- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Aug 17 2021
(can't access that bug with my account)
For tests with FIPS mode enabled, I manually create the file .libgcrypt.so.20.hmac under src/.libs.
I pushed my further change.
Also, applied and pushed your changes.
Sorry, I didn't test for non-FIPS mode when I committed rC347817438990: fips: Fix tests in fips mode..
Tweaking the value for memory allocation is needed for FIPS mode, because it uses some secure memory by DRBG.
Aug 16 2021
I went a bit back to the history to figure out what is the enforced and soft fips mode as it was initially not completely clear to me. For the record, I used the following bug from 9 years ago:
Tested the master on (faked) FIPS and non-FIPS Fedora and I created couple of more changes for master to work in FIPS mode:
keyserver hkps://hkps.pool.sks-keyservers.net:80 is problematic.
###+++--- GPGConf ---+++### allow-version-check keyserver hkps://hkps.pool.sks-keyservers.net:80 ###+++--- GPGConf ---+++### 2021/5/8 14:18:58 # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines.
Since I think there is no reason why checking _gcry_enforced_fips_mode () here, I remove the check.
Did you restart dirmngr? ("gpgconf --kill dirmngr" so it will be started on demand).
debug network,dns,ipc log-file C:\Users\Administrator\dirmgr.log
I wrote this in my dirmngr.conf. But i haven't found this .log file.
There are two things here.
(1) Use of [] (FLEXIBLE_ARRAY_MEMBER)
(2) Use of offsetof (instead of sizeof) for computation of size of allocation.
Aug 15 2021
Aug 14 2021
Based on the info about this being caused by the added support of PIV, I poked around on the docs at https://gnupg.org/documentation/manuals/gnupg/gpg_002dcard.html and noticed the disable-application stuff. I added "disable-application piv" to ~/.gnupg/scdaemon.conf and the behavior went back to pin caching working as before. Since I don't use PIV, this is an acceptable workaround for me.
Aug 13 2021
At first I've had simply tried to give multiple --symmetric options (which of course didn't work).
debug network,dns,ipc
log-file something
I have no clear idea on how to style the UI for this feature. Technically it is simple but we need top query several passphrases. loopback mode with a list of passphrases might be easiest way to do that.