Page MenuHome GnuPG
People gniibe

gniibe (NIIBE Yutaka)
UserAdministrator

Projects (9)
View All

User Details

User Since
Mar 27 2017, 4:47 PM (420 w, 4 d)
Roles
Administrator
Availability
Busy Busy until Apr 6 2031.

Recent Activity
View All

Today

gniibe added a comment to T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.

IIUC, it's GCC 8 which starts the support of __nonstring__ attribute.

Fri, Apr 18, 4:26 AM · libgcrypt, Bug Report
gniibe set External Link to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117178 on T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Fri, Apr 18, 4:25 AM · libgcrypt, Bug Report
gniibe claimed T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Fri, Apr 18, 4:13 AM · libgcrypt, Bug Report
gniibe created T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later.
Fri, Apr 18, 4:12 AM · libgcrypt, Bug Report

Thu, Apr 10

gniibe committed rC32f848ef9dca: mpi:ec: Set GCRYECC_FLAG_LEAST_LEAK, calling mpi_ec_mul_point_lli. (authored by gniibe).
mpi:ec: Set GCRYECC_FLAG_LEAST_LEAK, calling mpi_ec_mul_point_lli.
Thu, Apr 10, 2:17 AM

Wed, Apr 9

gniibe committed rE32475a7868f5: Use gpgrt_stream_t for the API of gpgrt_nvc_*. (authored by gniibe).
Use gpgrt_stream_t for the API of gpgrt_nvc_*.
Wed, Apr 9, 2:29 AM

Mon, Apr 7

gniibe changed the status of T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from Open to Testing.

Fix pushed by: rG1ed8b0e7b403: dirmngr: Fix libdns with 127.0.0.1.

Mon, Apr 7, 4:45 AM · gnupg24, dirmngr
gniibe committed rG1ed8b0e7b403: dirmngr: Fix libdns with 127.0.0.1. (authored by gniibe).
dirmngr: Fix libdns with 127.0.0.1.
Mon, Apr 7, 4:44 AM
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

For Linux kernel, once, it was proposed:
https://patchwork.ozlabs.org/project/netdev/patch/1490748756.24891.27.camel@edumazet-glaptop3.roam.corp.google.com/

Mon, Apr 7, 4:10 AM · gnupg24, dirmngr
gniibe added a comment to T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1.

Another problem with same cause (possibly) is reported: https://lists.gnupg.org/pipermail/gnupg-devel/2025-April/035845.html

Mon, Apr 7, 3:56 AM · gnupg24, dirmngr

Mon, Mar 31

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Pushed all changes to master.

Mon, Mar 31, 6:27 AM · libgcrypt, Bug Report
gniibe committed rCd1c471c78d6f: mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky. (authored by gniibe).
mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky.
Mon, Mar 31, 5:02 AM
gniibe committed rC0680408b3751: mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli. (authored by gniibe).
mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli.
Mon, Mar 31, 5:02 AM
gniibe committed rC4f56fd8c5e03: mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK.
Mon, Mar 31, 5:02 AM
gniibe committed rC794b8e7378e8: mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK.
Mon, Mar 31, 5:02 AM
gniibe committed rC6419bd17f034: cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK. (authored by gniibe).
cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK.
Mon, Mar 31, 5:02 AM
gniibe committed rC5e3dbfb8233d: mpi:ec: Refactor _gcry_mpi_ec_mul_point (authored by gniibe).
mpi:ec: Refactor _gcry_mpi_ec_mul_point
Mon, Mar 31, 5:02 AM
gniibe committed rCd698ed5386e8: mpi:ec: Keep A untouched in ec_get_a_is_pminus3. (authored by gniibe).
mpi:ec: Keep A untouched in ec_get_a_is_pminus3.
Mon, Mar 31, 5:02 AM
gniibe committed rC16c6936c811a: mpi:ec: Remove runtime check in ec_mod. (authored by gniibe).
mpi:ec: Remove runtime check in ec_mod.
Mon, Mar 31, 5:02 AM
gniibe committed rC38cdb7fecc80: mpi:ec: Use ec_addm for ec_mul2. (authored by gniibe).
mpi:ec: Use ec_addm for ec_mul2.
Mon, Mar 31, 5:02 AM

Wed, Mar 26

gniibe changed the status of T7576: keyboxd: Searching <email@Example.COM> from Open to Testing.
Wed, Mar 26, 8:20 AM · gnupg, Bug Report
gniibe committed rG7fc5b0328fdd: keyboxd: Searching UpperCaseAddress. (authored by gniibe).
keyboxd: Searching UpperCaseAddress.
Wed, Mar 26, 6:30 AM
gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

OK. Relying on SQLite semantics for COLLATE NOCASE would not be good.
Exactly same existing semantics (only care about ASCII uppercase characters) is good.

Wed, Mar 26, 6:26 AM · gnupg, Bug Report

Fri, Mar 21

gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

I changed my mind. SQLite specific patch might be better:

diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
index 4c67c3ef7..1db2f2c8d 100644
--- a/kbx/backend-sqlite.c
+++ b/kbx/backend-sqlite.c
@@ -154,7 +154,7 @@ static struct
      /* The full user id - for X.509 the Subject or altSubject.  */
      "uid  TEXT NOT NULL,"
      /* The mail address if available or NULL.  */
-     "addrspec TEXT,"
+     "addrspec TEXT COLLATE NOCASE,"
      /* The type of the public key: 1 = openpgp, 2 = X.509.  */
      "type  INTEGER NOT NULL,"
      /* The order number of the user id within the keyblock or
Fri, Mar 21, 8:50 AM · gnupg, Bug Report
gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

I changed my mind. SQLite specific patch might be better:

diff --git a/kbx/backend-sqlite.c b/kbx/backend-sqlite.c
index 4c67c3ef7..1db2f2c8d 100644
--- a/kbx/backend-sqlite.c
+++ b/kbx/backend-sqlite.c
@@ -154,7 +154,7 @@ static struct
      /* The full user id - for X.509 the Subject or altSubject.  */
      "uid  TEXT NOT NULL,"
      /* The mail address if available or NULL.  */
-     "addrspec TEXT,"
+     "addrspec TEXT COLLATE NOCASE,"
      /* The type of the public key: 1 = openpgp, 2 = X.509.  */
      "type  INTEGER NOT NULL,"
      /* The order number of the user id within the keyblock or
Fri, Mar 21, 8:36 AM · gnupg, Bug Report
gniibe updated the task description for T7576: keyboxd: Searching <email@Example.COM>.
Fri, Mar 21, 8:27 AM · gnupg, Bug Report
gniibe claimed T7576: keyboxd: Searching <email@Example.COM>.

Here is a possible change:

Fri, Mar 21, 8:15 AM · gnupg, Bug Report
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

I applied some to master (generic improvement parts).

Fri, Mar 21, 7:31 AM · libgcrypt, Bug Report
gniibe committed rC17d5d3262c14: mpi:ec: Use ec_addm to multiply with small integer. (authored by gniibe).
mpi:ec: Use ec_addm to multiply with small integer.
Fri, Mar 21, 7:28 AM
gniibe committed rC191c2340c4a6: mpi:ec: Use mpi_set_ui in _gcry_mpi_ec_mul_point. (authored by gniibe).
mpi:ec: Use mpi_set_ui in _gcry_mpi_ec_mul_point.
Fri, Mar 21, 7:18 AM
gniibe committed rC522566b15a31: mpi:ec: Avoid use mpi_const. (authored by gniibe).
mpi:ec: Avoid use mpi_const.
Fri, Mar 21, 7:02 AM
gniibe committed rC5052efed9f54: mpi:ec: Don't use mpi_powm for small exponent. (authored by gniibe).
mpi:ec: Don't use mpi_powm for small exponent.
Fri, Mar 21, 4:04 AM
gniibe committed rC53993003db9b: mpi:ec: Remove the minor optimization for the case of Z==1. (authored by gniibe).
mpi:ec: Remove the minor optimization for the case of Z==1.
Fri, Mar 21, 3:57 AM

Thu, Mar 20

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

I think that this may be the last update.
Don't use mpi_powm to avoid normalizing (and to be faster).

ec-no-normalize-2025-03-20.patch17 KBDownload

Thu, Mar 20, 1:08 AM · libgcrypt, Bug Report

Mar 19 2025

gniibe updated the task description for T7576: keyboxd: Searching <email@Example.COM>.
Mar 19 2025, 6:11 AM · gnupg, Bug Report
gniibe updated the task description for T7576: keyboxd: Searching <email@Example.COM>.
Mar 19 2025, 6:10 AM · gnupg, Bug Report
gniibe added a comment to T7576: keyboxd: Searching <email@Example.COM>.

IIUC, the address is stored with lowercase, but searching is done not converting lowercase.

Mar 19 2025, 6:08 AM · gnupg, Bug Report
gniibe created T7576: keyboxd: Searching <email@Example.COM>.
Mar 19 2025, 6:07 AM · gnupg, Bug Report

Mar 18 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Here is another update (replacing ecc-no-normalize-2025-03-13.patch).
Further, ec_addm is modified to be less leaky.

Mar 18 2025, 6:30 AM · libgcrypt, Bug Report

Mar 17 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

There are three (or more) remaining things:
(1) ec_addm can be improved by adding U and V with mpih_add_lli , subtracting P with mpih_sub_n, and adding back P with mpih_add_n_cond
(2) Places with mpi_const for the argument when calling ec_mulm, ec_add or ec_subm should be fixed (it may modify the const MPI)
(3) make sure mpi_resize within ec_addm, ec_mulm, or ec_subm if needed

Mar 17 2025, 3:24 AM · libgcrypt, Bug Report

Mar 13 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Here is update (replacing ecc-no-normalize-2025-03-07.patch).
ec_subm and ec_mulm are modified to be less leaky.

ecc-no-normalize-2025-03-13.patch11 KBDownload

Mar 13 2025, 7:18 AM · libgcrypt, Bug Report
gniibe committed rC636f40cb7858: doc: Add about GCRYCTL_FIPS_SERVICE_INDICATOR. (authored by gniibe).
doc: Add about GCRYCTL_FIPS_SERVICE_INDICATOR.
Mar 13 2025, 7:08 AM
gniibe committed rCb9eb8f4cb818: fips: Fix GCRY_FIPS_FLAG_REJECT_MD. (authored by gniibe).
fips: Fix GCRY_FIPS_FLAG_REJECT_MD.
Mar 13 2025, 7:08 AM
gniibe changed the status of T7338: Revamp the FIPS service indicator from Open to Testing.
Mar 13 2025, 7:05 AM · libgcrypt, FIPS, Feature Request

Mar 12 2025

gniibe committed rC4ee91a94bcda: md: Make SHA-1 non-FIPS internally for 1.12 API. (authored by gniibe).
md: Make SHA-1 non-FIPS internally for 1.12 API.
Mar 12 2025, 1:46 AM

Mar 10 2025

gniibe added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

GCC allows dollars in identifier, that's the reason why we haven't encountered this issue, I suppose.

Mar 10 2025, 10:32 AM · gpgme, gnupg, pinentry
gniibe committed rP72b827b33e95: m4: Update libassuan.m4. (authored by gniibe).
m4: Update libassuan.m4.
Mar 10 2025, 6:55 AM
gniibe committed rM7568566ef3d1: m4: Update libassuan.m4. (authored by gniibe).
m4: Update libassuan.m4.
Mar 10 2025, 4:46 AM
gniibe changed the status of T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 from Open to Testing.
Mar 10 2025, 3:50 AM · gpgme, gnupg, pinentry
gniibe triaged T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 as Normal priority.
Mar 10 2025, 3:49 AM · gpgme, gnupg, pinentry
gniibe added a project to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2: gpgme.

Thank you for your report.

Mar 10 2025, 3:47 AM · gpgme, gnupg, pinentry

Mar 7 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

I think that major signal sources for K have been killed so far.

Mar 7 2025, 5:35 AM · libgcrypt, Bug Report

Mar 6 2025

gniibe added a comment to T7490: libgcrypt: constant-time modular exponentiation.

We should only enable least leak implementation for 64-bit, as it's not as fast on 32-bit architecture.

Mar 6 2025, 2:47 AM · libgcrypt
gniibe committed rC71d17c0b4c01: mpi: Use const-time modular exponentiation on 64-bit arch. (authored by gniibe).
mpi: Use const-time modular exponentiation on 64-bit arch.
Mar 6 2025, 2:46 AM
gniibe added a comment to T7490: libgcrypt: constant-time modular exponentiation.

We should only enable least leak implementation for 64-bit, as it's not as fast on 32-bit architecture.

Mar 6 2025, 2:42 AM · libgcrypt
gniibe committed rCca8bf05e111b: cipher,fips: Fix for random-override. (authored by gniibe).
cipher,fips: Fix for random-override.
Mar 6 2025, 2:28 AM
gniibe committed rC234eb316b0a0: cipher,visibility: Differentiate use of random-override in the SLI (authored by Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>).
cipher,visibility: Differentiate use of random-override in the SLI
Mar 6 2025, 2:28 AM
gniibe committed rC755e6dce7279: cipher,ecc: Fix for supplied K. (authored by gniibe).
cipher,ecc: Fix for supplied K.
Mar 6 2025, 2:28 AM
gniibe committed rC0414e126b939: fips,cipher: Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS. (authored by gniibe).
fips,cipher: Add GCRY_FIPS_FLAG_REJECT_PK_FLAGS.
Mar 6 2025, 2:28 AM

Mar 5 2025

gniibe committed rCcc0a40bd7412: cipher: Differentiate no-blinding flag in the SLI (authored by Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>).
cipher: Differentiate no-blinding flag in the SLI
Mar 5 2025, 6:43 AM
gniibe committed rC3bdb59c21b77: cipher: Differentiate igninvflag in the SLI (authored by Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>).
cipher: Differentiate igninvflag in the SLI
Mar 5 2025, 6:43 AM

Mar 4 2025

gniibe claimed T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.
Mar 4 2025, 11:19 AM · gpgme, gnupg, pinentry
gniibe committed rCbe57179f42f8: cipher: Add KAT for non-rfc6979 ECDSA with fixed k (authored by Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>).
cipher: Add KAT for non-rfc6979 ECDSA with fixed k
Mar 4 2025, 6:00 AM
gniibe committed rC2f6d2db1a4c2: cipher: Differentiate use of label K in the SLI (authored by Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>).
cipher: Differentiate use of label K in the SLI
Mar 4 2025, 5:55 AM
gniibe committed rC8404a048b7c5: tests: Allow tests with !USE_RSA. (authored by gniibe).
tests: Allow tests with !USE_RSA.
Mar 4 2025, 5:55 AM
gniibe committed rCce4755d5c550: md: Use check_digest_algo_spec in _gcry_md_selftest. (authored by gniibe).
md: Use check_digest_algo_spec in _gcry_md_selftest.
Mar 4 2025, 4:05 AM
gniibe committed rC54a6617b3679: fips,cipher: Do the computation when marking non-compliant. (authored by gniibe).
fips,cipher: Do the computation when marking non-compliant.
Mar 4 2025, 4:05 AM
gniibe committed rCe5989e08a556: tests: Update t-fips-service-ind using GCRY_MD_SHA256 for KDF tests. (authored by gniibe).
tests: Update t-fips-service-ind using GCRY_MD_SHA256 for KDF tests.
Mar 4 2025, 4:05 AM
gniibe added a reverting change for rC13a71215c255: md: Make SHA1 non-FIPS and differentiate in the SLI: rC1e815a00c302: Revert "md: Make SHA1 non-FIPS and differentiate in the SLI".
Mar 4 2025, 4:05 AM
gniibe committed rC1e815a00c302: Revert "md: Make SHA1 non-FIPS and differentiate in the SLI" (authored by gniibe).
Revert "md: Make SHA1 non-FIPS and differentiate in the SLI"
Mar 4 2025, 4:05 AM
gniibe committed rC2f17a98a80b1: md: Fix gcry_md_algo_info to mark/reject under FIPS mode. (authored by gniibe).
md: Fix gcry_md_algo_info to mark/reject under FIPS mode.
Mar 4 2025, 4:05 AM
gniibe committed rC60e5039793c2: cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation. (authored by gniibe).
cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation.
Mar 4 2025, 4:05 AM

Feb 25 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

One more change for _gcry_dsa_gen_k in rC54caef02afa9: cipher:(EC)DSA: Simply use mpi_clear_highbit in _gcry_dsa_gen_k.

Feb 25 2025, 3:47 AM · libgcrypt, Bug Report
gniibe committed rC54caef02afa9: cipher:(EC)DSA: Simply use mpi_clear_highbit in _gcry_dsa_gen_k. (authored by gniibe).
cipher:(EC)DSA: Simply use mpi_clear_highbit in _gcry_dsa_gen_k.
Feb 25 2025, 3:46 AM
gniibe committed rCc1da86e45a6e: mpi: Avoid normalizing MPI in _gcry_mpi_invm. (authored by gniibe).
mpi: Avoid normalizing MPI in _gcry_mpi_invm.
Feb 25 2025, 3:45 AM
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

One more change for mpi_invm in rCc1da86e45a6e: mpi: Avoid normalizing MPI in _gcry_mpi_invm.

Feb 25 2025, 3:25 AM · libgcrypt, Bug Report

Feb 20 2025

gniibe committed rC88ae76d069c3: cipher,mpi: Expose some MPI helper functions by mpi.h. (authored by gniibe).
cipher,mpi: Expose some MPI helper functions by mpi.h.
Feb 20 2025, 7:23 AM

Feb 19 2025

gniibe changed the status of T7519: libgcrypt: (EC)DSA signature generation should be constant-time from Open to Testing.

All changes are pushed to master.

Feb 19 2025, 5:36 AM · libgcrypt, Bug Report
gniibe changed the status of T7490: libgcrypt: constant-time modular exponentiation, a subtask of T3264: Possible RSA improvement, from Open to Testing.
Feb 19 2025, 5:35 AM · libgcrypt
gniibe changed the status of T7490: libgcrypt: constant-time modular exponentiation from Open to Testing.

Pushed the changes by the commit rC2039d93289db: mpi: Add MPI helper modular exponentiation, Least Leak Intended.

Feb 19 2025, 5:35 AM · libgcrypt
gniibe committed rC58aca75a295d: mpi: Add a comment on _gcry_mpih_lookup_lli. (authored by gniibe).
mpi: Add a comment on _gcry_mpih_lookup_lli.
Feb 19 2025, 3:02 AM
gniibe committed rCbd53c51b0338: mpi: Fix _gcry_mpih_add_lli, as macro. (authored by gniibe).
mpi: Fix _gcry_mpih_add_lli, as macro.
Feb 19 2025, 2:35 AM
gniibe committed rC8fd2aab881c7: mpi: Add MPH helper of table lookup, Least Leak Intended. (authored by gniibe).
mpi: Add MPH helper of table lookup, Least Leak Intended.
Feb 19 2025, 1:03 AM
gniibe committed rC2039d93289db: mpi: Add MPI helper modular exponentiation, Least Leak Intended. (authored by gniibe).
mpi: Add MPI helper modular exponentiation, Least Leak Intended.
Feb 19 2025, 1:03 AM

Feb 18 2025

gniibe committed rCbb5e893456b1: cipher:(EC)DSA: Fix _gcry_dsa_gen_*k not to normalize MPI. (authored by gniibe).
cipher:(EC)DSA: Fix _gcry_dsa_gen_*k not to normalize MPI.
Feb 18 2025, 3:18 AM
gniibe committed rC0b794c208db3: cipher:(EC)DSA: Avoid MPI normalize by mpi_rshift. (authored by gniibe).
cipher:(EC)DSA: Avoid MPI normalize by mpi_rshift.
Feb 18 2025, 3:18 AM
gniibe committed rCd05cdb31689a: cipher:(EC)DSA: Fix _gcry_dsa_modify_k to least leak. (authored by gniibe).
cipher:(EC)DSA: Fix _gcry_dsa_modify_k to least leak.
Feb 18 2025, 3:18 AM

Feb 17 2025

gniibe committed rC58e72af4eac4: mpi: Add _gcry_mpih_add_lli. (authored by gniibe).
mpi: Add _gcry_mpih_add_lli.
Feb 17 2025, 6:35 AM
gniibe committed rC459a6c9c81ee: mpi: Add _gcry_mpih_cmp_lli, Least Leak Intended. (authored by gniibe).
mpi: Add _gcry_mpih_cmp_lli, Least Leak Intended.
Feb 17 2025, 6:35 AM
gniibe committed rC06de5bc27753: mpi: Add _gcry_mpih_add_1_lli as Least Leak Intended. (authored by gniibe).
mpi: Add _gcry_mpih_add_1_lli as Least Leak Intended.
Feb 17 2025, 6:35 AM
gniibe committed rC13a71215c255: md: Make SHA1 non-FIPS and differentiate in the SLI (authored by Lucas Mulling <lucas.mulling@suse.com>).
md: Make SHA1 non-FIPS and differentiate in the SLI
Feb 17 2025, 5:23 AM

Feb 14 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Use of mpi_cmp is now being fixed, by providing _gcry_mpih_cmp_lli function.
Along with that, we need to fix use of mpi_cmp_ui, since it's skips earlier depending its limbs.

diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c
index 170dce12..e010e182 100644
--- a/cipher/dsa-common.c
+++ b/cipher/dsa-common.c
@@ -25,6 +25,7 @@
Feb 14 2025, 1:32 AM · libgcrypt, Bug Report

Feb 10 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

And then, we need to use less leaky version of mpi_cmp (because mpi_cmp calls mpi_normalize, it's not good).

Feb 10 2025, 5:37 AM · libgcrypt, Bug Report
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

And this is for less leak for _gcry_dsa_modify_k:

0001-cipher-EC-DSA-Fix-_gcry_dsa_modify_k-to-least-leak.patch1 KBDownload

Feb 10 2025, 5:36 AM · libgcrypt, Bug Report
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

This is needed before we remove leaks by mpi_add in _gcry_dsa_modify_k :

0001-Add-_gcry_mpih_add_lli.patch1 KBDownload

Feb 10 2025, 3:34 AM · libgcrypt, Bug Report
gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

Commit rC35a6a6feb9dc: Fix _gcry_dsa_modify_k. is related, but it doesn't matter for usual compilers (it's an issue for MSVC).

Feb 10 2025, 3:24 AM · libgcrypt, Bug Report

Feb 7 2025

gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.

This is needed for RFC6979 flag support.

0001-cipher-ec-dsa-Avoid-MPI-normalize-by-mpi_rshift.patch1 KBDownload

Feb 7 2025, 6:42 AM · libgcrypt, Bug Report
gniibe claimed T7519: libgcrypt: (EC)DSA signature generation should be constant-time.
Feb 7 2025, 6:37 AM · libgcrypt, Bug Report
gniibe created T7519: libgcrypt: (EC)DSA signature generation should be constant-time.
Feb 7 2025, 6:37 AM · libgcrypt, Bug Report

Feb 6 2025

gniibe committed rC35a6a6feb9dc: Fix _gcry_dsa_modify_k. (authored by gniibe).
Fix _gcry_dsa_modify_k.
Feb 6 2025, 8:42 AM