Page MenuHome GnuPG
Feed Advanced Search

Yesterday

gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl.

Thank you for your log.

Fri, Nov 26, 6:31 AM · gpgrt, Bug Report
gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl.

Please show us the log of configure, not just the result of the failure.

Fri, Nov 26, 3:32 AM · gpgrt, Bug Report
gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl.

If you see wrong result for the decision of the HAVE_LOCK_OPTIMIZATION (for running the test), it's better to contribute to gnulib (https://www.gnu.org/software/gnulib/) for the detection of thread features.

Fri, Nov 26, 2:01 AM · gpgrt, Bug Report
gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl.
Fri, Nov 26, 1:25 AM · gpgrt, Bug Report

Thu, Nov 25

gniibe added a comment to T5704: Ed448/X448 defined in draft-ietf-openpgp-crypto-refresh-04.

The branch gniibe/v5/448 has the implementation.

Thu, Nov 25, 6:33 AM · gnupg (gpg23)
gniibe triaged T5704: Ed448/X448 defined in draft-ietf-openpgp-crypto-refresh-04 as High priority.
Thu, Nov 25, 6:33 AM · gnupg (gpg23)
gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.

To be conservative, it's better to output non-zero-removed signature.

Thu, Nov 25, 6:29 AM · gnupg (gpg23), Bug Report
gniibe added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

My proposal is applying SOS (MPI with leading zero octets) patches, for 2.2, because there may be existing keys with SOS already.

Thu, Nov 25, 6:17 AM · gnupg (gpg22), Bug Report
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Open.
Thu, Nov 25, 6:14 AM · gnupg, Testing, gpgagent, Bug Report
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption) as "Open".

It's not yet solved.

Thu, Nov 25, 6:14 AM · gnupg (gpg22), Bug Report
gniibe updated the task description for T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
Thu, Nov 25, 5:52 AM · gnupg (gpg23), Bug Report
gniibe committed rE50e0f32b1935: build,tests: Run t-lock-single-posix only on platforms supported. (authored by gniibe).
build,tests: Run t-lock-single-posix only on platforms supported.
Thu, Nov 25, 4:45 AM
gniibe committed rM8148237cb4ae: posix: Use poll instead, when available, removing use of select. (authored by gniibe).
posix: Use poll instead, when available, removing use of select.
Thu, Nov 25, 4:13 AM
gniibe changed the status of T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl from Open to Testing.

Reading the documentation of musl, it seems that there are no equivalent to detect if an application is single-threaded or not.

Thu, Nov 25, 4:11 AM · gpgrt, Bug Report
gniibe added a project to T5637: Use poll for libgcrypt (support more than 1024 fds): Testing.
Thu, Nov 25, 3:31 AM · Testing, libgcrypt, Feature Request
gniibe claimed T2385: support more than 1024 fds..
Thu, Nov 25, 3:29 AM · Testing, gpgrt, Feature Request, gpgme
gniibe added a project to T2385: support more than 1024 fds.: Testing.
Thu, Nov 25, 3:29 AM · Testing, gpgrt, Feature Request, gpgme

Wed, Nov 24

gniibe committed rC40ab39966650: fips: Release random resources after selftests. (authored by gniibe).
fips: Release random resources after selftests.
Wed, Nov 24, 5:54 AM
gniibe committed rC204be8a385ae: random: Extend semantics of _gcry_random_close_fds. (authored by gniibe).
random: Extend semantics of _gcry_random_close_fds.
Wed, Nov 24, 5:37 AM
gniibe triaged T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl as Normal priority.
Wed, Nov 24, 3:20 AM · gpgrt, Bug Report
gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl.

In the libgpg-error implementation, it may skip synchronization when it can detect an application is single threaded. The t-lock-single-thread test checks if it really skips as intended.

Wed, Nov 24, 3:20 AM · gpgrt, Bug Report
gniibe claimed T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl.
Wed, Nov 24, 2:55 AM · gpgrt, Bug Report
gniibe added a comment to T5393: gnupg coverity static analysis reports.

Thank you.

Wed, Nov 24, 2:52 AM · gnupg (gpg23), Bug Report
gniibe committed rG426d82fcf1c1: gpg: Fix function prototype to match declaration. (authored by Jakuje).
gpg: Fix function prototype to match declaration.
Wed, Nov 24, 2:52 AM
gniibe committed rG46efee8cb700: kbx: Fix allocation check (authored by Jakuje).
kbx: Fix allocation check
Wed, Nov 24, 2:52 AM
gniibe committed rG6ee3eb420207: homedir: Avoid memory leaks on errors (authored by Jakuje).
homedir: Avoid memory leaks on errors
Wed, Nov 24, 2:52 AM
gniibe committed rG940af3f05231: dirmngr: Avoid memory leaks on errors (authored by Jakuje).
dirmngr: Avoid memory leaks on errors
Wed, Nov 24, 2:52 AM
gniibe committed rG07671917e476: gpg: Fix key conversion for SSH. (authored by gniibe).
gpg: Fix key conversion for SSH.
Wed, Nov 24, 2:45 AM
gniibe committed rGa9be9f4e6e6d: gpg: Fix format_keyid. (authored by gniibe).
gpg: Fix format_keyid.
Wed, Nov 24, 2:45 AM

Mon, Nov 22

gniibe is attending E897: Weekly Standup.
Mon, Nov 22, 6:56 AM
gniibe added a comment to E897: Weekly Standup.

Last week:

  • libgcrypt
    • Merge and fix jitter entropy update: T5523
      • no pthread
      • using independent SHA-3 implementation which comes with jitter entropy itself
      • Our local patch to use non-secure memory for memory access jitter
    • Fix: T5692
    • random deinit: T5636
      • How about extending gcry_random_close_fds? Intended use cases are: (1) resource release after fork, (2) clean restart after selftest
  • libgpg-error
Mon, Nov 22, 6:47 AM
gniibe removed a project from T5637: Use poll for libgcrypt (support more than 1024 fds): gpgme.
Mon, Nov 22, 6:21 AM · Testing, libgcrypt, Feature Request
gniibe edited projects for T5637: Use poll for libgcrypt (support more than 1024 fds), added: libgcrypt; removed gpgrt.
Mon, Nov 22, 6:20 AM · Testing, libgcrypt, Feature Request

Fri, Nov 19

gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

Part 1 was applied. Part 3, Part 4, and Part 7 are irrelevant now, because we now have rndgetentropy which doesn't use device.

Fri, Nov 19, 8:50 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5698: w32: Support poll with FD backend.

I don't know how runtime (of mingw) is thread-safe, but if it is, it should work well.

Fri, Nov 19, 8:05 AM · Windows, gpgrt
gniibe added projects to T5698: w32: Support poll with FD backend: gpgrt, Windows.
Fri, Nov 19, 5:12 AM · Windows, gpgrt
gniibe triaged T5698: w32: Support poll with FD backend as Wishlist priority.
Fri, Nov 19, 5:12 AM · Windows, gpgrt
gniibe requested review of D541: w32: Support poll with FD backend.
Fri, Nov 19, 5:09 AM
gniibe added a comment to T5696: libgpg-error cross-compilation error.

Thanks for your report.

Fri, Nov 19, 1:42 AM
gniibe committed rE0fcfca8e9ffa: build: Fix dependency to gpg-error-config-test.sh. (authored by gniibe).
build: Fix dependency to gpg-error-config-test.sh.
Fri, Nov 19, 1:40 AM
gniibe added a comment to T5695: libgcrypt cross-compilation error.

It was in the middle of merging jitterentropy. Please see T5692 (newer jitterentropy uses pthread by default, which was disabled now).

Fri, Nov 19, 12:52 AM · Bug Report

Thu, Nov 18

gniibe added a comment to T5523: jitter entropy RNG update.

Fixed, with using normal memory for ->mem.

Thu, Nov 18, 8:12 AM · Testing, FIPS, libgcrypt
gniibe committed rC1183ffdd7a24: tests: Remove tweak for FIPS enabled. (authored by gniibe).
tests: Remove tweak for FIPS enabled.
Thu, Nov 18, 8:11 AM
gniibe committed rC85cb7375fec3: jitternetropy: Put our local change to use non-secure memory. (authored by gniibe).
jitternetropy: Put our local change to use non-secure memory.
Thu, Nov 18, 8:06 AM
gniibe added a comment to T5523: jitter entropy RNG update.

->mem is just used to measure the difference of memory access.

Thu, Nov 18, 7:56 AM · Testing, FIPS, libgcrypt
gniibe added a comment to T5523: jitter entropy RNG update.

It found that newer jitterentropy uses larger mem (128KiB), while older uses 2KiB.

Thu, Nov 18, 7:33 AM · Testing, FIPS, libgcrypt
gniibe committed rC17f9eb20c94f: build: Fix excess quotation to enable config.status --recheck works. (authored by gniibe).
build: Fix excess quotation to enable config.status --recheck works.
Thu, Nov 18, 6:47 AM
gniibe committed rC5493282b4aac: random: Fix rndgetentropy correctly uses rndjent. (authored by gniibe).
random: Fix rndgetentropy correctly uses rndjent.
Thu, Nov 18, 4:06 AM

Wed, Nov 17

gniibe committed rCd0fcb4da98a0: Fix jent_read_entropy for JENT_CPU_JITTERENTROPY_SECURE_MEMORY. (authored by gniibe).
Fix jent_read_entropy for JENT_CPU_JITTERENTROPY_SECURE_MEMORY.
Wed, Nov 17, 7:04 AM
gniibe committed rCcf85258e6aff: jitterentropy: Fix for C90 compiler. (authored by gniibe).
jitterentropy: Fix for C90 compiler.
Wed, Nov 17, 7:04 AM
gniibe committed rC2101da04924b: jitterentropy: Use jent_read_entropy_safe for rndjent. (authored by gniibe).
jitterentropy: Use jent_read_entropy_safe for rndjent.
Wed, Nov 17, 7:04 AM
gniibe committed rC5a26ef4f35a5: doc: Update LICENSES for jitterentropy 3.3.0. (authored by gniibe).
doc: Update LICENSES for jitterentropy 3.3.0.
Wed, Nov 17, 7:04 AM
gniibe committed rC3bacdac611b9: jitterentropy: Merge from jitterentropy-library-3.3.0. (authored by gniibe).
jitterentropy: Merge from jitterentropy-library-3.3.0.
Wed, Nov 17, 7:04 AM
gniibe committed rC964c9c5eee30: jitterentropy: Disable use of pthread. (authored by gniibe).
jitterentropy: Disable use of pthread.
Wed, Nov 17, 7:04 AM
gniibe committed rCd5ae5229db70: jitterentropy: Fix building rndjent. (authored by gniibe).
jitterentropy: Fix building rndjent.
Wed, Nov 17, 7:04 AM
gniibe added a project to T5523: jitter entropy RNG update: Testing.

Pushed to master.

Wed, Nov 17, 7:03 AM · Testing, FIPS, libgcrypt

Tue, Nov 16

gniibe moved T5665: libgcrypt : Restrict message digest use for FIPS 140-3 from Next to Done on the FIPS board.
Tue, Nov 16, 11:22 AM · Testing, FIPS, Bug Report, libgcrypt
gniibe moved T5692: New entropy gatherer using the genentropy system call. from Backlog to Next on the FIPS board.
Tue, Nov 16, 11:22 AM · libgcrypt, FIPS
gniibe added a project to T5665: libgcrypt : Restrict message digest use for FIPS 140-3: Testing.
Tue, Nov 16, 11:20 AM · Testing, FIPS, Bug Report, libgcrypt
gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

In the documentation, I found:

Tue, Nov 16, 10:58 AM · FIPS, libgcrypt, Bug Report

Mon, Nov 15

gniibe is attending E896: Weekly Standup.
Mon, Nov 15, 11:02 AM
gniibe added a comment to E896: Weekly Standup.

Last week:

  • openpgp-dt
    • quantum computing is out of scope for current crypto-refresh, it will be next
    • interoperability by testing with sop (Stateless OpenPGP Command Line Interface)
    • NIST standards don't have OCB, but currently they work for lightweight encryption
  • libgcrypt
    • Change reference in NEWS to CVE to clarify confusion
    • rndgetentropy.c
    • T5393
    • T5512: Fixed regressions (pubkey, pkcs1v2)
  • other libraries
    • apply change in T5610 of libtool for macOS
  • scdaemon
    • T5644: white list is too strong, so only one entry for that
  • gpgme
    • fix build for Android
  • libgpg-error
    • fix dist/build, etc.
Mon, Nov 15, 10:59 AM
gniibe committed rCec671cfa2398: random: Include getentropy random module. (authored by gniibe).
random: Include getentropy random module.
Mon, Nov 15, 7:13 AM
gniibe committed rCcebe5c78a949: random:getentropy: Limit the size of buffer in exact size. (authored by gniibe).
random:getentropy: Limit the size of buffer in exact size.
Mon, Nov 15, 7:13 AM
gniibe committed rCe562e34c824d: build: Support rndgetentropy random module. (authored by gniibe).
build: Support rndgetentropy random module.
Mon, Nov 15, 7:13 AM
gniibe committed rC6de43f11c625: random:getentropy: Simplify more. (authored by gniibe).
random:getentropy: Simplify more.
Mon, Nov 15, 7:13 AM
gniibe committed rCa8395fd7a40f: random: Simplify rndgetentropy. (authored by gniibe).
random: Simplify rndgetentropy.
Mon, Nov 15, 7:13 AM
gniibe committed rCf36bfe7ec1b2: random: Start rnd-getentropy.c. (authored by gniibe).
random: Start rnd-getentropy.c.
Mon, Nov 15, 7:13 AM
gniibe added a project to T5682: ed25519 internal authenticate with openpgpcard may send long data over short apdu: Testing.
Mon, Nov 15, 3:53 AM · Testing, scd, ssh, Bug Report
gniibe added a comment to T5682: ed25519 internal authenticate with openpgpcard may send long data over short apdu.

Adding the check on host side, I pushed the change: rGa575b0aba542: scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.

Mon, Nov 15, 3:53 AM · Testing, scd, ssh, Bug Report
gniibe committed rGa575b0aba542: scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE. (authored by gniibe).
scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
Mon, Nov 15, 3:53 AM
gniibe added a comment to T5365: --with-libgpg-error-prefix doesn't affect gpgrt-config path detection.

Let me clarify the use case of gpg-error.m4.

Mon, Nov 15, 2:30 AM · MacOS, gpgrt, Cross-Compiler, libgcrypt
gniibe added a comment to T5393: gnupg coverity static analysis reports.

Or, we can use memcmp to avoid arguing semantics of strncmp, and make it a bit cleaner to avoid calling strlen multple times by put_membuf_str.

diff --git a/g10/export.c b/g10/export.c
index 98c4623cf..c7cfcfaa4 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -2133,14 +2133,15 @@ key_to_sshblob (membuf_t *mb, const char *identifier, ...)
   size_t buflen;
   gcry_mpi_t a;
Mon, Nov 15, 2:08 AM · gnupg (gpg23), Bug Report
gniibe added a comment to T5393: gnupg coverity static analysis reports.

We know that problematic strncmp implementation: T5443
So, I don't blame Coverity. But I think that it's better to fix strncmp implementation.

Mon, Nov 15, 1:13 AM · gnupg (gpg23), Bug Report
gniibe added a comment to rGb124bca592e1: gpg: Don't use malloc for kek_params..

The old code using sizeof(kek_params) (which is used for log_printhex) is incorrect; the value is the size of pointer to byte. It may works for 32-bit architectures, though.
On the machine which has 8 for a pointer, it will cause accessing wrong area, when DPG_CRYPTO is enabled.

Mon, Nov 15, 1:00 AM

Fri, Nov 12

gniibe added a comment to T5393: gnupg coverity static analysis reports.

Under C11, it seems OK (strncmp).
https://stackoverflow.com/questions/38878195/does-this-usage-of-strncmp-contain-an-out-of-bounds-read

Fri, Nov 12, 7:45 AM · gnupg (gpg23), Bug Report
gniibe committed rGfae1d2e2ccde: kbx: Avoid use of uninitialized value. (authored by Jakuje).
kbx: Avoid use of uninitialized value.
Fri, Nov 12, 7:41 AM
gniibe committed rGb124bca592e1: gpg: Don't use malloc for kek_params. (authored by gniibe).
gpg: Don't use malloc for kek_params.
Fri, Nov 12, 7:41 AM
gniibe committed rGd24c5df52b55: gpg: Avoid uninitialized revkey.fprlen. (authored by Jakuje).
gpg: Avoid uninitialized revkey.fprlen.
Fri, Nov 12, 7:41 AM
gniibe committed rGae3d0bb8e77c: agent: Avoid uninitialized buffer. (authored by Jakuje).
agent: Avoid uninitialized buffer.
Fri, Nov 12, 7:41 AM
gniibe committed rG50f32eb0664d: agent: Correctly free memory on error path. (authored by Jakuje).
agent: Correctly free memory on error path.
Fri, Nov 12, 7:41 AM
gniibe committed rG50e6d63f12e7: tools: Avoid memory leak from gpgspilt. (authored by Jakuje).
tools: Avoid memory leak from gpgspilt.
Fri, Nov 12, 7:41 AM
gniibe committed rGc0b99e6dbb26: gpg-pair-tool: Fix typos in protocol description. (authored by Jakuje).
gpg-pair-tool: Fix typos in protocol description.
Fri, Nov 12, 7:41 AM
gniibe committed rGc0b1bcc5c6b5: scd: Avoid memory leak. (authored by Jakuje).
scd: Avoid memory leak.
Fri, Nov 12, 7:41 AM
gniibe added a comment to T5393: gnupg coverity static analysis reports.

I applied most of gnupg-coverity.patch.

  • Part 1 is not applied; It should be handled later.
  • Part 2: applied
  • Part 3: applied
  • Part 4: applied, but spell fixes not require ChangeLog entry
  • Part 5
  • Part 6: applied
  • Part 7: applied, but empty initializer is GNU extension (or the way of C++), so first 0
  • Part 8: applied
  • Part 9: applied, but one more fix
Fri, Nov 12, 7:28 AM · gnupg (gpg23), Bug Report
gniibe added a project to T5644: Heuristic for default reader detection: Testing.
Fri, Nov 12, 5:50 AM · Testing, Feature Request, gnupg (gpg22)
gniibe triaged T5683: Deprecation of gpg-error-config as Wishlist priority.
Fri, Nov 12, 5:49 AM · gpgrt
gniibe claimed T5682: ed25519 internal authenticate with openpgpcard may send long data over short apdu.
Fri, Nov 12, 5:42 AM · Testing, scd, ssh, Bug Report
gniibe committed rEfd83c3e29744: build: Fix for configure generated files. (authored by gniibe).
build: Fix for configure generated files.
Fri, Nov 12, 4:11 AM
gniibe committed rE1e5b17f4284e: configure: Escape includedir/libdir to defer interpretation of vars. (authored by gniibe).
configure: Escape includedir/libdir to defer interpretation of vars.
Fri, Nov 12, 3:45 AM
gniibe committed rM4583ab77e5af: gpgme.pc: Fix library dependency and use of includedir, libdir. (authored by gniibe).
gpgme.pc: Fix library dependency and use of includedir, libdir.
Fri, Nov 12, 3:14 AM
gniibe committed rM1cedac2bba24: tests: Build using GPG_ERROR_MT_LIBS for thread use. (authored by gniibe).
tests: Build using GPG_ERROR_MT_LIBS for thread use.
Fri, Nov 12, 3:14 AM
gniibe committed rTc612c4f16494: ntbtls.pc: Fix library dependency. (authored by gniibe).
ntbtls.pc: Fix library dependency.
Fri, Nov 12, 2:07 AM
gniibe committed rT612351adc7ca: build: Fix library dependency for ntbtls-cli test program. (authored by gniibe).
build: Fix library dependency for ntbtls-cli test program.
Fri, Nov 12, 2:07 AM

Thu, Nov 11

gniibe committed rC1481607cb9db: tests:pkcs1v2: Skip tests with small keys in FIPS mode. (authored by gniibe).
tests:pkcs1v2: Skip tests with small keys in FIPS mode.
Thu, Nov 11, 5:47 AM
gniibe committed rC66119e0c1a02: tests:pubkey: Replace RSA key to one of 2k. (authored by gniibe).
tests:pubkey: Replace RSA key to one of 2k.
Thu, Nov 11, 5:47 AM
gniibe committed rM8cd2fe7b3de4: tests: Use GPG_ERROR_MT_LIBS for a test with threads. (authored by gniibe).
tests: Use GPG_ERROR_MT_LIBS for a test with threads.
Thu, Nov 11, 2:14 AM

Wed, Nov 10

gniibe committed rT27ac2776f323: libtool: Link without -flat_namespace for macOS. (authored by gniibe).
libtool: Link without -flat_namespace for macOS.
Wed, Nov 10, 7:33 AM
gniibe committed rTa5042e298d5c: Fix internal API of functions to match declaration. (authored by gniibe).
Fix internal API of functions to match declaration.
Wed, Nov 10, 7:33 AM
gniibe committed rAe342b58b6230: libtool: Link without -flat_namespace for macOS. (authored by gniibe).
libtool: Link without -flat_namespace for macOS.
Wed, Nov 10, 7:12 AM