Page MenuHome GnuPG
Feed Advanced Search

Nov 9 2021

gniibe added a comment to T5523: jitter entropy RNG update.

I decided to use 3.3.0 disabling pthread feature.

Nov 9 2021, 6:41 AM · FIPS, libgcrypt

Nov 8 2021

Jakuje added a comment to T5512: Implement service indicators.

Thank you for merging the important parts of the patches and implementing similar stuff for DSA. You are right that DSA is supported in the 140-3 specs so it is fine to keep it enabled with the keylength constraints.

Nov 8 2021, 9:02 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5512: Implement service indicators.

Applied parts except part 2.
The part 3 are modified version, so that memory can be released correctly.

Nov 8 2021, 6:58 AM · Feature Request, FIPS, libgcrypt

Nov 5 2021

Jakuje added a comment to T5512: Implement service indicators.

Implicit indicators mean that we need to go through the all algorithms and verify that they work if they have approved key sizes/parameters and do not work when they do not.

Nov 5 2021, 2:27 PM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

Firstly, applied uncontroversial part in rC976673425784: doc: Reference the new FIPS 140-3

Nov 5 2021, 7:23 AM · FIPS, libgcrypt, Bug Report

Nov 3 2021

werner closed T5610: macOS 11 or newer support: Update libtool as Resolved.
Nov 3 2021, 3:16 PM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
Jakuje added a comment to T5523: jitter entropy RNG update.

If I read it right, the version 3.1.0 adds the pthread requirement. Using 3.0.2 should be fine for us.

Nov 3 2021, 2:39 PM · FIPS, libgcrypt

Nov 2 2021

Jakuje added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

The most of the stuff about boot blocking was discussed in the bug https://bugzilla.redhat.com/show_bug.cgi?id=1569393 (private). There were some bugs in our patches, but also some issue in the kernel that locked the boot process (in FIPS mode).

Nov 2 2021, 9:12 PM · FIPS, libgcrypt, Bug Report

Nov 1 2021

gniibe claimed T5665: libgcrypt : Restrict message digest use for FIPS 140-3.
Nov 1 2021, 6:59 AM · FIPS, Bug Report, libgcrypt
gniibe added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

Check for FIPS has been added. (1) and (2) were solved.

Nov 1 2021, 6:59 AM · FIPS, Bug Report, libgcrypt
gniibe added a comment to T5523: jitter entropy RNG update.

Its copyright notice in upstream now refers LICENSE file, which requires some arrangement.

Nov 1 2021, 6:48 AM · FIPS, libgcrypt

Oct 29 2021

gniibe added a comment to T5523: jitter entropy RNG update.

I work on gniibe/jitterent branch.
I realized that full featured jitterentropy now requires pthread. Timer-less mode uses threads for entropy. This is not good for libgcrypt use.

Oct 29 2021, 8:05 AM · FIPS, libgcrypt

Oct 27 2021

Jakuje closed T5669: Run continuous random test in FIPS mode as Invalid.

OK. Sorry for the noise. I got a clarification that the test is no longer needed so closing this issue.

Oct 27 2021, 11:48 AM · libgcrypt, FIPS, Bug Report

Oct 25 2021

Jakuje added a comment to T5669: Run continuous random test in FIPS mode.

From the FIPS Certs draft for RHEL 8.5, I have the following sentence:

Oct 25 2021, 3:04 PM · libgcrypt, FIPS, Bug Report
werner reassigned T5523: jitter entropy RNG update from werner to gniibe.
Oct 25 2021, 11:25 AM · FIPS, libgcrypt
werner edited projects for T5512: Implement service indicators, added: Feature Request; removed Bug Report.

We are currently using "implict" service indicators but eventually we may change Libgcrypt to support explicit indicators.

Oct 25 2021, 11:23 AM · Feature Request, FIPS, libgcrypt
werner lowered the priority of T5512: Implement service indicators from High to Normal.
Oct 25 2021, 11:20 AM · Feature Request, FIPS, libgcrypt
gniibe moved T5665: libgcrypt : Restrict message digest use for FIPS 140-3 from Backlog to Next on the FIPS board.
Oct 25 2021, 11:09 AM · FIPS, Bug Report, libgcrypt
gniibe moved T5244: libgcrypt: Restrict MD5 use from Backlog to Ready for release on the FIPS board.
Oct 25 2021, 11:08 AM · Bug Report, FIPS, libgcrypt
gniibe moved T5669: Run continuous random test in FIPS mode from Backlog to Next on the FIPS board.
Oct 25 2021, 11:07 AM · libgcrypt, FIPS, Bug Report

Oct 22 2021

gniibe added a comment to T5669: Run continuous random test in FIPS mode.

I understand the point in the 1706920, but I'm afraid that the patch itself would not be directly related for the bug. My point: It surely may catch a most serious failure, but not many failures (if we need to check here).

Oct 22 2021, 3:02 AM · libgcrypt, FIPS, Bug Report

Oct 21 2021

Jakuje added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

Fair enough. Unfortunately, the separation is not completely clear from the dist git history, so please, excuse any inaccuracies I will provide here. I will try to reference particular bugs so we can get back to them if needed:

Oct 21 2021, 10:06 PM · FIPS, libgcrypt, Bug Report
Jakuje created T5669: Run continuous random test in FIPS mode.
Oct 21 2021, 9:08 PM · libgcrypt, FIPS, Bug Report

Oct 20 2021

Jakuje added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

At this moment, we agreed on keeping the current behavior and not allowing the SHA1 for verification either. But we might need to revisit that in the future if this will cause issues. Or we might go the way of switching the service to non-fips if needed, rather than creating some more middle ground.

Oct 20 2021, 4:20 PM · FIPS, Bug Report, libgcrypt
gniibe updated the task description for T5665: libgcrypt : Restrict message digest use for FIPS 140-3.
Oct 20 2021, 12:21 PM · FIPS, Bug Report, libgcrypt
gniibe added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

Perhaps, as a library (considering the benefit of users), it would be better to allow signature verification with SHA-1, to defer the decision to application.

Oct 20 2021, 12:20 PM · FIPS, Bug Report, libgcrypt
Jakuje added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

Thank you for having a look into that. The change looks fine, but I need to get some clarification about what "Legacy use" means for "Digital signature verification" in the Table 8 of https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf

Oct 20 2021, 10:34 AM · FIPS, Bug Report, libgcrypt
gniibe added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

(3-1) is implemented: rCa23cf78102f3: cipher: Reject SHA-1 for hash+sign/verify when FIPS enabled.

Oct 20 2021, 5:13 AM · FIPS, Bug Report, libgcrypt
gniibe updated the task description for T5665: libgcrypt : Restrict message digest use for FIPS 140-3.
Oct 20 2021, 4:28 AM · FIPS, Bug Report, libgcrypt
gniibe added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

For a programmer like me, it is easier if the behavior will be:

Oct 20 2021, 4:26 AM · FIPS, Bug Report, libgcrypt
gniibe added a comment to T5433: libgcrypt: Do not use SHA1 by default.

The problem is that the SHA-1 as a digest algorithm itself is allowed in FIPS mode (for non-cryptographic digests), but using it as part of approved signature scheme is not allowed

Oct 20 2021, 3:27 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

The current code is inconsistent about its behavior: how non-approved digest algos are supported or not when FIPS enabled.

Oct 20 2021, 3:17 AM · FIPS, Bug Report, libgcrypt
gniibe added projects to T5665: libgcrypt : Restrict message digest use for FIPS 140-3: libgcrypt, Bug Report, FIPS.

If .fips will mean FIPS 140-3, why not the following patch?

diff --git a/cipher/sha1.c b/cipher/sha1.c
index 3bb24c7e..cb50ef66 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -759,7 +759,7 @@ static gcry_md_oid_spec_t oid_spec_sha1[] =
Oct 20 2021, 3:07 AM · FIPS, Bug Report, libgcrypt
gniibe renamed T5244: libgcrypt: Restrict MD5 use from libgcrypt: Restrict message digest use to libgcrypt: Restrict MD5 use.
Oct 20 2021, 3:04 AM · Bug Report, FIPS, libgcrypt
gniibe added a project to T5244: libgcrypt: Restrict MD5 use: Bug Report.

I created T5665: libgcrypt : Restrict message digest use for FIPS 140-3.

Oct 20 2021, 3:03 AM · Bug Report, FIPS, libgcrypt
gniibe removed a project from T5244: libgcrypt: Restrict MD5 use: Restricted Project.

Let me move this ticket as DONE (now Testing status), as the subject was solved (MD5 and soft/forced/inactive things).

Oct 20 2021, 2:54 AM · Bug Report, FIPS, libgcrypt

Oct 19 2021

Jakuje added a comment to T5433: libgcrypt: Do not use SHA1 by default.

Sorry, I was wrong. We don't need any changes.

When using gcry_pk_hash_sign and gcry_pk_hash_verify, approved digest algos are guaranteed when FIPS enabled.

Yes, it's a user of the function who supplies HD (handle for hash). (I had wrong assumption HD could be with non-approved digest algo.) But it is needed for the user to enable the HD and to feed message beforehand. At that stage, non-approved digest algo must fail.

Oct 19 2021, 11:54 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5433: libgcrypt: Do not use SHA1 by default.

I investigated if the possible change above (if applied) constitutes an ABI change: Indeed, it will be an ABI change, and an API change; code should be modified and build.

Oct 19 2021, 8:58 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5433: libgcrypt: Do not use SHA1 by default.

Sorry, I was wrong. We don't need any changes.

Oct 19 2021, 8:07 AM · FIPS, libgcrypt, Bug Report

Oct 18 2021

gniibe added a comment to T5433: libgcrypt: Do not use SHA1 by default.

I am going to implement rejecting SHA-1 through new API (hash+sign, hash+verify).

Oct 18 2021, 11:24 AM · FIPS, libgcrypt, Bug Report
werner added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

( No need to certify the DSA things)

Oct 18 2021, 11:16 AM · libgcrypt, FIPS, Bug Report
werner moved T5645: RSA/DSA keygen modification for FIPS/ACVP testing from Next to Ready for release on the FIPS board.
Oct 18 2021, 11:15 AM · libgcrypt, FIPS, Bug Report
werner moved T5617: fips: Check library integrity before running selftests from Next to Ready for release on the FIPS board.
Oct 18 2021, 11:14 AM · FIPS, libgcrypt, Bug Report

Oct 15 2021

gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

It seems for me that the patches to random/ was written in old days.

  • Now, we have getentropy in libc
    • This is most reliable one
    • better than urandom, because it may block when kernel is not yet seeded
    • better than random, because it never blocks once kernel is seeded
  • So, the real path in rndlinux.c is actually, call to getentropy
  • No access to /dev/random or /dev/urandom any more, in fact
  • Although old code remains, non-touched
    • like use of syscall when getentropy function is not available
Oct 15 2021, 8:42 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Add doc in gcrypt.texi.

Oct 15 2021, 8:02 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5617: fips: Check library integrity before running selftests.

Thank you. Applied.

Oct 15 2021, 4:37 AM · FIPS, libgcrypt, Bug Report

Oct 14 2021

Jakuje added a comment to T5617: fips: Check library integrity before running selftests.

OK, let us start discussion by applying the patch first.

I have wondered if introducing another state in FSM would be needed, because:

Oct 14 2021, 6:58 PM · FIPS, libgcrypt, Bug Report
gniibe triaged T5617: fips: Check library integrity before running selftests as Normal priority.

OK, let us start discussion by applying the patch first.

Oct 14 2021, 9:53 AM · FIPS, libgcrypt, Bug Report
gniibe changed the status of T5645: RSA/DSA keygen modification for FIPS/ACVP testing from Open to Testing.
Oct 14 2021, 9:29 AM · libgcrypt, FIPS, Bug Report
gniibe added a project to T5645: RSA/DSA keygen modification for FIPS/ACVP testing: Restricted Project.
Oct 14 2021, 9:28 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Applied the RSA part.

Oct 14 2021, 9:28 AM · libgcrypt, FIPS, Bug Report
gniibe moved T5550: Fix check_binary_integrity from Next to Ready for release on the FIPS board.
Oct 14 2021, 8:13 AM · FIPS, libgcrypt

Oct 12 2021

gniibe added a comment to T5550: Fix check_binary_integrity.

Now configure with
--enable-hmac-binary-check="I know engineers. They love to change things." works.

Oct 12 2021, 8:25 AM · FIPS, libgcrypt
gniibe added a project to T5550: Fix check_binary_integrity: Restricted Project.
Oct 12 2021, 8:24 AM · FIPS, libgcrypt

Oct 11 2021

gniibe moved T5645: RSA/DSA keygen modification for FIPS/ACVP testing from Backlog to Next on the FIPS board.
Oct 11 2021, 11:06 AM · libgcrypt, FIPS, Bug Report
gniibe claimed T5645: RSA/DSA keygen modification for FIPS/ACVP testing.
Oct 11 2021, 10:57 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T5550: Fix check_binary_integrity.

I push a change: rC070935965763: build: Use KEY_FOR_BINARY_CHECK for --enable-hmac-binary-check..

Oct 11 2021, 10:34 AM · FIPS, libgcrypt
gniibe moved T5576: New set of API for public key cryptography from Next to Backlog on the FIPS board.
Oct 11 2021, 7:19 AM · libgcrypt, Feature Request

Oct 8 2021

Jakuje added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

sorry for a confusion. We do not plan to certify DSA so disregard the second part of the patch.

Oct 8 2021, 4:17 PM · libgcrypt, FIPS, Bug Report
werner triaged T5645: RSA/DSA keygen modification for FIPS/ACVP testing as High priority.
Oct 8 2021, 3:34 PM · libgcrypt, FIPS, Bug Report
werner added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Do we really need to support DSA in FIPS mode? I mean standard DSA and not ECDSA.

Oct 8 2021, 3:22 PM · libgcrypt, FIPS, Bug Report
Jakuje created T5645: RSA/DSA keygen modification for FIPS/ACVP testing.
Oct 8 2021, 11:05 AM · libgcrypt, FIPS, Bug Report

Oct 7 2021

gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Pushed the change: rC082ea0efa9b1: cipher: Add sign+hash, verify+hash, and random-override API.

Oct 7 2021, 8:25 AM · FIPS, libgcrypt, Feature Request

Oct 6 2021

Jakuje updated the task description for T5636: Run integrity checks + selftests from library constructor in FIPS.
Oct 6 2021, 4:47 PM · FIPS, libgcrypt, Bug Report

Oct 4 2021

Jakuje created T5636: Run integrity checks + selftests from library constructor in FIPS.
Oct 4 2021, 4:10 PM · FIPS, libgcrypt, Bug Report
werner moved T5433: libgcrypt: Do not use SHA1 by default from Backlog to Next on the FIPS board.
Oct 4 2021, 11:28 AM · FIPS, libgcrypt, Bug Report
werner moved T5617: fips: Check library integrity before running selftests from Backlog to Next on the FIPS board.
Oct 4 2021, 11:26 AM · FIPS, libgcrypt, Bug Report
werner moved T5550: Fix check_binary_integrity from Backlog to Next on the FIPS board.
Oct 4 2021, 11:26 AM · FIPS, libgcrypt
werner assigned T5617: fips: Check library integrity before running selftests to gniibe.
Oct 4 2021, 11:14 AM · FIPS, libgcrypt, Bug Report
werner moved T5600: Provide module name/version API for FIPS 140-3 from Backlog to Ready for release on the FIPS board.
Oct 4 2021, 11:13 AM · libgcrypt, FIPS, Bug Report
werner moved T5540: Update fipsdrv and cavs_driver.pl from Next to Ready for release on the FIPS board.
Oct 4 2021, 11:09 AM · FIPS, libgcrypt
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

How about:

  • Only when hash-handle is used for multiple purposes, a user needs to compose SEXP
  • when hash-handle is used for a single purpose, a user doesn't need to compose SEXP, but static one.
Oct 4 2021, 10:24 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

In the original SuSE's patch, _gcry_pk_sign_md function gets data template as SEXP as an argument, and the implementation does decomposing SEXP to get hash-algo. (A user of the function needs to compose SEXP with hash-algo.)

Oct 4 2021, 9:29 AM · FIPS, libgcrypt, Feature Request

Sep 27 2021

werner moved T5520: Fix tests in FIPS mode from Next to Ready for release on the FIPS board.
Sep 27 2021, 8:36 AM · FIPS, libgcrypt, Bug Report
aconchillo added a comment to T5610: macOS 11 or newer support: Update libtool.

These are great news. Thank you!

Sep 27 2021, 6:35 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Pushed the change to libgpg-error and libgcrypt (1.9 and master).
Let us see if there are any problem(s) for that, I will apply it to other libraries when it will be found no problem.

Sep 27 2021, 4:16 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe renamed T5610: macOS 11 or newer support: Update libtool from Update libtool to macOS 11 or newer support: Update libtool.
Sep 27 2021, 3:31 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Thank you for the information.
For the record, I put the link to the email submitted:
https://lists.gnu.org/archive/html/libtool-patches/2020-06/msg00001.html

Sep 27 2021, 3:30 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Sep 24 2021

Jakuje added a comment to T5550: Fix check_binary_integrity.

Thanks. This looks good to me.

Sep 24 2021, 9:30 AM · FIPS, libgcrypt
gniibe added a comment to T5550: Fix check_binary_integrity.

Thank you for pointing out. Since hmac256.{c,h} can be used by others, I think that it is better to keep those two files, instead of merging it into one.

Sep 24 2021, 4:08 AM · FIPS, libgcrypt

Sep 22 2021

aconchillo added a comment to T5610: macOS 11 or newer support: Update libtool.

Oh, you are right, it's not upstream. It's actually applied to Homebrew (https://brew.sh/) libtool formula which is where I originally got libtool.m4, see:

Sep 22 2021, 9:06 PM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
Jakuje added a comment to T5550: Fix check_binary_integrity.

I tried to generate a tarball from master and I failed to build the hmac256 binary because the hmac256.h was not packaged into the dist tarball in master. If hmac256 should be standalone binary, I propose it should not need have a separate header file:

Sep 22 2021, 4:53 PM · FIPS, libgcrypt
Jakuje created T5617: fips: Check library integrity before running selftests.
Sep 22 2021, 4:37 PM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

I see your point. I'd like to locate/identify where the change comes from.
I think that what you refer by "new libtool.m4" is actually macOS local change (I mean, not from libtool upstream, AFAIK).
Could you please point out the source of the change?

Sep 22 2021, 2:01 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Sep 21 2021

aconchillo added a comment to T5610: macOS 11 or newer support: Update libtool.

That would work, however we might hit this issue with a new macOS release. Would it make more sense to update to what the new libtool.m4 is doing? Linker flags are the same, it only changes the way they detect macOS versions:

Sep 21 2021, 8:33 PM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
werner added a comment to T5512: Implement service indicators.

Tsss, requires to allow JS for Google.

Sep 21 2021, 3:20 PM · Feature Request, FIPS, libgcrypt
pmgdeb added a comment to T5512: Implement service indicators.

Just FYI, see also how GnuTLS has proposed to implement the service indicator:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1465

Sep 21 2021, 12:16 PM · Feature Request, FIPS, libgcrypt
werner added a comment to T5610: macOS 11 or newer support: Update libtool.

That does indeed not look like something which could introduce a regression.

Sep 21 2021, 11:43 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

I misunderstood as if we need to update libtool from upstream.

Sep 21 2021, 9:16 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
werner triaged T5610: macOS 11 or newer support: Update libtool as Low priority.

macOS has low priority for us and I do not want to risk any regression.

Sep 21 2021, 8:42 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

About merging our local changes.

Sep 21 2021, 8:11 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

We have our own changes for ltmain.sh and libtool.m4.

Sep 21 2021, 7:19 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

And update from automake 1.16:

Sep 21 2021, 7:02 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

It's better to update the set of files from libtool:

build-aux/ltmain.sh
m4/libtool.m4
m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
Sep 21 2021, 6:58 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Our libtool was 2.4.2 + Debian patches + our local changes.
Debian patches are:
https://salsa.debian.org/mckinstry/libtool/-/blob/debian/master/debian/patches/link_all_deplibs.patch
https://salsa.debian.org/mckinstry/libtool/-/blob/debian/master/debian/patches/netbsdelf.patch

Sep 21 2021, 6:57 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe created T5610: macOS 11 or newer support: Update libtool.
Sep 21 2021, 6:33 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Sep 20 2021

werner changed the status of T5600: Provide module name/version API for FIPS 140-3 from Open to Testing.

Thanks. Applied with a minor change: The string is now in a new third field.

Sep 20 2021, 8:51 AM · libgcrypt, FIPS, Bug Report

Sep 19 2021

werner claimed T5600: Provide module name/version API for FIPS 140-3.
Sep 19 2021, 1:05 PM · libgcrypt, FIPS, Bug Report

Sep 17 2021

Jakuje added a comment to T5600: Provide module name/version API for FIPS 140-3.

I have a draft, which results in the following "API" of the name-version:

Sep 17 2021, 6:13 PM · libgcrypt, FIPS, Bug Report
Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

I had in my mind something like this:

Sep 17 2021, 3:36 PM · Bug Report, FIPS, libgcrypt