Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- As first step, abstract over X25519.
|
|
|
|
- This trait will not be public, at least for now, and we will still
stick to the compile-time backend selection, at least for now.
Therefore, we can still enjoy static dispatch.
- The trait will formalize the interface. It should only abstract
over the underlying primitives. Notably, we want to be able to
implement all operations on packets using this interface, so that
no user-facing functions are implemented in the crypto backends.
This will lead to a more consistent experience across all backends.
|
|
- The Galois/Counter mode for block ciphers is a FIPS-approved AEAD
mode. It will be added to the upcoming OpenPGP standard so that
we have a FIPS-compliant subset of OpenPGP.
|
|
- Nettle 3.9 and up support the authenticated encryption mode OCB.
|
|
* Notable fixes
- A parser bug was fixed. We classify this as a low-severity
issue, because Rust correctly detects the out-of-bounds access
and panics. If an attacker controls the input, they may be able
to use this bug to cause a denial of service.
|
|
- Add a document describing how we handle security vulnerabilities.
|
|
* Changes in 1.2.0
** Notable changes
- BufferedReader::copy is like std::io::copy, but more efficient.
* Notable fixes
- A parser bug was fixed. We classify this as a low-severity
issue, because Rust correctly detects the out-of-bounds access
and panics. If an attacker controls the input, they may be able
to use this bug to cause a denial of service.
|
|
|
|
|
|
- Upgrade lalrpop to version 0.20.
|
|
|
|
- Upgrade base64 to version 0.21.
|
|
- Upgrade base64 to version 0.21.
|
|
- Upgrade base64 to version 0.21.
|
|
- Arbitrary does not draw from a uniform distribution, e.g.,
arbitrary seems to be draw 0 about 10% of the time for a 32-bit
quantity.
- When we need two different arbitrary values, be very careful to
make sure they are different.
|
|
- In `Cert::keys`, `Cert::userids` and `Cert::user_attributes`, we
that `ValidCert:userids`, etc. is better than `Cert::userids`, etc.,
mention that `Cert::with_policy` can be used to turn a `Cert` into a
`ValidCert`.
- Fixes #921.
|
|
- Version 3 of Botan was release in April 2023. It is already
distributed by Arch. Switch crypto-botan to select the v3
interface.
- Introduce the `crypto-botan2` feature to use Botan with Botan's v2
interface.
|
|
- We can safely derive `Clone` for `SubpacketArea`.
- There is no reason to not clone the cache as well. It's just a
vector.
|
|
- `SignatureBuilder::effective_signature_creation_time` is supposed
to return the effective signature creation time. That is, it
should return the signature creation time that would be used if the
signature were created now.
- The function returns a `SystemTime`, which has a different
resolution and range from an OpenPGP timestamp.
- When using the current time, roundtrip it via `types::Timestamp`
to return the timestamp that will actually be set.
|
|
|
|
- When a `Key4` is changed, make sure the fingerprint cache is
cleared.
- Fixes #1016
|
|
- Add `KeyFlags::set_certification_to`, `KeyFlags::set_signing_to`,
`KeyFlags::set_transport_encryption_to`,
`KeyFlags::set_storage_encryption_to`,
`KeyFlags::set_split_key_to`, and
`KeyFlags::set_group_key_to`.
- This interface is easier to use when the caller has a boolean.
- Fixes #1018.
|
|
- When an algorithm is completely disabled, don't say that it
"is not considered secure since 1970-01-01T00:00:00Z" (i.e., the
unix epoch), just say "is not considered secure".
- Fixes #1000.
|
|
- When parsing a string, don't use a byte slice. It may contain
multi-byte characters.
- Fixes #1012.
|
|
- `str::splitn` takes a callback or a `char`. Since we are just
splitting on a `char`, pass it directly.
|
|
- The sole caller of `decode_autocrypt_like_header` already has the
data in the form that `decode_autocrypt_like_header` wants. Pass it
as is. This avoids double parsing and, since we now use the
expected types, `unwrap`s and a `panic`.
|
|
|
|
- If the packet parser encounters junk, it tries to recover by
finding the next plausible packet. Then, it returns the skipped
data in an synthetic packet. This packet has neither CTB nor
length.
- Previously, trying to access the data resulted in an out-of-bounds
subslicing.
- Fixes #985.
|
|
- Fixes #977.
|
|
- See #977.
|
|
- See #977.
|
|
- The packet parser hashes packet bodies to provide a robust
equality relation even when packet bodies are streamed. To hash
all bytes on the fly everywhere, we do that when it is consumed in
PacketParser::consume.
- This function assumes that if BufferedReader::data and friends
returned n bytes, future calls to these interfaces will succeed if
up to n bytes are requested, and no data was consumed in the
meantime.
- However, armor::Reader::data_helper did not provide that
guarantee, making PacketParser::consume panic with the message "It
is an error to consume more than data returns", which doesn't
quite correctly name the problem at hand.
- Fix this crash by fixing armor::Reader::data_helper in the same
way the previous commit fixes
buffered_reader::Generic::data_helper.
- Fixes #957.
|
|
- Make sure that we return the data we already have in our buffer,
even though we encountered an IO error while filling it.
- Notably, the packet parser assumes that data once read can be
requested through the buffered reader protocol again and again.
Unfortunately, that was not the case, leading to a panic.
- As the generic reader is used to implement the buffered reader
protocol on top of io::Read, this problem affects among other
things the compression container. Demonstrate this using test.
- Fixes #1005.
|
|
|
|
- It's not used.
|
|
|
|
|
|
|