| Age | Commit message (Collapse) | Author |
|---|
|
- Implement `BufferedReader` for `&mut T` where `T: BufferedReader`.
- Implementing `BufferedReader` for `&mut T` where `T:
BufferedReader` means that we can pass a mutable reference to a
buffered reader where a buffered reader is required, and when the
reference is dropped, we can continue to use the buffered reader.
|
|
|
|
- Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/1038
|
|
|
|
- This allows for some low-level manipulation of the File object
before it is wrapped. This allows one to stat(2) the file to get
the file size, or to implement metadata-based caching.
- We do not allow access to the File object once it is wrapped.
There are three reasons for this. First, if we mmap(2) the file,
we do not keep the File object around. Second, any mutations may
or may not be reflected in the data returned from the
BufferedReader interface, or may interfere with us reading the
data. Third, even just destructuring into the File seems brittle
at best because the state of the File will be unpredictable.
- Fixes #1025.
|
|
|
|
- According to the Rust API Guidelines, a conversion function taking
self should be called `into_*` if the self is not Copy, so this
function should be named `into_boxed`.
- Deprecate old function not to break the API.
- Update all references in the code.
- Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/781
|
|
* Changes in 1.2.0
** Notable changes
- BufferedReader::copy is like std::io::copy, but more efficient.
* Notable fixes
- A parser bug was fixed. We classify this as a low-severity
issue, because Rust correctly detects the out-of-bounds access
and panics. If an attacker controls the input, they may be able
to use this bug to cause a denial of service.
|
|
|
|
- Make sure that we return the data we already have in our buffer,
even though we encountered an IO error while filling it.
- Notably, the packet parser assumes that data once read can be
requested through the buffered reader protocol again and again.
Unfortunately, that was not the case, leading to a panic.
- As the generic reader is used to implement the buffered reader
protocol on top of io::Read, this problem affects among other
things the compression container. Demonstrate this using test.
- Fixes #1005.
|
|
|
|
- Let's not rely on the linker to deduplicate our 50k test vector.
|
|
- This is like io::copy, but more efficient as it avoids an extra
copy, and it will try to copy all the data the reader has already
buffered.
- Fixes #974.
|
|
- Fixes #3e188fb312ad4db1395f5e836bffaf2034b88a42.
|
|
|
|
- Change the default buffer size from 8 KB to 32 KB.
- Benchmarking using the chameleon reading a 23 MB cert-d with about
800 certificates, and verifying a signature over a short (2 KB)
message, showed that 32 KB is optimal. In particular, 16 KB and
64 KB buffer sizes were, respectively, 10% and 30% worse.
|
|
- When `buffered_reader::Generic::data_helper` is called and the
amount of data that is requested exceeds the amount of data that
is available, we read from the underlying reader.
- When determining how much to read from the underlying reader, we
took the maximum of the amount requested and the default buffer
size, and then subtracted the amount of data that is available.
- This means that when the amount requested is greater than the
buffer size, we would read exactly the amount requested. This is
problematic for two reasons. First, it is not unusual for a user
of a `BufferedReader` to not consume the data (e.g., a
`buffer_reader::Dup` never consumes data). In that case, once
calls to `BufferedReader::data` request more than the default
buffer size, the `BufferedReader` would forward any reads to the
underlying reader, and append the result to the available data to
create a single continuous `Vec<u8>`. Second, many of these reads
are for just one more byte than is available. The consequence is
that once the amount requested exceeds the amount available, many
subsequent reads would read from the underlying reader, and
`memcpy` the data held by the `BufferedReader`, which destroyed the
performance.
- Avoid most of the reads and the `memcpy`s by changing the behavior
of `buffered_reader::Generic::data_helper` as follows: if the
amount requested exceeds the amount available, try to read the
amount requested plus the buffer size minus what is available.
- Make the same change to `openpgp::armor::Reader`.
- Fixes #969.
Co-authored-by: Justus Winter <justus@sequoia-pgp.org>
|
|
- If the environment variable `SEQUOIA_BUFFERED_READER_BUFFER` is
set, and we are able to parse it as a usize, use it as the default
buffer size.
|
|
|
|
- This is a verbatim copy, but unfortunately the copies diverged.
This commit aligns them again. Notably, this brings the following
fixes and improvements to armor::Reader:
- 7731320e: Once EOF is hit, don't poll reader again.
- 19a13f9b: Add tracing.
- a3c77e3f: Recycle buffers.
|
|
- Use Cargo.toml's rust-version field instead of a rust-toolchain
file. It is more flexible and does not prevent use of newer
compilers.
|
|
|
|
- Previously, the doctests for the macros were not run, and hence
not tested. Fix the few issues that came up when Rust 1.62
started running doctests.
- We cannot test the macros in doctests, because the macros are
not public. Add equivalent unit tests instead.
- Fixes #893.
|
|
|
|
|
|
- In the Generic buffered reader, which wraps io::Readers, do not
poll the wrapped reader again once we hit EOF.
- This fixes the problem where parsing OpenPGP data from stdin was
misbehaving with respect to signaling EOF by pressing CTRL-d.
Depending on the readers on the reader stack the user had to press
CTRL-d multiple times, which was annoying and confusing.
- Fixes #679.
|
|
|
|
- In CamelCase, acronyms count as one word. Apply this rule where
API and lalrpop are not impacted.
- Found by clippy::upper_case_acronyms.
|
|
- Fixed with the help of clippy::needless_borrow.
|
|
- According to the Rust API Guidelines, a conversion function taking
`self` should be called `into_*` if the `self` is not `Copy`, so this
function should be named `into_boxed()`.
- Found with clippy::wrong_self_convention.
|
|
|
|
- Previously, we spent a considerable amount of time callocing new
buffers.
|
|
|
|
- Change Sequoia's license from GPL 2.0 or later to LGPL 2.0 or
later as unanimously decided on October 18, 2021 by:
- Christof Wahl <cw@pep.security> (pEp security CEO)
- Heiko Schaefer <heiko.schaefer@posteo.de> (pEp Foundation
employee, Sequoia developer)
- Justus Winter <justus@sequoia-pgp.org> (pEp Foundation
employee, Sequoia Founder)
- Neal H. Walfield <neal@pep.foundation> (pEp Foundation
employee, Sequoia Founder)
- Patrick Meier <pm@pep.security> (pEp security Chief Product
and Service Officer)
- Rudolf Bohli <rb@pep.security> (pEp security Chairman of the
Board)
- Volker Birk <vb@pep.security> (pEp security Founder, pEp
Foundation Council)
|
|
|
|
It is customary in Rust to implement the Default trait for types that
can have a new method that takes no arguments. However, that's not
always wanted.
I've marked all the structures that have a new without arguments but
don't implement Default, so that if we get more of them, clippy will
warn.
Found by clippy lint new_without_default:
https://rust-lang.github.io/rust-clippy/master/index.html#new_without_default
|
|
It is Rust custom that the new method for a type returns an instance
of that type. However, sometimes that's not wanted. Tell clippy that
these cases are OK. I opted to not do this globally, because that
would prevent clippy from catching future cases.
Found by clippy warning new_ret_no_self:
https://rust-lang.github.io/rust-clippy/master/index.html#new_ret_no_self
|
|
Rewrite:
i = i + 1
as
i += 1
For a simple variable this is shorter, and a little bit clearer. For
more complex expressions it avoids making the reader having to
visually check that the left and right hand side of the assignment
really do have the same expression and that nothing tricky is going
on.
This was found by the clippy lint assign_op_pattern:
https://rust-lang.github.io/rust-clippy/master/index.html#assign_op_pattern
|
|
- Apply cargo intraconv.
|
|
- The libtest benchmark harness that is automatically added by cargo
interferes with criterion. Disable it everywhere where there are no
benchmarks.
- https://github.com/rust-lang/rust/issues/47241
- https://bheisler.github.io/criterion.rs/book/faq.html
|
|
Having the license file in the root directory is not enough, since
cargo actions for workspace members will not consider this file.
This commit adds a symbolic link to the license file in the root
directory of all workspace members, so "cargo publish" will include
the LICENSE.txt file when publishing crates.
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#len_zero
- https://rust-lang.github.io/rust-clippy/master/index.html#comparison_to_empty
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#needless_return
|
|
|
|
- Previously, armor::Reader implemented BufferedReader using the
Generic reader on top of IoReader's io::Read implementation.
However, that is no longer good enough, because we need to access
the cookie from (Io)Reader::initialize.
- The real fix is to directly implement the BufferedReader protocol.
That would have been the right thing to do from the beginning,
instead of using buffered_reader::Generic. This may actually
simplify the code and reduce buffering. However, implementing the
BufferedReader protocol is a bit error-prone, so we defer it once
again!
- Instead, manually inline the code from the Generic reader.
- In the following commits, we will take advantage of that and
access the cookie.
|
|
- Reorder fields so that the inner reader comes last. When looking
at the derived debug output, it is easier to see the fields
belonging to the current reader. With the inner reader coming
last, it also resembles walking up the stack.
|
|
|
|
|
|
- Release buffered-reader 1.0.0, sequoia-openpgp 1.0.0, and
sequoia-sqv 1.0.0.
- Also release sequoia-sop 0.22.0.
|
|
|
