openpgp: Mitigate collision attacks on SHA-1.

- Use a collision detecting implementation of SHA-1. When a collision attack is detected, the algorithm employs a mitigation, changing the hash function to discriminate the colliding preimage.
author: Justus Winter <justus@sequoia-pgp.org> 2020-11-10 15:28:07 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2020-11-12 10:32:00 +0100
commit: 8b390e8a38d8a31b5ada19a5ebbce924ee777fd8 (patch)
tree: 730ba04c27a8ceb603d00bffa22c6851a43c54d6 /Cargo.lock
parent: 91e82329cb50dda79243d933f13fd22888af5cdd (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/Cargo.lock b/Cargo.lock
index d774617e..1160d891 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1893,9 +1893,11 @@ dependencies = [
  "buffered-reader",
  "bzip2",
  "chrono",
+ "digest 0.9.0",
  "dyn-clone",
  "ed25519-dalek",
  "flate2",
+ "generic-array 0.14.4",
  "idna",
  "lalrpop",
  "lalrpop-util",
@@ -1908,6 +1910,7 @@ dependencies = [
  "rand",
  "regex",
  "rpassword",
+ "sha1collisiondetection",
  "thiserror",
  "unicode-normalization",
  "win-crypto-ng",
@@ -2024,6 +2027,16 @@ dependencies = [
 ]
 
 [[package]]
+name = "sha1collisiondetection"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6df2f0600b061bab243ef94c8d077332f2991c232bf44a5e91d0c401523f514"
+dependencies = [
+ "digest 0.9.0",
+ "libc",
+]
+
+[[package]]
 name = "sha2"
 version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
author	Justus Winter <justus@sequoia-pgp.org>	2020-11-10 15:28:07 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2020-11-12 10:32:00 +0100
commit	8b390e8a38d8a31b5ada19a5ebbce924ee777fd8 (patch)
tree	730ba04c27a8ceb603d00bffa22c6851a43c54d6 /Cargo.lock
parent	91e82329cb50dda79243d933f13fd22888af5cdd (diff)