Feed All Stories
Jun 16 2023
Jun 16 2023
• werner committed rA4bfcd8a0f6f3: server: Wipe out the memory used by assuan_inquire if CONFIDENTIAL. (authored by • gniibe).
server: Wipe out the memory used by assuan_inquire if CONFIDENTIAL.
Next release will be 3.0
• werner committed rA049b8001f163: Flush data before clearing the confidential flag. (authored by • werner).
Flush data before clearing the confidential flag.
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
I found this use case: RFC 8702
"Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)": https://www.rfc-editor.org/rfc/rfc8702.html
• gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Another possibility for digest&sign API: it is possible to determine the length of required hash function by the underlining field Fp of the curve in use. Then, use this length instead. It's better than to (try to) get the length by _gcry_md_get_algo_dlen (for SHAKE, it's undefined).
Fixed in both of master and 1.10 branch.
• gniibe committed rC70b1b036f3ee: tests: Allow KDF measurement in FIPS mode. (authored by • gniibe).
tests: Allow KDF measurement in FIPS mode.
• gniibe committed rCf4bff832c7f5: cipher:kdf: Move FIPS mode check to _gcry_kdf_derive. (authored by • gniibe).
cipher:kdf: Move FIPS mode check to _gcry_kdf_derive.
• gniibe changed the status of T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution from Open to Testing.
• gniibe claimed T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution.
For libgcrypt, initially when the code was put, it made some sense.
Now, it's useless, so, let's simply remove the message.
• gniibe committed rC6c79dcddd151: Remove out of core handler setting message in FIPS mode. (authored by • gniibe).
Remove out of core handler setting message in FIPS mode.
cipher:ecc: Implement PCT for EdDSA.
• gniibe committed rC97f4a94d5960: build: Detect broken GCC for x86/AVX512 intrinsics. (authored by • gniibe).
build: Detect broken GCC for x86/AVX512 intrinsics.
cipher:ecc: Add selftests for EdDSA.
tests: EdDSA keys work in FIPS mode
ecc: Enable Ed25519 and Ed448 in FIPS mode
l10n daemon script <scripty@kde.org> committed rKLEOPATRA349e93a64322: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jun 15 2023
Jun 15 2023
• werner moved T6477: WKD redirects and dirmngr redirect rewriting from WiP to QA on the gnupg24 board.
• werner added a comment to T6477: WKD redirects and dirmngr redirect rewriting.
I have now disabled the rewriting in the 2.4 branch. Those who want to keep the old behaviour may add
• werner committed rG0a63afc79a04: dirmngr: Disable the HTTP redirect rewriting. (authored by • werner).
dirmngr: Disable the HTTP redirect rewriting.
• werner committed rGbf04b07327a5: dirmngr: New option --compatibility-flags. (authored by • werner).
dirmngr: New option --compatibility-flags.
• werner moved T6477: WKD redirects and dirmngr redirect rewriting from Backlog to WiP on the gnupg24 board.
• werner lowered the priority of T6524: Kleopatra / Gpgtar: Cancel does not kill the job from Unbreak Now! to High.
gpgsm: New option --input-size-hint.
• werner committed rG2178f35dffdc: gpg: New option --no-compress as alias for -z0. (authored by • werner).
gpg: New option --no-compress as alias for -z0.
gpgtar: New option --no-compress.
mlaurent committed rKLEOPATRA05d5f20d7629: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
• ikloecker committed rKLEOPATRA04adbffa2aee: Add missing getter for output file name (authored by • ikloecker).
Add missing getter for output file name
• ebo closed T6154: Kleopatra: Assert in CertifyCertificateCommand after setting ownertrust of key as Resolved.
could not trigger it with the described steps on windows
• ikloecker committed rKLEOPATRAa15434ddc59b: Check for existing files before starting any encryption tasks (authored by • ikloecker).
Check for existing files before starting any encryption tasks
• ikloecker committed rKLEOPATRA31f84464df70: Only ask the user for overwrite permission if file exists (authored by • ikloecker).
Only ask the user for overwrite permission if file exists
• ikloecker committed rKLEOPATRA2a304b8f5a08: Use custom label text only for progress label (authored by • ikloecker).
Use custom label text only for progress label
• ikloecker committed rKLEOPATRAd4a5f9c2512e: Let OverwritePolicy take care of asking users whether to overwrite a file (authored by • ikloecker).
Let OverwritePolicy take care of asking users whether to overwrite a file
• ikloecker committed rKLEOPATRA9c9027f85254: Fix removing of temporary files with UNC paths (authored by • ikloecker).
Fix removing of temporary files with UNC paths
core: Send a input-size-hint for gpgsm.
works for 4,1 GB, too.
(Tested with Gpg4win-4.2.0-beta346)
• ebo moved T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Restricted Project Column to Restricted Project Column on the Restricted Project board.
gpgsm: Fix last commit
• ikloecker changed the status of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Testing to Open.
Move back to the backlog and trigger re-evalutation of priority (which was high).
• ikloecker changed the status of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination, a subtask of T5478: Kleopatra: Performance problems decrypting and encrypting large Archives, from Testing to Open.
• werner moved T6534: gpg's progress_filter needs to use uint64_t from WiP to QA on the gnupg24 board.
Jun 15 2023, 11:21 AM · gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.3), Feature Request, Restricted Project, Windows
kbx,w32: Disable the fd-passing.
gpgtar: Emit FAILURE status line.
• werner committed rG5f46bcaaa082: sm: Emit STATUS_FAILURE for non-implemented commands. (authored by • werner).
sm: Emit STATUS_FAILURE for non-implemented commands.
• werner committed rG48b56485548e: common,w32: Set a proper error code when creating an output file. (authored by • werner).
common,w32: Set a proper error code when creating an output file.
• werner committed rG6657230f9ee4: w32: Add missing supportedOS Ids for Windows-10 (authored by • werner).
w32: Add missing supportedOS Ids for Windows-10
• werner committed rG3fbe10172f0a: w32: Add missing manifests and set a requestedExecutionLevel. (authored by • werner).
w32: Add missing manifests and set a requestedExecutionLevel.
• werner committed rG80097bc78bf7: gpg: Return ERROR status for --quick-sign-key. (authored by • werner).
gpg: Return ERROR status for --quick-sign-key.
po: Update Japanese Translation.
• gniibe committed rG6a2cb8cfd714: agent,w32: Fix resource leak for a process. (authored by • gniibe).
agent,w32: Fix resource leak for a process.
gpg: Skip keys found via ADSKs.
common: New function nve_set
• werner committed rG14828c75be10: gpg: Fix searching for the ADSK key when adding an ADSK. (authored by • werner).
gpg: Fix searching for the ADSK key when adding an ADSK.
• werner committed rG13013ec1c0d3: agent: Create and use Token entries to track the display s/n. (authored by • werner).
agent: Create and use Token entries to track the display s/n.
• werner committed rG05f29b5c7caa: agent: Update key files by first writing to a temp file. (authored by • werner).
agent: Update key files by first writing to a temp file.
• werner committed rGa1015bf2fc07: agent: Do not overwrite a key file by a shadow key file. (authored by • werner).
agent: Do not overwrite a key file by a shadow key file.
Prepare the NEWS for the next release
po: Translated one new string to German.
po: msgmerge done
Post release updates
Release 2.4.2
po: Update Czech translation
• werner committed rGc8f6fdcd359a: build: Always build the wixlib with a release (authored by • werner).
build: Always build the wixlib with a release
doc: Replace remaining "gpg2" by "gpg".
• werner committed rGbaa88832153d: gpg: Set default expiration date to 3 years. (authored by • werner).
gpg: Set default expiration date to 3 years.
• werner committed rGc68dd2287237: gpg: Add --list-filter properties key_expires and key_expires_d. (authored by • werner).
gpg: Add --list-filter properties key_expires and key_expires_d.
common: New function substitute_vars.
dirmngr: Extend the AD_QUERY command.
• werner committed rG695cb04af521: gpg: Print status line and proper diagnostics for write errors. (authored by • werner).
gpg: Print status line and proper diagnostics for write errors.
w32: Map ERROR_FILE_INVALID to EIO.
speedo,w32: Call gpgconf --kill all
• werner committed rG808494b48577: gpg: Make progress work for large files on Windows. (authored by • werner).
gpg: Make progress work for large files on Windows.
gpgsm: Print PROGRESS status lines.
• werner committed rM8796456d235d: tests: Add option --cancel to run-encrypt. (authored by • werner).
tests: Add option --cancel to run-encrypt.
• werner committed rMeb68948c4388: core: Use 64 bit instead of gpgme_off_t for some internal functions. (authored by • werner).
core: Use 64 bit instead of gpgme_off_t for some internal functions.
And of course we also need to adjust GPGME
Jun 15 2023, 10:58 AM · gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.3), Feature Request, Restricted Project, Windows
• werner added a comment to T6534: gpg's progress_filter needs to use uint64_t.
We also need PROGRESS lines in gpgsm.
Jun 15 2023, 10:36 AM · gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.3), Feature Request, Restricted Project, Windows
cipher:ecc: Fix EdDSA secret key check.
context: Make the context chain-able.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA131d4ddcfa01: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
• gniibe added a comment to rCc160e1a85f82: cipher:pubkey: Fix non-use of flexible array member..
I agree that the "future" won't come, ever. (for libgcrypt)
Jun 14 2023
Jun 14 2023
works
• werner added a project to T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag: Bug Report.
Jun 14 2023, 12:39 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report, S/MIME, Restricted Project
Jun 14 2023, 12:36 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report, S/MIME, Restricted Project
works
• ebo added a comment to T6473: Kleopatra: "Change Validity" does ignore the option "Also update the validity period of the subkeys".
It does not work as described for subkeys with later expiry dates if the primary key has already expired:
Change validity on the 12th for that key results in:
• werner added a comment to rCc160e1a85f82: cipher:pubkey: Fix non-use of flexible array member..
I doubt that we will ever be able to use the flexible array thingy. The old pattern has been used for nearly 50 years and replacing it will just introduce bugs.
Do you use offsetof for that reason?
• gniibe committed rCc160e1a85f82: cipher:pubkey: Fix non-use of flexible array member. (authored by • gniibe).
cipher:pubkey: Fix non-use of flexible array member.
• gniibe committed rC86fcf8292208: cipher:ecc: Support gcry_pk_hash_sign/verify for EdDSA. (authored by • gniibe).
cipher:ecc: Support gcry_pk_hash_sign/verify for EdDSA.
• gniibe added a comment to T6511: EdDSA support in FIPS mode.
I found that for EdDSA other than pure Ed25519, it can supply context.
I changed the semantics and API for adding context and input data, as we need to support both simultaneously.