Page MenuHome GnuPG
People neverpanic

neverpanic (Clemens Lang)
User

Projects

Calendar

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Jan 30 2018, 2:27 PM (235 w, 5 d)
Availability
Available

Recent Activity
View All

Jul 6 2022

neverpanic added a comment to T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm.

For the record, the valgrind trace for the crash is:

Jul 6 2022, 5:00 PM · Testing, backport, libgcrypt, Bug Report
neverpanic created T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm.
Jul 6 2022, 4:26 PM · Testing, backport, libgcrypt, Bug Report

Jul 5 2022

neverpanic added a comment to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.

Here's another one related to this: https://lists.gnupg.org/pipermail/gcrypt-devel/2022-July/005344.html

Jul 5 2022, 5:34 PM · Testing, FIPS, libgcrypt

Jun 28 2022

neverpanic added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

Key length requirements for KDFs are specified in SP 800-131Ar2 (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf), which is linked from SP 800-140Dr1 (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Dr1.pdf) in section "6.2.1 Transitions".

Jun 28 2022, 12:44 PM · Testing, libgcrypt, FIPS
neverpanic added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

FIPS 140-3 (https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-standards) points to SP 800-140Dr1 (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Dr1.pdf) to list acceptable "Security Parameter Generation and Establishment Methods". From this document, RFC 5869 (i.e., HKDF with the counter at the end) can be reached via two paths:

Jun 28 2022, 12:31 PM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Apr 20 2022

neverpanic added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

Feedback from the lab is that they'd recommend returning a specific error code that indicates that the prime search failed and then relying on the caller to decide whether to loop or bubble up the error. I'm not sure who we would consider to be the "caller" of the relevant generation function in this case, though.

Apr 20 2022, 12:06 PM · backport, Testing, FIPS, libgcrypt, Bug Report

Apr 19 2022

neverpanic added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

That sounds reasonable. The FIPS 186-5 draft (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf) covers this in section A.1.3, although I'm not quite sure why a lower bound for p was chosen compared to q. The comment that seems to have triggered this change is published on page 68 of https://csrc.nist.gov/CSRC/media/Publications/fips/186/4/final/documents/comments-received-fips186-4-december-2015.pdf by Allen Roginsky. It only contains a suggestion of 20, presumably for both numbers.

Apr 19 2022, 9:53 AM · backport, Testing, FIPS, libgcrypt, Bug Report

Apr 5 2022

neverpanic created T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".
Apr 5 2022, 11:54 AM · backport, Testing, FIPS, libgcrypt, Bug Report

Feb 17 2022

neverpanic added a comment to T5835: libgcrypt: More robust/portable integrity check.

Ah, right, I can get that added to the containers tomorrow.

Feb 17 2022, 1:39 AM · Bug Report, libgcrypt, FIPS

Feb 16 2022

neverpanic added a comment to T5835: libgcrypt: More robust/portable integrity check.

That only seems to work in some configurations: https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/pipelines/472626834

Feb 16 2022, 7:24 PM · Bug Report, libgcrypt, FIPS

Feb 15 2022

neverpanic added a comment to T5835: libgcrypt: More robust/portable integrity check.

Thanks! Maybe it would be simpler to use dl_iterate_phdr(3) for this. I wasn't aware of the function, but a colleague just implemented a proof-of-concept of what you're proposing in https://gitlab.com/dueno/integrity-notes.

Feb 15 2022, 11:58 AM · Bug Report, libgcrypt, FIPS

Feb 10 2022

neverpanic added a comment to T5816: gcrypt mailing list is down.

This still seems to be a problem:

Feb 10 2022, 3:12 PM · gpgweb, Bug Report