Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Aug 19 2021

ikloecker committed rKLEOPATRA4b2dcc8549be: Manually specify shortcuts for all checkboxes (authored by ikloecker).
Manually specify shortcuts for all checkboxes
Aug 19 2021, 1:04 PM
ikloecker committed rLIBKLEO0fb836a692ce: Make it possible to use FileNameRequester as buddy of a label (authored by ikloecker).
Make it possible to use FileNameRequester as buddy of a label
Aug 19 2021, 1:03 PM
ikloecker committed rLIBKLEO8ab5857cc518: Set tooltip of push button and line edit (authored by ikloecker).
Set tooltip of push button and line edit
Aug 19 2021, 1:03 PM
Jakuje added a comment to T5550: Fix check_binary_integrity.

We have the same patch (including the hmac key and we use the switch. The reasoning on our side was to be compatible with fipscheck, but it is no longer used since last year and we use just the hmac256 tool:

Aug 19 2021, 12:52 PM · FIPS, libgcrypt
werner added a comment to T5550: Fix check_binary_integrity.

Just for the records, the whole HMAC thing including the special dlopen trick used to work fine when we did the original FIPS support.

Aug 19 2021, 12:35 PM · FIPS, libgcrypt
gniibe committed rCc9acca865ba4: hmac: Don't have the second implementation of hmac256. (authored by gniibe).
hmac: Don't have the second implementation of hmac256.
Aug 19 2021, 10:33 AM
gniibe committed rCc11788e5641b: fips: Don't use gcry_check_version for integrity check any more. (authored by gniibe).
fips: Don't use gcry_check_version for integrity check any more.
Aug 19 2021, 10:23 AM
gniibe committed rCf02dc5235e47: fips: Use a .rodata1 section integrity check with hmac256. (authored by gniibe).
fips: Use a .rodata1 section integrity check with hmac256.
Aug 19 2021, 10:17 AM
ikloecker added inline comments to rG661c2ae96699: agent: Use the sysconfdir for a pattern file..
Aug 19 2021, 9:23 AM
gniibe committed rC24aaded244a2: build: Generate hash for integrity check with hmac256 (2). (authored by gniibe).
build: Generate hash for integrity check with hmac256 (2).
Aug 19 2021, 3:54 AM

Aug 18 2021

Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

Right. The clarification is that SHA1 itself (for non-security and non-signature use) is still allowed in FIPS mode. But it is not allowed to be used as part of signature schemes of the new API in FIPS mode. The old API, which allows raw signatures without digests, should just fail in FIPS mode too. And the FIPS-compatible gnupg should use the new API too (it would be good to think about this when putting it together).

Aug 18 2021, 7:46 PM · Bug Report, FIPS, libgcrypt
Jakuje added a comment to T5523: jitter entropy RNG update.

For Linux and FIPS, we should be actually fine with using /dev/random or getrandom().

Aug 18 2021, 7:24 PM · FIPS, libgcrypt
werner committed rGb89b1f35c29c: agent: Ignore passphrase constraints for a generated passphrase. (authored by werner).
agent: Ignore passphrase constraints for a generated passphrase.
Aug 18 2021, 7:22 PM
werner committed rG661c2ae96699: agent: Use the sysconfdir for a pattern file. (authored by werner).
agent: Use the sysconfdir for a pattern file.
Aug 18 2021, 7:22 PM
werner closed T5559: libksba: possible NULL pointer dereference as Resolved.
Aug 18 2021, 6:22 PM · libksba, Bug Report
ikloecker moved T5535: Kleopatra: Check that accessibility is also supported for VS-NfD from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Aug 18 2021, 4:52 PM · Restricted Project, kleopatra
werner committed rKc242f31b6d52: Avoid warnings about NULL ptr deref in ASN.1 helpers. (authored by werner).
Avoid warnings about NULL ptr deref in ASN.1 helpers.
Aug 18 2021, 4:21 PM
werner triaged T5559: libksba: possible NULL pointer dereference as Low priority.

I added some asserts. However I doubt that it can be hit by LibKSBA. I also fixed a real bug related to VALTYPE_BOOL - but that is also not used in Libksba.

Aug 18 2021, 3:07 PM · libksba, Bug Report
Jakuje added a comment to T5540: Update fipsdrv and cavs_driver.pl.

The CAVS driver can be safely removed. The certification goes through the ACVP these days so it does not make sense to keep this.

Aug 18 2021, 12:46 PM · FIPS, libgcrypt
werner committed rG2e69ce878f89: agent: Improve the GENPIN callback. (authored by werner).
agent: Improve the GENPIN callback.
Aug 18 2021, 11:35 AM
Jakuje created T5559: libksba: possible NULL pointer dereference.
Aug 18 2021, 11:35 AM · libksba, Bug Report
werner committed rG9fb646660258: agent: Fix for zero length help string in pinentry hints. (authored by werner).
agent: Fix for zero length help string in pinentry hints.
Aug 18 2021, 11:31 AM
werner committed rG8ed79103474c: agent: Improve the GENPIN callback. (authored by werner).
agent: Improve the GENPIN callback.
Aug 18 2021, 11:31 AM
werner committed rG629f4a5cffb7: common,w32: Replace log_debug by log_info for InProcessJobs (authored by werner).
common,w32: Replace log_debug by log_info for InProcessJobs
Aug 18 2021, 11:30 AM
werner committed rGc622cf59fd5a: doc: Add sample texts for Pinentry hints (authored by werner).
doc: Add sample texts for Pinentry hints
Aug 18 2021, 11:30 AM
werner committed rP008fb9337a52: Accept percent escaped formatted-passphrase-hint option. (authored by werner).
Accept percent escaped formatted-passphrase-hint option.
Aug 18 2021, 11:30 AM
werner committed rG4855888c0a56: agent: Fix for zero length help string in pinentry hints. (authored by werner).
agent: Fix for zero length help string in pinentry hints.
Aug 18 2021, 10:22 AM
werner committed rGec2f1b38980a: common,w32: Replace log_debug by log_info for InProcessJobs (authored by werner).
common,w32: Replace log_debug by log_info for InProcessJobs
Aug 18 2021, 10:22 AM
ikloecker committed rP082abf916e06: doc: Change group size for passphrase formatting to five (authored by ikloecker).
doc: Change group size for passphrase formatting to five
Aug 18 2021, 10:14 AM
ikloecker committed rP5a6d70cf7d7b: qt: Change group size for passphrase formatting to 5 (authored by ikloecker).
qt: Change group size for passphrase formatting to 5
Aug 18 2021, 10:10 AM
gniibe committed rC3c89aad4a0d7: build: Generate hash for integrity check with hmac256. (authored by gniibe).
build: Generate hash for integrity check with hmac256.
Aug 18 2021, 5:51 AM
gniibe committed rCcbbdc015bf52: cipher: Fix the order of fields of gcry_md_context. (authored by gniibe).
cipher: Fix the order of fields of gcry_md_context.
Aug 18 2021, 5:51 AM
gniibe committed rC07c21dd7d134: hmac: Fix hmac256 command option handling. (authored by gniibe).
hmac: Fix hmac256 command option handling.
Aug 18 2021, 5:51 AM
gniibe committed rC709a41ef540e: hmac: Use xfree. (authored by gniibe).
hmac: Use xfree.
Aug 18 2021, 2:43 AM
gniibe added a comment to T5244: libgcrypt: Restrict MD5 use.

For use of SHA-1:

Aug 18 2021, 1:59 AM · Bug Report, FIPS, libgcrypt

Aug 17 2021

werner closed T5537: Use CSIDL_LOCAL_APPDATA for the socketdir as Resolved.

I have done tests with 2.2 and no problems showed up.

Aug 17 2021, 5:18 PM · Windows, Restricted Project, gnupg (gpg22)
aheinecke triaged T5558: GPGME: No error handling for symmetric encryption as Normal priority.
Aug 17 2021, 11:45 AM · gpgme
werner committed rG4dfa951a0a63: w32: Move socketdir to LOCAL_APPDATA (authored by werner).
w32: Move socketdir to LOCAL_APPDATA
Aug 17 2021, 11:05 AM
werner committed rG455ba49071de: agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient (authored by werner).
agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient
Aug 17 2021, 11:05 AM
werner committed rGc6a4a660fdb9: agent: New option --check-sym-passphrase-pattern. (authored by werner).
agent: New option --check-sym-passphrase-pattern.
Aug 17 2021, 11:05 AM
werner committed rG013f2e4672b1: gpgconf,w32: Print more registry diagnostics with --list-dirs. (authored by werner).
gpgconf,w32: Print more registry diagnostics with --list-dirs.
Aug 17 2021, 11:05 AM
werner committed rG9832566e4512: agent: Add checkpin inquiry for pinentry (authored by ikloecker).
agent: Add checkpin inquiry for pinentry
Aug 17 2021, 11:05 AM
werner committed rG8fff61de9433: common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry (authored by ikloecker).
common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry
Aug 17 2021, 11:05 AM
werner committed rG32fbdddf8b47: agent: New option --pinentry-formatted-passphrase (authored by ikloecker).
agent: New option --pinentry-formatted-passphrase
Aug 17 2021, 11:05 AM
werner committed rG5ca15e58b241: tools: Extend gpg-check-pattern. (authored by werner).
tools: Extend gpg-check-pattern.
Aug 17 2021, 11:05 AM
werner added a comment to T5244: libgcrypt: Restrict MD5 use.

(can't access that bug with my account)

Aug 17 2021, 9:38 AM · Bug Report, FIPS, libgcrypt
gniibe added a comment to T5520: Fix tests in FIPS mode.

For tests with FIPS mode enabled, I manually create the file .libgcrypt.so.20.hmac under src/.libs.

Aug 17 2021, 6:04 AM · FIPS, libgcrypt, Bug Report
gniibe added a project to T5520: Fix tests in FIPS mode: Restricted Project.
Aug 17 2021, 4:22 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5520: Fix tests in FIPS mode.

I pushed my further change.
Also, applied and pushed your changes.

Aug 17 2021, 4:21 AM · FIPS, libgcrypt, Bug Report
gniibe committed rC564e51fde711: dsa: Drop dead code (authored by Jakuje).
dsa: Drop dead code
Aug 17 2021, 4:21 AM
gniibe committed rC6e40fca72635: tests: Generating large-enough DSA keys works in FIPS mode (authored by Jakuje).
tests: Generating large-enough DSA keys works in FIPS mode
Aug 17 2021, 4:21 AM
gniibe committed rC034055ffdca2: rsa: Do not allow 1024 RSA keys in FIPS mode (authored by Jakuje).
rsa: Do not allow 1024 RSA keys in FIPS mode
Aug 17 2021, 4:21 AM
gniibe committed rC588b8bb6ef09: tests: Avoid confusing 'success' on error message (authored by Jakuje).
tests: Avoid confusing 'success' on error message
Aug 17 2021, 4:21 AM
gniibe committed rC2ae56abd0eb6: fips: Fix tests in fips mode and non-fips mode. (authored by gniibe).
fips: Fix tests in fips mode and non-fips mode.
Aug 17 2021, 4:10 AM
gniibe added a comment to T5520: Fix tests in FIPS mode.

Sorry, I didn't test for non-FIPS mode when I committed rC347817438990: fips: Fix tests in fips mode..
Tweaking the value for memory allocation is needed for FIPS mode, because it uses some secure memory by DRBG.

Aug 17 2021, 4:06 AM · FIPS, libgcrypt, Bug Report

Aug 16 2021

Laurent Montel <montel@kde.org> committed rLIBKLEOb3bb0ce3e49e: GIT_SILENT: add qch support (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add qch support
Aug 16 2021, 8:26 PM
Jakuje added a comment to T5244: libgcrypt: Restrict MD5 use.

I went a bit back to the history to figure out what is the enforced and soft fips mode as it was initially not completely clear to me. For the record, I used the following bug from 9 years ago:

Aug 16 2021, 7:11 PM · Bug Report, FIPS, libgcrypt
Jakuje added a comment to T5520: Fix tests in FIPS mode.

Tested the master on (faked) FIPS and non-FIPS Fedora and I created couple of more changes for master to work in FIPS mode:

gcrypt-fips.patch4 KBDownload

Aug 16 2021, 4:16 PM · FIPS, libgcrypt, Bug Report
ikloecker moved T5544: Kleopatra: Ensure that file encryption dialogs has shortcuts on all actions from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Aug 16 2021, 3:53 PM · kleopatra, Restricted Project
ikloecker committed rKLEOPATRAd87504e0cc72: Fix wrong button text when opening wizard (authored by ikloecker).
Fix wrong button text when opening wizard
Aug 16 2021, 3:53 PM
ikloecker committed rKLEOPATRAaa59b873a51b: Simplify code displaying compliance label next to buttons (authored by ikloecker).
Simplify code displaying compliance label next to buttons
Aug 16 2021, 3:53 PM
ikloecker committed rKLEOPATRA3c8a08ce2f2c: Remove superfluous call of setEncryptionPreset() (authored by ikloecker).
Remove superfluous call of setEncryptionPreset()
Aug 16 2021, 3:53 PM
ikloecker committed rKLEOPATRA76543bec5dc7: Enable "Encrypt with password" if keyring is empty (authored by ikloecker).
Enable "Encrypt with password" if keyring is empty
Aug 16 2021, 3:53 PM
ikloecker changed the status of T5545: Kleopatra: Select symmetric encryption by default if keyring is empty, a subtask of T5535: Kleopatra: Check that accessibility is also supported for VS-NfD, from Open to Testing.
Aug 16 2021, 3:52 PM · Restricted Project, kleopatra
ikloecker changed the status of T5545: Kleopatra: Select symmetric encryption by default if keyring is empty from Open to Testing.
Aug 16 2021, 3:52 PM · kleopatra, Restricted Project
ikloecker moved T5545: Kleopatra: Select symmetric encryption by default if keyring is empty from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Aug 16 2021, 3:52 PM · kleopatra, Restricted Project
Puntukas created T5557: Kleopatra window is not displayed correctly.
Aug 16 2021, 2:14 PM · can't replicate, Bug Report, gpg4win
werner triaged T5523: jitter entropy RNG update as Normal priority.
Aug 16 2021, 11:08 AM · FIPS, libgcrypt
ikloecker committed rPd285c2cb1f61: qt: Make sure the message box is centered on top of the pinentry (authored by ikloecker).
qt: Make sure the message box is centered on top of the pinentry
Aug 16 2021, 11:00 AM
ikloecker moved T5545: Kleopatra: Select symmetric encryption by default if keyring is empty from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Aug 16 2021, 10:59 AM · kleopatra, Restricted Project
ikloecker changed the status of T5543: pinentry-qt: Accessibility switch to repeat on enter from Open to Testing.
Aug 16 2021, 10:58 AM · pinentry, Restricted Project
ikloecker changed the status of T5543: pinentry-qt: Accessibility switch to repeat on enter, a subtask of T5535: Kleopatra: Check that accessibility is also supported for VS-NfD, from Open to Testing.
Aug 16 2021, 10:58 AM · Restricted Project, kleopatra
ikloecker moved T5543: pinentry-qt: Accessibility switch to repeat on enter from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Aug 16 2021, 10:57 AM · pinentry, Restricted Project
ikloecker added a comment to T5552: Key information loading is sometimes very slow. Suspected that the problem originated from gnupg..

keyserver hkps://hkps.pool.sks-keyservers.net:80 is problematic.

Aug 16 2021, 10:40 AM · FAQ, Keyserver, gnupg
gniibe updated the task description for T5556: Use of offsetof is better for allocation of flexible array.
Aug 16 2021, 10:17 AM · gnupg24, gpgme, libgcrypt
gniibe created T5556: Use of offsetof is better for allocation of flexible array.
Aug 16 2021, 10:17 AM · gnupg24, gpgme, libgcrypt
Saturneric added a comment to T5552: Key information loading is sometimes very slow. Suspected that the problem originated from gnupg..
###+++--- GPGConf ---+++###
allow-version-check
keyserver hkps://hkps.pool.sks-keyservers.net:80
###+++--- GPGConf ---+++### 2021/5/8 14:18:58
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
Aug 16 2021, 9:43 AM · FAQ, Keyserver, gnupg
gniibe changed the status of T5244: libgcrypt: Restrict MD5 use from Open to Testing.

Since I think there is no reason why checking _gcry_enforced_fips_mode () here, I remove the check.

Aug 16 2021, 9:23 AM · Bug Report, FIPS, libgcrypt
werner added a comment to T5552: Key information loading is sometimes very slow. Suspected that the problem originated from gnupg..

Did you restart dirmngr? ("gpgconf --kill dirmngr" so it will be started on demand).

Aug 16 2021, 9:00 AM · FAQ, Keyserver, gnupg
gniibe committed rCacc1598ea891: cipher: Raise an error for non-approved digests correctly. (authored by gniibe).
cipher: Raise an error for non-approved digests correctly.
Aug 16 2021, 5:43 AM
gniibe committed rC44c7c41af21c: tests: Skip tests when FIPS for keygrip computations. (authored by gniibe).
tests: Skip tests when FIPS for keygrip computations.
Aug 16 2021, 5:43 AM
gniibe added a comment to T5244: libgcrypt: Restrict MD5 use.

Applied by rC0f118c2dfb8e: cipher: Do not use of non-approved digests in FIPS mode.

Aug 16 2021, 4:40 AM · Bug Report, FIPS, libgcrypt
Saturneric added a comment to T5552: Key information loading is sometimes very slow. Suspected that the problem originated from gnupg..
debug network,dns,ipc
log-file C:\Users\Administrator\dirmgr.log

I wrote this in my dirmngr.conf. But i haven't found this .log file.

Aug 16 2021, 4:28 AM · FAQ, Keyserver, gnupg
gniibe committed rC347817438990: fips: Fix tests in fips mode. (authored by gniibe).
fips: Fix tests in fips mode.
Aug 16 2021, 3:51 AM
gniibe added a comment to rM3c1c98a43413: core: Use flexible array member if compiler has support..

There are two things here.
(1) Use of [] (FLEXIBLE_ARRAY_MEMBER)
(2) Use of offsetof (instead of sizeof) for computation of size of allocation.

Aug 16 2021, 2:37 AM

Aug 15 2021

Laurent Montel <montel@kde.org> committed rKLEOPATRA81bb8ed2ebbf: GIT_SILENT: future kf5 will depend against qt5.15.2, we will depend against it… (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: future kf5 will depend against qt5.15.2, we will depend against it…
Aug 15 2021, 7:16 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO1accdf6f73c9: GIT_SILENT: future kf5 will depend against qt5.15.2, we will depend against it… (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: future kf5 will depend against qt5.15.2, we will depend against it…
Aug 15 2021, 7:11 PM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd859bcf3dac9: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Aug 15 2021, 3:24 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA7096168abc68: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Aug 15 2021, 2:20 AM

Aug 14 2021

cnp1234 added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

Based on the info about this being caused by the added support of PIV, I poked around on the docs at https://gnupg.org/documentation/manuals/gnupg/gpg_002dcard.html and noticed the disable-application stuff. I added "disable-application piv" to ~/.gnupg/scdaemon.conf and the behavior went back to pin caching working as before. Since I don't use PIV, this is an acceptable workaround for me.

Aug 14 2021, 9:05 PM · gnupg24, yubikey, Bug Report
Laurent Montel <montel@kde.org> committed rLIBKLEO5733f199c71b: GIT_SILENT: clang-tidy: one declaration per line; braces around statements (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: clang-tidy: one declaration per line; braces around statements
Aug 14 2021, 7:57 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO6ffc69c5f4df: GIT_SILENT: switch to KDECompilerSettings + CMAKE_CXX_STANDARD already setted (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: switch to KDECompilerSettings + CMAKE_CXX_STANDARD already setted
Aug 14 2021, 5:32 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA75adf8001da7: GIT_SILENT: switch to KDECompilerSettings + CMAKE_CXX_STANDARD already setted (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: switch to KDECompilerSettings + CMAKE_CXX_STANDARD already setted
Aug 14 2021, 5:31 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRAe8593f9adce0: GIT_SILENT: switch to KDECompilerSettings + CMAKE_CXX_STANDARD already setted (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: switch to KDECompilerSettings + CMAKE_CXX_STANDARD already setted
Aug 14 2021, 5:25 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO27c9b83fb452: GIT_SILENT: time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to increase version
Aug 14 2021, 1:48 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRAfccc046cf9cb: GIT_SILENT: time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to increase version
Aug 14 2021, 1:45 PM
werner triaged T5555: Cannot add existing ECDSA key as a signing subkey as High priority.
Aug 14 2021, 1:25 PM · gnupg24, Bug Report
smlx renamed T5555: Cannot add existing ECDSA key as a signing subkey from Cannot use existing key to add ECDSA signing subkey to Cannot add existing ECDSA key as a signing subkey.
Aug 14 2021, 7:53 AM · gnupg24, Bug Report
smlx created T5555: Cannot add existing ECDSA key as a signing subkey.
Aug 14 2021, 7:53 AM · gnupg24, Bug Report

Aug 13 2021

calestyo added a comment to T5554: support symmetric encryption with multiple passphrases.

At first I've had simply tried to give multiple --symmetric options (which of course didn't work).

Aug 13 2021, 11:27 PM · symmetric, gnupg, Feature Request
First
Prev
Next