Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

May 26 2021

dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

Attached is an even worse PKCS7 blob, that should be validatable given reliance on ca.rsa.crt, but it will be rejected by gpgsm because the PKCS#7 bundle includes ca.rsa.cross2.crt in it.

signed-data-worse.p72 KBDownload

May 26 2021, 12:07 AM · S/MIME, Bug Report

May 25 2021

dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 25 2021, 11:22 PM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 25 2021, 11:21 PM · S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

OK, i have replicated this successfully with no ed25519 involved. here's the new intermediate cert:

ca.rsa.cross2.crt1 KBDownload

May 25 2021, 11:18 PM · S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

Which NIST test suite are you referring to? It might not cover certificate pathfinding in the face of multiple cross-signed authorities.

May 25 2021, 5:37 PM · S/MIME, Bug Report
werner committed rG30563ea29705: gpg: Partial fix for Unicode problem in output files. (authored by werner).
gpg: Partial fix for Unicode problem in output files.
May 25 2021, 1:47 PM
werner edited projects for T5449: gnupg: Do not use SHA1 by default, added: gnupg (gpg23); removed gnupg.
May 25 2021, 12:49 PM · gnupg24, gnupg (gpg23), Bug Report
lbogdan added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

@werner @ikloecker Any more thoughts / updates on this?

May 25 2021, 11:40 AM · gnupg24, yubikey, Bug Report
ikloecker moved T5404: Kleopatra: OpenPGP LDAP keyserver configuration impossible for at least 2.3 from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 25 2021, 10:35 AM · kleopatra, Restricted Project
ikloecker moved T4876: Generic smartcard widget for PKCS# 15 and other apps from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 25 2021, 10:35 AM · Restricted Project, kleopatra
ikloecker changed the status of T4876: Generic smartcard widget for PKCS# 15 and other apps from Open to Testing.
May 25 2021, 10:35 AM · Restricted Project, kleopatra
ikloecker changed the status of T4876: Generic smartcard widget for PKCS# 15 and other apps, a subtask of T4875: Kleopatra: Improve support for S/MIME Smartcards and add additional card support, from Open to Testing.
May 25 2021, 10:35 AM · kleopatra
aheinecke reassigned T5404: Kleopatra: OpenPGP LDAP keyserver configuration impossible for at least 2.3 from aheinecke to ikloecker.
May 25 2021, 10:17 AM · kleopatra, Restricted Project
werner triaged T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present as Normal priority.

I do not have the time to analyse this in the context of our approved versions and to compare it to the NIST test suite. We also do not yet have support for ed25519 certificates.

May 25 2021, 9:45 AM · S/MIME, Bug Report
werner triaged T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default" as Normal priority.

You should anyway use --quick-gen-key.

May 25 2021, 8:37 AM · gnupg24, gnupg (gpg23)
werner added a comment to T5446: Don't show LDAP credentials in error messages, at least not by default.

So what do you think is the threat here?

May 25 2021, 8:34 AM · dirmngr, gnupg
cbiedl added a comment to T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".

Setting a curve type (which shouldn't be necessary) like "Curve-Type: ed25519" doesn't help either. While this makes the check in gpg pass, the gpg-agent process re-checks the parameter set and rejects it with the same error message.

May 25 2021, 8:17 AM · gnupg24, gnupg (gpg23)
cbiedl added a comment to T5446: Don't show LDAP credentials in error messages, at least not by default.

My concern is not a disloyal administrator, so I disagree with that priority.

May 25 2021, 8:14 AM · dirmngr, gnupg
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

CVE-2021-33560

May 25 2021, 2:46 AM · side-channel, CVE, libgcrypt

May 24 2021

Jakuje created T5449: gnupg: Do not use SHA1 by default.
May 24 2021, 4:46 PM · gnupg24, gnupg (gpg23), Bug Report
Jakuje renamed T5433: libgcrypt: Do not use SHA1 by default from Do not use SHA1 by default to libgcrypt: Do not use SHA1 by default.
May 24 2021, 4:38 PM · FIPS, libgcrypt, Bug Report
Jakuje added a comment to T5393: gnupg coverity static analysis reports.

Thank you. I checked what was missing and all looks good. But do not understand why the last gpgsplit xfree was not applied. We are leaving a block where this variable is dynamically allocated so even without error we need to free it.

May 24 2021, 4:36 PM · gnupg (gpg23), Bug Report
l10n daemon script <scripty@kde.org> committed rLIBKLEO2e7c0cc0a6fa: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
May 24 2021, 3:21 AM

May 23 2021

werner closed T5448: GPG_ERR_EOF didn't return by gpgme_op_keylist_next after the last key in the list had already been returned as Resolved.
May 23 2021, 9:32 PM · Support, gpgme
Saturneric added a comment to T5448: GPG_ERR_EOF didn't return by gpgme_op_keylist_next after the last key in the list had already been returned.

thanks!

May 23 2021, 4:11 PM · Support, gpgme
werner added a comment to T5448: GPG_ERR_EOF didn't return by gpgme_op_keylist_next after the last key in the list had already been returned.

The error codes we use are a combination of code and location.

May 23 2021, 10:54 AM · Support, gpgme

May 22 2021

Saturneric created T5448: GPG_ERR_EOF didn't return by gpgme_op_keylist_next after the last key in the list had already been returned.
May 22 2021, 5:53 PM · Support, gpgme

May 21 2021

bernhard added a comment to T5285: GnuPG: 8Bit filenames can no longer be provided on the command line.

Could make --multifile work on windows 10, documenting the workaround here.

May 21 2021, 4:16 PM · gnupg
werner triaged T5446: Don't show LDAP credentials in error messages, at least not by default as Low priority.

I give this a low priority because all those infos are easily retrievable from config files.

May 21 2021, 11:46 AM · dirmngr, gnupg
werner triaged T5447: Add feature to delete a key from an LDAP server as Normal priority.
May 21 2021, 11:44 AM · vsd33, Restricted Project, gnupg24, LDAP
cbiedl updated the task description for T5446: Don't show LDAP credentials in error messages, at least not by default.
May 21 2021, 11:09 AM · dirmngr, gnupg
cbiedl created T5446: Don't show LDAP credentials in error messages, at least not by default.
May 21 2021, 10:57 AM · dirmngr, gnupg
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRA5dc829c83768: GIT_SILENT Clean up unused code (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
GIT_SILENT Clean up unused code
May 21 2021, 10:47 AM
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRA0400fac2280c: Remove obsolete create_* methods (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
Remove obsolete create_* methods
May 21 2021, 10:47 AM
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRA7c58a35ada23: Allow gnupgsystem KCM to be loaded externally (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
Allow gnupgsystem KCM to be loaded externally
May 21 2021, 10:47 AM
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRAaa59250b22e5: Remove obsolete desktop files (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
Remove obsolete desktop files
May 21 2021, 10:47 AM
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRA57b1d5a89162: Use static lib for plugins instead of deprecated plugin loading (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
Use static lib for plugins instead of deprecated plugin loading
May 21 2021, 10:47 AM
werner committed rG260bbb4ab27e: common: Annotate leaked memory in homedir.c (authored by werner).
common: Annotate leaked memory in homedir.c
May 21 2021, 9:24 AM
gniibe committed rEf9b50dafc5d3: build: _DARWIN_C_SOURCE should be 1. (authored by gniibe).
build: _DARWIN_C_SOURCE should be 1.
May 21 2021, 7:10 AM
gniibe claimed T5440: _DARWIN_C_SOURCE kind of "must" be 1, not "900000L".

Thank you for your report.

May 21 2021, 7:04 AM · MacOS, libgcrypt, Bug Report
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

Let me rephrase from a viewpoint of mine (an implementer).

May 21 2021, 3:59 AM · side-channel, CVE, libgcrypt
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:17 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:17 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:16 AM · S/MIME, Bug Report
gniibe committed rG5be0d075b1ad: scd: Release memory for RDRNAME. (authored by gniibe).
scd: Release memory for RDRNAME.
May 21 2021, 3:15 AM
gniibe committed rG44c8232b97e9: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
May 21 2021, 3:15 AM
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:15 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:14 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:09 AM · S/MIME, Bug Report
dkg renamed T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present from gpgsm fails to find shortest certificate path to valid X.509 root to gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:08 AM · S/MIME, Bug Report
dkg created T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 1:45 AM · S/MIME, Bug Report

May 20 2021

werner committed rG52bbdc731fd5: sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. (authored by werner).
sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
May 20 2021, 7:11 PM
werner added a comment to T5393: gnupg coverity static analysis reports.

The first two patch sets are now applied with the exception of
the gpgsplit fix; I did not applied that patch to add a free() in case of write errors.

May 20 2021, 5:37 PM · gnupg (gpg23), Bug Report
werner committed rG98c52aeb31f4: card: Intialize pointer to avoid double free (authored by Jakuje).
card: Intialize pointer to avoid double free
May 20 2021, 3:20 PM
werner committed rG27e7bde12ee2: scd: avoid memory leaks (authored by Jakuje).
scd: avoid memory leaks
May 20 2021, 3:20 PM
werner committed rGfa0771f609b5: g10: Avoid memory leaks (authored by Jakuje).
g10: Avoid memory leaks
May 20 2021, 3:20 PM
werner committed rGfc5fac83b778: kbx: Avoid uninitialized read (authored by Jakuje).
kbx: Avoid uninitialized read
May 20 2021, 3:20 PM
werner committed rG4704d1ce4e1e: common: Avoid double-free (authored by Jakuje).
common: Avoid double-free
May 20 2021, 3:20 PM
werner committed rG25aa353bf833: dirmgr: Avoid double free (authored by Jakuje).
dirmgr: Avoid double free
May 20 2021, 3:20 PM
werner committed rG33a2362e566c: agent: Fix memory leaks (authored by Jakuje).
agent: Fix memory leaks
May 20 2021, 3:20 PM
werner committed rGe6132bc9f417: sm: Avoid memory leaks and double double-free (authored by Jakuje).
sm: Avoid memory leaks and double double-free
May 20 2021, 3:20 PM
werner committed rG0d2c1e9046fa: dirmgr: clean up memory on error code paths (authored by Jakuje).
dirmgr: clean up memory on error code paths
May 20 2021, 3:20 PM
werner committed rG2af7bb2295cd: g10: Fix memory leaks (authored by Jakuje).
g10: Fix memory leaks
May 20 2021, 3:20 PM
werner committed rG678e1b20d353: scd: avoid memory leaks (authored by Jakuje).
scd: avoid memory leaks
May 20 2021, 3:20 PM
werner committed rGa95ddffdcd58: agent: Avoid memory leaks in error code paths. (authored by Jakuje).
agent: Avoid memory leaks in error code paths.
May 20 2021, 3:20 PM
werner committed rG4dc4b025d6dd: common: Avoid double-free (authored by Jakuje).
common: Avoid double-free
May 20 2021, 3:20 PM
werner committed rGb677e2ec989c: Assorted memory leak fixes on the error code paths. (authored by werner).
Assorted memory leak fixes on the error code paths.
May 20 2021, 3:20 PM
ikloecker added a comment to T4876: Generic smartcard widget for PKCS# 15 and other apps.

Current look without public keys:

May 20 2021, 12:58 PM · Restricted Project, kleopatra
ikloecker committed rKLEOPATRAde7fe0712a4d: Preserve the double space in the formatted fingerprint in RichText mode (authored by ikloecker).
Preserve the double space in the formatted fingerprint in RichText mode
May 20 2021, 12:55 PM
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRAda0fb5409211: Allow gnupgsystem KCM to be loaded externally (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
Allow gnupgsystem KCM to be loaded externally
May 20 2021, 12:50 PM
ikloecker committed rKLEOPATRAb6b2d04d9834: Make card information also selectable by keyboard (authored by ikloecker).
Make card information also selectable by keyboard
May 20 2021, 12:38 PM
ikloecker committed rKLEOPATRAfa20a4de2c02: Use getCryptoConfigEntry() helper to get configured keyserver (authored by ikloecker).
Use getCryptoConfigEntry() helper to get configured keyserver
May 20 2021, 12:38 PM
ikloecker committed rKLEOPATRA73cb87f0e776: Add possibility to specify allowed key actions (authored by ikloecker).
Add possibility to specify allowed key actions
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRAe7a526cc8dfb: Hide OpenPGP keys section if card does not provide OpenPGP keys (authored by ikloecker).
Hide OpenPGP keys section if card does not provide OpenPGP keys
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA5ea28758d92e: Add button for displaying detailed information about an OpenPGP key (authored by ikloecker).
Add button for displaying detailed information about an OpenPGP key
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA079c4ee9434c: Make key information selectable by keyboard and mouse (authored by ikloecker).
Make key information selectable by keyboard and mouse
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA75c25653a4a1: Hide widgets of keys not supported by the card (authored by ikloecker).
Hide widgets of keys not supported by the card
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA706f0f2d9f25: Use OpenPGPKeyCardWidget for PKCS#15 cards (authored by ikloecker).
Use OpenPGPKeyCardWidget for PKCS#15 cards
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA9ea7dfff7d51: Improve layout and messages (authored by ikloecker).
Improve layout and messages
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA74f90c8ffccf: Support OpenPGP keys on other cards than OpenPGP cards (authored by ikloecker).
Support OpenPGP keys on other cards than OpenPGP cards
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA3947c79380c7: Add authenticationKeyRef to Card (authored by ikloecker).
Add authenticationKeyRef to Card
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRAbc607f1e0040: Add key title label to KeyWidgets (authored by ikloecker).
Add key title label to KeyWidgets
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA81dbad4a1f76: Separate update of cached values from card and update of widgets (authored by ikloecker).
Separate update of cached values from card and update of widgets
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA4e96ade3f378: Fix equality operator of Card (authored by ikloecker).
Fix equality operator of Card
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA9309102065cb: Allow checking KeyPairInfo for equality (authored by ikloecker).
Allow checking KeyPairInfo for equality
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA377ac424e4ba: Show more information about keys (authored by ikloecker).
Show more information about keys
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA8db2859a8a01: Cache fingerprint so that we can update key information without card (authored by ikloecker).
Cache fingerprint so that we can update key information without card
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA7dc62e3c0677: Factor widget displaying OpenPGP keys out of PGPCardWidget (authored by ikloecker).
Factor widget displaying OpenPGP keys out of PGPCardWidget
May 20 2021, 12:37 PM
ikloecker committed rKLEOPATRA6ca23e058c18: Modernize code (authored by ikloecker).
Modernize code
May 20 2021, 12:37 PM
aheinecke added a comment to T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".

Ha! This would have affected Kleopatra if we followed werners suggestion to use default. But in Kleo I decided that I needed to show my users what the default is so we do not use default in this case.

May 20 2021, 12:32 PM · gnupg24, gnupg (gpg23)
werner committed rE448bf7b01cad: core: Make gpgrt_free robust against legacy free implementations. (authored by werner).
core: Make gpgrt_free robust against legacy free implementations.
May 20 2021, 12:31 PM
cbiedl assigned T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default" to wk.
May 20 2021, 12:29 PM · gnupg24, gnupg (gpg23)
cbiedl created T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".
May 20 2021, 12:07 PM · gnupg24, gnupg (gpg23)
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRAda58d8c64f91: GIT_SILENT Clean up unused code (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
GIT_SILENT Clean up unused code
May 20 2021, 11:02 AM
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRA2cddb1334314: GIT_SILENT Clean up unused code (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
GIT_SILENT Clean up unused code
May 20 2021, 10:59 AM
werner added a comment to T5393: gnupg coverity static analysis reports.
In T5393#145098, @gniibe wrote:

Please note that *_error-from_syserror accesses system's errno which may be cleared by xfree.

May 20 2021, 9:09 AM · gnupg (gpg23), Bug Report
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

The paper describes another problem: interoperability (or interpretation) of "ElGamal encryption", and its impact.

May 20 2021, 8:51 AM · side-channel, CVE, libgcrypt
werner committed rG9d63ba272166: po: Updated the Russian translation (authored by werner).
po: Updated the Russian translation
May 20 2021, 8:15 AM
gniibe updated the task description for T5443: Debian ppc64el failure of 'make check with_valgrind=1'.
May 20 2021, 6:17 AM · gnupg
gniibe added a comment to T5443: Debian ppc64el failure of 'make check with_valgrind=1'.

This is another test case for GNU C library's strncmp:

t_error_detected-8-byte.c883 BDownload

May 20 2021, 6:05 AM · gnupg
First
Prev
Next