| Age | Commit message (Collapse) | Author |
|---|
|
- When hashing text signatures in which `cr`, `lf`, and `crlf` are
normalized to `crlf`, if a `crlf` was split across two hash
updates, two `crlf`s would be hashed (one for the final `cr` in
the first update, and one for the leading `lf` in the second
update) instead of just one.
- Fix it.
- Fixes #960.
|
|
- Convert `encrypted` to `processed`.
- Since `set_encrypted` is internal API it was directly renamed without
forwarder stub.
- `encrypted()` is public API thus the old function is converted to a
forwarder of the negation of `processed()`.
- `unprocessed()` marked as deprecated.
- Update docs and NEWS file.
- Fixes #845.
|
|
- Fixes inspecting of packets during signature verification.
|
|
- In order to deal with version 2 SEIP packets, we first need to be
explicit about the packet version in the message parser.
- Rename the token and grammar rules, pass in a version to
MessageParser::push.
|
|
- We implement the cleartext signature framework by transforming the
message on the fly to a signed message, then using our parsing
framework as usual. However, we need to tweak the behavior
slightly.
- Notably, our CSF transformation yields just one OPS packet per
encountered 'Hash' algorithm header, and it cannot know how many
signatures are in fact following. Therefore, the message will not
be well-formed according to the grammar. But, since we created the
message structure during the transformation, we know it is good,
even if it is a little out of spec.
- This patch tweaks the streaming verifier's behavior to accommodate
this.
|
|
- Previously, we used the cipher algorithm returned by
SKESK5::decrypt, which always returns
SymmetricAlgorithm::Unencrypted.
|
|
- Fixed with the help of clippy::needless_borrow.
|
|
- Fixes #769.
|
|
- Previously, for a read of X bytes, we'd request X + buffer_size
from the underlying buffered reader, then satisfy the read
request, after which we'd request the next X + buffer_size bytes
for the next read. This requires the underlying reader to copy
buffer_size bytes for each read. In a typical scenario, we'd copy
25 megabytes (the default buffer size) for every 8 kilobytes
read (std::io::copy's default buffer size). This incurs a linear
cost with a very high factor.
- Improve this by requesting 2 * buffer_size, then satisfying the
reads from the first half of that buffer, only consuming the first
half once we have exhausted the first half. Then, we'd request
the next 2 * buffer_size, at which point the underlying buffered
reader has to copy the data to a new buffer.
- See #771.
|
|
See https://rust-lang.github.io/rust-clippy/master/index.html#single_match
|
|
See
https://rust-lang.github.io/rust-clippy/master/index.html#redundant_pattern_matching
|
|
An if condition is an expression and can be as complex as the
programmer wants. However, the more complex a condition is, the harder
it tends to be to understand. I marked functions with such if
conditions so that clippy won't complain about the code. I probably
should have simplified the code, perhaps by extracting the condition
to its own function, but it would have been much harder to do, so I
didn't.
Found by clippy lint blocks_in_if_conditions:
https://rust-lang.github.io/rust-clippy/master/index.html#blocks_in_if_conditions
|
|
Instead of this:
if foo {
if bar {
...
}
}
do this:
if foo && bar {
...
}
Nesting statements implies a more complicated code structure than it
really is. Thus it's arguably simpler to write a combined condition by
joining the two conditions with a logical and operation.
Found by clippy lint collapsible_if:
https://rust-lang.github.io/rust-clippy/master/index.html#collapsible_if
|
|
When creating a struct with a field foo, using a variable also named
foo, it's not necessary to name the field explicitly. Thus, instead
of:
Self { foo: foo }
use this:
Self { foo }
The shorter form is more idiomatic and thus less confusing to
experienced Rust programmers.
This was found by the clippy lint redundant_field_names:
https://rust-lang.github.io/rust-clippy/master/index.html#redundant_field_names
Sponsored-by: author
|
|
|
|
|
|
- openpgp: Make broken relative links absolute:
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+packet),\1crate::packet,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+cert),\1crate::cert,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+parse),\1crate::parse,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+policy),\1crate::policy,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+serialize),\1crate::serialize,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+armor),\1crate::armor,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+types),\1crate::types,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!] *(\[`PacketPile`\]):).*$,\1 crate::PacketPile,' {} +
- openpgp: Link to PacketParser and Policy structs, not the modules.
- ffi: Make links to sequoia_openpgp and sequoia_net absolute
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+sequoia_openpgp),\1sequoia_openpgp,' {} +
- find -name "*.rs" -exec sed -i -E 's,^( *//[/!](.*): )((super::)+sequoia_net),\1sequoia_net,' {} +
|
|
- Apply cargo intraconv.
|
|
- These test vectors are generated by GnuPG (and the one with the
unclamped cv25519 secret by RNP).
|
|
- rustc 1.51 has activated the redundant_semicolons lint.
https://doc.rust-lang.org/rustc/lints/listing/warn-by-default.html#redundant-semicolons
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#clone_on_copy
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#iter_nth_zero
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#len_zero
- https://rust-lang.github.io/rust-clippy/master/index.html#comparison_to_empty
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#needless_return
|
|
- https://rust-lang.github.io/rust-clippy/master/index.html#useless_conversion
|
|
- Tampering with MDC packets can be used to create decryption
oracles. To defend against that, we need to respond with uniform
error messages.
- Thanks to Lara Bruseghini for bringing this to our attention.
- Fixes #693.
|
|
|
|
- Fixes #686.
|
|
- See #686.
|
|
- Signatures with no layers generated panic at runtime as zeroth index
was not available.
- Make `Decryptor::from_buffered_reader` return Err when no layers are
available.
- Fixes #682.
|
|
- Use a more stable formatting when comparing fingerprints.
|
|
- Implement verification of messages using the Cleartext Signature
Framework by detecting them in the armor reader, and transforming
them on the fly to inline signed messages.
- The transformation is not perfect. We need to synthesize
one-pass-signatures, but we only know the hash algorithm(s) used.
Luckily, this is the only information the packet parser needs.
- We only enable the transformation when using stream::Verifier.
The transformation is transparent to the caller. Currently, there
is no way to disable this. In the next major revision, we may add
ways to control this behavior.
- Fixes #151.
|
|
- Previously, we called VerificationHelper::get_certs once we saw
the literal data packet. The classic OpenPGP rationale for having
the signer's keyid in the OPS packet is so that consuming
implementations can avoid hashing the body if they don't have the
certificate to verify the signature with.
- However, there is a better opportunity to do that: Just in time
before doing the actual verification when we have seen all the
signatures. This has the advantage that we may know fingerprints
instead of mere keyids.
- This is crucial for verifying messages using the Cleartext
Signature Framework where we do not know the issuers before
encountering the signatures.
- Also, deduplicate aliasing key handles, preferring fingerprints.
|
|
|
|
- Fixes a crash in Decryptor::verify_detached when verifying
detached signatures by rejecting any non-signature packets when
parsing the alleged signatures.
|
|
- If the signer controls the data that is being signed, then the
hash algorithm only needs second pre-image resistance.
- This observation can be used to extend the life of hash algorithms
that have been weakened, as is the case for SHA-1.
- Introduces a new `enum HashAlgoSecurity`, which is now passed to
`Policy::signature`.
- See #595.
|
|
- See #615.
|
|
- This way the entire `BufferedReader<C>` will be `Send` and `Sync`.
- Modify all other crates accordingly.
- See #615.
|
|
- All types that are `Send` and `Sync` are checked now.
- Fixes #627.
|
|
|
|
- This ensures that all types with Policies (`Valid*`) are `Send` and `Sync`.
|
|
|
|
- See #480.
|
|
- This will allow us to mark subpackets as authenticated by the
verification operation.
|
|
- When verifying signatures, we need to consider all possible
issuers. When iterating over the potential signing keys, avoid
keeping a reference to the signature in the error that would
prevent mutably borrowing the signature in the next iteration.
- To that end, add and use a variant of VerificationError that has
no reference to the signature. Only after trying all keys, attach
a reference to the signature to the error.
|
|
- At the very least, this reduces possible confusion.
|
|
- Change `SubpacketAreas::intended_recipients` to return an Iterator
instead of a vector.
|
|
- Unlike the `Signature Creation Time` subpacket, there are
legitimate reasons to have multiple `Issuer` subpackets and
`Issuer Fingerprint` subpackets.
- Rename `SubpacketAreas::issuer` to `SubpacketAreas::issuers` and
return all `Issuer` subpackets.
- Likewise, Rename `SubpacketAreas::issuer_fingerprint` to
`SubpacketAreas::issuer_fingerprints` and return all `Issuer
Fingerprint` subpackets.
- Change `sq` to list all issuers. Deduplicate first, however.
|
|
- Previously, we provided hash_reader to downstream users to verify
detached signatures. Nowadays, we have the DetachedVerifier that
does the same in a much more convenient way. Therefore, we drop
hash_reader, and move its non-public sibling hash_buffered_reader
to a more appropriate location.
|
|
- Text signatures require normalizing the line endings to "\r\n"
before the text is hashed. This change implements this for the
consumption of signatures. The next commit will handle the
production of such signatures.
- See #530.
|
