Age | Commit message (Collapse) | Author |
|
|
|
- Versions required by feature or API usage:
- anyhow 1.0.5.
- We use `impl From<anyhow::Error> for Box<dyn std::error::Error +
Send + Sync + 'static>`, introduced in 1.0.5.
- tokio 0.2.19
- We use `tokio::net::tcp::OwnedReadHalf`, introduced in 0.2.19.
- chrono 0.4.10
- We use the `std` feature, introduced in 0.4.10.
- thiserror 1.0.2
- futures and futures-util 0.3.5
- tempfile 3.1
- c_doctests require the same version of rand both as direct
dependency and through tempfile.
- Yanked versions:
- structopt 0.3.11. 0.3.8 to 0.3.10 were yanked.
- socket2 0.3.16. 0.3.0 to 0.3.15 were yanked.
- Update our dependencies to the package versions required by other
dependencies, e.g. structopt requires lazy_static 1.4.0.
- clap 2.33
- lazy_static to 1.4.0
- libc to 0.2.66
- proc-macro2 to 1.0.7
- syn to 1.0.5.
- winapi 0.3.8
|
|
|
|
- All types that are `Send` and `Sync` are checked now.
- Fixes #627.
|
|
|
|
- With !928 merged more types are `Send` and `Sync` now.
- See #627.
|
|
- This ensures that all types with Policies (`Valid*`) are `Send` and `Sync`.
|
|
- Use generics and the anonmymous lifetime in `assert_send_and_sync!`.
- See 627.
|
|
- See #627.
|
|
- This makes it harder for an attacker to convince a victim to sign
a predetermined text. See Leurent, G. and Peyrin, T., 2020. SHA-1
is a Shambles, Section 7.2:
> [...] if the serial number is unpredictable then the [chosen
> prefix] collision attack is thwarted as a crucial part of the
> hashed input is not controlled by the attacker.
- We use 32 bytes of randomness, which provides plenty of entropy,
yet is way smaller than the block size of the average hash function.
Adding random data that is included in the signature provides an
opportunity to mutate this data to attack the hash function.
Limiting the amount to less than the block size is should avoid
this concern.
- We use a notation to include the data, because this is the least
intrusive way to add it. It is also self-describing.
- Fixes #597.
|
|
|
|
|
|
|
|
|
|
- See #615.
|
|
|
|
|
|
- Fixes #556.
|
|
- Key::encrypt returns mpi::Ciphertext, not a PKESK packet.
Similarly, change Key::verify to take a mpi::Signature instead of
a Signature packet.
|
|
- Fixes build on Windows.
|
|
- Since `set_features` requires ownership of `Features`, it should take
ownership rather than borrowing and cloning them.
See https://rust-lang.github.io/api-guidelines/flexibility.html#caller-decides-where-to-copy-and-place-data-c-caller-control .
- See #616.
|
|
- Make `generate_key` polymorphic over `AsRef<KeyFlags>`.
- Since `set_key_flags` requires ownership of the key flags, it should
take ownership rather than borrowing and cloning the them.
See https://rust-lang.github.io/api-guidelines/flexibility.html#caller-decides-where-to-copy-and-place-data-c-caller-control .
- See #616.
|
|
`key` parameter.
- Make sign_direct_key take Key of key::PublicParts.
- Simplify calling sign_direct_key by using Into.
- Allow passing None to sign_subkey_binding.
- Allow passing None to sign_userid_binding.
- Allow using None as key parameter.
- Improve docs mentioning new default for `pk`.
- `pk` set to `Option::None` will now default to signer's public key.
- Fixes #565.
|
|
- Fixes #602.
|
|
|
|
- Fixes #465.
|
|
- seal `Marshal` and `MarshalInto` traits.
- this effectively also seals `Serialize` and `SerializeInto`
as they depend on the former.
- See #538.
|
|
|
|
- When creating a `SignatureBuilder` from a `Signature`, reset the
hash algorithm to `HashAlgorithm::default()`.
- This ensures that updating an outdated signature won't use an
outdated hash algorithm.
- Fixes #609.
|
|
- When two serialized messages in the for-each-artifact test differ,
print more helpful debugging output.
|
|
|
|
- Hide the `use .. as openpgp` statement if we don't use it in the
example.
|
|
- Secret key material is not authenticated by OpenPGP, so care must
be taken when merging certificates.
- Rename Cert::merge to Cert::merge_public_and_secret.
- Add new function Cert::merge_public. This function can be used to
merge certificates from untrusted sources as it ignores secret key
material that cannot be authenticated by OpenPGP.
- Fixes #584.
|
|
|
|
|
|
|
|
- This will allow us to use the CertBuilder to change certificates
with detached secret keys in the future.
- Fixes #608.
|
|
- Fixes #613.
|
|
- Fixes #610.
|
|
|
|
|
|
|
|
- See #615.
|
|
- See #615.
|
|
|
|
|
|
- Fixes #618.
|
|
- We generate Ed25519 keys, that requires the `rand` feature.
|
|
- Seal `ValidAmalgamation`, `ValidateAmalgamation` and
`key::PrimaryKey`
- Sealing traits so they cannot be implemented outside the openpgp crate.
This way we can extend the traits without breaking the API compatibility.
Every implementation of a sealed trait needs to also
implement the `seal::Sealed` marker trait.
- Implementing `seal::Sealed` for `ValidKeyAmalgamation<'a, P, R, R2>`
also implements it for
- `ValidPrimaryKeyAmalgamation<'a, P>`
- `ValidSubordinateKeyAmalgamation<'a, P>`
- `ValidErasedKeyAmalgamation<'a, P>`
Therefore these can implement `ValidateAmalgamation`
and `key::PrimaryKey`
without explicitly implementing `seal::Sealed`
- See #538.
|
|
- Seal the Aead trait so it cannot be implemented outside the openpgp
crate.
- This way we can extend the trait without breaking the API
compatibility.
- See #538.
|