Page MenuHome GnuPG

libgcryptProject
ActivePublic

Recent Activity

Today

gniibe moved T5512: Implement service indicators from Backlog to Next on the FIPS board.
Tue, Nov 30, 11:06 AM · Feature Request, FIPS, libgcrypt
gniibe renamed T5706: libgcrypt: random: Remove the feature getting randomness from random daemon from libgcrypt: random: Remove access to random daemon to libgcrypt: random: Remove the feature getting randomness from random daemon.
Tue, Nov 30, 10:57 AM · libgcrypt
gniibe added a comment to T5512: Implement service indicators.

Applied the part 4, the indicator patch.

Tue, Nov 30, 10:54 AM · Feature Request, FIPS, libgcrypt
gniibe added a project to T5692: New entropy gatherer using the genentropy system call.: Testing.
Tue, Nov 30, 10:49 AM · Testing, libgcrypt, FIPS
gniibe closed T5433: libgcrypt: Do not use SHA1 by default as Wontfix.

The change for pubkey-util.c is not needed any more, because

  • T5665 handles new functions rejects use of SHA-1 as approved signature.
  • pubkey-util.c is used by gcry_pk_sign and gcry_pk_verify.
Tue, Nov 30, 10:48 AM · FIPS, libgcrypt, Bug Report
gniibe triaged T5706: libgcrypt: random: Remove the feature getting randomness from random daemon as Normal priority.
Tue, Nov 30, 5:11 AM · libgcrypt
gniibe requested review of D544: Deprecation of random daemon part 1 (remove use of random daemon).
Tue, Nov 30, 5:09 AM · libgcrypt

Fri, Nov 26

Jakuje added a comment to T5512: Implement service indicators.

I do not like the idea of using the get_config interface for this. It should be easily usable by applications to check for single cipher/mode so int/bool return values would be preferred against the string ones (which are now used in the get_config). I am not sure if getting all the configuration in one string blob would be any use (except for some auditing) either.

Fri, Nov 26, 12:22 PM · Feature Request, FIPS, libgcrypt

Thu, Nov 25

gniibe added a project to T5637: Use poll for libgcrypt (support more than 1024 fds): Testing.
Thu, Nov 25, 3:31 AM · Testing, libgcrypt, Feature Request

Tue, Nov 23

dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Hi Werner, Here is the DCO. Thanks.

Tue, Nov 23, 3:51 PM · patch, ppc, libgcrypt, Feature Request
Jakuje added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

Thank you. Extending the semantics of GCRYCTL_CLOSE_RANDOM_DEVICE sounds good to me. I think the deinit functions were created initially especially not to change the semantics of existing code using GCRYCTL_CLOSE_RANDOM_DEVICE, but I agree that it will probably not be an issue.

Tue, Nov 23, 9:59 AM · FIPS, libgcrypt, Bug Report
werner triaged T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le as Normal priority.

FWIW: We need a DCO; see doc/HACKING.

Tue, Nov 23, 9:06 AM · patch, ppc, libgcrypt, Feature Request

Mon, Nov 22

gniibe removed a project from T5637: Use poll for libgcrypt (support more than 1024 fds): gpgme.
Mon, Nov 22, 6:21 AM · Testing, libgcrypt, Feature Request
gniibe edited projects for T5637: Use poll for libgcrypt (support more than 1024 fds), added: libgcrypt; removed gpgrt.
Mon, Nov 22, 6:20 AM · Testing, libgcrypt, Feature Request

Fri, Nov 19

gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

Part 1 was applied. Part 3, Part 4, and Part 7 are irrelevant now, because we now have rndgetentropy which doesn't use device.

Fri, Nov 19, 8:50 AM · FIPS, libgcrypt, Bug Report

Thu, Nov 18

jukivili added a comment to T5694: poly1305-s390x.S is compiled despite --disable-asm.

Following patch should prevent assembly files being built at all with --disable-asm:

Thu, Nov 18, 8:51 AM · libgcrypt, Bug Report
jukivili added a comment to T5694: poly1305-s390x.S is compiled despite --disable-asm.

Thanks for your report.

Thu, Nov 18, 8:27 AM · libgcrypt, Bug Report
jukivili claimed T5694: poly1305-s390x.S is compiled despite --disable-asm.
Thu, Nov 18, 8:17 AM · libgcrypt, Bug Report
gniibe added a comment to T5523: jitter entropy RNG update.

Fixed, with using normal memory for ->mem.

Thu, Nov 18, 8:12 AM · Testing, FIPS, libgcrypt
gniibe added a comment to T5523: jitter entropy RNG update.

->mem is just used to measure the difference of memory access.

Thu, Nov 18, 7:56 AM · Testing, FIPS, libgcrypt
gniibe added a comment to T5523: jitter entropy RNG update.

It found that newer jitterentropy uses larger mem (128KiB), while older uses 2KiB.

Thu, Nov 18, 7:33 AM · Testing, FIPS, libgcrypt

Wed, Nov 17

gniibe added a project to T5523: jitter entropy RNG update: Testing.

Pushed to master.

Wed, Nov 17, 7:03 AM · Testing, FIPS, libgcrypt

Tue, Nov 16

wrobelda added a comment to T5694: poly1305-s390x.S is compiled despite --disable-asm.

Additionally, poly1305-s390x.S is being compiled despite running/targeting a PC system:

Tue, Nov 16, 1:31 PM · libgcrypt, Bug Report
werner added a comment to T5512: Implement service indicators.

We could use a new mode #define GCRY_GET_CONFIG_FIPS 1 with gcry_get_config:

Tue, Nov 16, 1:21 PM · Feature Request, FIPS, libgcrypt
werner triaged T5694: poly1305-s390x.S is compiled despite --disable-asm as Normal priority.
Tue, Nov 16, 1:10 PM · libgcrypt, Bug Report
Jakuje added a comment to T5512: Implement service indicators.

With just implicit indicators, we would have to block all non-approved cipher modes and kdfs including the OCB mode and skcrypt, which would probably make gnupg2 unusable in FIPS mode, which is not our intention.

Tue, Nov 16, 1:10 PM · Feature Request, FIPS, libgcrypt
gniibe moved T5665: libgcrypt : Restrict message digest use for FIPS 140-3 from Next to Done on the FIPS board.
Tue, Nov 16, 11:22 AM · Testing, FIPS, Bug Report, libgcrypt
gniibe moved T5692: New entropy gatherer using the genentropy system call. from Backlog to Next on the FIPS board.
Tue, Nov 16, 11:22 AM · Testing, libgcrypt, FIPS
gniibe added a project to T5665: libgcrypt : Restrict message digest use for FIPS 140-3: Testing.
Tue, Nov 16, 11:20 AM · Testing, FIPS, Bug Report, libgcrypt
gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

In the documentation, I found:

Tue, Nov 16, 10:58 AM · FIPS, libgcrypt, Bug Report

Mon, Nov 15

wrobelda created T5694: poly1305-s390x.S is compiled despite --disable-asm.
Mon, Nov 15, 10:16 PM · libgcrypt, Bug Report
werner triaged T5692: New entropy gatherer using the genentropy system call. as Normal priority.
Mon, Nov 15, 7:30 PM · Testing, libgcrypt, FIPS
werner triaged T5691: Release libgcrypt 1.10.0 as Low priority.
Mon, Nov 15, 7:22 PM · FIPS, Release Info, libgcrypt
wrobelda added a comment to T5365: --with-libgpg-error-prefix doesn't affect gpgrt-config path detection.

Also, and I should maybe have opened with it, the issues vcpkg has with your build system are currently tracked here: https://github.com/microsoft/vcpkg/discussions/20755

Mon, Nov 15, 11:27 AM · MacOS, gpgrt, Cross-Compiler, libgcrypt
wrobelda added a comment to T5365: --with-libgpg-error-prefix doesn't affect gpgrt-config path detection.

Let me clarify the use case of gpg-error.m4.

gpg-error.m4 is for GnuPG and its friends, where we cannot assume availability of pkg-config. Its capability is limited, and we don't pursue 100% compatibility of pkg-config.

Mon, Nov 15, 11:16 AM · MacOS, gpgrt, Cross-Compiler, libgcrypt
gniibe added a comment to T5365: --with-libgpg-error-prefix doesn't affect gpgrt-config path detection.

Let me clarify the use case of gpg-error.m4.

Mon, Nov 15, 2:30 AM · MacOS, gpgrt, Cross-Compiler, libgcrypt
wrobelda added a comment to T5365: --with-libgpg-error-prefix doesn't affect gpgrt-config path detection.

If it is new, it may be the change of this commit rC8e3cd4c4677c: build: Update gpg-error.m4.

Mon, Nov 15, 1:22 AM · MacOS, gpgrt, Cross-Compiler, libgcrypt

Thu, Nov 11

Jakuje added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

I just wanted to add one more note that i just found out that the tests --disable-hwf or gcry_control GCRYCTL_DISABLE_HWF have no effect in case the global_init() is called from constructor.

Thu, Nov 11, 12:08 PM · FIPS, libgcrypt, Bug Report

Wed, Nov 10

gniibe added a project to T5610: macOS 11 or newer support: Update libtool: gpgme.

Also applied to gpgme.

Wed, Nov 10, 3:07 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5610: macOS 11 or newer support: Update libtool.

Since there is no problem with libgpg-error 1.43, I applied it to other libraries: npth, libassuan, libksba, and ntbtls.

Wed, Nov 10, 3:04 AM · gpgme, MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
gniibe added a comment to T5512: Implement service indicators.

I'll fix regressions: failures of pubkey and pkcs1v2.

Wed, Nov 10, 2:09 AM · Feature Request, FIPS, libgcrypt

Tue, Nov 9

werner added a comment to T5523: jitter entropy RNG update.

Yes, keep the internal SHA-3.

Tue, Nov 9, 11:33 AM · Testing, FIPS, libgcrypt
gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

We will have rnd-getentropy.c

Tue, Nov 9, 11:16 AM · FIPS, libgcrypt, Bug Report
gniibe claimed T5636: Run integrity checks + selftests from library constructor in FIPS.
Tue, Nov 9, 11:08 AM · FIPS, libgcrypt, Bug Report
gniibe moved T5636: Run integrity checks + selftests from library constructor in FIPS from Backlog to Next on the FIPS board.
Tue, Nov 9, 11:08 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5512: Implement service indicators.

Applied and pushed symmetric algo for basic.

Tue, Nov 9, 7:37 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5636: Run integrity checks + selftests from library constructor in FIPS.

Let me clean up rndlinux.c for current use case, at first.

Tue, Nov 9, 7:07 AM · FIPS, libgcrypt, Bug Report
gniibe added a comment to T5523: jitter entropy RNG update.

I decided to use 3.3.0 disabling pthread feature.

Tue, Nov 9, 6:41 AM · Testing, FIPS, libgcrypt

Mon, Nov 8

Jakuje added a comment to T5512: Implement service indicators.

Thank you for merging the important parts of the patches and implementing similar stuff for DSA. You are right that DSA is supported in the 140-3 specs so it is fine to keep it enabled with the keylength constraints.

Mon, Nov 8, 9:02 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5512: Implement service indicators.

Applied parts except part 2.
The part 3 are modified version, so that memory can be released correctly.

Mon, Nov 8, 6:58 AM · Feature Request, FIPS, libgcrypt