Age | Commit message (Collapse) | Author |
|
- Avoid creating an MPI first, as this may leak the secrets.
|
|
|
|
|
|
- Not only was the heap allocation superfluous, it also leaked
secrets into the heap.
|
|
|
|
|
|
|
|
- This has to move to sq's new repository.
|
|
|
|
- Previously, NotAsFarAsWeKnow was interpreted as identifier making
the if let binding irrefutable.
- Fixes 7afee60b7cf0f19559bfccd8c42fdc77f6b9c655.
|
|
|
|
|
|
|
|
- Track the length of the plaintext data. This makes it possible to
use unchunked AEAD and decrypt the data without copying it into a
growing vector. Also, avoid io::copy, as this leaks secrets into
its buffer.
|
|
|
|
- When parsing secrets using the BufferedReader protocol, they may
leak into buffers of the readers in the BufferedReader stack.
This is is most problematic when parsing SecretKeyMaterial.
- Deprecate SecretKeyMaterial::parse* in favor of variants that
operate on bytes. Then, we can use the memory-backed
BufferedReader which does not introduce additional buffering (and
neither does the Dub reader used in the PackedHeaderParser).
|
|
|
|
- The PacketHeaderParser returns erased BufferedReaders anyway, so
we might as well do it early. This avoids any accidental
specialization and hence code duplication.
|
|
|
|
- It is easier (and cheaper) to tear apart in backends that need
ciphertext and tag to be separate than to combine it for backends
that expect the tag to be appended to the ciphertext.
- The caller doesn't have to do anything, because in OpenPGP on the
wire the tag is already appended to the ciphertext. The one
exception is our current implementation of SKESKv5, but in our
upcoming SKESKv6 implementation, we store the tag appended to the
ciphertext, so it will be easy to use this interface there.
|
|
- This wasn't caught by the CI because none of the current backends
implement ElGamal.
- Fixes 2b4cfe58604202e0a2515cf7e3de72245d2c6633.
|
|
- One of the brainpool curves was not included in our enum Curve,
because at the time we implemented ECC support, it wasn't part of
the RFC4880bis document.
- Unfortunately, we failed to mark enum Curve as non-exhaustive, so
we cannot add a variant without breaking the API.
- We can, however, support the curve by matching on its OID.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Hand in the additional authenticated data when constructing the
context.
|
|
- Combine `encrypt` and `tag` to `encrypt_seal` similarly to we
previously combined `decrypt_verify`. This better matches AEAD
constructions, and the original interface was mostly informed by
Nettle's relatively low-level interface.
|
|
|
|
|
|
- Previously, the IV length defaulted to 12.
- We have to set the IV length before supplying the
IV in {de,en}crypt_init. Otherwise, it will be silently
truncated.
|
|
- This is useful for debugging, fuzzing, andn benchmarking.
|
|
- From now on, development will take place in its own repository at
https://gitlab.com/sequoia-pgp/sequoia-sq. The first commit there
is b89c172c1d6a2a78b4b4807ce6c4af14d418f0a6.
|
|
- This is the last release of the sq frontend from this repository.
Development will continue here:
https://gitlab.com/sequoia-pgp/sequoia-sq
|
|
- We generate the crate's main doc string from the command line
interface.
- Previously, the file was checked in and cargo publish started
complaining about the build script modifying the file. Instead,
remove the file from version control and create it in OUT_DIR
where build.rs-generated files belong.
|
|
- Also bump chrono to 0.4.23 so that we can use
DateTime::date_naive.
- The bump was necessary because cargo publish will use the newest
version as opposed to the one recorded in Cargo.lock. The locked
version neither has DateTime::date_naive, nor does it deprecate
the old interface.
|
|
|
|
- This partially reverts e750937553e5434d9463d7b65d0dca986b2d8d31.
- We always enable deflate anyway, and the only compression feature
we expose is compression-bzip2.
|
|
|
|
|
|
- The OpenSSL backend supports OCB, so we should test it!
|
|
|
|
- Previously, we checked that the subpacket area fits a v4 signature
when parsing. However, the subpacket area size depends on the
packet version, and our SubpacketArea is independent of the
signature version.
- The size will be checked when serializing the signatures. It is
not useful to check them when parsing the signatures.
|
|
|
|
- Hash algorithm detection previously checked only conversion to Nid.
- More thorough check which involves construction of the Hasher object
is needed.
- Adjust the code and add a comment.
- Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/979
|
|
- Suggesting using the default feature allows `sequoia_openpgp` to
change the default and the other crates will adjust.
- This also fixes the `sequoia` typo in the crate name.
- Related MR: https://gitlab.com/openpgp-card/openpgp-card/-/merge_requests/35
|
|
|
|
|