** Description changed: [ Impact ] GPG is broken on RISC-V when vector length (VLEN) doesn't equal 128B. This has been fixed upstream: https://github.com/gpg/libgcrypt/commit/3f684fc6ab3ac98320e245a06b3563ad37ec56f5 The upload backports the upstream commit as debian patch. [ Test Plan ] Start a RISC-V VM with QEMU, setting vector length to >128. For this, check https://documentation.ubuntu.com/hardware-support/boards/how- to/ubuntu_supported/qemu-riscv/ for the full command, and modify it to set vlen: qemu-system-riscv64 -cpu max,vlen=256 ... Then, in the VM, run the following commands: head -c 10000 /dev/urandom > in.bin PW="testpw-correct-horse-battery-staple" gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes --symmetric \ --cipher-algo AES256 --output out.gpg in.bin gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes \ --decrypt --output dec.bin out.gpg - - This should succeed with only a success message from gpg. However, it currently returns: + This should succeed with only a success message from gpg. However, it + currently returns: gpg: AES256.CFB encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: encrypted message has been manipulated! It might also be useful to check that basic GPG functionality still works. [ Where problems could occur ] Given that this is a change in a library used by GPG, we need to make sure that basic GPG features still work, or that could introduce issues around apt and any other GPG user. [ Other Info ] + + Only Resolute and Stonking are affected. Questing does not have the bug. + Plucky, Noble and below do not have RISC-V vector support. Original bug report: GPG is broken on RISC-V when vector length (VLEN) doesn't equal 128B. This has been fixed upstream: https://github.com/gpg/libgcrypt/commit/3f684fc6ab3ac98320e245a06b3563ad37ec56f5 Test: head -c 10000 /dev/urandom > in.bin PW="testpw-correct-horse-battery-staple" gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes --symmetric \ --cipher-algo AES256 --output out.gpg in.bin gpg --batch --pinentry-mode loopback --passphrase "$PW" --yes \ --decrypt --output dec.bin out.gpg if cmp -s in.bin dec.bin; then echo "PASS encrypt/decrypt" else echo "MISMATCH" fi Run this on x86 it works fine but run it on SpacemiT K3 with VLEN=256 it fails. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: gpg 2.4.8-4ubuntu3 Uname: Linux 6.18.3-5-spacemit-generic riscv64 ApportVersion: 2.34.0-0ubuntu2 Architecture: riscv64 CasperMD5CheckResult: unknown CloudArchitecture: riscv64 CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSubPlatform: config-disk (/dev/sda2) Date: Sun May 24 10:40:29 2026 ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=tmux-256color XDG_RUNTIME_DIR=<set> SourcePackage: gnupg2 UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2154120 Title: [SRU] gpg buggy on RISC-V when vector length /= 128B To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2154120/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
