Adding comments, fixing "const" qualifier, I pushed the change.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Dec 10 2021
Dec 10 2021
• gniibe added a project to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata: Restricted Project.
• gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
Thank you, applied.
• gniibe committed rC02583e1216bc: tests: Include the new input files for tests (authored by Jakuje).
tests: Include the new input files for tests
Dec 9 2021
Dec 9 2021
• gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
A patch created:
0001-gpg-Emit-compatible-Ed25519-signature.patch3 KBDownload
• gniibe committed rC7d8403b59a10: tests,fips: Align the use of variable in_fips_mode. (authored by • gniibe).
tests,fips: Align the use of variable in_fips_mode.
• gniibe committed rC5b82f4b4dbf3: Adjust tests for proper disablement of non-approve PK operations (authored by Jakuje).
Adjust tests for proper disablement of non-approve PK operations
Thank you, applied.
Dec 8 2021
Dec 8 2021
• gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
GnuPG 2.2 does:
- In g10/sign.c:do_sign, it keeps leading zeros for Ed25519 signature, as opaque MPI
- In g10/build-packet.c:do_signature which calls gpg_mpi_write to output the (opaque) MPI, leading zeros are removed.
• gniibe added a comment to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS.
Let me explain concretely.
Reading compressed point format has been done.
If writing support is needed, please open another task.
• gniibe added a project to T5572: gnupg1: Missing extern-inline.m4 for gl_EXTERN_INLINE: Restricted Project.
• gniibe added a project to T5617: fips: Check library integrity before running selftests: Restricted Project.
• gniibe renamed T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS from libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl to libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS.
• gniibe added a project to T5699: libgpg-error 1.43 fails t-lock-single-thread test on x86_64 with musl and macOS: Restricted Project.
• gniibe added a project to T5714: tests: Do not run tests for algorithms that are not built-in: Restricted Project.
• gniibe added a project to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation: Restricted Project.
• gniibe triaged T5636: Run integrity checks + selftests from library constructor in FIPS as Normal priority.
• gniibe lowered the priority of T5576: New set of API for public key cryptography from High to Wishlist.
This new API is not for FIPS directly (any more), as we introduced pk_hash_sign/verify for FIPS.
• gniibe removed a parent task for T5576: New set of API for public key cryptography: T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.
Pushed the backport.
• gniibe committed rCa0a2b6796f58: tests: Add tests for gcry_pk_hash_sign/verify API. (authored by • gniibe).
tests: Add tests for gcry_pk_hash_sign/verify API.
I have been convinced disabling DSA makes more sense.
fips: Disable DSA in FIPS mode.
Done.
(Actually, it's not in the tarball.)
random: Remove random-fips.c from repo.
Dec 7 2021
Dec 7 2021
• gniibe committed rC05472c1882df: build: cipher/Makefile.am, doc/Makefile.am: add a missing space (authored by Alexander Kanavin <alex.kanavin@gmail.com>).
build: cipher/Makefile.am, doc/Makefile.am: add a missing space
po: Update Japanese Translation.
• gniibe committed rG14de7b1e5904: gpg: Accept Ed25519 private key in SOS which reserves leading zeros. (authored by • gniibe).
gpg: Accept Ed25519 private key in SOS which reserves leading zeros.
• gniibe triaged T5721: gpg22: Update *.m4 to prefer use of gpgrt-config and *.pc to *-config as Wishlist priority.
• gniibe renamed T5034: dev: Deprecate libassuan-config, libgcrypt-config, ksba-config, ntbtls-config, npth-config, and gpg-error-config from dev: Deprecate libassuan-config, libgcrypt-config, ksba-config, ntbtls-config, npth-config, ang gpg-error-config to dev: Deprecate libassuan-config, libgcrypt-config, ksba-config, ntbtls-config, npth-config, and gpg-error-config.
• gniibe added a project to T5120: Incompatible Ed25519 secret key (no-encryption): Restricted Project.
For GnuPG 2.2, it's better to be conservative (least change of behavior, if any).
We have tests in gniibe/new-pk-api, which can be backported.
- t-dsa
- t-ecdsa
- t-rsa-pss
- t-rsa-15
Thank you, applied.
md: Fix disabled check.
• gniibe committed rCe96980022e5e: Properly enforce disablement in other pubkey API (authored by Jakuje).
Properly enforce disablement in other pubkey API
tests: Add paren for readability.
• gniibe committed rC3152a565d9a4: md: Fix checking to use ->disabled instead of ->fips directly. (authored by • gniibe).
md: Fix checking to use ->disabled instead of ->fips directly.
• gniibe added a comment to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon.
The patch has been applied.
configure: Add missing check for logging
• gniibe committed rC754ad5815b5b: random: Remove use of experimental random daemon. (authored by • gniibe).
random: Remove use of experimental random daemon.
• gniibe added a project to T5706: libgcrypt: random: Remove the feature getting randomness from random daemon: Restricted Project.
Thank you, applied.
Dec 6 2021
Dec 6 2021
• gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.
And please let me know the change rC751fcadd34ed: random: Release memory in DRBG. affects t-secmem failure.
• gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.
IIUC, one of the causes for the failure of secmem was resource release of DRBG memory.
random: Release memory in DRBG.
• gniibe committed rC5425052f38cd: fips: Factor out check_fips_system_setting function. (authored by • gniibe).
fips: Factor out check_fips_system_setting function.
• gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.
Thank you for testing.
• gniibe committed rCb14aaf1a2dc7: cipher,tests: Consitent use of #if/#endif for algo selection. (authored by • gniibe).
cipher,tests: Consitent use of #if/#endif for algo selection.
Applied. Thank you.
tests: Unbreak tests with SM4 disabled
• gniibe committed rC57b61b0f4f1b: tests: Conditionalize other algorithms that might not be built-in (authored by Jakuje).
tests: Conditionalize other algorithms that might not be built-in
Fixed in 2.2.33.
An application should use syshd, instead.
Dec 3 2021
Dec 3 2021
• gniibe committed rCe4a450d1d966: rsa: Allow e=0 to select 65537 for keygeneration under X931. (authored by • gniibe).
rsa: Allow e=0 to select 65537 for keygeneration under X931.
Adding the case for == 0 only might be problematic, because I don't think it's an alias for a secure value; I think that == 0 means that it's up to libgcrypt to select the value (just like other generate_* functions).
• gniibe committed rC78ce1f9e0afe: random: Add missing header file to the release tarball (authored by Jakuje).
random: Add missing header file to the release tarball
Thank you, applied.
Dec 2 2021
Dec 2 2021
What would be setting those? And how do I disable it?
A possibility is that gpg-agent which invokes pinentry happens have COLUMNS and LINES defined, then, pinentry misbehaves.
Thanks again for further information.
For the part 1, I created: T5710: FIPS: disable DSA for FIPS
Dec 1 2021
Dec 1 2021
So, the solution is to build pinentry with newer ncurses. As I wrote in another comment, it's adding a single line to the formula.
Also, applied the part 2, improving basic.c.
• gniibe committed rCbff9ed54285b: tests: Fix basic.c to show useful information on error. (authored by • gniibe).
tests: Fix basic.c to show useful information on error.
• gniibe committed rCc8d2b0069e3c: tests: Improve error checking in regards to FIPS (authored by Jakuje).
tests: Improve error checking in regards to FIPS
Disable 3DES in FIPS mode
Applied the part 3, the 3DES is no-FIPS patch.
Nov 30 2021
Nov 30 2021
• gniibe committed rC3d38968f4b75: Implement explicit FIPS indicators for cipher modes (authored by Jakuje).
Implement explicit FIPS indicators for cipher modes
• gniibe renamed T5706: libgcrypt: random: Remove the feature getting randomness from random daemon from libgcrypt: random: Remove access to random daemon to libgcrypt: random: Remove the feature getting randomness from random daemon.
Applied the part 4, the indicator patch.
• gniibe added a project to T5692: New entropy gatherer using the genentropy system call.: Restricted Project.
The change for pubkey-util.c is not needed any more, because
- T5665 handles new functions rejects use of SHA-1 as approved signature.
- pubkey-util.c is used by gcry_pk_sign and gcry_pk_verify.
Thank you for the info.
• gniibe triaged T5706: libgcrypt: random: Remove the feature getting randomness from random daemon as Normal priority.
• gniibe requested review of D544: Deprecation of random daemon part 1 (remove use of random daemon).
Is there some other command I should run to check which curses it's using? I see there's a --debug flag but I'm not sure how to use it.
I think that either of following might be true:
(1) macOS has older ncurses (which doesn't support ioctl well, to get columns/lines info) in system
(2) macOS has BSD curses (with no suport for ioctl)
Thank you for the information. So, you don't have these environment variables set.
Curses application (of pinentry) get information of screen size by:
- environment variables (COLUMNS, LINES)
- operating system using TIOCGSIZE or TIOCGWINSZ ioctl
- tinfo data base
Nov 29 2021
Nov 29 2021
The original intention was to fix t-poll failure on Windows.
It was fixed in different way in rE858bcd4343ac: tests,w32: Use CreatePipe and es_sysopen..