| Age | Commit message (Collapse) | Author |
|---|
|
- Most of the logic in this function is the same across backends.
- Introduce `Key4::derive_cv25519_public_key` that does
backend-specific derivation.
- Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/958
|
|
- We implement `Parse` for `Cert`. Do the same for `RawCert` and
check that they have the same semantics.
|
|
- We use this in our API, and re-exporting it here makes it easy to
use the correct version of the crate in downstream code without
having to explicitly depend on it.
|
|
|
|
|
|
|
|
- Fixes #892.
|
|
|
|
- Fixes #645.
|
|
- Remove development remnants, actually use the creation time when
importing RSA keys.
|
|
- OpenSSL can be compiled with no support for CAST5.
- This will be indicated by setting `osslconf` variable to
`OPENSSL_NO_CAST`.
- See https://github.com/sfackler/rust-openssl/pull/1786
|
|
|
|
- This is a more comprehensive fix than
bee82c2952512a5585e93f180180ca45468d4f2b.
|
|
- Avoid creating an MPI first, as this may leak the secrets.
|
|
|
|
|
|
- Not only was the heap allocation superfluous, it also leaked
secrets into the heap.
|
|
|
|
|
|
|
|
- Previously, NotAsFarAsWeKnow was interpreted as identifier making
the if let binding irrefutable.
- Fixes 7afee60b7cf0f19559bfccd8c42fdc77f6b9c655.
|
|
|
|
|
|
- Track the length of the plaintext data. This makes it possible to
use unchunked AEAD and decrypt the data without copying it into a
growing vector. Also, avoid io::copy, as this leaks secrets into
its buffer.
|
|
|
|
- When parsing secrets using the BufferedReader protocol, they may
leak into buffers of the readers in the BufferedReader stack.
This is is most problematic when parsing SecretKeyMaterial.
- Deprecate SecretKeyMaterial::parse* in favor of variants that
operate on bytes. Then, we can use the memory-backed
BufferedReader which does not introduce additional buffering (and
neither does the Dub reader used in the PackedHeaderParser).
|
|
|
|
- The PacketHeaderParser returns erased BufferedReaders anyway, so
we might as well do it early. This avoids any accidental
specialization and hence code duplication.
|
|
|
|
- It is easier (and cheaper) to tear apart in backends that need
ciphertext and tag to be separate than to combine it for backends
that expect the tag to be appended to the ciphertext.
- The caller doesn't have to do anything, because in OpenPGP on the
wire the tag is already appended to the ciphertext. The one
exception is our current implementation of SKESKv5, but in our
upcoming SKESKv6 implementation, we store the tag appended to the
ciphertext, so it will be easy to use this interface there.
|
|
- One of the brainpool curves was not included in our enum Curve,
because at the time we implemented ECC support, it wasn't part of
the RFC4880bis document.
- Unfortunately, we failed to mark enum Curve as non-exhaustive, so
we cannot add a variant without breaking the API.
- We can, however, support the curve by matching on its OID.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Hand in the additional authenticated data when constructing the
context.
|
|
- Combine `encrypt` and `tag` to `encrypt_seal` similarly to we
previously combined `decrypt_verify`. This better matches AEAD
constructions, and the original interface was mostly informed by
Nettle's relatively low-level interface.
|
|
|
|
|
|
- Previously, the IV length defaulted to 12.
- We have to set the IV length before supplying the
IV in {de,en}crypt_init. Otherwise, it will be silently
truncated.
|
|
- This is useful for debugging, fuzzing, andn benchmarking.
|
|
|
|
|
|
- The OpenSSL backend supports OCB, so we should test it!
|
|
|
|
- Previously, we checked that the subpacket area fits a v4 signature
when parsing. However, the subpacket area size depends on the
packet version, and our SubpacketArea is independent of the
signature version.
- The size will be checked when serializing the signatures. It is
not useful to check them when parsing the signatures.
|
|
- Hash algorithm detection previously checked only conversion to Nid.
- More thorough check which involves construction of the Hasher object
is needed.
- Adjust the code and add a comment.
- Fixes https://gitlab.com/sequoia-pgp/sequoia/-/issues/979
|
|
|
