Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Fri, May 30

gniibe added a comment to T7660: GPGME invocation by cri-o hangs on gpgme_op_verify.

Here is a hypothetical application which may have similar problem.
(1) It is a multi threaded application using gpgme, forking another process (possibly, exec).
(2) One of threads invokes gpgme_new, gpgme_op_import and gpg_op_verify.
(3) When the control goes to gpgme_op_* then gpgme_io_spawn by a thread A, another thread B forks a process.
(3-1) While the thread A is polling pipe I/O, forked process holds pipe file descriptors too.
(3-2) Until the forked process exists, pipe I/O polling by the thread A continues (because pipe's other end is still active).

Fri, May 30, 7:06 AM · golang, gpgme, Bug Report
gniibe added a comment to T7660: GPGME invocation by cri-o hangs on gpgme_op_verify.

I don't know if it is related to this particular case, but I found a possible race condition in _gpgme_io_pipe.
Between pipe and fcntl with FD_CLOEXEC, another thread may fork a process which keeps running.
It would be good to use pipe2 here:
https://pubs.opengroup.org/onlinepubs/9799919799/functions/pipe.html

Fri, May 30, 4:46 AM · golang, gpgme, Bug Report

Thu, May 29

gniibe added a comment to T7660: GPGME invocation by cri-o hangs on gpgme_op_verify.

Another possible cause is... gpgme uses closefrom in GNU C library, if available. if it doesn't work well, it would be possible invoked gpg keeps waiting its input.

Thu, May 29, 11:02 AM · golang, gpgme, Bug Report
gniibe added a comment to T7660: GPGME invocation by cri-o hangs on gpgme_op_verify.

Here is my observation.

Thu, May 29, 9:11 AM · golang, gpgme, Bug Report

Wed, May 28

gniibe committed rG29bc14f56f64: gpgsm,tests,tools: Fix memory leaks. (authored by gniibe).
gpgsm,tests,tools: Fix memory leaks.
Wed, May 28, 9:32 AM
gniibe updated the task description for T7668: gnupg: regexp and build with -fsanitize=address.
Wed, May 28, 9:16 AM
gniibe renamed T7668: gnupg: regexp and build with -fsanitize=address from gnupg: regexp and build with -fsanitize=addres to gnupg: regexp and build with -fsanitize=address.
Wed, May 28, 9:15 AM
gniibe updated the task description for T7668: gnupg: regexp and build with -fsanitize=address.
Wed, May 28, 9:12 AM
gniibe updated the task description for T7668: gnupg: regexp and build with -fsanitize=address.
Wed, May 28, 9:11 AM
gniibe updated the task description for T7668: gnupg: regexp and build with -fsanitize=address.
Wed, May 28, 9:10 AM
gniibe added a comment to T7668: gnupg: regexp and build with -fsanitize=address.

The issue is the routines of regcomp, regexec, regerror and regfree are in C library and the sanitizer library replaces them (and it's not compatible for the use case of GnuPG).

Wed, May 28, 9:09 AM
gniibe triaged T7668: gnupg: regexp and build with -fsanitize=address as Normal priority.
Wed, May 28, 9:06 AM
gniibe committed rE98d8f3d396b5: yat2m: Release the memory after the use. (authored by gniibe).
yat2m: Release the memory after the use.
Wed, May 28, 3:03 AM
gniibe committed rEba7ed54668e4: argparse: Fix a memory leak. (authored by gniibe).
argparse: Fix a memory leak.
Wed, May 28, 3:03 AM

Tue, May 27

gniibe added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

Another possible change will be use of KEM interface for gpgsm.
Not high priority, but for long term code maintenance.

Tue, May 27, 3:38 AM · gnupg26
gniibe changed the status of T7664: tests/openpgp/ecc.scm fails when building GPG with address sanitizer from Open to Testing.
Tue, May 27, 3:36 AM · Bug Report

Mon, May 26

gniibe added a parent task for T5964: gnupg should use the KDFs implemented in libgcrypt: T7649: gnupg: Use KEM interface for encryption/decryption.
Mon, May 26, 6:34 AM · gnupg26, FIPS, Feature Request
gniibe added a subtask for T7649: gnupg: Use KEM interface for encryption/decryption: T5964: gnupg should use the KDFs implemented in libgcrypt.
Mon, May 26, 6:34 AM · gnupg26
gniibe added a parent task for T7014: agent: Enhancement of PKDECRYPT for KEM interface: T7649: gnupg: Use KEM interface for encryption/decryption.
Mon, May 26, 6:33 AM · gnupg26, gpgagent, Feature Request
gniibe added a subtask for T7649: gnupg: Use KEM interface for encryption/decryption: T7014: agent: Enhancement of PKDECRYPT for KEM interface.
Mon, May 26, 6:33 AM · gnupg26
gniibe changed the status of T5964: gnupg should use the KDFs implemented in libgcrypt, a subtask of T6191: FIPS: Supporting running FIPS enabled machine, from Open to Testing.
Mon, May 26, 6:32 AM · gnupg24, FIPS, Bug Report
gniibe changed the status of T5964: gnupg should use the KDFs implemented in libgcrypt from Open to Testing.

Done by T7649: gnupg: Use KEM interface for encryption/decryption

Mon, May 26, 6:32 AM · gnupg26, FIPS, Feature Request
gniibe committed rG0c7e7ec0c846: gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves. (authored by gniibe).
gpg: Fix ECC_POINT_LEN_MAX to allow NIST curves.
Mon, May 26, 4:34 AM
gniibe added a comment to T7664: tests/openpgp/ecc.scm fails when building GPG with address sanitizer.

Thank you.

Mon, May 26, 4:32 AM · Bug Report
gniibe claimed T7664: tests/openpgp/ecc.scm fails when building GPG with address sanitizer.
Mon, May 26, 1:54 AM · Bug Report

Fri, May 23

gniibe added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

Clean up finished by rG681d75404300: gpg,agent: Clean up around using ECC KEM.
Tested by make check and decrypting tests/openpgp/samplemsgs/pqc-sample-*.enc.asc.

Fri, May 23, 10:27 AM · gnupg26
gniibe committed rG681d75404300: gpg,agent: Clean up around using ECC KEM. (authored by gniibe).
gpg,agent: Clean up around using ECC KEM.
Fri, May 23, 10:21 AM
gniibe committed rG37bec0df7bf1: common: Fix argument name of gnupg_ecc_kem_kdf. (authored by gniibe).
common: Fix argument name of gnupg_ecc_kem_kdf.
Fri, May 23, 10:21 AM
gniibe closed T7457: gpg --full-gen-key doesn't show list of keys on card (regression) as Resolved.
Fri, May 23, 10:18 AM · gnupg26, gnupg24, Bug Report

Thu, May 22

gniibe changed the status of T7649: gnupg: Use KEM interface for encryption/decryption from Open to Testing.

Pushed all changes needed. Actually, agent side too.
Clean up will be done.

Thu, May 22, 8:05 AM · gnupg26
gniibe committed rG07e8ca2a9b54: gpg: Use ECC KEM interface for decryption. (authored by gniibe).
gpg: Use ECC KEM interface for decryption.
Thu, May 22, 7:46 AM
gniibe committed rG04782e7fd629: agent: Add support for TPM2 for ECC KEM. (authored by gniibe).
agent: Add support for TPM2 for ECC KEM.
Thu, May 22, 7:46 AM
gniibe committed rGb956f47e2ab0: agent: Finish ECC KEM, adding support for NIST curves. (authored by gniibe).
agent: Finish ECC KEM, adding support for NIST curves.
Thu, May 22, 7:46 AM

Wed, May 21

gniibe committed rG57a3d2392539: agent: Support ECC KEM by PKDECRYPT --kem. (authored by gniibe).
agent: Support ECC KEM by PKDECRYPT --kem.
Wed, May 21, 7:57 AM

Tue, May 20

gniibe committed rGeb9c39ac5bb5: agent: Refactor ECC KEM decap operation. (authored by gniibe).
agent: Refactor ECC KEM decap operation.
Tue, May 20, 9:33 AM

Mon, May 19

gniibe committed rGd1c3bfda2a8c: gpg: Use the KEM API for ECC encryption. (authored by gniibe).
gpg: Use the KEM API for ECC encryption.
Mon, May 19, 8:01 AM
gniibe added a comment to T7640: ML-DSA for libgcrypt.

Looking the FIPS 204 document, using the following functions (API) is good:

Mon, May 19, 7:47 AM · PQC, libgcrypt
gniibe renamed T7649: gnupg: Use KEM interface for encryption/decryption from gnupg: Use KEM interface for decryption to gnupg: Use KEM interface for encryption/decryption.
Mon, May 19, 2:35 AM · gnupg26

Fri, May 16

gniibe committed rG40cfa71281db: common: Add KEM constants for NIST curves. (authored by gniibe).
common: Add KEM constants for NIST curves.
Fri, May 16, 7:08 AM

Thu, May 15

gniibe committed rC0bd4c77be6e0: mpi:ec: Least leak with k^(-1) for ECDSA. (authored by gniibe).
mpi:ec: Least leak with k^(-1) for ECDSA.
Thu, May 15, 2:51 AM
gniibe committed rCaa089ec89bad: mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine. (authored by gniibe).
mpi:ec: Use ec_mulm_lli in _gcry_mpi_ec_get_affine.
Thu, May 15, 2:51 AM
gniibe changed the status of T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token from Open to Testing.
Thu, May 15, 1:54 AM · PQC, Bug Report
gniibe closed T7621: libgpg-error: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, as Resolved.
Thu, May 15, 1:51 AM · libgcrypt, Bug Report
gniibe closed T7621: libgpg-error: __non_string for GCC 15 or later as Resolved.
Thu, May 15, 1:51 AM · gpgrt, Bug Report

Wed, May 14

gniibe added a comment to T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token.

For prompting, I pushed a fix in rG45a11327f3bd: agent: Support the use case of composite PQC for prompting.
Thank you for testing.

Wed, May 14, 4:48 AM · PQC, Bug Report
gniibe committed rG45a11327f3bd: agent: Support the use case of composite PQC for prompting. (authored by gniibe).
agent: Support the use case of composite PQC for prompting.
Wed, May 14, 4:47 AM

Tue, May 13

gniibe added a comment to T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token.

Thank you for the concrete test case, it helps me.

Tue, May 13, 8:47 AM · PQC, Bug Report
gniibe committed rG309cfb3a4c91: agent: Fix ECC key on smartcard for composite KEM with PQC. (authored by gniibe).
agent: Fix ECC key on smartcard for composite KEM with PQC.
Tue, May 13, 8:46 AM
gniibe claimed T7648: Decryption to a Ky768_Cv25519 key does not work if the Cv25519 key is on a token.
Tue, May 13, 4:42 AM · PQC, Bug Report
gniibe closed T6512: keyboxd with data pipe as Resolved.
Tue, May 13, 3:07 AM · gnupg26, Bug Report
gniibe closed T7486: libgcrypt: Remove WindowsCE support as Resolved.
Tue, May 13, 3:05 AM · libgcrypt
gniibe added a comment to T7649: gnupg: Use KEM interface for encryption/decryption.

NIST has an initial public draft for KEM: https://csrc.nist.gov/pubs/sp/800/227/ipd

Tue, May 13, 2:18 AM · gnupg26
gniibe committed rG5fb338168ed6: agent: Recover the old behavior with max-cache-ttl=0. (authored by gniibe).
agent: Recover the old behavior with max-cache-ttl=0.
Tue, May 13, 2:03 AM
gniibe claimed T7649: gnupg: Use KEM interface for encryption/decryption.
Tue, May 13, 2:01 AM · gnupg26
gniibe triaged T7649: gnupg: Use KEM interface for encryption/decryption as High priority.
Tue, May 13, 2:01 AM · gnupg26

Sun, May 11

gniibe closed T7490: libgcrypt: constant-time modular exponentiation, a subtask of T3264: Possible RSA improvement, as Resolved.
Sun, May 11, 3:25 AM · libgcrypt
gniibe closed T7490: libgcrypt: constant-time modular exponentiation as Resolved.

It's in 1.11.1.

Sun, May 11, 3:25 AM · libgcrypt
gniibe closed T7338: Revamp the FIPS service indicator as Resolved.

Included in 1.11.1.

Sun, May 11, 3:24 AM · libgcrypt, FIPS, Feature Request

Fri, May 9

gniibe added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).

(2) Update the documentation of default-cache-ttl zero value disabling caching.

Fri, May 9, 10:02 AM · keyboxd, gpgagent, gnupg26
gniibe added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).

I am going to do:
(1) Recover old behavior with max-cache-ttl = 0
(2) Update the documentation of default-cache-ttl zero value disabling caching.

Fri, May 9, 4:37 AM · keyboxd, gpgagent, gnupg26

Thu, May 8

gniibe added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).

It's not my intention. I didn't know the feature of disabling caching by max-cache-ttl to 0.
Well, it's a regression if a user intends so.

Thu, May 8, 4:00 AM · keyboxd, gpgagent, gnupg26

Wed, May 7

gniibe triaged T7640: ML-DSA for libgcrypt as Wishlist priority.
Wed, May 7, 7:43 AM · PQC, libgcrypt
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

In libgcrypt/cipher/ecc-ecdsa.c, we have:

mpi_mulm (s, k_1, sum, ec->n);    /* s = k^(-1)*(hash+(d*r)) mod n */
Wed, May 7, 3:48 AM · libgcrypt, Bug Report

Apr 23 2025

gniibe committed rK58b389a192d3: Mark with __nonstring__ attribute for GCC 15 and later. (authored by gniibe).
Mark with __nonstring__ attribute for GCC 15 and later.
Apr 23 2025, 5:30 AM
gniibe committed rG0070c2e3b422: gpgscm: Fix for CHARNAMES. (authored by gniibe).
gpgscm: Fix for CHARNAMES.
Apr 23 2025, 3:21 AM
gniibe committed rG97583cf81ab0: gpgscm: Fix initialization for fixed size chars. (authored by gniibe).
gpgscm: Fix initialization for fixed size chars.
Apr 23 2025, 3:21 AM
gniibe changed the status of T7624: libksba: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, from Open to Testing.
Apr 23 2025, 3:21 AM · libgcrypt, Bug Report
gniibe changed the status of T7624: libksba: __non_string for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:21 AM · libksba, Bug Report
gniibe triaged T7624: libksba: __non_string for GCC 15 or later as Normal priority.
Apr 23 2025, 3:18 AM · libksba, Bug Report
gniibe changed the status of T7621: libgpg-error: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, from Open to Testing.
Apr 23 2025, 3:17 AM · libgcrypt, Bug Report
gniibe changed the status of T7621: libgpg-error: __non_string for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:17 AM · gpgrt, Bug Report
gniibe changed the status of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later from Open to Testing.
Apr 23 2025, 3:16 AM · libgcrypt, Bug Report
gniibe changed the status of T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later) from Open to Testing.
Apr 23 2025, 3:16 AM · gnupg, gpgrt, Bug Report
gniibe changed the status of T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later), a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, from Open to Testing.
Apr 23 2025, 3:16 AM · libgcrypt, Bug Report
gniibe added inline comments to rE1c58363541fc: Mark the initializations with __nonstring__ attribute..
Apr 23 2025, 3:08 AM

Apr 22 2025

gniibe added a comment to T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later).

doc/HACKING says it's OK to use variadic arg macros (from C99 features).
If it's OK, this patch can fix the initialization (which silences GCC 15 warnings):

0002-gpgscm-Fix-initialization-for-fixed-size-chars.patch44 KBDownload

Apr 22 2025, 7:53 AM · gnupg, gpgrt, Bug Report
gniibe renamed T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later) from gpgscm: Don't use fixed size characters (for portability, specifically for GCC 15 or later) to gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later).
Apr 22 2025, 7:50 AM · gnupg, gpgrt, Bug Report
gniibe triaged T7623: gpgscm: Fix fixed-size characters (for portability, specifically for GCC 15 or later) as Normal priority.
Apr 22 2025, 4:06 AM · gnupg, gpgrt, Bug Report

Apr 21 2025

gniibe committed rE1c58363541fc: Mark the initializations with __nonstring__ attribute. (authored by gniibe).
Mark the initializations with __nonstring__ attribute.
Apr 21 2025, 5:01 AM
gniibe triaged T7621: libgpg-error: __non_string for GCC 15 or later as Normal priority.
Apr 21 2025, 4:43 AM · gpgrt, Bug Report
gniibe committed rCd5fb7cd9b351: Mark nonstring use cases with __nonstring__ attribute. (authored by gniibe).
Mark nonstring use cases with __nonstring__ attribute.
Apr 21 2025, 2:42 AM

Apr 18 2025

gniibe added a comment to T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.

IIUC, it's GCC 8 which starts the support of __nonstring__ attribute.

Apr 18 2025, 4:26 AM · libgcrypt, Bug Report
gniibe set External Link to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117178 on T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Apr 18 2025, 4:25 AM · libgcrypt, Bug Report
gniibe claimed T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Apr 18 2025, 4:13 AM · libgcrypt, Bug Report
gniibe created T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Apr 18 2025, 4:12 AM · libgcrypt, Bug Report

Apr 10 2025

gniibe committed rC32f848ef9dca: mpi:ec: Set GCRYECC_FLAG_LEAST_LEAK, calling mpi_ec_mul_point_lli. (authored by gniibe).
mpi:ec: Set GCRYECC_FLAG_LEAST_LEAK, calling mpi_ec_mul_point_lli.
Apr 10 2025, 2:17 AM

Apr 9 2025

gniibe committed rE32475a7868f5: Use gpgrt_stream_t for the API of gpgrt_nvc_*. (authored by gniibe).
Use gpgrt_stream_t for the API of gpgrt_nvc_*.
Apr 9 2025, 2:29 AM

Apr 7 2025

gniibe changed the status of T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from Open to Testing.

Fix pushed by: rG1ed8b0e7b403: dirmngr: Fix libdns with 127.0.0.1.

Apr 7 2025, 4:45 AM · gnupg24, dirmngr
gniibe committed rG1ed8b0e7b403: dirmngr: Fix libdns with 127.0.0.1. (authored by gniibe).
dirmngr: Fix libdns with 127.0.0.1.
Apr 7 2025, 4:44 AM
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

For Linux kernel, once, it was proposed:
https://patchwork.ozlabs.org/project/netdev/patch/1490748756.24891.27.camel@edumazet-glaptop3.roam.corp.google.com/

Apr 7 2025, 4:10 AM · gnupg24, dirmngr
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

Another problem with same cause (possibly) is reported: https://lists.gnupg.org/pipermail/gnupg-devel/2025-April/035845.html

Apr 7 2025, 3:56 AM · gnupg24, dirmngr

Mar 31 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Pushed all changes to master.

Mar 31 2025, 6:27 AM · libgcrypt, Bug Report
gniibe committed rCd1c471c78d6f: mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky. (authored by gniibe).
mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky.
Mar 31 2025, 5:02 AM
gniibe committed rC0680408b3751: mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli. (authored by gniibe).
mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli.
Mar 31 2025, 5:02 AM
gniibe committed rC4f56fd8c5e03: mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK.
Mar 31 2025, 5:02 AM
gniibe committed rC794b8e7378e8: mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK.
Mar 31 2025, 5:02 AM
gniibe committed rC6419bd17f034: cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK.
Mar 31 2025, 5:02 AM
gniibe committed rC5e3dbfb8233d: mpi:ec: Refactor _gcry_mpi_ec_mul_point (authored by gniibe).
mpi:ec: Refactor _gcry_mpi_ec_mul_point
Mar 31 2025, 5:02 AM
gniibe committed rCd698ed5386e8: mpi:ec: Keep A untouched in ec_get_a_is_pminus3. (authored by gniibe).
mpi:ec: Keep A untouched in ec_get_a_is_pminus3.
Mar 31 2025, 5:02 AM
gniibe committed rC16c6936c811a: mpi:ec: Remove runtime check in ec_mod. (authored by gniibe).
mpi:ec: Remove runtime check in ec_mod.
Mar 31 2025, 5:02 AM
Next