Feed Advanced Search

Advanced Search
Use Results
Edit Query
Hide Query

	Include stories about projects I am a member of.

Dec 8 2021

• gniibe added a project to T5617: fips: Check library integrity before running selftests: Restricted Project.

Dec 8 2021, 9:06 AM · FIPS, libgcrypt, Bug Report

• gniibe renamed T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS from libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl to libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS.

Dec 8 2021, 9:05 AM · gpgrt, Bug Report

• gniibe added a project to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS: Restricted Project.

Dec 8 2021, 9:04 AM · gpgrt, Bug Report

• gniibe added a project to T5714: tests: Do not run tests for algorithms that are not built-in: Restricted Project.

Dec 8 2021, 9:03 AM · libgcrypt, Bug Report

• gniibe added a project to T5723: libgcrypt: Remove random-fips.c: Restricted Project.

Dec 8 2021, 9:03 AM · FIPS, libgcrypt

• gniibe added a project to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation: Restricted Project.

Dec 8 2021, 9:00 AM · FIPS, libgcrypt, Feature Request

• gniibe added a project to T5244: libgcrypt: Restrict MD5 use: Restricted Project.

Dec 8 2021, 8:59 AM · Bug Report, FIPS, libgcrypt

• gniibe triaged T5636: Run integrity checks + selftests from library constructor in FIPS as Normal priority.

Dec 8 2021, 8:57 AM · FIPS, libgcrypt, Bug Report

• gniibe changed the status of T5710: FIPS: disable DSA for FIPS from Open to Testing.

Dec 8 2021, 1:54 AM · FIPS, libgcrypt

Dec 7 2021

Jakuje renamed T5720: The libgpg-error is using old inet_addr() unconditionally from The libgpg-error is using old inet_pton() unconditionally to The libgpg-error is using old inet_addr() unconditionally.

Dec 7 2021, 12:12 PM · gpgrt, Bug Report

• gniibe added a project to T5120: Incompatible Ed25519 secret key (no-encryption): Restricted Project.

Dec 7 2021, 7:43 AM · gnupg (gpg22), Bug Report

• gniibe added a comment to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon.

The patch has been applied.

Dec 7 2021, 2:35 AM · libgcrypt

• gniibe added a project to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon: Restricted Project.

Dec 7 2021, 2:12 AM · libgcrypt

• gniibe claimed T5720: The libgpg-error is using old inet_addr() unconditionally.

Thank you, applied.

Dec 7 2021, 1:56 AM · gpgrt, Bug Report

Dec 6 2021

• gniibe closed T5644: Heuristic for default reader detection as Resolved.

Dec 6 2021, 12:57 AM · Restricted Project, Feature Request, gnupg (gpg22)

Dec 3 2021

Jakuje added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Thanks. I did some git archeology and found the first mention of this in the following commit in 2011 without much details:

Dec 3 2021, 10:21 AM · libgcrypt, FIPS, Bug Report

• gniibe added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Adding the case for == 0 only might be problematic, because I don't think it's an alias for a secure value; I think that == 0 means that it's up to libgcrypt to select the value (just like other generate_* functions).

Dec 3 2021, 9:14 AM · libgcrypt, FIPS, Bug Report

• gniibe added a comment to T5523: jitter entropy RNG update.

Thank you, applied.

Dec 3 2021, 8:24 AM · FIPS, libgcrypt

Dec 2 2021

Jakuje added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Let me get back to this once more as one of the parts for RSA was initially missed:

diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen	2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.4/cipher/rsa.c	2019-02-12 14:29:25.630513971 +0100
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig

Dec 2 2021, 4:34 PM · libgcrypt, FIPS, Bug Report

Jakuje added a comment to T5523: jitter entropy RNG update.

I went through some more testing and noticed one missing file in the release tarball, that prevents building libgcrypt now. Should be fixed with the attached patch.

Dec 2 2021, 12:32 PM · FIPS, libgcrypt

Nov 30 2021

• gniibe added a project to T5692: New entropy gatherer using the genentropy system call.: Restricted Project.

Nov 30 2021, 10:49 AM · libgcrypt, FIPS

Nov 25 2021

• gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Open.

Nov 25 2021, 6:14 AM · gnupg, Restricted Project, gpgagent, Bug Report

• gniibe added a project to T5637: Use poll for libgcrypt (support more than 1024 fds): Restricted Project.

Nov 25 2021, 3:31 AM · libgcrypt, Feature Request

• gniibe claimed T2385: support more than 1024 fds..

Nov 25 2021, 3:29 AM · gpgrt, Feature Request, gpgme

• gniibe added a project to T2385: support more than 1024 fds.: Restricted Project.

Nov 25 2021, 3:29 AM · gpgrt, Feature Request, gpgme

Nov 23 2021

• werner changed the status of T5644: Heuristic for default reader detection from Open to Testing.

Nov 23 2021, 1:28 PM · Restricted Project, Feature Request, gnupg (gpg22)

• werner closed T5682: ed25519 internal authenticate with openpgpcard may send long data over short apdu as Resolved.

Nov 23 2021, 1:26 PM · Restricted Project, scd, ssh, Bug Report

• werner closed T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Resolved.

Nov 23 2021, 9:15 AM · gnupg, Restricted Project, gpgagent, Bug Report

Nov 18 2021

• gniibe added a comment to T5523: jitter entropy RNG update.

Fixed, with using normal memory for ->mem.

Nov 18 2021, 8:12 AM · FIPS, libgcrypt

• gniibe added a comment to T5523: jitter entropy RNG update.

->mem is just used to measure the difference of memory access.

Nov 18 2021, 7:56 AM · FIPS, libgcrypt

• gniibe added a comment to T5523: jitter entropy RNG update.

It found that newer jitterentropy uses larger mem (128KiB), while older uses 2KiB.

Nov 18 2021, 7:33 AM · FIPS, libgcrypt

Nov 17 2021

• gniibe added a project to T5523: jitter entropy RNG update: Restricted Project.

Pushed to master.

Nov 17 2021, 7:03 AM · FIPS, libgcrypt

Nov 16 2021

• werner changed the status of T5682: ed25519 internal authenticate with openpgpcard may send long data over short apdu from Open to Testing.

Nov 16 2021, 5:24 PM · Restricted Project, scd, ssh, Bug Report

• gniibe moved T5665: libgcrypt : Restrict message digest use for FIPS 140-3 from Next to Ready for release on the FIPS board.

Nov 16 2021, 11:22 AM · FIPS, Bug Report, libgcrypt

• gniibe added a project to T5665: libgcrypt : Restrict message digest use for FIPS 140-3: Restricted Project.

Nov 16 2021, 11:20 AM · FIPS, Bug Report, libgcrypt

Nov 15 2021

• gniibe added a project to T5682: ed25519 internal authenticate with openpgpcard may send long data over short apdu: Restricted Project.

Nov 15 2021, 3:53 AM · Restricted Project, scd, ssh, Bug Report

Nov 12 2021

• gniibe added a project to T5644: Heuristic for default reader detection: Restricted Project.

Nov 12 2021, 5:50 AM · Restricted Project, Feature Request, gnupg (gpg22)

Nov 3 2021

• werner closed T5595: gpgrt-config doesn't work well with PKG_CONFIG_LIBDIR="" and setting PKG_CONFIG_PATH as Resolved.

Nov 3 2021, 3:17 PM · gpgrt

Oct 29 2021

• gniibe added projects to T5359: Kleopatra: Loop in DeviceInfoWatcher with GnuPG 2.3 on Windows: scd, Restricted Project.

Oct 29 2021, 4:19 AM · Restricted Project, scd, Restricted Project, kleopatra

Oct 18 2021

• werner added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

( No need to certify the DSA things)

Oct 18 2021, 11:16 AM · libgcrypt, FIPS, Bug Report

• werner moved T5645: RSA/DSA keygen modification for FIPS/ACVP testing from Next to Ready for release on the FIPS board.

Oct 18 2021, 11:15 AM · libgcrypt, FIPS, Bug Report

Oct 15 2021

stes added a comment to T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly.

For completeness here's a screenshot that shows the situation on a TERM=sun-console text console with the latest code :

Oct 15 2021, 6:14 PM · pinentry

stes added a comment to T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly.

The typo is fixed now and after pulling the latest sources from the repo and configure --disable-ncurses :

Oct 15 2021, 4:17 PM · pinentry

• gniibe added a comment to T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly.

Thanks for testing. I pushed a fix for my typo: rPb713f31c5b04: curses: Fix the previous commit.

Oct 15 2021, 4:20 AM · pinentry

Oct 14 2021

stes added a comment to T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly.

My previous patch is not perfect as the screenshot in attach shows. The clear() is not really sufficient as it only redraws the portion below the frame in the new background color (black instead of white).

Oct 14 2021, 4:48 PM · pinentry

stes added a comment to T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly.

In the patch in attach I do a clear screen in the non-ncurses case.

Oct 14 2021, 4:12 PM · pinentry

stes added a comment to T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly.

Hello Tim and Yukata Iibe (gniibe),

Oct 14 2021, 2:00 PM · pinentry

• gniibe changed the status of T5645: RSA/DSA keygen modification for FIPS/ACVP testing from Open to Testing.

Oct 14 2021, 9:29 AM · libgcrypt, FIPS, Bug Report

• gniibe added a project to T5645: RSA/DSA keygen modification for FIPS/ACVP testing: Restricted Project.

Oct 14 2021, 9:28 AM · libgcrypt, FIPS, Bug Report

• gniibe moved T5550: Fix check_binary_integrity from Next to Ready for release on the FIPS board.

Oct 14 2021, 8:13 AM · FIPS, libgcrypt

Oct 13 2021

• gniibe added a project to T5616: asn1-parse.y:861:20: error: 'yytoknum' undeclared: Restricted Project.

Oct 13 2021, 10:03 AM · toolchain, libksba, Bug Report

• gniibe closed T5609: keydb_get_keyblock failed with cv448 key as Resolved.

Fixed in GnuPG 2.3.3.

Oct 13 2021, 3:45 AM · Restricted Project, OpenPGP, gnupg (gpg23)

• gniibe edited projects for T5631: pinentry-curses on OpenIndiana (Illumos distro) doesn't display correctly, added: Restricted Project; removed Support.

Oct 13 2021, 3:26 AM · pinentry

Oct 12 2021

• gniibe added a comment to T5550: Fix check_binary_integrity.

Now configure with
--enable-hmac-binary-check="I know engineers. They love to change things." works.

Oct 12 2021, 8:25 AM · FIPS, libgcrypt

• gniibe added a project to T5550: Fix check_binary_integrity: Restricted Project.

Oct 12 2021, 8:24 AM · FIPS, libgcrypt

Oct 6 2021

• gniibe claimed T5609: keydb_get_keyblock failed with cv448 key .

Oct 6 2021, 5:43 AM · Restricted Project, OpenPGP, gnupg (gpg23)

Sep 29 2021

• gniibe added a project to T5609: keydb_get_keyblock failed with cv448 key : Restricted Project.

Use of version 5 format for Ed448/X448 was pushed by rG86cb04a23d2b: gpg: Ed448 and X448 are only for v5 (for subkey)..

Sep 29 2021, 4:46 AM · Restricted Project, OpenPGP, gnupg (gpg23)

• gniibe added a project to T5628: v5: verify with signing sub key: gnupg (gpg23).

Sep 29 2021, 4:43 AM · gnupg (gpg23)

• gniibe changed the status of T5628: v5: verify with signing sub key from Open to Testing.

Sep 29 2021, 4:32 AM · gnupg (gpg23)

Sep 27 2021

• werner moved T5520: Fix tests in FIPS mode from Next to Ready for release on the FIPS board.

Sep 27 2021, 8:36 AM · FIPS, libgcrypt, Bug Report

Sep 17 2021

Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

I had in my mind something like this:

Sep 17 2021, 3:36 PM · Bug Report, FIPS, libgcrypt

Sep 16 2021

Jakuje added a comment to T5520: Fix tests in FIPS mode.

Thanks. I think we are good here. If we will decide to pursuate the brainpool switch, I will open a new issue.

Sep 16 2021, 11:07 AM · FIPS, libgcrypt, Bug Report

• gniibe added a comment to T5520: Fix tests in FIPS mode.

Two third patches are applied to master. (@werner those parts are typo fix and tests improvement, which we agreed to push.)

Sep 16 2021, 3:01 AM · FIPS, libgcrypt, Bug Report

Sep 15 2021

• werner added a comment to T5520: Fix tests in FIPS mode.

If a configure switch to disable Brainpool curves will be added, we also need to add a switch to disable NIST curves.

Sep 15 2021, 11:05 AM · FIPS, libgcrypt, Bug Report

Jakuje added a comment to T5520: Fix tests in FIPS mode.

Oh, my bad. I probably used wrong git command. Uploaded now the patches themselves:

libgcrypt-curves-tests.patch14 KBDownload

Sep 15 2021, 9:51 AM · FIPS, libgcrypt, Bug Report

• gniibe added a comment to T5520: Fix tests in FIPS mode.

disable-brainpool.patch is a text of list of patches.
I think the first two could be applied.
@Jakuje Could you please upload them?

Sep 15 2021, 9:10 AM · FIPS, libgcrypt, Bug Report

• gniibe moved T5520: Fix tests in FIPS mode from Ready for release to Next on the FIPS board.

Sep 15 2021, 8:36 AM · FIPS, libgcrypt, Bug Report

Sep 13 2021

• werner moved T5520: Fix tests in FIPS mode from Next to Ready for release on the FIPS board.

Sep 13 2021, 11:17 AM · FIPS, libgcrypt, Bug Report

• werner moved T5520: Fix tests in FIPS mode from Backlog to Next on the FIPS board.

Sep 13 2021, 11:11 AM · FIPS, libgcrypt, Bug Report

Jakuje added a comment to T5520: Fix tests in FIPS mode.

I have one more patch set to improve FIPS testing in test/curves.c. In the past, it was basically skipped altogether in FIPS mode. This implements more fine-grained selection of what is being tested. This is the first part.

Sep 13 2021, 8:53 AM · FIPS, libgcrypt, Bug Report

Sep 10 2021

ikloecker added a comment to T5595: gpgrt-config doesn't work well with PKG_CONFIG_LIBDIR="" and setting PKG_CONFIG_PATH.

The fix works for me (using bash on openSUSE Tumbleweed).

Sep 10 2021, 12:26 PM · gpgrt

• gniibe changed the status of T5595: gpgrt-config doesn't work well with PKG_CONFIG_LIBDIR="" and setting PKG_CONFIG_PATH from Open to Testing.

Sep 10 2021, 3:00 AM · gpgrt

Sep 6 2021

Jakuje added a comment to T5520: Fix tests in FIPS mode.

looks good to me. Tested now with master 47e425e07995454573e28c13c08229d2f8a75642 and all tests pass for me in and out of FIPS mode as well as in the "soft" one.

Sep 6 2021, 1:08 PM · FIPS, libgcrypt, Bug Report

• gniibe moved T5508: Allow hardware optimizations in FIPS from Backlog to Ready for release on the FIPS board.

Sep 6 2021, 11:21 AM · FIPS, libgcrypt, Bug Report

Aug 25 2021

• gniibe closed T5425: scdaemon.conf reader-port setting broken in 2.3 as Resolved.

Fixed in 2.3.2.

Aug 25 2021, 3:30 AM · gnupg, Restricted Project, scd, Bug Report

• gniibe closed T5530: Add "prehash" support to DSA and ECDSA signing as Resolved.

Aug 25 2021, 3:29 AM · Restricted Project, FIPS, libgcrypt, Feature Request

Aug 24 2021

• werner closed T5524: scd: serialize access of ctrl->card_ctx as Resolved.

Aug 24 2021, 7:58 PM · gnupg (gpg23), Restricted Project, scd

Aug 23 2021

Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

From Stephan I got the following response to the allocation handler use case

Aug 23 2021, 12:00 PM · Bug Report, FIPS, libgcrypt

• gniibe added a project to T5244: libgcrypt: Restrict MD5 use: FIPS.

Aug 23 2021, 11:21 AM · Bug Report, FIPS, libgcrypt

Aug 18 2021

Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

Right. The clarification is that SHA1 itself (for non-security and non-signature use) is still allowed in FIPS mode. But it is not allowed to be used as part of signature schemes of the new API in FIPS mode. The old API, which allows raw signatures without digests, should just fail in FIPS mode too. And the FIPS-compatible gnupg should use the new API too (it would be good to think about this when putting it together).

Aug 18 2021, 7:46 PM · Bug Report, FIPS, libgcrypt

• gniibe added a comment to T5244: libgcrypt: Restrict MD5 use.

For use of SHA-1:

Aug 18 2021, 1:59 AM · Bug Report, FIPS, libgcrypt

Aug 17 2021

• werner added a comment to T5244: libgcrypt: Restrict MD5 use.

(can't access that bug with my account)

Aug 17 2021, 9:38 AM · Bug Report, FIPS, libgcrypt

• gniibe added a comment to T5520: Fix tests in FIPS mode.

For tests with FIPS mode enabled, I manually create the file .libgcrypt.so.20.hmac under src/.libs.

Aug 17 2021, 6:04 AM · FIPS, libgcrypt, Bug Report

• gniibe added a project to T5520: Fix tests in FIPS mode: Restricted Project.

Aug 17 2021, 4:22 AM · FIPS, libgcrypt, Bug Report

Aug 16 2021

Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

I went a bit back to the history to figure out what is the enforced and soft fips mode as it was initially not completely clear to me. For the record, I used the following bug from 9 years ago:

Aug 16 2021, 7:11 PM · Bug Report, FIPS, libgcrypt

• gniibe changed the status of T5244: libgcrypt: Restrict MD5 use from Open to Testing.

Since I think there is no reason why checking _gcry_enforced_fips_mode () here, I remove the check.

Aug 16 2021, 9:23 AM · Bug Report, FIPS, libgcrypt

Aug 6 2021

• gniibe renamed T5547: Single thread support with newer GNU C library (2.34 or later) from Single thread support with newer GNU C library (2.32 or later) to Single thread support with newer GNU C library (2.34 or later).

Aug 6 2021, 9:19 AM · gpgrt

• gniibe claimed T5547: Single thread support with newer GNU C library (2.34 or later).

Aug 6 2021, 9:19 AM · gpgrt