Page MenuHome GnuPG

g10Project
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This subproject allows committers to use "g10: <TITLE>" in commit messages.

Recent Activity

Jan 19 2023

werner removed a project from T6023: Check how GnuPG handles several keys from WKD: gnupg (gpg23).
Jan 19 2023, 4:46 PM · gnupg24, g10, common, Documentation, wkd

Dec 12 2022

werner moved T6023: Check how GnuPG handles several keys from WKD from Backlog to WiP on the g10 board.
Dec 12 2022, 12:17 PM · gnupg24, g10, common, Documentation, wkd
werner moved T6023: Check how GnuPG handles several keys from WKD from Backlog to WiP on the common board.
Dec 12 2022, 12:15 PM · gnupg24, g10, common, Documentation, wkd
werner added projects to T6023: Check how GnuPG handles several keys from WKD: common, g10.
Dec 12 2022, 12:12 PM · gnupg24, g10, common, Documentation, wkd

Jun 16 2022

werner closed T6021: GPG misparses `--list-options=show-sig-subpackets="100"a` as Wontfix.

Please don't play ping pong now,

Jun 16 2022, 7:02 PM · g10, Bug Report
werner closed T6032: Assertion failure in gpg as Invalid.

Please report such bugs to RedHat - they use a modified Libgcrypt and thus it's there bug.

Jun 16 2022, 7:00 PM · RHEL, g10, Bug Report
DemiMarie added a task to D555: g10: Disallow compressed signatures and certificates: T5993: gpg should reject compressed packets outside of messages.
Jun 16 2022, 6:53 PM · gnupg
DemiMarie retitled D555: g10: Disallow compressed signatures and certificates from Disallow compressed signatures and certificates to g10: Disallow compressed signatures and certificates.
Jun 16 2022, 6:53 PM · gnupg
DemiMarie raised the priority of T6021: GPG misparses `--list-options=show-sig-subpackets="100"a` from Low to Needs Triage.
Jun 16 2022, 6:52 PM · g10, Bug Report
DemiMarie added a comment to T6032: Assertion failure in gpg.

I will try, but it will likely be a while. In any case I believe you will need a Red Hat-family distro to trigger the bug; it happens when gpg trys to encrypt with a key that uses a public key algorithm libgcrypt does not support.

Jun 16 2022, 6:42 PM · RHEL, g10, Bug Report
werner added a comment to T6032: Assertion failure in gpg.

Please provide a test case.

Jun 16 2022, 6:39 PM · RHEL, g10, Bug Report
DemiMarie reopened T6032: Assertion failure in gpg as "Open".

Reopening as gpg’s handling of the situation is very much suboptimal.

Jun 16 2022, 3:19 PM · RHEL, g10, Bug Report
DemiMarie closed T6032: Assertion failure in gpg as Invalid.

Closing as I believe this is a downstream bug.

Jun 16 2022, 12:26 AM · RHEL, g10, Bug Report
DemiMarie updated the task description for T6031: Creating an overlong notation hits a fatal error..
Jun 16 2022, 12:03 AM · Bug Report, gnupg

Jun 15 2022

DemiMarie created T6032: Assertion failure in gpg.
Jun 15 2022, 11:34 PM · RHEL, g10, Bug Report
ikloecker added a comment to T6031: Creating an overlong notation hits a fatal error..

Please read at least one article that explains how to write a good bug report. I'm pretty sure that you will find plenty of good articles using your favorite search engine.

Jun 15 2022, 10:07 PM · Bug Report, gnupg
DemiMarie created T6031: Creating an overlong notation hits a fatal error..
Jun 15 2022, 9:46 PM · Bug Report, gnupg

May 22 2022

DemiMarie added a comment to T5993: gpg should reject compressed packets outside of messages.

I would be okay with GnuPG ignoring such packets, but I do not want verifying a signature or importing a key to activate the decompression code and its associated attack surface.

May 22 2022, 8:57 PM · Feature Request, gnupg
DemiMarie added a comment to T5993: gpg should reject compressed packets outside of messages.

This specificiation is a draft which has not even been discussed in the WG. In any case gpg won't implement this because it would break processing of existing data.

May 22 2022, 8:56 PM · Feature Request, gnupg
werner added a comment to T5993: gpg should reject compressed packets outside of messages.

This specificiation is a draft which has not even been discussed in the WG. In any case gpg won't implement this because it would break processing of existing data.

May 22 2022, 11:34 AM · Feature Request, gnupg
DemiMarie created T5993: gpg should reject compressed packets outside of messages.
May 22 2022, 12:20 AM · Feature Request, gnupg
DemiMarie created T5992: gpg should reject compressed packets outside of messages.
May 22 2022, 12:19 AM · Duplicate

Aug 13 2021

werner changed the edit policy for g10.
Aug 13 2021, 11:00 PM

Apr 20 2018

gniibe added a comment to T3781: ECC encryption key on-card generation broken.

@nitroalex Perhaps, creating new ticker is better for this topic.
In the current OpenPGP card specification, there is no way for an application (except having a list of card implementation information) to know wich algo and which curve is supported or not.
So, what an application does is try and error.
I don't like this situation, but I don't know how we can modify the specification.

Apr 20 2018, 10:10 AM · g10, scd, Bug Report

Apr 19 2018

nitroalex added a comment to T3781: ECC encryption key on-card generation broken.

Well, I surely would agree (and this is only a proposal anyway), but my point here is, that OpenPGP Card does not support Curve 25519, so that one *have to* choose between those other two. Considering me a tinfoil hat person, I would rather not choose NIST, as many others wouldn't too.

Apr 19 2018, 2:27 PM · g10, scd, Bug Report

Apr 13 2018

werner added a comment to T3781: ECC encryption key on-card generation broken.

Neither Brainpool nor NIST curves make any sense unless there is an organizational policy requirement. Thus the --expert requirement is the Right Thing (tm).

Apr 13 2018, 12:53 PM · g10, scd, Bug Report

Apr 12 2018

nitroalex added a comment to T3781: ECC encryption key on-card generation broken.

works just fine, thx!

Apr 12 2018, 3:30 PM · g10, scd, Bug Report

Apr 11 2018

gniibe closed T3781: ECC encryption key on-card generation broken as Resolved.

Fixed in 2.2.6.

Apr 11 2018, 1:58 AM · g10, scd, Bug Report

Mar 30 2018

gniibe changed the status of T3781: ECC encryption key on-card generation broken from Open to Testing.
Mar 30 2018, 4:52 AM · g10, scd, Bug Report
gniibe added a comment to T3781: ECC encryption key on-card generation broken.

Furthermore, I changed to have an explicit command: key-attr

Mar 30 2018, 4:52 AM · g10, scd, Bug Report

Mar 29 2018

gniibe triaged T3781: ECC encryption key on-card generation broken as Normal priority.

I changed the interaction so that user can specify RSA or ECC, then when it's for ECC, specifying curve.

Mar 29 2018, 6:10 AM · g10, scd, Bug Report

Mar 5 2018

Arnaud added a comment to T3781: ECC encryption key on-card generation broken.

This would be a good solution.

Mar 5 2018, 11:05 AM · g10, scd, Bug Report
werner added a comment to T3781: ECC encryption key on-card generation broken.

This has also the advantage that we could list the possible curves and let the user select them.

Mar 5 2018, 9:40 AM · g10, scd, Bug Report
werner added a comment to T3781: ECC encryption key on-card generation broken.

So should we revert this patch and replace it by an explicit command to switch the card to ECC?

Mar 5 2018, 9:39 AM · g10, scd, Bug Report

Feb 16 2018

jfe closed T3770: heap buffer overflow in iobuf.c as Resolved.
Feb 16 2018, 7:33 PM · g10, Bug Report
jfe added a comment to T3770: heap buffer overflow in iobuf.c.

This handles the problem, thanks.

Feb 16 2018, 7:32 PM · g10, Bug Report

Feb 15 2018

werner added a comment to T3770: heap buffer overflow in iobuf.c.

Does this patch help? My artificial test confirmed that this does the Right Thing.

Feb 15 2018, 11:49 AM · g10, Bug Report
werner claimed T3770: heap buffer overflow in iobuf.c.
Feb 15 2018, 11:24 AM · g10, Bug Report
jfe added a comment to T3770: heap buffer overflow in iobuf.c.

Yes, that is correct.

Feb 15 2018, 10:34 AM · g10, Bug Report
gniibe added a comment to T3770: heap buffer overflow in iobuf.c.

I guess that you are running on 32-bit architecture where the function keybox_get_keyblock uses 32-bit signed size_t for image_off and image_len.

Feb 15 2018, 7:37 AM · g10, Bug Report

Feb 14 2018

jfe added a comment to T3770: heap buffer overflow in iobuf.c.

That's weird, I can reproduce it with a fresh pull from dev.gnupg.org (I can't clone it because it keeps giving me an error like "no rule to make target audit-events.h) by configuring with CFLAGS set to -fsantize=address -ldl and LDFLAGS set to -lasan. I added the -ldl because of a linking error with symbol dlsym (only when -fsantize=address is present). It more specifically complains about a READ access of size 1 and heap-buffer-overflow on address 0xb30037b0. It also mentions that this address is a wild pointer. The call tree looks as follows:
iobuf_temp_with_content
keybox_get_keyblock
keydb_get_keyblock
do_export_stream
do_export
export_pubkeys
main

Feb 14 2018, 9:44 PM · g10, Bug Report
werner added a comment to T3770: heap buffer overflow in iobuf.c.

Can't replicate this with gcc's address sanitizer. I found a bug in kbxutil, though.
Can you post a bit more info than just line 1275?

Feb 14 2018, 4:54 PM · g10, Bug Report

Feb 13 2018

gniibe claimed T3781: ECC encryption key on-card generation broken.
Feb 13 2018, 5:33 AM · g10, scd, Bug Report

Feb 6 2018

jfe added a comment to T3780: Integer overflow causes heap overflow in parse_symkeyenc() in file g10/parse-packet.c.

Great, thanks for the quick response!

Feb 6 2018, 6:25 PM · g10, Bug Report
Arnaud updated the task description for T3781: ECC encryption key on-card generation broken.
Feb 6 2018, 6:12 PM · g10, scd, Bug Report
Arnaud updated the task description for T3781: ECC encryption key on-card generation broken.
Feb 6 2018, 6:11 PM · g10, scd, Bug Report
Arnaud created T3781: ECC encryption key on-card generation broken.
Feb 6 2018, 6:10 PM · g10, scd, Bug Report
werner closed T3780: Integer overflow causes heap overflow in parse_symkeyenc() in file g10/parse-packet.c as Resolved.

Thanks for testing. I recall that I wanted to update the checking but a phonecall disturbed my hacking sequence; should have used DND.

Feb 6 2018, 5:47 PM · g10, Bug Report
jfe updated the task description for T3780: Integer overflow causes heap overflow in parse_symkeyenc() in file g10/parse-packet.c.
Feb 6 2018, 1:12 PM · g10, Bug Report
jfe created T3780: Integer overflow causes heap overflow in parse_symkeyenc() in file g10/parse-packet.c.
Feb 6 2018, 1:10 PM · g10, Bug Report