Age | Commit message (Collapse) | Author |
|
- Fix unmatched references.
|
|
|
|
- Use the anyhow crate instead of failure to implement the dynamic
side of our error handling. anyhow::Error derefs to dyn
std::error::Error, allowing better interoperability with other
stdlib-based error handling libraries.
- Fixes #444.
|
|
|
|
- Likewise KeyBinding, UserIDBinding, UserAttributeBinding,
UnknownBinding, etc.
- Reason: a self-signature on a component is a binding, but
revocations and TPSes are not bindings.
- Consistently call collections of components and associated
signatures bundles now. Likewise for fields, methods.
- Fixes #425.
|
|
- Select keys only when verifying the signatures: the relevant keys
depend on the timestamp in the signature, and different signatures
may have different time stamps.
- If the signature doens't have a Signature Creation Time stamp,
return that the signature is invalid.
|
|
- Including the reference time in the KeyAmalgamation structure
rather than having the user supply it to the individual
methods (like `KeyAmalgamation::alive`) helps ensure that the key
is used consistent. For instance, this makes it harder to
mistakenly query key's liveness at time t, but then use the
current time to determine the key's capabilities.
|
|
- See #405.
|
|
|
|
|
|
- Fixes #387.
|
|
- In sq and sqv, use chrono to interface with the user.
- Fixes #341.
|
|
|
|
- Fixes #88.
|
|
- This introduces a configurable limit for
non-data (i.e. non-container) packets. This prevents a trivial
DoS on our parser, which previously assumed that all non-data
packets can be buffered.
- Fixes #242.
|
|
|
|
|
|
- The sync wrapper hide the async nature of the implementation, and
while this may seem convenient, it may cause subtle problems if it
is invoked from a different event loop.
- Furthermore, 'async' is a reserved keyword in the 2018 edition,
requiring awkward escaping.
- Fixes #307.
|
|
- This is the result of running `cargo fix --edition`, with some
manual adjustments.
- The vast majority of changes merely qualify module paths with
'crate::'.
- Two instances of adding an anonymous pattern to a trait's
function.
- `async` is a keyword in Rust 2018, and hence it needs to be
escaped (e.g. in the case of the net::r#async module).
- The manual adjustments were needed due to various shortcomings of
the analysis employed by `cargo fix`, e.g. unexpanded macros,
procedural macros, lalrpop grammars.
|
|
|
|
|
|
- Remove the domain parameter from core::Context.
- Replace it with a realm to be passed in when opening a store.
- For sq, merge store name and realm into the --store parameter.
- Fixes #105.
|
|
- Use `extern "C"` instead of `extern "system"`. The latter selects
stdcall, which is only appropriate for talking to the Windows API.
|
|
|
|
- Fixes #147.
|
|
- Use an absolute path for the 'io' module.
|
|
- Explicitly use the Parse and Serialize traits so that the modules
that derives these functions do not have to use them explicitly.
|
|
|
|
|
|
|
|
|
|
- When we transfer ownership from C to Rust, we move the wrapped
object out of the wrapper, and poison the wrapper.
- This prevents reuse of the wrapper object. When a stale reference
is given to us, we check the tag encoding the type information.
- If the tag field is poisoned, we can produce a more helpful error
message. This is not exact, of course. As soon as the memory is
reused, our tag is overwritten.
|
|
|
|
|
|
|
|
- This is a framework for dealing with ownership and references at
the FFI boundary. Previously, we used macros to do that. This
change introduces a more idiomatic interface, we use traits
converting from raw pointers of a wrapper type to objects,
references, or mutable references to a wrapped type.
- For now, we use the wrapped type as wrapper type. We merely
introduce a new mechanism replacing the macro-based one.
- This patch also converts all the derived functions.
- The following patches will convert all the functions that are
already using the ffi_wrapper_type. Once this conversion is done,
we can introduce our own wrapper type.
|
|
|
|
- This change is the result of the following command, which can also
be used to automatically convert existing users of Sequoia's C
API:
git grep -il sq_ | while read F ; do sed -E -i -e 's/sq_(arbitrary_writer_new|armor_reader_from_bytes|armor_reader_from_file|armor_reader_headers|armor_reader_kind|armor_reader_new|armor_writer_new|decrypt|encryptor_new|error_free|error_status|error_string|fingerprint_as_bytes|fingerprint_clone|fingerprint_equal|fingerprint_free|fingerprint_from_bytes|fingerprint_from_hex|fingerprint_hash|fingerprint_to_hex|fingerprint_to_keyid|fingerprint_to_string|keyid_clone|keyid_equal|keyid_free|keyid_from_bytes|keyid_from_hex|keyid_hash|keyid_to_hex|keyid_to_string|key_pair_as_signer|key_pair_free|key_pair_new|literal_writer_new|packet_free|packet_kind|packet_parser_buffer_unread_content|packet_parser_decrypt|packet_parser_eof_free|packet_parser_eof_is_message|packet_parser_finish|packet_parser_free|packet_parser_from_bytes|packet_parser_from_file|packet_parser_from_reader|packet_parser_next|packet_parser_packet|packet_parser_recurse|packet_parser_recursion_depth|packet_parser_result_eof|packet_parser_result_free|packet_parser_result_packet_parser|packet_parser_result_tag|packet_pile_clone|packet_pile_free|packet_pile_from_bytes|packet_pile_from_file|packet_pile_from_reader|packet_pile_serialize|packet_tag|pkesk_decrypt|pkesk_recipient|p_key_alive|p_key_alive_at|p_key_clone|p_key_creation_time|p_key_expired|p_key_expired_at|p_key_fingerprint|p_key_into_key_pair|p_key_keyid|p_key_public_key_algo|p_key_public_key_bits|reader_free|reader_from_bytes|reader_from_fd|reader_from_file|reader_read|revocation_status_free|revocation_status_variant|secret_cached|signature_alive|signature_alive_at|signature_can_authenticate|signature_can_certify|signature_can_encrypt_at_rest|signature_can_encrypt_for_transport|signature_can_sign|signature_expired|signature_expired_at|signature_free|signature_is_group_key|signature_is_split_key|signature_issuer|signature_issuer_fingerprint|signature_to_packet|signer_free|signer_new|signer_new_detached|skesk_decrypt|tag_to_string|tpk_alive|tpk_alive_at|tpk_builder_add_certification_subkey|tpk_builder_add_encryption_subkey|tpk_builder_add_signing_subkey|tpk_builder_add_userid|tpk_builder_autocrypt|tpk_builder_default|tpk_builder_free|tpk_builder_generate|tpk_builder_set_cipher_suite|tpk_clone|tpk_dump|tpk_equal|tpk_expired|tpk_expired_at|tpk_fingerprint|tpk_free|tpk_from_bytes|tpk_from_file|tpk_from_packet_parser|tpk_from_packet_pile|tpk_from_reader|tpk_into_tsk|tpk_is_tsk|tpk_key_iter|tpk_key_iter_free|tpk_key_iter_next|tpk_merge|tpk_merge_packets|tpk_primary|tpk_primary_user_id|tpk_revocation_status|tpk_revoke|tpk_revoke_in_place|tpk_serialize|tpk_set_expiry|tpk_user_id_binding_iter|tsk_free|tsk_into_tpk|tsk_new|tsk_serialize|tsk_tpk|user_attribute_value|user_id_binding_iter_free|user_id_binding_iter_next|user_id_binding_selfsig|user_id_binding_user_id|user_id_value|verification_result_code|verification_result_level|verification_results_at_level|verification_result_signature|verify|writer_alloc|writer_free|writer_from_bytes|writer_from_fd|writer_from_file|writer_stack_finalize|writer_stack_finalize_one|writer_stack_message|writer_stack_write|writer_stack_write_all|writer_write|reader|writer|packet_parser|packet_parser_result|packet_parser_eof|keyid|fingerprint|revocation_status|revocation_status_variant|armor_kind|armor_header|tag|unknown|signature|one_pass_sig|p_key|user_id|user_attribute|literal|compressed_data|pkesk|skesk|seip|mdc|packet|packet_pile|reason_for_revocation|user_id_binding|user_id_binding_iter|tpk_key_iter|tpk|tsk|tpk_builder|tpk_cipher_suite|public_key_algorithm|writer_stack|encryption_mode|secret|verification_results|verification_result|verification_result_code|sequoia_decrypt_get_public_keys_cb_t|sequoia_decrypt_get_secret_keys_cb_t|sequoia_decrypt_check_signatures_cb_t|mpi|signer|key_pair|p_key|status|error)/pgp_\1/g' -e 's/SQ_(ARMOR_KIND_ANY|ARMOR_KIND_FILE|ARMOR_KIND_FORCE_WIDTH|ARMOR_KIND_MESSAGE|ARMOR_KIND_PUBLICKEY|ARMOR_KIND_SECRETKEY|ARMOR_KIND_SIGNATURE|ENCRYPTION_MODE_AT_REST|ENCRYPTION_MODE_FOR_TRANSPORT|PUBLIC_KEY_ALGO_DSA|PUBLIC_KEY_ALGO_ECDH|PUBLIC_KEY_ALGO_ECDSA|PUBLIC_KEY_ALGO_EDDSA|PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT|PUBLIC_KEY_ALGO_ELGAMAL_ENCRYPT_SIGN|PUBLIC_KEY_ALGO_FORCE_WIDTH|PUBLIC_KEY_ALGO_RSA_ENCRYPT|PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN|PUBLIC_KEY_ALGO_RSA_SIGN|REASON_FOR_REVOCATION_FORCE_WIDTH|REASON_FOR_REVOCATION_KEY_COMPROMISED|REASON_FOR_REVOCATION_KEY_RETIRED|REASON_FOR_REVOCATION_KEY_SUPERSEDED|REASON_FOR_REVOCATION_UID_RETIRED|REASON_FOR_REVOCATION_UNSPECIFIED|REVOCATION_STATUS_COULD_BE|REVOCATION_STATUS_FORCE_WIDTH|REVOCATION_STATUS_NOT_AS_FAR_AS_WE_KNOW|REVOCATION_STATUS_REVOKED|STATUS_BAD_SIGNATURE|STATUS_FORCE_WIDTH|STATUS_INDEX_OUT_OF_RANGE|STATUS_INVALID_ARGUMENT|STATUS_INVALID_OPERATION|STATUS_INVALID_PASSWORD|STATUS_INVALID_SESSION_KEY|STATUS_IO_ERROR|STATUS_MALFORMED_MESSAGE|STATUS_MALFORMED_PACKET|STATUS_MALFORMED_TPK|STATUS_MANIPULATED_MESSAGE|STATUS_MISSING_SESSION_KEY|STATUS_NETWORK_POLICY_VIOLATION|STATUS_SUCCESS|STATUS_UNKNOWN_ERROR|STATUS_UNSUPPORTED_AEAD_ALGORITHM|STATUS_UNSUPPORTED_ELLIPTIC_CURVE|STATUS_UNSUPPORTED_HASH_ALGORITHM|STATUS_UNSUPPORTED_PUBLICKEY_ALGORITHM|STATUS_UNSUPPORTED_SIGNATURE_TYPE|STATUS_UNSUPPORTED_SYMMETRIC_ALGORITHM|STATUS_UNSUPPORTED_TPK|TAG_COMPRESSED_DATA|TAG_LITERAL|TAG_MARKER|TAG_MDC|TAG_ONE_PASS_SIG|TAG_PKESK|TAG_PRIVATE|TAG_PUBLIC_KEY|TAG_PUBLIC_SUBKEY|TAG_RESERVED|TAG_SECRET_KEY|TAG_SECRET_SUBKEY|TAG_SED|TAG_SEIP|TAG_SIGNATURE|TAG_SKESK|TAG_TRUST|TAG_UNASSIGNED|TAG_USER_ATTRIBUTE|TAG_USER_ID|TPK_CIPHER_SUITE_CV|TPK_CIPHER_SUITE_FORCE_WIDTH|TPK_CIPHER_SUITE_RSA|VERIFICATION_RESULT_CODE_BAD_CHECKSUM|VERIFICATION_RESULT_CODE_FORCE_WIDTH|VERIFICATION_RESULT_CODE_GOOD_CHECKSUM|VERIFICATION_RESULT_CODE_MISSING_KEY)/PGP_\1/g' $F ; done
|
|
- This creates a new crate, 'sequoia-openpgp-ffi', and moves a
handful of functions from 'sequoia-ffi' to it.
- The 'sequoia-ffi' crate is a superset of the 'sequoia-openpgp-ffi'
crate. This is accomplished by some include! magic.
- My first attempt involved having 'sequoia-ffi' depend on
'sequoia-openpgp-ffi', so that the former just re-exports the
symbols. However, that turned out to be unreliable, and might be
not what we want, because it could also duplicate parts of Rust's
standard library.
- Fixes #144.
|
|
Adds an argument to *::revoked to give a timepoint. The function will
then return the revokation status at this time instead of now.
|
|
- This prepares us for the FFI crate split.
- Fixes #158.
|
|
- First, for the two existing functions with an error-pointer.
|
|
- Express existing context-based error handling using the new set of
macros.
|
|
|
|
|
|
- Introduce a macro that emits local macros that implicitly use the
given context to store complex errors.
- This prepares us to decouple error handling from contexts, at
least for the functions that otherwise do not use the context.
|
|
- This prevents stack unwinding across the FFI boundary.
- Fixes #161.
|
|
- Allocate all returned strings using libc's allocator. This has
the advantage that the user can easily use strings and free them
using free(3).
- Fixes #157.
|
|
|
|
|