chars.patch44 KBDownload

Apr 22 2025, 7:53 AM · gnupg, gpgrt, Bug Report
gniibe renamed T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later) from gpgscm: Don't use fixed size characters (for portability, specifically for GCC 15 or later) to gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later).
Apr 22 2025, 7:50 AM · gnupg, gpgrt, Bug Report
gniibe triaged T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later) as Normal priority.
Apr 22 2025, 4:06 AM · gnupg, gpgrt, Bug Report

Apr 21 2025

gniibe committed rE1c58363541fc: Mark the initializations with __nonstring__ attribute. (authored by gniibe).
Mark the initializations with __nonstring__ attribute.
Apr 21 2025, 5:01 AM
gniibe triaged T7621: libgpg-error: __non_string for GCC 15 or later as Normal priority.
Apr 21 2025, 4:43 AM · gpgrt, Bug Report
gniibe committed rCd5fb7cd9b351: Mark nonstring use cases with __nonstring__ attribute. (authored by gniibe).
Mark nonstring use cases with __nonstring__ attribute.
Apr 21 2025, 2:42 AM

Apr 18 2025

gniibe added a comment to T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.

IIUC, it's GCC 8 which starts the support of __nonstring__ attribute.

Apr 18 2025, 4:26 AM · libgcrypt, Bug Report
gniibe set External Link to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117178 on T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Apr 18 2025, 4:25 AM · libgcrypt, Bug Report
gniibe claimed T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Apr 18 2025, 4:13 AM · libgcrypt, Bug Report
gniibe created T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Apr 18 2025, 4:12 AM · libgcrypt, Bug Report

Apr 10 2025

gniibe committed rC32f848ef9dca: mpi:ec: Set GCRYECC_FLAG_LEAST_LEAK, calling mpi_ec_mul_point_lli. (authored by gniibe).
mpi:ec: Set GCRYECC_FLAG_LEAST_LEAK, calling mpi_ec_mul_point_lli.
Apr 10 2025, 2:17 AM

Apr 9 2025

gniibe committed rE32475a7868f5: Use gpgrt_stream_t for the API of gpgrt_nvc_*. (authored by gniibe).
Use gpgrt_stream_t for the API of gpgrt_nvc_*.
Apr 9 2025, 2:29 AM

Apr 7 2025

gniibe changed the status of T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from Open to Testing.

Fix pushed by: rG1ed8b0e7b403: dirmngr: Fix libdns with 127.0.0.1.

Apr 7 2025, 4:45 AM · gnupg24, dirmngr
gniibe committed rG1ed8b0e7b403: dirmngr: Fix libdns with 127.0.0.1. (authored by gniibe).
dirmngr: Fix libdns with 127.0.0.1.
Apr 7 2025, 4:44 AM
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

For Linux kernel, once, it was proposed:
https://patchwork.ozlabs.org/project/netdev/patch/1490748756.24891.27.camel@edumazet-glaptop3.roam.corp.google.com/

Apr 7 2025, 4:10 AM · gnupg24, dirmngr
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

Another problem with same cause (possibly) is reported: https://lists.gnupg.org/pipermail/gnupg-devel/2025-April/035845.html

Apr 7 2025, 3:56 AM · gnupg24, dirmngr

Mar 31 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Pushed all changes to master.

Mar 31 2025, 6:27 AM · libgcrypt, Bug Report
gniibe committed rCd1c471c78d6f: mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky. (authored by gniibe).
mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky.
Mar 31 2025, 5:02 AM
gniibe committed rC0680408b3751: mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli. (authored by gniibe).
mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli.
Mar 31 2025, 5:02 AM
gniibe committed rC4f56fd8c5e03: mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK.
Mar 31 2025, 5:02 AM
gniibe committed rC794b8e7378e8: mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK.
Mar 31 2025, 5:02 AM
gniibe committed rC6419bd17f034: cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK.
Mar 31 2025, 5:02 AM
gniibe committed rC5e3dbfb8233d: mpi:ec: Refactor _gcry_mpi_ec_mul_point (authored by gniibe).
mpi:ec: Refactor _gcry_mpi_ec_mul_point
Mar 31 2025, 5:02 AM
gniibe committed rCd698ed5386e8: mpi:ec: Keep A untouched in ec_get_a_is_pminus3. (authored by gniibe).
mpi:ec: Keep A untouched in ec_get_a_is_pminus3.
Mar 31 2025, 5:02 AM
gniibe committed rC16c6936c811a: mpi:ec: Remove runtime check in ec_mod. (authored by gniibe).
mpi:ec: Remove runtime check in ec_mod.
Mar 31 2025, 5:02 AM
gniibe committed rC38cdb7fecc80: mpi:ec: Use ec_addm for ec_mul2. (authored by gniibe).
mpi:ec: Use ec_addm for ec_mul2.
Mar 31 2025, 5:02 AM

Mar 26 2025

gniibe changed the status of T7576: keyboxd: Searching <email@Example.COM> from Open to Testing.
Mar 26 2025, 8:20 AM · gnupg, Bug Report
gniibe committed rG7fc5b0328fdd: keyboxd: Searching UpperCaseAddress. (authored by gniibe).
keyboxd: Searching UpperCaseAddress.
Mar 26 2025, 6:30 AM
gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

OK. Relying on SQLite semantics for COLLATE NOCASE would not be good.
Exactly same existing semantics (only care about ASCII uppercase characters) is good.

Mar 26 2025, 6:26 AM · gnupg, Bug Report

Mar 21 2025

gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

I changed my mind. SQLite specific patch might be better:

diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
index 4c67c3ef7..1db2f2c8d 100644
--- a/kbx/backend-sqlite.c
+++ b/kbx/backend-sqlite.c
@@ -154,7 +154,7 @@ static struct
      /* The full user id - for X.509 the Subject or altSubject.  */
      "uid  TEXT NOT NULL,"
      /* The mail address if available or NULL.  */
-     "addrspec TEXT,"
+     "addrspec TEXT COLLATE NOCASE,"
      /* The type of the public key: 1 = openpgp, 2 = X.509.  */
      "type  INTEGER NOT NULL,"
      /* The order number of the user id within the keyblock or
Mar 21 2025, 8:50 AM · gnupg, Bug Report
gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

I changed my mind. SQLite specific patch might be better:

diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
index 4c67c3ef7..1db2f2c8d 100644
--- a/kbx/backend-sqlite.c
+++ b/kbx/backend-sqlite.c
@@ -154,7 +154,7 @@ static struct
      /* The full user id - for X.509 the Subject or altSubject.  */
      "uid  TEXT NOT NULL,"
      /* The mail address if available or NULL.  */
-     "addrspec TEXT,"
+     "addrspec TEXT COLLATE NOCASE,"
      /* The type of the public key: 1 = openpgp, 2 = X.509.  */
      "type  INTEGER NOT NULL,"
      /* The order number of the user id within the keyblock or
Mar 21 2025, 8:36 AM · gnupg, Bug Report
gniibe updated the task description for T7576: keyboxd: Searching <email@Example.COM>.
Mar 21 2025, 8:27 AM · gnupg, Bug Report
gniibe claimed T7576: keyboxd: Searching <email@Example.COM>.

Here is a possible change:

Mar 21 2025, 8:15 AM · gnupg, Bug Report
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

I applied some to master (generic improvement parts).

Mar 21 2025, 7:31 AM · libgcrypt, Bug Report
gniibe committed rC17d5d3262c14: mpi:ec: Use ec_addm to multiply with small integer. (authored by gniibe).
mpi:ec: Use ec_addm to multiply with small integer.
Mar 21 2025, 7:28 AM
First
Prev
Next