Age | Commit message (Collapse) | Author |
|
|
|
- `win-crypt-ng` 0.5.1 depends on version 0.5 or 0.6 of `rand_core`.
`ed25519-dalek` requires version 0.5 of `rand_core`. `cargo` is
happy to pull in `rand_core` 0.6 when compiling `win-crypt-ng` and
0.5 when compiling `ed25519-dalek`.
- This is a problem. We use a function from `ed25519-dalek` that takes
a parameter that has to implement traits defined by `rand_core` 0.5.
We pass it an object returned from `win-crypt-ng`. When `win-crypt-ng`
uses `rand_core` 0.6, the types are incompatible. `cargo` does not have
a way to expression this type of dependency (`ed25519-dalek` and
`win-crypto-ng` must use the same version of `rand_core`).
- To work around this limitation, we force the use of version 0.5.0 of
`win-crypt-ng`. It only allows version 0.5.0 of `rand_core`.
- Fixes #1052.
|
|
|
|
- The `all_commits` check rebases the branch being tested onto main.
This is brittle when the merge request is relative to some very
old commit, as is the case when updating an old release. In these
cases, the changes aren't even intended to be rebased on main so
rebasing them on main makes no sense.
- Change the all_commits check to check commits up to the merge
base.
- Also increase the script's verbosity so it is clearer what is
being checked.
|
|
|
|
|
|
- Upgrade lalrpop to version 0.20.
|
|
|
|
- Upgrade base64 to version 0.21.
|
|
- Upgrade base64 to version 0.21.
|
|
- Upgrade base64 to version 0.21.
|
|
- Arbitrary does not draw from a uniform distribution, e.g.,
arbitrary seems to be draw 0 about 10% of the time for a 32-bit
quantity.
- When we need two different arbitrary values, be very careful to
make sure they are different.
|
|
- In `Cert::keys`, `Cert::userids` and `Cert::user_attributes`, we
that `ValidCert:userids`, etc. is better than `Cert::userids`, etc.,
mention that `Cert::with_policy` can be used to turn a `Cert` into a
`ValidCert`.
- Fixes #921.
|
|
- Version 3 of Botan was release in April 2023. It is already
distributed by Arch. Switch crypto-botan to select the v3
interface.
- Introduce the `crypto-botan2` feature to use Botan with Botan's v2
interface.
|
|
- We can safely derive `Clone` for `SubpacketArea`.
- There is no reason to not clone the cache as well. It's just a
vector.
|
|
- `SignatureBuilder::effective_signature_creation_time` is supposed
to return the effective signature creation time. That is, it
should return the signature creation time that would be used if the
signature were created now.
- The function returns a `SystemTime`, which has a different
resolution and range from an OpenPGP timestamp.
- When using the current time, roundtrip it via `types::Timestamp`
to return the timestamp that will actually be set.
|
|
|
|
- When a `Key4` is changed, make sure the fingerprint cache is
cleared.
- Fixes #1016
|
|
- Add `KeyFlags::set_certification_to`, `KeyFlags::set_signing_to`,
`KeyFlags::set_transport_encryption_to`,
`KeyFlags::set_storage_encryption_to`,
`KeyFlags::set_split_key_to`, and
`KeyFlags::set_group_key_to`.
- This interface is easier to use when the caller has a boolean.
- Fixes #1018.
|
|
- When an algorithm is completely disabled, don't say that it
"is not considered secure since 1970-01-01T00:00:00Z" (i.e., the
unix epoch), just say "is not considered secure".
- Fixes #1000.
|
|
- When parsing a string, don't use a byte slice. It may contain
multi-byte characters.
- Fixes #1012.
|
|
- `str::splitn` takes a callback or a `char`. Since we are just
splitting on a `char`, pass it directly.
|
|
- The sole caller of `decode_autocrypt_like_header` already has the
data in the form that `decode_autocrypt_like_header` wants. Pass it
as is. This avoids double parsing and, since we now use the
expected types, `unwrap`s and a `panic`.
|
|
|
|
- If the packet parser encounters junk, it tries to recover by
finding the next plausible packet. Then, it returns the skipped
data in an synthetic packet. This packet has neither CTB nor
length.
- Previously, trying to access the data resulted in an out-of-bounds
subslicing.
- Fixes #985.
|
|
- Fixes #977.
|
|
- See #977.
|
|
- See #977.
|
|
- The packet parser hashes packet bodies to provide a robust
equality relation even when packet bodies are streamed. To hash
all bytes on the fly everywhere, we do that when it is consumed in
PacketParser::consume.
- This function assumes that if BufferedReader::data and friends
returned n bytes, future calls to these interfaces will succeed if
up to n bytes are requested, and no data was consumed in the
meantime.
- However, armor::Reader::data_helper did not provide that
guarantee, making PacketParser::consume panic with the message "It
is an error to consume more than data returns", which doesn't
quite correctly name the problem at hand.
- Fix this crash by fixing armor::Reader::data_helper in the same
way the previous commit fixes
buffered_reader::Generic::data_helper.
- Fixes #957.
|
|
- Make sure that we return the data we already have in our buffer,
even though we encountered an IO error while filling it.
- Notably, the packet parser assumes that data once read can be
requested through the buffered reader protocol again and again.
Unfortunately, that was not the case, leading to a panic.
- As the generic reader is used to implement the buffered reader
protocol on top of io::Read, this problem affects among other
things the compression container. Demonstrate this using test.
- Fixes #1005.
|
|
|
|
- It's not used.
|
|
|
|
|
|
|
|
- Fix the memsec and lalrpop dependencies. When allowing multiple,
incompatible versions of a package using `">x.y"` always specify a
upper bound to prevent a dependee that runs `cargo update` from
using a yet-to-be-released incompatible version in the future.
- Fix the openssl dependencies. When specifying a micro version, we
don't need to use ">" to get new semver-compatible versions. That
is, the default strategy is not "=", but "^".
https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
|
|
- Note: `x25519-dalek` is broken. It depends on zeroize `=1.3`, but
crates like rsa depend on newer versions of zeroize.
- See https://github.com/WebAssembly/wasi-crypto/issues/63 ,
https://github.com/dalek-cryptography/x25519-dalek/issues/92 .
- Resolve this by using `x25519-dalek-ng`, which fixes this issue.
This is a common workaround, and is also used by, for instance
OpenMLS:
https://github.com/openmls/openmls/blob/3ff090fd4881cb796d4688f7f174929a7521dbf1/openmls_rust_crypto/README.md?plain=1#L3
- Fixes #910.
|
|
- Fixes #1014
|
|
|
|
- Introduce SecretKeyMaterial::arbitrary_for that given a public key
algorithm will create plausible secrets for that. This function
can be re-used in impl Arbitrary for Key.
|
|
- Fixes #1010.
|
|
- We have to stay well below 255 bytes so that packets including the
S2K objects are representable.
|
|
|
|
- This changes and harmonizes the behavior of Key::encrypt, notably
it also returns more specific errors when a signature algorithm is
used for encryption.
- It also makes the matches over the public key algorithms
exhaustive, so that when we add more algorithms in the future, we
will see where we need to implement them.
|
|
|
|
- Don't enable AEAD-encryption by default in the test. Instead,
that should be inferred from the recipient keys.
|
|
|
|
This reverts commit d57bd33cf9bddda77dff8e6508ebb1e4902f9294.
|
|
|
|
- Improve the documentation for `Cert::sort_and_dedup`,
`Cert::merge_public` and `Cert::merge_public_and_secret`, and add
more examples.
|