Projects libgcrypt

libgcryptProject
ActivePublic
Watch Project

Members (5)

sergi (Sergi Blanch Torne)
User
werner (Werner Koch)
Engineering
jukivili (Jussi Kivilinna)
User
lbandlav (Laxmi Narsaiah Bandla)
Engineering
gniibe (NIIBE Yutaka)
User
View All

Watchers (5)

Recent Activity
View All

Thu, Mar 19

• werner triaged T8171: interoperability of PGP RSA keys as Low priority.

Setting to low because this has never been a problem in the last 30 or 35 years. A check to help pinpointing bad keys is however a good idea.

Thu, Mar 19, 4:58 PM · libgcrypt, gnupg, Bug Report

• gniibe closed T7894: libgcrypt, scute, gpgrt/argparse, gnupg/dirmngr: Hard-coded /etc as Resolved.

Thu, Mar 19, 1:58 AM · libgcrypt, scute, gpgrt, Bug Report

Wed, Mar 18

• gniibe added a comment to T8171: interoperability of PGP RSA keys.

I sent a patch to gcrypt-devel mailing list for the preparation of the change of RSA secret key checking.
If enabled, wrong RSA secret key (wrong means: under the Libre/OpenPGP specification) is rejected at import when gpg-agent calls gcry_pk_test_key.

Wed, Mar 18, 7:00 AM · libgcrypt, gnupg, Bug Report

Tue, Mar 17

• werner added a comment to T8171: interoperability of PGP RSA keys.

BTW, LibrePGP also demands p < q in "Algorithm-Specific Part for RSA Keys".

Tue, Mar 17, 12:27 PM · libgcrypt, gnupg, Bug Report

• gniibe added a comment to T8171: interoperability of PGP RSA keys.

For OpenSSH, ssh-agent spec. defines p, q, and qInv.
FIPS has: FIPS 186-5 and SP 800-56Br2.

Tue, Mar 17, 8:53 AM · libgcrypt, gnupg, Bug Report

• gniibe added a comment to T8171: interoperability of PGP RSA keys.

existing standards

Tue, Mar 17, 1:22 AM · libgcrypt, gnupg, Bug Report

Mon, Mar 16

• gniibe added a comment to T8171: interoperability of PGP RSA keys.

CRT is used with GnuPG. In libgcrypt, pk_sign and pk_decrypt don't require P, Q, and U in a key (it's optional), but pk_test_key does.

Mon, Mar 16, 5:42 AM · libgcrypt, gnupg, Bug Report

Fri, Mar 13

• werner added a comment to T8171: interoperability of PGP RSA keys.

Du we have any information on whether the CRT is used and whether u et al. is also wrong? For example due to an OpenSSL generated key?

Fri, Mar 13, 8:16 AM · libgcrypt, gnupg, Bug Report

• gniibe created T8171: interoperability of PGP RSA keys.

Fri, Mar 13, 7:46 AM · libgcrypt, gnupg, Bug Report

Mon, Mar 2

• gniibe added a project to T7519: libgcrypt: (EC)DSA signature generation should be constant-time: CVE.

The reporter informed:
CVE-2025-69913

Mon, Mar 2, 2:34 AM · CVE, libgcrypt, Bug Report

Mon, Feb 23

• werner closed T7624: libksba: __non_string for GCC 15 or later, a subtask of T7617: libgcrypt: Add __nonstring__ attribute for data for GCC 15 or later, as Resolved.

Mon, Feb 23, 2:51 PM · libgcrypt, Bug Report

Sat, Feb 21

• gniibe closed T8080: libgcrypt 1.12.0 regression: gcry_mpi_ec_curve_point as Resolved.

Fixed in 1.12.1.

Sat, Feb 21, 1:19 AM · libgcrypt, Bug Report

Feb 20 2026

• werner closed T7643: Release Libgcrypt 1.12.0 as Resolved.

Feb 20 2026, 2:19 PM · Release Info, libgcrypt

• werner closed T8067: Release Libgcrypt 1.12.1 as Resolved.

Feb 20 2026, 2:19 PM · libgcrypt, Release Info

• werner triaged T8114: Release Libgcrypt 1.12.2 as Low priority.

Feb 20 2026, 2:12 PM · libgcrypt, Release Info

• werner changed the status of T8094: libgcrypt: EC least leak failure from Open to Testing.

Feb 20 2026, 1:55 PM · libgcrypt, Bug Report

Feb 19 2026

• gniibe closed T7775: libgcrypt-1.11.2/mpi/mpi-add.c does not compile on PPC Mac OS X 10.5.8, Leopard, because of redefinition of typedefs as Resolved.

Fixed in 1.12.0.

Feb 19 2026, 5:37 AM · ppc, MacOS, libgcrypt

Feb 15 2026

• werner added a comment to T8094: libgcrypt: EC least leak failure.

FWIW: Okay, gmime is still a wrapper around gpgme. After decryption it has the ability to get the used session key from the gpgme result structure. Thus, I have been on the wrong trail. The actual problem is not gpgme but more GnuPG's use of Libgcrypt or an actual regression in Libgcrypt. Well, Friday 13th.

Feb 15 2026, 4:37 PM · libgcrypt, Bug Report

Feb 14 2026

thesamesam added a comment to T8094: libgcrypt: EC least leak failure.

Any hints where to find the actual crypto code which uses libgcrypt?

Feb 14 2026, 5:59 AM · libgcrypt, Bug Report

Feb 13 2026

jrm added a comment to T8094: libgcrypt: EC least leak failure.

Maintainer of the FreeBSD notmuch port/package here. The steps below consistently trigger the problem on FreeBSD 16.0 (unreleased main branch), but there are no problems on FreeBSD 15.0. All my testing was on amd64.

Feb 13 2026, 6:26 PM · libgcrypt, Bug Report

• werner added a comment to T8094: libgcrypt: EC least leak failure.

Any hints where to find the actual crypto code which uses libgcrypt?

Feb 13 2026, 10:16 AM · libgcrypt, Bug Report

• gniibe raised the priority of T8094: libgcrypt: EC least leak failure from Low to High.

Feb 13 2026, 9:32 AM · libgcrypt, Bug Report

• gniibe added a comment to T8094: libgcrypt: EC least leak failure.

@thesamesam Thanks a lot.
I managed to replicate the failure somehow (for me, it fails at the importing the key).

Feb 13 2026, 9:31 AM · libgcrypt, Bug Report

thesamesam added a comment to T8094: libgcrypt: EC least leak failure.

I've attached notmuch-bug.log with debug-level guru commented out for gpg-agent:

notmuch-bug.log27 KBDownload

.

Feb 13 2026, 8:35 AM · libgcrypt, Bug Report

thesamesam added a comment to T8094: libgcrypt: EC least leak failure.

I can reproduce it using Stuart's script from https://lists.gnupg.org/pipermail/gcrypt-devel/2026-February/006031.html.

Feb 13 2026, 8:34 AM · libgcrypt, Bug Report

thesamesam added a comment to T8094: libgcrypt: EC least leak failure.

$ uname -a
Linux mop 6.18.10 #1 SMP PREEMPT_DYNAMIC Wed Feb 11 21:14:57 GMT 2026 x86_64 AMD Ryzen 9 3950X 16-Core Processor AuthenticAMD GNU/Linux

Feb 13 2026, 8:22 AM · libgcrypt, Bug Report

• gniibe added a project to T8094: libgcrypt: EC least leak failure: Info Needed.

Please tell us the information of your environment.
What the versions of gpg and gpg-agent?

Feb 13 2026, 8:13 AM · libgcrypt, Bug Report

• gniibe renamed T8094: libgcrypt: EC least leak failure from libgcrypt: EC least leak failure on 32-bit machine to libgcrypt: EC least leak failure.

Feb 13 2026, 8:10 AM · libgcrypt, Bug Report

thesamesam added a comment to T8094: libgcrypt: EC least leak failure.

We have seen the same thing on amd64 (x86_64) linux: https://bugs.gentoo.org/969501

Feb 13 2026, 6:28 AM · libgcrypt, Bug Report

Feb 11 2026

• gniibe added a comment to T8094: libgcrypt: EC least leak failure.

No, OpenBSD's implementation of POSIX semaphore is different to NetBSD.
(It doesn't support PSHARED=1.)

Feb 11 2026, 2:51 AM · libgcrypt, Bug Report

• gniibe added a comment to T8094: libgcrypt: EC least leak failure.

Possibly, it is related to the NetBSD failure of T8065.
If importing the secret key fails (which invokes gpg-agent), decryption cannot be succeeded.
I will check OpenBSD implementation of POSIX semaphore, if it's similar to NetBSD one.

Feb 11 2026, 2:41 AM · libgcrypt, Bug Report

Feb 10 2026

• werner triaged T8094: libgcrypt: EC least leak failure as Low priority.

According to the ML @gniibe tried to replicate the problem without success.

Feb 10 2026, 10:53 AM · libgcrypt, Bug Report

Feb 9 2026

• gniibe created T8094: libgcrypt: EC least leak failure.

Feb 9 2026, 9:58 AM · libgcrypt, Bug Report

Feb 3 2026

• werner closed T8071: libgrcypt 1.12.0: SmartOS (Solaris) build problem as Resolved.

Will go into 1.12.1

Feb 3 2026, 4:43 PM · Solaris, Bug Report, libgcrypt

• werner closed T8069: libgcrypt: NetBSD m68k as Resolved.

Thanks. Will go int the next version.

Feb 3 2026, 4:43 PM · NetBSD, Feature Request, libgcrypt

• gniibe claimed T8080: libgcrypt 1.12.0 regression: gcry_mpi_ec_curve_point.

Feb 3 2026, 7:10 AM · libgcrypt, Bug Report

Feb 2 2026

wiz added a comment to T8071: libgrcypt 1.12.0: SmartOS (Solaris) build problem.

Thank you, that did indeed fix the problem!

Feb 2 2026, 6:11 PM · Solaris, Bug Report, libgcrypt

Feb 1 2026

• werner added projects to T8069: libgcrypt: NetBSD m68k: Feature Request, NetBSD.

Feb 1 2026, 2:14 PM · NetBSD, Feature Request, libgcrypt

• werner added projects to T8071: libgrcypt 1.12.0: SmartOS (Solaris) build problem: Bug Report, Solaris.

Feb 1 2026, 2:13 PM · Solaris, Bug Report, libgcrypt

jukivili added a comment to T8071: libgrcypt 1.12.0: SmartOS (Solaris) build problem.

Does following patch help?

Feb 1 2026, 9:19 AM · Solaris, Bug Report, libgcrypt

Jan 31 2026

wiz created T8071: libgrcypt 1.12.0: SmartOS (Solaris) build problem.

Jan 31 2026, 9:16 PM · Solaris, Bug Report, libgcrypt

Jan 30 2026

wiz added a project to T8069: libgcrypt: NetBSD m68k: libgcrypt.

Jan 30 2026, 2:57 PM · NetBSD, Feature Request, libgcrypt

Jan 29 2026

• werner closed T7226: libgcrypt 1.11.0 buid error on armhf with gcc-14 as Resolved.

Jan 29 2026, 2:21 PM · FTBFS, arm, libgcrypt, Bug Report

• werner closed T7220: The CF protection not enabled in libgcrypt as Resolved.

Jan 29 2026, 2:20 PM · libgcrypt, Bug Report

• werner closed T7519: libgcrypt: (EC)DSA signature generation should be constant-time as Resolved.

Jan 29 2026, 2:20 PM · CVE, libgcrypt, Bug Report

• werner closed T7889: libgcrypt: HAVE_BROKEN_MLOCK as Resolved.

Jan 29 2026, 2:19 PM · backport, libgcrypt, Bug Report

• werner closed T7640: ML-DSA for libgcrypt, a subtask of T6637: PQC for Libgcrypt, as Resolved.

Jan 29 2026, 2:19 PM · PQC, libgcrypt

• werner closed T7640: ML-DSA for libgcrypt as Resolved.

Jan 29 2026, 2:19 PM · PQC, libgcrypt

• werner closed T7338: Revamp the FIPS service indicator as Resolved.

Jan 29 2026, 2:18 PM · libgcrypt, FIPS, Feature Request

• werner updated the task description for T7643: Release Libgcrypt 1.12.0.

Jan 29 2026, 12:48 PM · Release Info, libgcrypt