Page MenuHome GnuPG

TestingCommunication
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Fri, Sep 17

Jakuje added a comment to T5244: libgcrypt: Restrict message digest use.

I had in my mind something like this:

Fri, Sep 17, 3:36 PM · FIPS, Testing, libgcrypt

Thu, Sep 16

Jakuje added a comment to T5520: Fix tests in FIPS mode.

Thanks. I think we are good here. If we will decide to pursuate the brainpool switch, I will open a new issue.

Thu, Sep 16, 11:07 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe added a comment to T5520: Fix tests in FIPS mode.

Two third patches are applied to master. (@werner those parts are typo fix and tests improvement, which we agreed to push.)

Thu, Sep 16, 3:01 AM · Testing, FIPS, libgcrypt, Bug Report

Wed, Sep 15

werner added a comment to T5520: Fix tests in FIPS mode.

If a configure switch to disable Brainpool curves will be added, we also need to add a switch to disable NIST curves.

Wed, Sep 15, 11:05 AM · Testing, FIPS, libgcrypt, Bug Report
Jakuje added a comment to T5520: Fix tests in FIPS mode.

Oh, my bad. I probably used wrong git command. Uploaded now the patches themselves:

Wed, Sep 15, 9:51 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe added a comment to T5520: Fix tests in FIPS mode.

disable-brainpool.patch is a text of list of patches.
I think the first two could be applied.
@Jakuje Could you please upload them?

Wed, Sep 15, 9:10 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe moved T5520: Fix tests in FIPS mode from Done to Next on the FIPS board.
Wed, Sep 15, 8:36 AM · Testing, FIPS, libgcrypt, Bug Report

Mon, Sep 13

werner moved T5520: Fix tests in FIPS mode from Next to Done on the FIPS board.
Mon, Sep 13, 11:17 AM · Testing, FIPS, libgcrypt, Bug Report
werner moved T5520: Fix tests in FIPS mode from Backlog to Next on the FIPS board.
Mon, Sep 13, 11:11 AM · Testing, FIPS, libgcrypt, Bug Report
Jakuje added a comment to T5520: Fix tests in FIPS mode.

I have one more patch set to improve FIPS testing in test/curves.c. In the past, it was basically skipped altogether in FIPS mode. This implements more fine-grained selection of what is being tested. This is the first part.

Mon, Sep 13, 8:53 AM · Testing, FIPS, libgcrypt, Bug Report

Fri, Sep 10

ikloecker added a comment to T5595: gpgrt-config doesn't work well with PKG_CONFIG_LIBDIR="" and setting PKG_CONFIG_PATH.

The fix works for me (using bash on openSUSE Tumbleweed).

Fri, Sep 10, 12:26 PM · Testing, gpgrt
gniibe changed the status of T5595: gpgrt-config doesn't work well with PKG_CONFIG_LIBDIR="" and setting PKG_CONFIG_PATH from Open to Testing.
Fri, Sep 10, 3:00 AM · Testing, gpgrt

Mon, Sep 6

Jakuje added a comment to T5520: Fix tests in FIPS mode.

looks good to me. Tested now with master 47e425e07995454573e28c13c08229d2f8a75642 and all tests pass for me in and out of FIPS mode as well as in the "soft" one.

Mon, Sep 6, 1:08 PM · Testing, FIPS, libgcrypt, Bug Report
gniibe moved T5508: Allow hardware optimizations in FIPS from Backlog to Done on the FIPS board.
Mon, Sep 6, 11:21 AM · Testing, FIPS, libgcrypt, Bug Report

Wed, Aug 25

gniibe closed T5425: scdaemon.conf reader-port setting broken in 2.3 as Resolved.

Fixed in 2.3.2.

Wed, Aug 25, 3:30 AM · gnupg, Testing, scd, Bug Report
gniibe closed T5530: Add "prehash" support to DSA and ECDSA signing as Resolved.
Wed, Aug 25, 3:29 AM · Testing, FIPS, libgcrypt, Feature Request

Tue, Aug 24

werner closed T5524: scd: serialize access of ctrl->card_ctx as Resolved.
Tue, Aug 24, 7:58 PM · gnupg (gpg23), Testing, scd

Mon, Aug 23

Jakuje added a comment to T5244: libgcrypt: Restrict message digest use.

From Stephan I got the following response to the allocation handler use case

Mon, Aug 23, 12:00 PM · FIPS, Testing, libgcrypt
gniibe added a project to T5244: libgcrypt: Restrict message digest use: FIPS.
Mon, Aug 23, 11:21 AM · FIPS, Testing, libgcrypt

Aug 18 2021

Jakuje added a comment to T5244: libgcrypt: Restrict message digest use.

Right. The clarification is that SHA1 itself (for non-security and non-signature use) is still allowed in FIPS mode. But it is not allowed to be used as part of signature schemes of the new API in FIPS mode. The old API, which allows raw signatures without digests, should just fail in FIPS mode too. And the FIPS-compatible gnupg should use the new API too (it would be good to think about this when putting it together).

Aug 18 2021, 7:46 PM · FIPS, Testing, libgcrypt
gniibe added a comment to T5244: libgcrypt: Restrict message digest use.

For use of SHA-1:

Aug 18 2021, 1:59 AM · FIPS, Testing, libgcrypt

Aug 17 2021

werner added a comment to T5244: libgcrypt: Restrict message digest use.

(can't access that bug with my account)

Aug 17 2021, 9:38 AM · FIPS, Testing, libgcrypt
gniibe added a comment to T5520: Fix tests in FIPS mode.

For tests with FIPS mode enabled, I manually create the file .libgcrypt.so.20.hmac under src/.libs.

Aug 17 2021, 6:04 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe added a project to T5520: Fix tests in FIPS mode: Testing.
Aug 17 2021, 4:22 AM · Testing, FIPS, libgcrypt, Bug Report

Aug 16 2021

Jakuje added a comment to T5244: libgcrypt: Restrict message digest use.

I went a bit back to the history to figure out what is the enforced and soft fips mode as it was initially not completely clear to me. For the record, I used the following bug from 9 years ago:

Aug 16 2021, 7:11 PM · FIPS, Testing, libgcrypt
gniibe changed the status of T5244: libgcrypt: Restrict message digest use from Open to Testing.

Since I think there is no reason why checking _gcry_enforced_fips_mode () here, I remove the check.

Aug 16 2021, 9:23 AM · FIPS, Testing, libgcrypt

Aug 6 2021

gniibe renamed T5547: Single thread support with newer GNU C library (2.34 or later) from Single thread support with newer GNU C library (2.32 or later) to Single thread support with newer GNU C library (2.34 or later).
Aug 6 2021, 9:19 AM · gpgrt
gniibe claimed T5547: Single thread support with newer GNU C library (2.34 or later).
Aug 6 2021, 9:19 AM · gpgrt

Jul 29 2021

gniibe claimed T5508: Allow hardware optimizations in FIPS.
Jul 29 2021, 7:25 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe changed the status of T5508: Allow hardware optimizations in FIPS from Open to Testing.
Jul 29 2021, 7:25 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe changed the status of T5530: Add "prehash" support to DSA and ECDSA signing from Open to Testing.
Jul 29 2021, 5:00 AM · Testing, FIPS, libgcrypt, Feature Request

Jul 22 2021

gniibe added projects to T5524: scd: serialize access of ctrl->card_ctx: Testing, gnupg (gpg23).
Jul 22 2021, 4:38 AM · gnupg (gpg23), Testing, scd

Jun 23 2021

gniibe closed T5413: Unblock PIN by Reset Code as Resolved.
Jun 23 2021, 7:12 AM · Testing, gnupg, scd

Jun 2 2021

werner moved T5440: _DARWIN_C_SOURCE kind of "must" be 1, not "900000L" from For 1.9 to Backlog on the libgcrypt board.
Jun 2 2021, 12:57 PM · MacOS, libgcrypt, Bug Report
werner moved T5440: _DARWIN_C_SOURCE kind of "must" be 1, not "900000L" from For 1.8 to For 1.9 on the libgcrypt board.
Jun 2 2021, 12:56 PM · MacOS, libgcrypt, Bug Report
werner moved T5440: _DARWIN_C_SOURCE kind of "must" be 1, not "900000L" from Backlog to For 1.8 on the libgcrypt board.
Jun 2 2021, 12:56 PM · MacOS, libgcrypt, Bug Report

May 27 2021

gniibe changed the status of T5440: _DARWIN_C_SOURCE kind of "must" be 1, not "900000L" from Open to Testing.
May 27 2021, 6:41 AM · MacOS, libgcrypt, Bug Report

May 7 2021

dain added a comment to T5425: scdaemon.conf reader-port setting broken in 2.3.

Ah, great. Thanks!

May 7 2021, 1:16 PM · gnupg, Testing, scd, Bug Report
gniibe added projects to T5425: scdaemon.conf reader-port setting broken in 2.3: scd, Testing, gnupg.
May 7 2021, 6:05 AM · gnupg, Testing, scd, Bug Report

May 3 2021

gniibe added a project to T5413: Unblock PIN by Reset Code: Testing.
May 3 2021, 6:33 AM · Testing, gnupg, scd

Apr 21 2021

gniibe closed T3891: kdf-setup does not set admin and user PIN codes as Resolved.
Apr 21 2021, 2:45 AM · Testing, scd, Bug Report

Apr 19 2021

werner closed T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified as Resolved.
Apr 19 2021, 5:56 PM · gnupg (gpg23), Testing, scd, Feature Request
werner closed T5000: trustdb,keybox: Adding support of v5key as Resolved.
Apr 19 2021, 5:51 PM · Testing, gnupg (gpg23)
werner added a comment to T5000: trustdb,keybox: Adding support of v5key.

Has been released with 2.3.0 and we better open a new task if problems show up with v5 key. I am pretty sure that there will be a few v5 key problems after they get in real use.

Apr 19 2021, 5:51 PM · Testing, gnupg (gpg23)

Apr 15 2021

werner added a project to T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified: gnupg (gpg23).
Apr 15 2021, 8:39 AM · gnupg (gpg23), Testing, scd, Feature Request
gniibe raised the priority of T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified from Normal to High.

Making this task up to HIGH priority, so that people can easily find this change in 2.3.0.

Apr 15 2021, 7:20 AM · gnupg (gpg23), Testing, scd, Feature Request
gniibe closed T3300: scd: Support multiple readers by PC/SC driver as Resolved.
Apr 15 2021, 7:10 AM · Testing, gnupg (gpg23), scd
gniibe closed T5100: OpenPGP app overwrites Yubikey serial number as Resolved.
Apr 15 2021, 4:42 AM · Testing, gnupg, scd, yubikey, kleopatra
gniibe closed T4158: UIF (User Interaction Flag) DO support as Resolved.
Apr 15 2021, 4:09 AM · Testing, Feature Request, scd, gnupg

Apr 13 2021

gniibe closed T3416: gpg should select available signing key on card (even with -u option) as Resolved.

Done in 2.3.0.

Apr 13 2021, 8:07 AM · Testing, Feature Request, gnupg