Tue, Jan 24
Well, I do not yet see a use case for this. The current rush towards PQC makes it unlikely that newer curves will get in widespread use. Iff we have a large application which requires this curves, we can reconsider,
Thu, Jan 19
Sorry, but we can't check all parameters. Why only check that one and not the others or invalid values for ctx. You may do such checks in an interactive environment but not for a general library.
Wed, Jan 18
Sun, Jan 8
See T6340 in case of build problems.
Thu, Jan 5
Dec 16 2022
Thank you for your reply! I'll modify my testcase
I figured out the situation.
Ah, I found that we have very bad example use case in tests/t-mpi-point.c. This should be fixed at first.
Thank you for your report. IIUC, it is called unexpected way, like invalid/wrong KEYPARMS. Possibly, KEYPARMS == NULL, or something like that.
Dec 15 2022
When I look at the stack information, I find that because E->p is not assigned in the function mpi_ec_get_elliptic_curve(), this produces a null pointer,but it didn't get to the branch : if (errc) goto leave;
If you pass NULL to that function, the calling code is wrong. No need for an explicit check in nomralize - check should be done in the public API (if at all).
I tried to fix the segmentation fault, so I added a null pointer check at the end to protect it.
Dec 14 2022
Dec 12 2022
Nov 29 2022
Sure, but this will need adaption in FIPS mode as it fails with:
Patch using SHA1 instead of MD5.
There are other uses of MD5 and thus we can't disable it. For example gpgsm also lists the MD5 fingerprint of certificates because they are still in use at some places.
Well, the modern way, recommended by the FSFE, for license notices in source files is SPDX instead of verbose license notices. https://reuse.software/
Modern way for license notice seems use of URL: https://www.gnu.org/prep/maintain/maintain.html#License-Notices-for-Code
https://www.gnu.org/licenses/gpl-howto.html
Nov 22 2022
Nov 18 2022
I put rCc34c9e70055e: fips: Mark AES key wrapping as approved. under this task, so that it can be referred in the release note.
Let me describe the changes recorded in this task.
Nov 10 2022
Thanks. There should also be SPDX indentifiers everywhere.
Nov 7 2022
Nov 2 2022
Oct 28 2022
Yep. Closed now.
@jukivili: This has been released with 1.10.0 - shall we close this bug?
Oct 27 2022
Oct 24 2022
Go ahead if you want to do that.
Thank you. I am glad that it is already resolved.
Will this be in the next release of libgcrypt?
Okay. So, I removed gpg-error-config, updated libgcrypt/m4/gpg-error.m4, and then rebuilt configure. And, gcrypt configures and builds.
Thank you for the information.