Page MenuHome GnuPG

gniibe (NIIBE Yutaka)
UserAdministrator

Projects (9)

User Details

User Since
Mar 27 2017, 4:47 PM (404 w, 12 h)
Roles
Administrator
Availability
Busy Busy until Dec 9 2030.

Recent Activity

Yesterday

gniibe committed rCa776b692669a: fips,cipher: Add behavior not to reject but mark non-compliant. (authored by gniibe).
fips,cipher: Add behavior not to reject but mark non-compliant.
Mon, Dec 23, 7:01 AM

Fri, Dec 20

gniibe closed T7169: libgpg-error 1.50 build issue (spawn-posix.c:345:5: error: use of undeclared identifier 'environ') as Resolved.

This problem has gone in libgpg-error 1.51, since the implementation doesn't use environ any more.

Fri, Dec 20, 6:49 AM · gpgrt, MacOS, Bug Report
gniibe committed rGd32a315418a3: po: Update Japanese Translation. (authored by gniibe).
po: Update Japanese Translation.
Fri, Dec 20, 3:56 AM
gniibe committed rGab8a2408a390: scd: Use gpgrt_spawn_actions_set_env_rev to have clean semantics. (authored by gniibe).
scd: Use gpgrt_spawn_actions_set_env_rev to have clean semantics.
Fri, Dec 20, 3:53 AM
gniibe committed rCd060dd58b828: fips: Rejection by GCRYCTL_FIPS_REJECT_NON_FIPS, not by open flags. (authored by gniibe).
fips: Rejection by GCRYCTL_FIPS_REJECT_NON_FIPS, not by open flags.
Fri, Dec 20, 2:50 AM
gniibe closed T7071: gpg: Support of No CRC in ASCII armor as Resolved.
Fri, Dec 20, 1:17 AM · gnupg, Bug Report

Thu, Dec 19

gniibe committed rCb4eb23dc01a4: Fix the previous change. (authored by gniibe).
Fix the previous change.
Thu, Dec 19, 6:19 AM
gniibe committed rCe52adf0948c6: fips: Introduce GCRYCTL_FIPS_REJECT_NON_FIPS. (authored by gniibe).
fips: Introduce GCRYCTL_FIPS_REJECT_NON_FIPS.
Thu, Dec 19, 3:42 AM
gniibe committed rCedb43bc29004: fips,cipher: Implement FIPS service indicator for gcry_pk_hash_ API. (authored by gniibe).
fips,cipher: Implement FIPS service indicator for gcry_pk_hash_ API.
Thu, Dec 19, 3:42 AM
gniibe committed rC60db2a175d12: fips,md: gcry_md_copy should care about FIPS service indicator. (authored by gniibe).
fips,md: gcry_md_copy should care about FIPS service indicator.
Thu, Dec 19, 3:42 AM

Tue, Dec 17

gniibe committed rCcfd2d2f41ad4: tests,fips: Add gcry_cipher_open tests. (authored by gniibe).
tests,fips: Add gcry_cipher_open tests.
Tue, Dec 17, 6:01 AM
gniibe committed rCb59bde31ded9: tests,fips: Move KDF tests to t-fips-service-ind. (authored by gniibe).
tests,fips: Move KDF tests to t-fips-service-ind.
Tue, Dec 17, 6:01 AM
gniibe committed rC132f346232b3: tests,fips: Rename t-fips-service-ind. (authored by gniibe).
tests,fips: Rename t-fips-service-ind.
Tue, Dec 17, 6:01 AM
gniibe committed rCc4f75014cb8a: tests,fips: Add gcry_mac_open tests. (authored by gniibe).
tests,fips: Add gcry_mac_open tests.
Tue, Dec 17, 6:01 AM
gniibe committed rC69a5d0ed18a3: fips,cipher: Implement new FIPS service indicator for cipher_open. (authored by gniibe).
fips,cipher: Implement new FIPS service indicator for cipher_open.
Tue, Dec 17, 6:01 AM
gniibe committed rCfcb0c7004b0b: fips,mac: Implement new FIPS service indicator for gcry_mac_open. (authored by gniibe).
fips,mac: Implement new FIPS service indicator for gcry_mac_open.
Tue, Dec 17, 6:01 AM

Mon, Dec 16

gniibe added a comment to T7456: libassuan: Windows: assuan_sock_bind error.

Here is a patch to support "w32_error" for assuan_sock_get_flag function.

Mon, Dec 16, 6:53 AM · libassuan, Windows
gniibe committed rC917fc6000dfe: fips,tests: Add tests for md_open/write/read/close for t-digest. (authored by gniibe).
fips,tests: Add tests for md_open/write/read/close for t-digest.
Mon, Dec 16, 2:42 AM
gniibe committed rC9757e280794f: fips,md: Implement new FIPS service indicator for gcry_md_open API. (authored by gniibe).
fips,md: Implement new FIPS service indicator for gcry_md_open API.
Mon, Dec 16, 2:42 AM
gniibe committed rC4799914966a7: fips: Change the internal API for new FIPS service indicator. (authored by gniibe).
fips: Change the internal API for new FIPS service indicator.
Mon, Dec 16, 2:42 AM
gniibe committed rG893e5e7c6f4c: agent: Clean up for the refactoring. (authored by gniibe).
agent: Clean up for the refactoring.
Mon, Dec 16, 2:20 AM
gniibe committed rGaa36f6ae8bae: gpg: Fix key generation with existing key from card. (authored by gniibe).
gpg: Fix key generation with existing key from card.
Mon, Dec 16, 2:10 AM
gniibe changed the status of T7457: gpg --full-gen-key doesn't show list of keys on card (regression) from Open to Testing.
Mon, Dec 16, 2:00 AM · Bug Report, gnupg
gniibe claimed T7457: gpg --full-gen-key doesn't show list of keys on card (regression).

It's a bug I introduced when fixing T7309.
Fixed in rGaa36f6ae8bae: gpg: Fix key generation with existing key from card.

Mon, Dec 16, 2:00 AM · Bug Report, gnupg

Fri, Dec 13

gniibe committed rAcc6c29735d59: w32: Fix errno for assuan_sock_bind failure. (authored by gniibe).
w32: Fix errno for assuan_sock_bind failure.
Fri, Dec 13, 6:23 AM
gniibe changed the status of T7456: libassuan: Windows: assuan_sock_bind error from Open to Testing.
Fri, Dec 13, 3:20 AM · libassuan, Windows
gniibe triaged T7456: libassuan: Windows: assuan_sock_bind error as Normal priority.
Fri, Dec 13, 2:29 AM · libassuan, Windows

Thu, Dec 12

gniibe added a comment to T7368: dirmngr/dns.c files to compile due to type-mismatch caused by missing _XOPEN_SOURCE on Solaris and derivatives.

IIUC, simpler solution would be modifying m4/socklen.m4 adding Solaris variant specific code.
Tweaking _XOPEN_SOURCE requires the change of Autoconf, which would be larger surgery.

Thu, Dec 12, 7:46 AM · dns, gnupg, Solaris, Bug Report
gniibe committed rC47ed744465ae: cipher: Add script to re-generate mceliece6688128f.c. (authored by jas).
cipher: Add script to re-generate mceliece6688128f.c.
Thu, Dec 12, 7:09 AM
gniibe added a comment to T7338: Revamp the FIPS service indicator.

Here are changes for gcry_md_open and its friends.

Thu, Dec 12, 6:43 AM · libgcrypt, FIPS, Feature Request
gniibe added a comment to T7338: Revamp the FIPS service indicator.

My idea in https://dev.gnupg.org/T7338#195529 doesn't work well when a function call is done multiple times.
Assuming SUCCESS, and marking all non-compliant places in the code works, and it would be good because libgcrypt so far maintains non-compliant path with rejection.

Thu, Dec 12, 3:09 AM · libgcrypt, FIPS, Feature Request

Wed, Dec 11

gniibe committed rC28327dba6b5f: kdf: Fix memory cost overflow in Argon2 KDF. (authored by gmazyland).
kdf: Fix memory cost overflow in Argon2 KDF.
Wed, Dec 11, 8:22 AM
gniibe committed rC75744f721d8d: tests: Fix comment in t-thread-local. (authored by gniibe).
tests: Fix comment in t-thread-local.
Wed, Dec 11, 5:54 AM

Tue, Dec 10

gniibe committed rC41cbcc0f0e78: tests: Extend tests/t-digest to test hmac too. (authored by gniibe).
tests: Extend tests/t-digest to test hmac too.
Tue, Dec 10, 8:00 AM
gniibe committed rC06f6aafedc9f: tests: Fix t-digest for a minimal configuration. (authored by gniibe).
tests: Fix t-digest for a minimal configuration.
Tue, Dec 10, 8:00 AM

Mon, Dec 9

gniibe committed rC7faf542f1573: fips,tests: Add t-digest. (authored by gniibe).
fips,tests: Add t-digest.
Mon, Dec 9, 6:38 AM
gniibe added a comment to T7338: Revamp the FIPS service indicator.

Pushed the change for adding hash tests in rC7faf542f1573: fips,tests: Add t-digest.

Mon, Dec 9, 6:34 AM · libgcrypt, FIPS, Feature Request

Fri, Dec 6

gniibe added a comment to T7338: Revamp the FIPS service indicator.

It seems that the internal API is not enough.
Now, we have _gcry_md_hash_buffer function with the new FIPS service indicator.
It's used for public key crypto, too.
The compliance for hash function is a part of public key crypto, but not all.

Fri, Dec 6, 6:54 AM · libgcrypt, FIPS, Feature Request
gniibe committed rC3478caac62c7: fips,md: Implement new FIPS service indicator for gcry_md_hash_*. (authored by gniibe).
fips,md: Implement new FIPS service indicator for gcry_md_hash_*.
Fri, Dec 6, 6:41 AM
gniibe added a comment to T7338: Revamp the FIPS service indicator.

A change for gcry_md_hash_* functions are pushed by rC3478caac62c7: fips,md: Implement new FIPS service indicator for gcry_md_hash_*..
It doesn't have tests with FIPS service indicator yet.

Fri, Dec 6, 6:40 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7436: Allow ssh to sign data larger than the assuan line length. from Open to Testing.
Fri, Dec 6, 6:32 AM · ssh, Feature Request, gnupg26
gniibe closed T7192: gnupg-2.5.0: Use gpgrt_process_spawn API (was: Does not build due to undeclared identifier 'environ') as Resolved.
Fri, Dec 6, 1:05 AM · gnupg, Bug Report
gniibe closed T7283: Odd "gpg: KEYTOCARD failed: Invalid time" error when using `--pinentry-mode=loopback` as Resolved.
Fri, Dec 6, 1:05 AM · gpgagent, Bug Report

Thu, Dec 5

gniibe committed rGfe147645d239: agent: Use SETDATA --apend for larger data to communicate scdaemon. (authored by gniibe).
agent: Use SETDATA --apend for larger data to communicate scdaemon.
Thu, Dec 5, 7:33 AM
gniibe claimed T7436: Allow ssh to sign data larger than the assuan line length..
Thu, Dec 5, 7:02 AM · ssh, Feature Request, gnupg26
gniibe committed rC5cfa1aee5b98: fips,kdf: Implement new FIPS service indicator for gcry_kdf_derive. (authored by gniibe).
fips,kdf: Implement new FIPS service indicator for gcry_kdf_derive.
Thu, Dec 5, 6:59 AM
gniibe committed rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro. (authored by gniibe).
fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.
Thu, Dec 5, 3:37 AM
gniibe added a comment to T7338: Revamp the FIPS service indicator.

New external API is by GCRYCTL_FIPS_SERVICE_INDICATOR and/or the new macro gcry_get_fips_service_indicator.
This change is pushed by rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.

Thu, Dec 5, 3:37 AM · libgcrypt, FIPS, Feature Request
gniibe committed rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator. (authored by gniibe).
fips: Introduce an internal API for FIPS service indicator.
Thu, Dec 5, 3:32 AM
gniibe added a comment to T7338: Revamp the FIPS service indicator.

New internal API is introduced with T7340 by the commit rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Thu, Dec 5, 3:30 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7340: Introduced a context with thread local storage, a subtask of T7338: Revamp the FIPS service indicator, from Open to Testing.
Thu, Dec 5, 3:28 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7340: Introduced a context with thread local storage from Open to Testing.

Change is pushed by rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Thu, Dec 5, 3:28 AM · libgcrypt, FIPS, Feature Request

Mon, Dec 2

gniibe closed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) as Resolved.

Closed, since this was documentation for the workaround, four years ago.

Mon, Dec 2, 9:52 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe lowered the priority of T7399: assuan: GPG_ERR_ASS_NO_DATA_CB situation from High to Normal.

Put it under lower priority, as it's basically programming error.

Mon, Dec 2, 6:00 AM · libassuan
gniibe closed T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature), a subtask of T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form , as Resolved.
Mon, Dec 2, 5:49 AM · Not A Bug, gnupg24, Bug Report
gniibe closed T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature) as Resolved.

OK, it's done. closed.

Mon, Dec 2, 5:49 AM · gnupg

Fri, Nov 29

gniibe added a comment to T7399: assuan: GPG_ERR_ASS_NO_DATA_CB situation.

Here is my proposal to avoid unsynched state for data.

diff --git a/src/client.c b/src/client.c
index 410f940..0989984 100644
--- a/src/client.c
+++ b/src/client.c
@@ -250,6 +250,7 @@ assuan_transact (assuan_context_t ctx,
   int off;
   char *line;
   int linelen;
+  gpg_error_t last_err = 0;
Fri, Nov 29, 8:29 AM · libassuan
gniibe closed T6606: Use new API of libassuan 3, a subtask of T6599: INT2FD and npth_accept, as Resolved.
Fri, Nov 29, 8:10 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6606: Use new API of libassuan 3 as Resolved.

Done for 2.5.0.

Fri, Nov 29, 8:10 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6597: Introduce FD_DBG to handle the cases for displaying the value, a subtask of T6508: Port GnuPG to 64-bit Windows, as Resolved.
Fri, Nov 29, 8:08 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6597: Introduce FD_DBG to handle the cases for displaying the value as Resolved.

Done in 2.5.0.

Fri, Nov 29, 8:08 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6592: GPGSM: Use estream_t instead of FD, a subtask of T6508: Port GnuPG to 64-bit Windows, as Resolved.
Fri, Nov 29, 8:05 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6592: GPGSM: Use estream_t instead of FD as Resolved.

Fixed in 2.5.0.

Fri, Nov 29, 8:05 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6562: gpgtar: --status-fd requires HANDLE (not POSIX fd) when spawning a process, a subtask of T6551: translate_sys2libc_fd_int on Windows 64-bit, as Resolved.
Fri, Nov 29, 8:05 AM · Windows 64, Feature Request, gnupg26
gniibe closed T6562: gpgtar: --status-fd requires HANDLE (not POSIX fd) when spawning a process as Resolved.

Fixed in 2.5.0.

Fri, Nov 29, 8:05 AM · Windows 64, Feature Request, gnupg26
gniibe closed T7058: KDF-DO is not properly implemented as Resolved.

Fixed in 2.5.0 and 2.4.6.

Fri, Nov 29, 8:02 AM · scd, gnupg, Bug Report
gniibe closed T7160: scd: pipe server shutdown, a subtask of T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close, as Resolved.
Fri, Nov 29, 8:01 AM · gpgagent, scd, gnupg24, Bug Report
gniibe closed T7160: scd: pipe server shutdown as Resolved.

Fixed in 2.5.0 and 2.4.6.

Fri, Nov 29, 8:01 AM · scd, gpgagent, Bug Report
gniibe closed T7288: gpg is not properly handling IPGP entries as Resolved.

Fixed in 2.4.6.

Fri, Nov 29, 7:59 AM · dns, dirmngr, gnupg, Bug Report
gniibe closed T7201: More memory leaks in gnupg as Resolved.

Fixed in 2.4.6.

Fri, Nov 29, 7:58 AM · gnupg, Bug Report
gniibe closed T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close as Resolved.

Fixed in 2.4.6.

Fri, Nov 29, 7:57 AM · gpgagent, scd, gnupg24, Bug Report
gniibe closed T7044: Deadlock on Windows in sdaemon as Resolved.

I believe this was fixed by T7386. Or it is now no hard lock up by T7402.
So, let me close this ticket.
If any new symptom, please add information into T7396.

Fri, Nov 29, 7:56 AM · scd, Bug Report, Windows, gnupg24
gniibe closed T7402: No hard lockup when SCardConnect never returns, a subtask of T7396: Windows: hard lockup of scdaemon, as Resolved.
Fri, Nov 29, 7:53 AM · Windows, scd
gniibe closed T7402: No hard lockup when SCardConnect never returns as Resolved.

I can say it's fixed in 2.4.7.

Fri, Nov 29, 7:53 AM · Windows, scd
gniibe committed rD23835b971b02: Fix type by Ingo. (authored by gniibe).
Fix type by Ingo.
Fri, Nov 29, 7:41 AM

Mon, Nov 25

gniibe added a subtask for T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form : T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature).
Mon, Nov 25, 10:21 AM · Not A Bug, gnupg24, Bug Report
gniibe added a parent task for T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature): T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .
Mon, Nov 25, 10:21 AM · gnupg
gniibe added a comment to T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .

For this ticket, I reviewed the code around my SOS changes.
Because I'd like to focus the point of retaining binary representation when doing import->export,
I created another thicket: T7426

Mon, Nov 25, 10:21 AM · Not A Bug, gnupg24, Bug Report
gniibe updated the task description for T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature).
Mon, Nov 25, 7:36 AM · gnupg
gniibe updated the task description for T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature).
Mon, Nov 25, 7:14 AM · gnupg
gniibe added a comment to T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature).

One bug is when importing a key.

Mon, Nov 25, 6:46 AM · gnupg
gniibe triaged T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature) as Normal priority.
Mon, Nov 25, 3:46 AM · gnupg

Nov 18 2024

gniibe updated the task description for T7396: Windows: hard lockup of scdaemon.
Nov 18 2024, 10:11 AM · Windows, scd
gniibe triaged T7400: Netkey 3.0 card slow detection as Normal priority.
Nov 18 2024, 6:44 AM · Bug Report, scd
gniibe committed rG261a08566e38: scd: No hard lock-up when apdu_connect never returns. (authored by gniibe).
scd: No hard lock-up when apdu_connect never returns.
Nov 18 2024, 6:33 AM
gniibe changed the status of T7402: No hard lockup when SCardConnect never returns, a subtask of T7396: Windows: hard lockup of scdaemon, from Open to Testing.
Nov 18 2024, 6:30 AM · Windows, scd
gniibe changed the status of T7402: No hard lockup when SCardConnect never returns from Open to Testing.

In select_application function, we can minimize the holding W-lock.

Nov 18 2024, 6:30 AM · Windows, scd
gniibe added a comment to T7401: PC/SC: Cancel SCardConnect with timeout.

This may requires major changes for scdaemon.

Nov 18 2024, 5:35 AM · Windows, scd
gniibe lowered the priority of T7401: PC/SC: Cancel SCardConnect with timeout from High to Wishlist.
Nov 18 2024, 5:35 AM · Windows, scd
gniibe triaged T7402: No hard lockup when SCardConnect never returns as High priority.
Nov 18 2024, 5:33 AM · Windows, scd
gniibe added a comment to T7401: PC/SC: Cancel SCardConnect with timeout.

For the cancelling operation, each card reader access should have an independent resource manager context.
Currently, a single pcsc.context is shared by all reader accesses.

Nov 18 2024, 5:24 AM · Windows, scd
gniibe triaged T7401: PC/SC: Cancel SCardConnect with timeout as High priority.
Nov 18 2024, 5:21 AM · Windows, scd
gniibe added a comment to T7396: Windows: hard lockup of scdaemon.

Hard lockup should be avoided. In particular, following conditions should meet:

  • gpgconf --kill scdaemon can kill scdaemon
  • KEYINFO requests can be answered for other connections of scdaemon
Nov 18 2024, 3:49 AM · Windows, scd
gniibe updated subscribers of T7396: Windows: hard lockup of scdaemon.

As of 2024-11-18, my hypothesis is:

  • there are some sort of race conditions between PC/SC + card reader (or its driver) + smartcard + scdaemon on Windows, at least at initial use after boot
  • because of this, SCardConnect of PC/SC call wrongly fails (somehow confirmed by @ebo's experiments + @gniibe's speculation), or wrongly never returns (@gniibe's guess, side info: its slowness is observed in T7400).
Nov 18 2024, 3:40 AM · Windows, scd
gniibe added a parent task for T7400: Netkey 3.0 card slow detection: T7396: Windows: hard lockup of scdaemon.
Nov 18 2024, 3:10 AM · Bug Report, scd
gniibe added a subtask for T7396: Windows: hard lockup of scdaemon: T7400: Netkey 3.0 card slow detection.
Nov 18 2024, 3:10 AM · Windows, scd
gniibe lowered the priority of T7323: scdaemon hangs up (when output from scdaemon is not consumed by gpg-agent) from High to Normal.

@ebo Thank you for your testing.

Nov 18 2024, 3:09 AM · Windows, Bug Report, scd
gniibe added projects to T7400: Netkey 3.0 card slow detection: scd, Bug Report.
Nov 18 2024, 2:49 AM · Bug Report, scd

Nov 15 2024

gniibe added a project to T7323: scdaemon hangs up (when output from scdaemon is not consumed by gpg-agent): Windows.

Please note that a card insertion to a card reader and a card reader connection to PC are different things.
It may cause different results.

Nov 15 2024, 8:40 AM · Windows, Bug Report, scd
gniibe created T7400: Netkey 3.0 card slow detection.
Nov 15 2024, 6:39 AM · Bug Report, scd