sequoia-pgp - Mirror of https://gitlab.com/sequoia-pgp/sequoia.git

Age	Commit message (Collapse)	Author
2023-03-24	net: Release 0.27.0net/v0.27.0	Neal H. Walfield

2023-03-23	openpgp: Release 1.14.0openpgp/v1.14.0	Neal H. Walfield

2023-03-23	openpgp: Move `Key4::import_secret_cv25519` into common code.	Wiktor Kwapisiewicz
	- Most of the logic in this function is the same across backends. - Introduce `Key4::derive_cv25519_public_key` that does backend-specific derivation. - Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/958
2023-03-23	openpgp: Implement Parse for RawCert	Neal H. Walfield
	- We implement `Parse` for `Cert`. Do the same for `RawCert` and check that they have the same semantics.
2023-03-23	openpgp: Re-export buffered_reader.	Justus Winter
	- We use this in our API, and re-exporting it here makes it easy to use the correct version of the crate in downstream code without having to explicitly depend on it.
2023-03-23	buffered-reader: Hoist accessing lazy static out of the loop.	Justus Winter

2023-03-23	buffered-reader: Deduplicate test data.	Justus Winter
	- Let's not rely on the linker to deduplicate our 50k test vector.
2023-03-23	buffered-reader: Implement BufferedReader::copy.	Justus Winter
	- This is like io::copy, but more efficient as it avoids an extra copy, and it will try to copy all the data the reader has already buffered. - Fixes #974.
2023-03-22	openpgp: Fix documentation, we need a signing key for sign_message.	Justus Winter

2023-03-22	ci: Do not reinstall build dependencies in the clippy job.	Justus Winter

2023-03-22	ci: Do not pin Rust versions (except for clippy).	Justus Winter
	- Instead, rely on the base images to be up-to-date. We still want to pin clippy, because updating that tends to be very noisy.
2023-03-22	ci: Do not reinstall GnuPG, it is already part of the image.	Justus Winter

2023-03-22	ci: Do not run the benchmarks as tests on armv7.	Justus Winter
	- We run these under qemu because we lack real hardware, and it is one of the slower jobs. Speed it up a little by not running the benchmarks as tests here.
2023-03-22	ci: Do not run the doctests on Windows.	Justus Winter
	- Doctests have to be individually compiled, linked, and executed. This seems to be very slow on Windows: running the doctests accounts for two thirds of the total job runtime.
2023-03-22	openpgp: Pre-allocate backing for the subpacket cache.	Justus Winter

2023-03-22	openpgp: When looking up subpackets, acquire the lock just once.	Justus Winter

2023-03-21	openpgp: Delay non-trivial context computations.	Justus Winter
	- Fixes #892.
2023-03-21	openpgp: Avoid heap allocation during fingerprint computing.	Justus Winter

2023-03-21	openpgp: Cache fingerprint calculations.	Justus Winter
	- Fixes #645.
2023-03-20	openpgp: Small cleanups in the Botan backend.	Justus Winter
	- Remove development remnants, actually use the creation time when importing RSA keys.
2023-03-20	openpgp: Add check for CAST5.	Wiktor Kwapisiewicz
	- OpenSSL can be compiled with no support for CAST5. - This will be indicated by setting `osslconf` variable to `OPENSSL_NO_CAST`. - See https://github.com/sfackler/rust-openssl/pull/1786
2023-03-15	openpgp: Report Nettle's library version and optional features.	Justus Winter

2023-03-15	openpgp: Bump nettle to 7.2.2.	Justus Winter
	- Notably, this zeros symmetric encryption keys in memory once we're done encrypting or decrypting.
2023-03-14	openpgp: Fix labeling fields ending on a 16 byte boundary.	Justus Winter
	- This is a more comprehensive fix than bee82c2952512a5585e93f180180ca45468d4f2b.
2023-03-14	openpgp: Immediately create ProtectedMPIs for secrets.	Justus Winter
	- Avoid creating an MPI first, as this may leak the secrets.
2023-03-14	openpgp: Avoid leaking secrets when parsing secret key material.	Justus Winter

2023-03-14	openpgp: Avoid leaking secrets when constructing ProtectedMPIs.	Justus Winter

2023-03-14	openpgp: Avoid a heap allocation during MPI parsing.	Justus Winter
	- Not only was the heap allocation superfluous, it also leaked secrets into the heap.
2023-03-14	openpgp: Simplify trimming of leading zeros.	Justus Winter

2023-03-13	openpgp: New constructor hex::Dumper::with_offset.	Justus Winter

2023-03-13	openpgp: Fix dumping fields ending on a 16 byte boundary.	Justus Winter

2023-03-13	ci: Drop job pushing sq to Gitlab's Docker Registry.	Justus Winter
	- This has to move to sq's new repository.
2023-03-13	openpgp: Bump botan to 0.10.1 to avoid raising our MSRV.	Justus Winter

2023-03-13	openpgp: Fix test.	Justus Winter
	- Previously, NotAsFarAsWeKnow was interpreted as identifier making the if let binding irrefutable. - Fixes 7afee60b7cf0f19559bfccd8c42fdc77f6b9c655.
2023-03-08	openpgp: Add a new backend based on the Botan cryptographic library.	Justus Winter

2023-03-08	openpgp: Feature the OpenSSL backend more prominently.	Justus Winter

2023-03-07	openpgp: Protect SecretKeyMaterial during memory encryption.	Justus Winter

2023-03-07	openpgp: Prevent leaking secrets accessing encrypted memory.	Justus Winter
	- Track the length of the plaintext data. This makes it possible to use unchunked AEAD and decrypt the data without copying it into a growing vector. Also, avoid io::copy, as this leaks secrets into its buffer.
2023-03-07	openpgp: Fix secret leaking into the heap moving it into Protected.	Justus Winter

2023-03-07	openpgp: Prevent secrets from leaking into the BufferedReader stack.	Justus Winter
	- When parsing secrets using the BufferedReader protocol, they may leak into buffers of the readers in the BufferedReader stack. This is is most problematic when parsing SecretKeyMaterial. - Deprecate SecretKeyMaterial::parse* in favor of variants that operate on bytes. Then, we can use the memory-backed BufferedReader which does not introduce additional buffering (and neither does the Dub reader used in the PackedHeaderParser).
2023-03-07	openpgp: New constructor to allocate protected memory.	Justus Winter

2023-03-06	openpgp: Eagerly erase type in the PacketHeaderParser.	Justus Winter
	- The PacketHeaderParser returns erased BufferedReaders anyway, so we might as well do it early. This avoids any accidental specialization and hence code duplication.
2023-03-06	openpgp: Dedup ComponentBundle::binding_signature.	Justus Winter

2023-03-02	openpgp: Combine ciphertext and tag in Aead::decrypt_verify.	Justus Winter
	- It is easier (and cheaper) to tear apart in backends that need ciphertext and tag to be separate than to combine it for backends that expect the tag to be appended to the ciphertext. - The caller doesn't have to do anything, because in OpenPGP on the wire the tag is already appended to the ciphertext. The one exception is our current implementation of SKESKv5, but in our upcoming SKESKv6 implementation, we store the tag appended to the ciphertext, so it will be easy to use this interface there.
2023-03-02	openpgp: Add missing test vector.	Justus Winter
	- This wasn't caught by the CI because none of the current backends implement ElGamal. - Fixes 2b4cfe58604202e0a2515cf7e3de72245d2c6633.
2023-03-01	openpgp: Add support for brainpoolP384r1.	Justus Winter
	- One of the brainpool curves was not included in our enum Curve, because at the time we implemented ECC support, it wasn't part of the RFC4880bis document. - Unfortunately, we failed to mark enum Curve as non-exhaustive, so we cannot add a variant without breaking the API. - We can, however, support the curve by matching on its OID.
2023-03-01	openpgp: Add high-level encryption and signing roundtrip tests.	Justus Winter

2023-03-01	openpgp: Fix crash in the CNG backend.	Justus Winter

2023-03-01	openpgp: Add low-level ElGamal PKESK decryption test.	Justus Winter

2023-03-01	openpgp: Fix documentation.	Justus Winter