Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Apr 17 2023

jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

I'll add documentation about GCRYCTL_SET_ALLOW_WEAK_KEY which was missing from be original commit.

Apr 17 2023, 8:36 AM · Debian, libgcrypt, Bug Report
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

tests/basic now actually fail because setkey not returning GPG_ERR_WEAK_KEY for weak keys with GCRYCTL_SET_ALLOW_WEAK_KEY.

Apr 17 2023, 8:34 AM · Debian, libgcrypt, Bug Report
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

That's right. With GCRYCTL_SET_ALLOW_WEAK_KEY, setkey still returns GPG_ERR_WEAK_KEY when weak key is detected. However, cipher handle can still be used as if setkey succeeded.

Apr 17 2023, 8:31 AM · Debian, libgcrypt, Bug Report
werner committed rD81a281183ff9: Eliminare denoting (authored by olf).
Eliminare denoting
Apr 17 2023, 8:27 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEOc8576c463270: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 17 2023, 7:15 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd49b675ed36e: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 17 2023, 7:13 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEOc87e327d90e2: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 17 2023, 4:55 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA169b0849e0f4: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 17 2023, 4:52 AM
gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

To minimize the impact of the change, I updated:

diff --git a/g10/import.c b/g10/import.c
index 1ed40a63c..345e8cc75 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2955,9 +2955,23 @@ do_transfer (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
 {
   gpg_error_t err;
   struct import_stats_s subkey_stats = {0};
+  int force = 0;
+  int already_exist = agent_probe_secret_key (ctrl, pk);
+
+#ifndef OK_TO_CHANGE_ERROR_BEHAVIOR
+  if (already_exist == 1)
+    return gpg_error (GPG_ERR_EEXIST);
+#endif
+  if (already_exist == 2)
+    {
+      if (!opt.quiet)
+        log_info (_("key %s: card reference is overridden by key material\n"),
+                  keystr_from_pk (pk));
+      force = 1;
+    }
Apr 17 2023, 4:05 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.

Reading the commit rC5beadf201312: Add gcry_cipher_ctl command to allow weak keys in testing use-cases,
The test code in basic.c assumes that it is an application responsibility to confirm&ignore GPG_ERR_WEAK_KEY error when using GCRYCTL_SET_ALLOW_WEAK_KEY.

Apr 17 2023, 2:50 AM · Debian, libgcrypt, Bug Report

Apr 16 2023

werner committed rC30840c2c45d7: cipher: Fix edge case for SET_ALLOW_WEAK_KEY. (authored by werner).
cipher: Fix edge case for SET_ALLOW_WEAK_KEY.
Apr 16 2023, 8:57 PM
werner triaged T6449: Support fetching S/MIME certificates over DNS via SMIMEA record as Wishlist priority.
Apr 16 2023, 8:34 PM · Feature Request, dirmngr
werner triaged T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY as Low priority.

Thanks for the report. Fix is easy. I only wonder why you want to use a weak DES key.

Apr 16 2023, 8:31 PM · Debian, libgcrypt, Bug Report
l10n daemon script <scripty@kde.org> committed rKLEOPATRA59f3ff9a0a46: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Apr 16 2023, 5:27 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA9b5171818311: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Apr 16 2023, 4:49 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA954d9265f4c0: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 16 2023, 4:01 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO07d4b170000a: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 16 2023, 4:01 AM

Apr 15 2023

l10n daemon script <scripty@kde.org> committed rLIBKLEO3743e27fd9ed: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 15 2023, 5:40 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO9255704c1741: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 15 2023, 4:03 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd1f1451465f3: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Apr 15 2023, 3:43 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA71455c760b6d: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Apr 15 2023, 2:51 AM

Apr 14 2023

centaurioun added a member for gpg4win: centaurioun.
Apr 14 2023, 8:04 PM
ikloecker committed rLIBKLEO0d62dfbe9caf: Fix copy&paste errors in test (authored by ikloecker).
Fix copy&paste errors in test
Apr 14 2023, 6:29 PM
Wolff17 created T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
Apr 14 2023, 6:17 PM · Debian, libgcrypt, Bug Report
ikloecker committed rLIBKLEO686670a7769e: Make expiration duration the actual days until/since expiry (authored by ikloecker).
Make expiration duration the actual days until/since expiry
Apr 14 2023, 5:44 PM
ikloecker committed rLIBKLEO7ead2b27093a: Add parent argument to c'tor of ExpiryChecker (authored by ikloecker).
Add parent argument to c'tor of ExpiryChecker
Apr 14 2023, 5:44 PM
mlaurent committed rLIBKLEOdd4f9f054633: Fix compile against kpim6 (authored by mlaurent).
Fix compile against kpim6
Apr 14 2023, 5:14 PM
mlaurent committed rLIBKLEO5d8d2f77b095: Merge branch 'master' into kf6 (authored by mlaurent).
Merge branch 'master' into kf6
Apr 14 2023, 5:14 PM
ebo closed T6214: Kleopatra allows to export a subkey which has only a stub. as Resolved.

works

Apr 14 2023, 3:59 PM · Bug Report, Restricted Project, kleopatra
ebo created T6450: Kleopatra: add possibility to change filename if it already exists.
Apr 14 2023, 3:18 PM · Feature Request, kleopatra
mlaurent committed rKLEOPATRA94d3ed30dc49: Merge branch 'master' into kf6 (authored by mlaurent).
Merge branch 'master' into kf6
Apr 14 2023, 1:52 PM
pert updated pert.
Apr 14 2023, 12:51 PM
pert created T6449: Support fetching S/MIME certificates over DNS via SMIMEA record.
Apr 14 2023, 12:50 PM · Feature Request, dirmngr
gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

Changes may be something like:

diff --git a/g10/import.c b/g10/import.c
index 1ed40a63c..91ff0c8ec 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2706,6 +2706,20 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
           goto leave;
         }
Apr 14 2023, 9:20 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe committed rPTHfc7ee9524991: w32: Fix npth_rwlock_destroy. (authored by gniibe).
w32: Fix npth_rwlock_destroy.
Apr 14 2023, 8:09 AM
gniibe edited projects for T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before, added: Restricted Project; removed Info Needed.
Apr 14 2023, 8:07 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe merged T3391: cannot import subkey that was once marked to be on a card into T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Apr 14 2023, 8:05 AM · gnupg22 (gnupg-2.2.42), Restricted Project
gniibe merged task T3391: cannot import subkey that was once marked to be on a card into T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Apr 14 2023, 8:05 AM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report
l10n daemon script <scripty@kde.org> committed rLIBKLEObded34664056: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Apr 14 2023, 3:52 AM

Apr 13 2023

ikloecker added a comment to T6437: Kleopatra: sign/encrypt folder results in general error.

gpg_encrypt (engine-gpg.c) passes --output - to gpg, i.e. it reads the result of gpg --encrypt from stdout unless I misread this. Not sure, why this seems to work on Windows. The real problem is probably something completely different.

Apr 13 2023, 3:26 PM · gpgme (gpgme 1.23.x), Bug Report, Restricted Project
ebo added a comment to T3391: cannot import subkey that was once marked to be on a card.

isn't T3456 the same issue?

Apr 13 2023, 2:57 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report
ikloecker committed rLIBKLEO4ab6b65227fd: Fix build (authored by ikloecker).
Fix build
Apr 13 2023, 2:55 PM
ebo added a project to T3391: cannot import subkey that was once marked to be on a card: Restricted Project.
Apr 13 2023, 2:50 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report
ikloecker committed rLIBKLEOd2aa6694b83a: Make checkKey return the result of the expiry check (authored by ikloecker).
Make checkKey return the result of the expiry check
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEOe3334efc7cd8: Extract checking for threshold to helper (authored by ikloecker).
Extract checking for threshold to helper
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEOed8cf6b6d3e4: Remove superfluous check for positive threshold (authored by ikloecker).
Remove superfluous check for positive threshold
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO56ec6bd9b8de: Do not stop checking if certificate in chain never expires (authored by ikloecker).
Do not stop checking if certificate in chain never expires
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO60f6ceda94fa: Test with different durations since expiration (authored by ikloecker).
Test with different durations since expiration
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO04b35e005e58: Do not check certificates in circular chains twice (authored by ikloecker).
Do not check certificates in circular chains twice
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO99827ffcaf5a: Add flag to request check of certificate chain (authored by ikloecker).
Add flag to request check of certificate chain
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEOb0564325d824: Remove bogus semicolons from expiry messages (authored by ikloecker).
Remove bogus semicolons from expiry messages
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO6ee2255bf189: Make expiry checker more robust in case of a circular certificate chain (authored by ikloecker).
Make expiry checker more robust in case of a circular certificate chain
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO16fa85c09a95: Use a loop instead of recursion to check the certificate chain (authored by ikloecker).
Use a loop instead of recursion to check the certificate chain
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO335d1fcf7667: Make expiry notification thresholds configurable (authored by ikloecker).
Make expiry notification thresholds configurable
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO86f4904e43e1: Wrap the four thresholds in a simple object (authored by ikloecker).
Wrap the four thresholds in a simple object
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO16ba827ee333: Replace different check methods with a single method (authored by ikloecker).
Replace different check methods with a single method
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEOf40d54c9e19a: Use the appropriate std::chrono type for the thresholds (authored by ikloecker).
Use the appropriate std::chrono type for the thresholds
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEOd8b3a59bab3f: Use the key cache instead of repeated key list jobs in the test (authored by ikloecker).
Use the key cache instead of repeated key list jobs in the test
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEOa8d3694243bc: Test ExpiryChecker without accessing private data (authored by ikloecker).
Test ExpiryChecker without accessing private data
Apr 13 2023, 2:17 PM
ikloecker committed rLIBKLEO83905d1b3814: Add ExpiryChecker (authored by ikloecker).
Add ExpiryChecker
Apr 13 2023, 2:17 PM
ebo added a comment to T6378: keytocard: invalid value.

my Yubikey works, too, if I disable PIV. With enabled PIV:

Apr 13 2023, 11:47 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner added a comment to T6437: Kleopatra: sign/encrypt folder results in general error.

On Windows we always use --status-fd=1 but with gpg it is not a problem because we use a differenrt fd for output.

Apr 13 2023, 10:58 AM · gpgme (gpgme 1.23.x), Bug Report, Restricted Project
werner committed rE770a01e6dc52: Update autogen.sh to better support gpg4win (authored by werner).
Update autogen.sh to better support gpg4win
Apr 13 2023, 10:07 AM
heirecka committed rKLEOPATRAfb39c3e1d26d: Add Framework dependencies to .kde-ci.yml (authored by heirecka).
Add Framework dependencies to .kde-ci.yml
Apr 13 2023, 9:01 AM
gniibe closed T5460: Migration for ABI change (newer mingw) as Resolved.
Apr 13 2023, 5:09 AM · gpg4win, Windows
gniibe added a comment to T5460: Migration for ABI change (newer mingw).

Fixed by rGfcbb849c26e9: speedo: Fix regression due to switching from gcc 8.3 to 10.2 for zlib build.

Apr 13 2023, 5:09 AM · gpg4win, Windows
gniibe closed T5897: Fix MinGW compilation error with 'struct _stat32' in common/sysutils.c from gnupg-2.3.4 as Resolved.
Apr 13 2023, 5:07 AM · gnupg24, toolchain, Feature Request, patch
gniibe closed T5891: EOPNOTSUPP is not defined in mingw.org's MinGW, fails compilation of libgcrypt-1.10.0 as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:47 AM · backport, libgcrypt, Bug Report
gniibe closed T5973: libgcrypt: Minor test issues reported by coverity as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:47 AM · backport, patch, libgcrypt, Bug Report
gniibe closed T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd') as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:46 AM · backport, hppa, libgcrypt, Gentoo, Bug Report
gniibe closed T5980: compilation error libgcrypt 1.10.1 as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:46 AM · backport, ppc, AIX, libgcrypt, Bug Report
gniibe closed T6432: libgcrypt - flag munging does not account for -Oz as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:40 AM · Bug Report
gniibe closed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:39 AM · backport, libgcrypt, Bug Report
gniibe closed T6239: gnugp 2.3.8 fails to build with --disable-ldap as Resolved.
Apr 13 2023, 3:37 AM · gnupg, Bug Report
gniibe closed T6384: libgcrypt link error if cipher chacha20 is not included as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:37 AM · patch, libgcrypt, Bug Report
gniibe closed T6417: FIPS service indicator regarding the public key algorithm flags and objects as Resolved.
Apr 13 2023, 3:33 AM · libgcrypt, FIPS
gniibe closed T6219: Ensure minimum key length for KDF in FIPS mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:31 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF as Resolved.
Apr 13 2023, 3:31 AM · backport, libgcrypt, FIPS
gniibe closed T5512: Implement service indicators as Resolved.
Apr 13 2023, 3:22 AM · Feature Request, FIPS, libgcrypt
gniibe closed T6048: Test suite fixes with --enable-pubkey-ciphers=ecc as Resolved.
Apr 13 2023, 3:21 AM · FIPS, libgcrypt
gniibe closed T5975: Allow signature verification using specific RSA keys <2k in FIPS mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:20 AM · backport, patch, libgcrypt, FIPS, Feature Request
gniibe closed T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:20 AM · backport, FIPS, libgcrypt
gniibe closed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:19 AM · backport, FIPS, libgcrypt, Bug Report
gniibe closed T6127: FIPS 140-3 final review comments as Resolved.
Apr 13 2023, 3:17 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6394: FIPS requires running PCT tests unconditionally as Resolved.
Apr 13 2023, 3:17 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6127: FIPS 140-3 final review comments.

Fixed in 1.10.2.

Apr 13 2023, 3:16 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:16 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T6394: FIPS requires running PCT tests unconditionally.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · FIPS, libgcrypt, Bug Report
gniibe closed T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6397: PCT failures inconsistency in regards to the FIPS error state as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:15 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6417: FIPS service indicator regarding the public key algorithm flags and objects.

Fixed in 1.10.2.

Apr 13 2023, 3:14 AM · libgcrypt, FIPS
gniibe closed T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:13 AM · libgcrypt, Feature Request, Ubuntu, Debian, FIPS
gniibe closed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode as Resolved.
Apr 13 2023, 3:12 AM · backport, libgcrypt, FIPS, Bug Report
gniibe closed T5970: gcry_mpi_invm producing wrong result as Resolved.

Fixed in 1.10.2.

Apr 13 2023, 3:11 AM · backport, libgcrypt, Bug Report
gniibe closed T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config), a subtask of T5683: Deprecation of gpg-error-config, as Resolved.
Apr 13 2023, 3:10 AM · gpgrt
gniibe closed T6204: gpgme:python Fix setup.py, using pkg-config (not deprecated gpg-error-config and gpgme-config) as Resolved.

Fixed in 1.19.0.

Apr 13 2023, 3:10 AM · Python, gpgme
gniibe closed T6273: AM_PATH_GPGME requires preceding invocation of AM_PATH_GPG_ERROR as Resolved.

Fixed in 1.19.0.

Apr 13 2023, 3:09 AM · gpgme, Bug Report
gniibe closed T6274: documentation needs update for replacing gpgme-config as Resolved.

Fixed in 1.19.0.

Apr 13 2023, 3:08 AM · Documentation, gpgme, Bug Report

Apr 12 2023

debohman added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.

This problem was introduced by commit cf10c74bd9d5aa80798f1c0e23a9126f381b26b3. Perhaps that change should be backed out in the interim so that a portable fix can be considered for the original issue?

Apr 12 2023, 11:25 PM · MacOS, libgcrypt, Bug Report
dj_winston updated dj_winston.
Apr 12 2023, 9:26 PM
First
Prev
Next