1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-06-16 00:24:51 +02:00

Compare commits

..

7 commits

12 changed files with 47 additions and 19 deletions

View file

@ -5,6 +5,12 @@ SPDX-License-Identifier: CC0-1.0
# PGPainless Changelog # PGPainless Changelog
## 1.6.7
- SOP: Fix OOM error when detached-signing large amounts of data (fix #432)
- Move `CachingBcPublicKeyDataDecryptorFactory` from `org.bouncycastle` packet to `org.pgpainless.decryption_verification` to avoid package split (partially addresses #428)
- Basic support for Java Modules for `pgpainless-core` and `pgpainless-sop`
- Added `Automatic-Module-Name` directive to gradle build files
## 1.6.6 ## 1.6.6
- Downgrade `logback-core` and `logback-classic` to `1.2.13` to fix #426 - Downgrade `logback-core` and `logback-classic` to `1.2.13` to fix #426

View file

@ -191,7 +191,7 @@ repositories {
} }
dependencies { dependencies {
implementation 'org.pgpainless:pgpainless-core:1.6.6' implementation 'org.pgpainless:pgpainless-core:1.6.7'
} }
``` ```

View file

@ -32,4 +32,4 @@ Valid security issues will be fixed ASAP.
PGPainless has received a security audit by [cure53.de](https://cure53.de) in late 2021. PGPainless has received a security audit by [cure53.de](https://cure53.de) in late 2021.
The [penetrationj test and audit](https://cure53.de/pentest-report_pgpainless.pdf) covered PGPainless The [penetrationj test and audit](https://cure53.de/pentest-report_pgpainless.pdf) covered PGPainless
release candidate 1.0.0-rc6. release candidate 1.0.0-rc6.
Security fixes for discovered flaws were deployed before the final 1.0.0 release. Security fixes for discovered flaws were deployed before the final 1.0.0 release.

View file

@ -27,3 +27,10 @@ dependencies {
// @Nullable, @Nonnull annotations // @Nullable, @Nonnull annotations
implementation "com.google.code.findbugs:jsr305:3.0.2" implementation "com.google.code.findbugs:jsr305:3.0.2"
} }
// https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_modular_auto
tasks.named('jar') {
manifest {
attributes('Automatic-Module-Name': 'org.pgpainless.core')
}
}

View file

@ -1,8 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
/**
* Classes which could be upstreamed to BC at some point.
*/
package org.bouncycastle;

View file

@ -1,8 +1,8 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org> // SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
// //
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package org.bouncycastle; package org.pgpainless.decryption_verification;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPPrivateKey;
@ -10,7 +10,6 @@ import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory; import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.encoders.Hex;
import org.pgpainless.decryption_verification.CustomPublicKeyDataDecryptorFactory;
import org.pgpainless.key.SubkeyIdentifier; import org.pgpainless.key.SubkeyIdentifier;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;

View file

@ -18,6 +18,7 @@ import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.EncryptionPurpose; import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.decryption_verification.CachingBcPublicKeyDataDecryptorFactory;
import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.ConsumerOptions;
import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.DecryptionStream;
import org.pgpainless.key.SubkeyIdentifier; import org.pgpainless.key.SubkeyIdentifier;

View file

@ -23,7 +23,7 @@ To start using pgpainless-sop in your code, include the following lines in your
... ...
dependencies { dependencies {
... ...
implementation "org.pgpainless:pgpainless-sop:1.6.6" implementation "org.pgpainless:pgpainless-sop:1.6.7"
... ...
} }
@ -34,7 +34,7 @@ dependencies {
<dependency> <dependency>
<groupId>org.pgpainless</groupId> <groupId>org.pgpainless</groupId>
<artifactId>pgpainless-sop</artifactId> <artifactId>pgpainless-sop</artifactId>
<version>1.6.6</version> <version>1.6.7</version>
</dependency> </dependency>
... ...
</dependencies> </dependencies>

View file

@ -34,3 +34,10 @@ test {
useJUnitPlatform() useJUnitPlatform()
environment("test.implementation", "sop.testsuite.pgpainless.PGPainlessSopInstanceFactory") environment("test.implementation", "sop.testsuite.pgpainless.PGPainlessSopInstanceFactory")
} }
// https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_modular_auto
tasks.named('jar') {
manifest {
attributes('Automatic-Module-Name': 'org.pgpainless.sop')
}
}

View file

@ -4,7 +4,6 @@
package org.pgpainless.sop; package org.pgpainless.sop;
import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
@ -92,10 +91,10 @@ public class DetachedSignImpl implements DetachedSign {
} }
} }
ByteArrayOutputStream buffer = new ByteArrayOutputStream(); OutputStream sink = new NullOutputStream();
try { try {
EncryptionStream signingStream = PGPainless.encryptAndOrSign() EncryptionStream signingStream = PGPainless.encryptAndOrSign()
.onOutputStream(buffer) .onOutputStream(sink)
.withOptions(ProducerOptions.sign(signingOptions) .withOptions(ProducerOptions.sign(signingOptions)
.setAsciiArmor(armor)); .setAsciiArmor(armor));

View file

@ -0,0 +1,17 @@
// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.sop;
import java.io.OutputStream;
/**
* {@link OutputStream} that simply discards bytes written to it.
*/
public class NullOutputStream extends OutputStream {
@Override
public void write(int b) {
// NOP
}
}

View file

@ -4,7 +4,7 @@
allprojects { allprojects {
ext { ext {
shortVersion = '1.6.7' shortVersion = '1.6.8'
isSnapshot = true isSnapshot = true
pgpainlessMinAndroidSdk = 10 pgpainlessMinAndroidSdk = 10
javaSourceCompatibility = 1.8 javaSourceCompatibility = 1.8