♟ gniibe

No, OpenBSD's implementation of POSIX semaphore is different to NetBSD.
(It doesn't support PSHARED=1.)

Possibly, it is related to the NetBSD failure of T8065.
If importing the secret key fails (which invokes gpg-agent), decryption cannot be succeeded.
I will check OpenBSD implementation of POSIX semaphore, if it's similar to NetBSD one.

Investigating GNU ld, I learned that there is no easy way (~= no way) to suppress the warnings (other than 2>/dev/null). It was implemented by the special section named gnu.warning.SYM where SYM is a symbol. I think that this is not-so-good for glibc to notify its users about possible static link problem, by gnu.warning.SYM.

cipher: remove unused variable idx in _gcry_pk_get_keygrip.

sexp: Fix for use of strchr wrt const qualifier.

m4: Update ltmain.sh and m4 files.

Fix carry overflow in Stribog in 512-bit addition

spawn:w32: Fix with GPGRT_PROCESS_*_KEEP flags.

spawn:w32: Fix preparing the environment block.

I found two issues in libgpg-error for spawning functions.

POSIX documentation never says that PSHARED=0 prevents sharing among processes. In my opinion, it still conforms to POSIX even when a PSHARED=0 semaphore can be shared between parent and child processes.

mpi:ec: Don't modify POINT in _gcry_mpi_ec_get_affine.

In tests/migrations, (unlike tests/openpgp and tests/cms), the tests do not prepare gpg-agent, but it is gpg which invokes gpg-agent if needed.
Because of that, on NetBSD (where POSIX semaphore has a different semantics), it hangs with gpg --list-secret-key, when gpg tries to spawn the gpg-agent process.
In the old code of 2.4, it simply ignore the npth_protect and npth_unprotect when calling fork to spawn a process.
New code in libgpg-error cares about npth_protect and npth_unprotect but it was not sufficient; We need to care about NetBSD's semantics. Child process should not call npth_protect. With shared semantics, child process's calling npth_protect affects to cause parent process: it hangs.

@wiz Thank you for your quick feedback.

spawn:posix: Take care of POSIX semaphore "shared" semantics.

Thank you for the log.

jitterentropy: Include <fcntl.h> and <limits.h>

fips: Fix memory leaks in FIPS mode

build: Fix m4/gpg-error.m4.

hmac: Fix memory leak

Silence compiler warnings for possible alignment problem.

fips: Use ELF header to find hmac file offset

fips: Fix previous commit.

fips: Integrity check improvement, with only loadable segments.

fips: Fix gen-note-integrity.sh script not to use cmp utility.

fips: More portable integrity check.

fips: Clarify what to be hashed for the integrity check.

kdf:argon2: Fix for the case output > 64.

cipher: Fix rsa key generation.

random: Not use secure memory for DRBG instance.

tests: Replace custom bit with more generic flags

Do not allow PKCS #1.5 padding for encryption in FIPS

cipher: Change the bounds for RSA key generation round.

random:drbg: Fix the behavior for child process.

mpi: Fix for 64-bit for _gcry_mpih_cmp_ui.

tests: Expect the RSA PKCS #1.5 encryption to fail in FIPS mode

Fix internal declaration of _gcry_kdf_compute.

cipher: Allow verification of small RSA signatures in FIPS mode

tests: Fix copy paste error

Fix memory leaks in tests

random: Fix rndjent for Windows.

mpi: Allow building with --disable-asm for HPPA.

tests: Test gcry_pk_hash_sign w/explicit hash algo

tests/t-kdf: Test KDF FIPS indicator

hmac: Allow use of shorter salt.

fips: Run digest&sign self tests for RSA and ECC in FIPS mode.

cipher: Fix gcry_pk_hash_verify for explicit hash.

fips: Add function-name based FIPS indicator.

ecc: Run PCT also with the digest step

rsa: Run PCT in FIPS mode also with digest step.

random: Use getrandom (GRND_RANDOM) in FIPS mode.

Simplify the PCT for RSA and ECDSA

gcrypt.h: Fix function name in comment.

fips: Disable RSA-OAEP padding in FIPS mode.

tests: Expect the OEAP tests to fail in FIPS mode.

Fix _gcry_err_code_to_errno.

build: Fix configure script.

fips: Skip PCT if RSA keygen test-parms specified

build: Skip PK-specific tests if algo is disabled

keccak: Use size_t to avoid integer overflow

kdf:pkdf2: Check minimum allowed key size when running in FIPS mode.

kdf:pkdf2: Require longer input when FIPS mode.

random: Get maximum 32B of entropy at once in FIPS Mode

random: Extend the comment about FIPS specifics

tests: Reproducer for short dklen in FIPS mode

build: Update gpg-error.m4.

hmac,hkdf: Check the HMAC key length in FIPS mode.

build: Prefer gpgrt-config when available.

Revert "kdf:pkdf2: Require longer input when FIPS mode."

doc: Update document for pkg-config and libgcrypt.m4.

pkdf2: Add checks for FIPS.

fips: Mark AES key wrapping as approved.

rsa: Prevent usage of long salt in FIPS mode

fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.

t-rsa-testparm: fix 'function declaration isn’t a prototype' warning

build: Fix configure.ac for strict C99.

build: Fix m4 macros for strict C compiler.

fips: Remove GCM mode from the allowed FIPS indicators.

ecc: Do not allow skipping tests in FIPS Mode.

ecc: Make the PCT recoverable in FIPS mode and consistent with RSA.

visibility: Check FIPS operational status for MD+Sign operation.

kdf: Update tests in regards to the allowed parameters in FIPS mode.

fips: Check return value from ftell

random: Remove unused SHA384 DRBGs.

fips: Add explicit indicators for md and mac algorithms.

fips: Unblock MD5 in fips mode but mark non-approved in indicator.

fips: Fix fips indicator function.

fips: Explicitly allow only some PK flags.

doc: Document the new FIPS indicators.

fips: Mark gcry_pk_encrypt/decrypt function non-approved.

fips: Explicitly disable overriding random in FIPS mode.

gniibe (NIIBE Yutaka)
UserAdministrator

Projects (9)
View All

User Details

Recent Activity
View All

Today

Yesterday

Mon, Feb 9

Thu, Feb 5

Wed, Feb 4

Tue, Feb 3

Mon, Feb 2

Fri, Jan 30

gniibe (NIIBE Yutaka)UserAdministrator

Projects (9)View All