** Description changed:

  [ Impact ]
  
  GPG is broken on RISC-V when vector length (VLEN) doesn't equal 128B.
  
  This has been fixed upstream:
  
https://github.com/gpg/libgcrypt/commit/3f684fc6ab3ac98320e245a06b3563ad37ec56f5
  
  The upload backports the upstream commit as debian patch.
  
  [ Test Plan ]
  
  Start a RISC-V VM with QEMU, setting vector length to >128.
  
  For this, check
  
  https://documentation.ubuntu.com/hardware-support/boards/how-
  to/ubuntu_supported/qemu-riscv/
  
  for the full command, and modify it to set vlen:
  
  qemu-system-riscv64 -cpu max,vlen=256 ...
  
  Then, in the VM, run the following commands:
  
  head -c 10000 /dev/urandom > in.bin
  PW="testpw-correct-horse-battery-staple"
  gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes --symmetric \
      --cipher-algo AES256 --output out.gpg in.bin
  gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes \
     --decrypt --output dec.bin out.gpg
  
  This currently fails, with the following:
  
  gpg: AES256.CFB encrypted data
  gpg: encrypted with 1 passphrase
  gpg: WARNING: encrypted message has been manipulated!
  
  Once the patch is applied, follow the same procedure and it should now
  work, the failure should be gone.
  
  It might also be useful to check that basic GPG functionality still
  works.
+ 
+ We also need to start a VM with VLEN=128 to make sure that the original
+ case did not regress.
  
  [ Where problems could occur ]
  
  Given that this is a change in a library used by GPG, we need to make
  sure that basic GPG features still work, or that could introduce issues
  around apt and any other GPG user.
  
  Only RISC-V codepaths are affected, so only RISC-V architecture needs
  testing. We should not have to worry about other architectures.
  
  [ Other Info ]
  
  Only Resolute and Stonking are affected. Questing does not have the bug.
  Plucky, Noble and below do not have RISC-V vector support.
  
  Original bug report:
  
  GPG is broken on RISC-V when vector length (VLEN) doesn't equal 128B.
  
  This has been fixed upstream:
  
https://github.com/gpg/libgcrypt/commit/3f684fc6ab3ac98320e245a06b3563ad37ec56f5
  
  Test:
  
  head -c 10000 /dev/urandom > in.bin
  PW="testpw-correct-horse-battery-staple"
  gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes --symmetric \
      --cipher-algo AES256 --output out.gpg in.bin
  gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes \
     --decrypt --output dec.bin out.gpg
  if cmp -s in.bin dec.bin; then
    echo "PASS encrypt/decrypt"
  else
    echo "MISMATCH"
  fi
  
  Run this on x86 it works fine but run it on SpacemiT K3 with VLEN=256 it
  fails.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 26.04
  Package: gpg 2.4.8-4ubuntu3
  Uname: Linux 6.18.3-5-spacemit-generic riscv64
  ApportVersion: 2.34.0-0ubuntu2
  Architecture: riscv64
  CasperMD5CheckResult: unknown
  CloudArchitecture: riscv64
  CloudID: nocloud
  CloudName: unknown
  CloudPlatform: nocloud
  CloudSubPlatform: config-disk (/dev/sda2)
  Date: Sun May 24 10:40:29 2026
  ProcEnviron:
   LANG=C.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=tmux-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: gnupg2
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2154120

Title:
  [SRU] gpg buggy on RISC-V when vector length /= 128B

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2154120/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to