** Description changed: + [ Impact ] + + GPG is broken on RISC-V when vector length (VLEN) doesn't equal 128B. + + This has been fixed upstream: + https://github.com/gpg/libgcrypt/commit/3f684fc6ab3ac98320e245a06b3563ad37ec56f5 + + The upload backports the upstream commit as debian patch. + + [ Test Plan ] + + Start a RISC-V VM with QEMU, setting vector length to >128. + + For this, check + + https://documentation.ubuntu.com/hardware-support/boards/how- + to/ubuntu_supported/qemu-riscv/ + + for the full command, and modify it to set vlen: + + qemu-system-riscv64 -cpu max,vlen=256 ... + + Then, in the VM, run the following commands: + + head -c 10000 /dev/urandom > in.bin + PW="testpw-correct-horse-battery-staple" + gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes --symmetric \ + --cipher-algo AES256 --output out.gpg in.bin + gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes \ + --decrypt --output dec.bin out.gpg + + + This should succeed with only a success message from gpg. However, it currently returns: + + gpg: AES256.CFB encrypted data + gpg: encrypted with 1 passphrase + gpg: WARNING: encrypted message has been manipulated! + + It might also be useful to check that basic GPG functionality still + works. + + [ Where problems could occur ] + + Given that this is a change in a library used by GPG, we need to make + sure that basic GPG features still work, or that could introduce issues + around apt and any other GPG user. + + [ Other Info ] + + Original bug report: + GPG is broken on RISC-V when vector length (VLEN) doesn't equal 128B. This has been fixed upstream: https://github.com/gpg/libgcrypt/commit/3f684fc6ab3ac98320e245a06b3563ad37ec56f5 Test: head -c 10000 /dev/urandom > in.bin PW="testpw-correct-horse-battery-staple" gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes --symmetric \ - --cipher-algo AES256 --output out.gpg in.bin + --cipher-algo AES256 --output out.gpg in.bin gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes \ - --decrypt --output dec.bin out.gpg + --decrypt --output dec.bin out.gpg if cmp -s in.bin dec.bin; then - echo "PASS encrypt/decrypt" + echo "PASS encrypt/decrypt" else - echo "MISMATCH" + echo "MISMATCH" fi Run this on x86 it works fine but run it on SpacemiT K3 with VLEN=256 it fails. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: gpg 2.4.8-4ubuntu3 Uname: Linux 6.18.3-5-spacemit-generic riscv64 ApportVersion: 2.34.0-0ubuntu2 Architecture: riscv64 CasperMD5CheckResult: unknown CloudArchitecture: riscv64 CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSubPlatform: config-disk (/dev/sda2) Date: Sun May 24 10:40:29 2026 ProcEnviron: - LANG=C.UTF-8 - PATH=(custom, no user) - SHELL=/bin/bash - TERM=tmux-256color - XDG_RUNTIME_DIR=<set> + LANG=C.UTF-8 + PATH=(custom, no user) + SHELL=/bin/bash + TERM=tmux-256color + XDG_RUNTIME_DIR=<set> SourcePackage: gnupg2 UpgradeStatus: No upgrade log present (probably fresh install)
** Summary changed: - gpg buggy on RISC-V when vector length /= 128B + [SRU] gpg buggy on RISC-V when vector length /= 128B -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2154120 Title: [SRU] gpg buggy on RISC-V when vector length /= 128B To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2154120/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
