Age | Commit message (Collapse) | Author |
|
- v4 and v6 key IDs are both 8 octets in length, hence we cannot
distinguish them.
- Rename KeyID::V4 to KeyID::Long to reflect this. Handle aliasing
with v6 fingerprints.
|
|
|
|
- We have a lot of feature branches, let's save some cycles.
|
|
- In this branch, we will collect our work implementing the next
revision of OpenPGP, RFC9760.
- The ongoing work will happen in feature branches starting from
this commit. A feature branch may also branch off from a commit
further down in the crypto-refresh branch.
- Small and complete changes may be collected into this branch,
especially changes introducing fundamental types required by most
feature brances, such as v6 fingerprints.
- We may occasionally rebase this branch on top of the current main
development branch, and use the opportunity to linearize it.
|
|
|
|
- Previously, KeyHandle::partial_cmp tried to sort aliasing handles
together. However, this made the function not transitive, which
is required by implementations of PartialOrd.
- Fix this by simply comparing the byte representations, and
computing aliasing in KeyHandle::aliases.
- Note: This makes PartialOrd (and PartialEq) total, but we still
don't implement Ord (and Eq) to prevent naive comparisons.
|
|
- This function allows accepting hash algorithm for one particular
security property.
- Closes https://gitlab.com/sequoia-pgp/sequoia/-/issues/595
|
|
|
|
|
|
- Previously, every crypto backend had to implement these methods.
Instead, implement them just once and hard code the lengths.
Anchor them using the values from the crypto backends, if
available.
- Fixes #966.
|
|
- Previously, we incorrectly selected the 2TDEA variant that uses
112-bit keys.
|
|
- Supply key and block size for IDEA. Without that information,
IDEA is not usable in practice.
|
|
|
|
|
|
- Most of the logic in this function is the same across backends.
- Introduce `Key4::derive_cv25519_public_key` that does
backend-specific derivation.
- Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/958
|
|
- We implement `Parse` for `Cert`. Do the same for `RawCert` and
check that they have the same semantics.
|
|
- We use this in our API, and re-exporting it here makes it easy to
use the correct version of the crate in downstream code without
having to explicitly depend on it.
|
|
|
|
- Let's not rely on the linker to deduplicate our 50k test vector.
|
|
- This is like io::copy, but more efficient as it avoids an extra
copy, and it will try to copy all the data the reader has already
buffered.
- Fixes #974.
|
|
|
|
|
|
- Instead, rely on the base images to be up-to-date. We still want
to pin clippy, because updating that tends to be very noisy.
|
|
|
|
- We run these under qemu because we lack real hardware, and it is
one of the slower jobs. Speed it up a little by not running the
benchmarks as tests here.
|
|
- Doctests have to be individually compiled, linked, and executed.
This seems to be very slow on Windows: running the doctests
accounts for two thirds of the total job runtime.
|
|
|
|
|
|
- Fixes #892.
|
|
|
|
- Fixes #645.
|
|
- Remove development remnants, actually use the creation time when
importing RSA keys.
|
|
- OpenSSL can be compiled with no support for CAST5.
- This will be indicated by setting `osslconf` variable to
`OPENSSL_NO_CAST`.
- See https://github.com/sfackler/rust-openssl/pull/1786
|
|
|
|
- Notably, this zeros symmetric encryption keys in memory once we're
done encrypting or decrypting.
|
|
- This is a more comprehensive fix than
bee82c2952512a5585e93f180180ca45468d4f2b.
|
|
- Avoid creating an MPI first, as this may leak the secrets.
|
|
|
|
|
|
- Not only was the heap allocation superfluous, it also leaked
secrets into the heap.
|
|
|
|
|
|
|
|
- This has to move to sq's new repository.
|
|
|
|
- Previously, NotAsFarAsWeKnow was interpreted as identifier making
the if let binding irrefutable.
- Fixes 7afee60b7cf0f19559bfccd8c42fdc77f6b9c655.
|
|
|
|
|
|
|
|
- Track the length of the plaintext data. This makes it possible to
use unchunked AEAD and decrypt the data without copying it into a
growing vector. Also, avoid io::copy, as this leaks secrets into
its buffer.
|