| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- Fixes #645.
|
|
- OpenSSL can be compiled with no support for CAST5.
- This will be indicated by setting `osslconf` variable to
`OPENSSL_NO_CAST`.
- See https://github.com/sfackler/rust-openssl/pull/1786
|
|
- Notably, this zeros symmetric encryption keys in memory once we're
done encrypting or decrypting.
|
|
|
|
|
|
- This way, only the leaf package has to concern itself with the
selection of a cryptographic backend for Sequoia. Notably, we
don't have to repeat all of sequoia-openpgp's features in all
crates that use sequoia-openpgp.
- Enable the new feature resolver which allows for this method.
- A complication arises because we want to make `cargo test` work by
default for the intermediate crates without developers having to
select a cryptographic backend. To make that work, we implicitly
select a backend in the dev dependencies which are enabled when
compiling the tests. To make it even more convenient, we select
the most convenient backend, which is CNG for Windows and Nettle,
our default, for every other platform.
- Now that we have implicitly selected CNG on Windows for running
the tests, when the user wants to use Nettle on Windows, and does
`cargo test --features sequoia-openpgp/crypto-nettle`, then two
backends are selected: the implicitly selected CNG and the
explicitly selected Nettle. In this case, we detect that an
implicit selection has been made, and ignore the implicitly
selected backend. Now, this has already been compiled by
cargo (remember that we cannot influence the set of dependencies
at the time the build script is run), but we can still ignore the
implicit backend using conditional compilation (i.e. it will not
be included in the resulting binary). The same happens on
non-Windows platforms where Nettle is the implicit default for
tests when the user explicitly requests a different backend. In
both cases, Nettle and CNG are slim wrappers around native
libraries, so the wasted compilation time is low.
|
|
|
|
- Adds the backend behind `crypto-openssl` feature.
- Add CI configuration to run tests with the new backend.
- See #333.
|
|
|
|
- Version 0.20 of `base64` introduces breaking changes to parts of the
API that `sequoia-openpgp` uses.
- Limit sequoia-openpgp's use of the `base64` crate to versions 0.12
up to, but not including, 0.20. (The `sequoia-autocrypt` and
`sequoia-net` crates work with the `base64` 0.20 API, so their
dependency on `base64` is not limited.)
- Fixes #961.
|
|
|
|
The idna 0.2 to 0.3 changes are not relevant for how sequoia is using
idna. We have tested this and confirmed it in debian for
sequoia-openpgp 1.10.0-4.
|
|
- Use Cargo.toml's rust-version field instead of a rust-toolchain
file. It is more flexible and does not prevent use of newer
compilers.
|
|
- rpassword underwent some rework. The successor of
read_password_from_tty seems to be prompt_password, relevant commits
to rpassword:
- e6023757df00a67a1e16796db50c5ffad41b6268
- 2edf6cee07573ec4aa86531e6177ee90331d5c60
|
|
|
|
|
|
- lalpop v0.19 a default features we do not use, we should not build
them, either.
- lalrpop v0.17, which we allow for Debian's benefit, does not have
any explicit features. In this case, stating
"default-features = false" in Cargo.toml does not hurt.
|
|
- backtrace and quickcheck_macros are unused.
- found with cargo-udeps (https://github.com/est31/cargo-udeps).
|
|
|
|
|
|
- ed25519-dalek requires rand:0.7 types, so make sure they are used,
and not the ones form rand:0.8.
|
|
- Adapt to the new API:
- Gen is now a struct, not a Trait, and replaces StdThreadGen.
- The rand re-export has been removed. As a consequence, we need
our own function to generate an arbitrary value from a range.
|
|
|
|
- This is used by the Rust Crypto crates.
|
|
|
|
- Fixes #769.
|
|
|
|
- When we stream packet bodies, we hash their contents so that we
can compare them later on, even if we no longer have the data.
Previously, we used the fasted hash from the SHA2 family, either
SHA256 or SHA512 depending on the architecture.
- That, however, turned out to be a major performance problem. When
decrypting a non-compressed, binary file on amd64, we spent
roughly a third of the time just to compute the hash.
- Using the non-cryptographic hash function XXH3, we can greatly
improve the performance. On my system, it is 30x as fast as SHA3,
and reduces the overhead of computing the body hash considerably:
% time ./sq-sha512 decrypt --recipient-key juliet.key.pgp 3g-for-juliet.binary.pgp >/dev/null 2>&1
13.931 total
% time ./sq-xxh3 decrypt --recipient-key juliet.key.pgp 3g-for-juliet.binary.pgp >/dev/null 2>&1
9.264 total
- See #771.
|
|
|
|
- Change Sequoia's license from GPL 2.0 or later to LGPL 2.0 or
later as unanimously decided on October 18, 2021 by:
- Christof Wahl <cw@pep.security> (pEp security CEO)
- Heiko Schaefer <heiko.schaefer@posteo.de> (pEp Foundation
employee, Sequoia developer)
- Justus Winter <justus@sequoia-pgp.org> (pEp Foundation
employee, Sequoia Founder)
- Neal H. Walfield <neal@pep.foundation> (pEp Foundation
employee, Sequoia Founder)
- Patrick Meier <pm@pep.security> (pEp security Chief Product
and Service Officer)
- Rudolf Bohli <rb@pep.security> (pEp security Chairman of the
Board)
- Volker Birk <vb@pep.security> (pEp security Founder, pEp
Foundation Council)
|
|
- Remove explicit dependency on unicode-normalization. It was added in
2a19afb8 to pin the crate to a version that has a low enough MSRV.
The pin was removed in 742eac41, but the explicit dependency wasn't.
|
|
|
|
|
|
- This adds a cryptographic backend based on the RustCrypto crates.
The backend is marked as experimental, as the RustCrypto crates'
authors state that they have not been audited and may not perform
computations in constant time. Nevertheless, it may be useful in
certain environments, e.g. WebAssembly.
- The backend implements RSA, EdDSA and ECDH over Curve25519, IDEA,
3DES, CAST5, Blowfish, AES, Twofish, EAX, MD5, SHA1, RipeMD160, and
the SHA2 family.
- Notably missing are DSA, ElGamal, and ECDSA and ECDH over the NIST
curves.
- See #333.
|
|
|
|
|
|
|
|
- Move all benchmarks into a single binary. This prevents dead_code
warnings for common functions not used in a specific benchmark, and
makes adding new benchmarks a little less surprising.
- Cargo would autimatically try to compile all .rs files in /benches
as benchmarks. Prevent this with `autobenches = false`.
|
|
|
|
|
|
|
|
- Prevent the compiler from optimizing for the inputs by using
bench_with_input.
|
|
- Prevent the compiler from optimizing for the inputs by using
bench_with_input.
|
|
|
|
- Generate a flooded cert before the benchmark is run.
|
|
- The libtest benchmark harness that is automatically added by cargo
interferes with criterion. Disable it everywhere where there are no
benchmarks.
- https://github.com/rust-lang/rust/issues/47241
- https://bheisler.github.io/criterion.rs/book/faq.html
|
|
|
|
- Fixes #188.
|
|
- Release buffered-reader 1.0.0, sequoia-openpgp 1.0.0, and
sequoia-sqv 1.0.0.
- Also release sequoia-sop 0.22.0.
|
