Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package rust-sequoia-octopus-librnp. [ Reason ] It fixes a remote denial of service attack, see #1109001. [ Impact ] a thunderbird user can be DOSed with an email. [ Tests ] upstream CI tests, the package only has smoke autopkgtests atm. [ Risks ] not really, surely this could introduce some bug, but that would be limited to it's users. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] There's quite some noise from debcargo in the diff, apologies for that. debian/patches is unchanged (just refreshed), the changes are only in src/ $ debdiff rust-sequoia-octopus-librnp_1.11.0-1.dsc rust-sequoia-octopus-librnp_1.11.1-1.dsc|diffstat .cargo_vcs_info.json | 2 +- Cargo.lock | 35 ++++++++++++++++++++++++----------- Cargo.toml | 16 +++++++++++++--- Cargo.toml.orig | 13 +++++++++++-- debian/changelog | 8 ++++++++ debian/control | 2 +- debian/control.debcargo.hint | 14 +++++++------- debian/patches/drop-windows.patch | 10 +++++++++- debian/tests/control.debcargo.hint | 28 ++++++++++++++-------------- src/dump_packets.rs | 10 +++++++++- src/dump_packets/dump.rs | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++-- src/lib.rs | 38 +++++++++++++++++++++++++++++++------- 12 files changed, 179 insertions(+), 50 deletions(-) & thanks for your work on trixie! unblock rust-sequoia-octopus-librnp/1.11.1-1 -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Never waste a crisis.
diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.lock rust-sequoia-octopus-librnp-1.11.1/Cargo.lock
--- rust-sequoia-octopus-librnp-1.11.0/Cargo.lock 1970-01-01 01:00:01.000000000 +0100
+++ rust-sequoia-octopus-librnp-1.11.1/Cargo.lock 1970-01-01 01:00:01.000000000 +0100
@@ -1,6 +1,6 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
-version = 3
+version = 4
[[package]]
name = "addr2line"
@@ -482,9 +482,9 @@
[[package]]
name = "crossbeam-channel"
-version = "0.5.14"
+version = "0.5.15"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"
+checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2"
dependencies = [
"crossbeam-utils",
]
@@ -1576,6 +1576,17 @@
]
[[package]]
+name = "io-uring"
+version = "0.7.8"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "b86e202f00093dcba4275d4636b93ef9dd75d025ae560d2521b45ea28ab49013"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "libc",
+]
+
+[[package]]
name = "ipconfig"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -2081,9 +2092,9 @@
[[package]]
name = "openssl"
-version = "0.10.71"
+version = "0.10.73"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "5e14130c6a98cd258fdcb0fb6d744152343ff729cbfcb28c656a9d12b999fbcd"
+checksum = "8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8"
dependencies = [
"bitflags",
"cfg-if",
@@ -2113,9 +2124,9 @@
[[package]]
name = "openssl-sys"
-version = "0.9.106"
+version = "0.9.109"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "8bb61ea9811cc39e3c2069f40b8b8e2e70d8569b361f879786cc7ed48b777cdd"
+checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571"
dependencies = [
"cc",
"libc",
@@ -2747,7 +2758,7 @@
[[package]]
name = "sequoia-octopus-librnp"
-version = "1.11.0"
+version = "1.11.1"
dependencies = [
"anyhow",
"chrono",
@@ -2771,7 +2782,7 @@
"serde",
"serde_json",
"tempfile",
- "thiserror 2.0.12",
+ "thiserror 1.0.69",
"tokio",
"vergen",
]
@@ -3223,15 +3234,17 @@
[[package]]
name = "tokio"
-version = "1.44.0"
+version = "1.46.1"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "9975ea0f48b5aa3972bf2d888c238182458437cc2a19374b81b25cdf1023fb3a"
+checksum = "0cc3a2344dafbe23a245241fe8b09735b521110d30fcefbbd5feb1797ca35d17"
dependencies = [
"backtrace",
"bytes",
+ "io-uring",
"libc",
"mio",
"pin-project-lite",
+ "slab",
"socket2",
"tokio-macros",
"windows-sys 0.52.0",
diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.toml rust-sequoia-octopus-librnp-1.11.1/Cargo.toml
--- rust-sequoia-octopus-librnp-1.11.0/Cargo.toml 1970-01-01 01:00:01.000000000 +0100
+++ rust-sequoia-octopus-librnp-1.11.1/Cargo.toml 1970-01-01 01:00:01.000000000 +0100
@@ -11,9 +11,9 @@
[package]
edition = "2021"
-rust-version = "1.79"
+rust-version = "1.85"
name = "sequoia-octopus-librnp"
-version = "1.11.0"
+version = "1.11.1"
authors = [
"Justus Winter <justus@sequoia-pgp.org>",
"Neal H. Walfield <neal@sequoia-pgp.org>",
@@ -165,7 +165,9 @@
[dependencies.tokio]
version = "1"
-[build-dependencies.vergen]
+[build-dependencies]
+
+[target."cfg(not(windows))".build-dependencies.vergen]
version = "8"
features = [
"git",
@@ -176,3 +178,11 @@
[target."cfg(windows)".dependencies.rusqlite]
version = ">=0.24, <0.32"
features = ["bundled"]
+
+[target."cfg(windows)".build-dependencies.vergen]
+version = "8"
+features = [
+ "git",
+ "gitcl",
+]
+default-features = false
diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.toml.orig rust-sequoia-octopus-librnp-1.11.1/Cargo.toml.orig
--- rust-sequoia-octopus-librnp-1.11.0/Cargo.toml.orig 2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/Cargo.toml.orig 2006-07-24 03:21:28.000000000 +0200
@@ -1,7 +1,7 @@
[package]
name = "sequoia-octopus-librnp"
description = "Reimplementation of RNP's interface using Sequoia for use with Thunderbird"
-version = "1.11.0"
+version = "1.11.1"
authors = [
"Justus Winter <justus@sequoia-pgp.org>",
"Neal H. Walfield <neal@sequoia-pgp.org>",
@@ -16,7 +16,7 @@
license = "LGPL-2.0-or-later"
edition = "2021"
build = "build.rs"
-rust-version = "1.79"
+rust-version = "1.85"
[badges]
gitlab = { repository = "sequoia-pgp/sequoia-octopus-librnp" }
@@ -52,6 +52,15 @@
rusqlite = { version = ">=0.24, <0.32", features = ["bundled"] }
[build-dependencies]
+
+[target.'cfg(windows)'.build-dependencies]
+# Use the git command line tool to get the version.
+# https://docs.rs/vergen/8.3.2/vergen/index.html
+vergen = { version = "8", default-features = false, features = ["git", "gitcl"] }
+
+[target.'cfg(not(windows))'.build-dependencies]
+# Use the git library to get the version.
+# https://docs.rs/vergen/8.3.2/vergen/index.html
vergen = { version = "8", default-features = false, features = ["git", "git2"] }
[lib]
diff -Nru rust-sequoia-octopus-librnp-1.11.0/.cargo_vcs_info.json rust-sequoia-octopus-librnp-1.11.1/.cargo_vcs_info.json
--- rust-sequoia-octopus-librnp-1.11.0/.cargo_vcs_info.json 1970-01-01 01:00:01.000000000 +0100
+++ rust-sequoia-octopus-librnp-1.11.1/.cargo_vcs_info.json 1970-01-01 01:00:01.000000000 +0100
@@ -1,6 +1,6 @@
{
"git": {
- "sha1": "1064b5d4771a4c6f958d57276e799a6401b8b3fa"
+ "sha1": "2c903a4df4366ba3bbfcccd29cca68fe67735b8f"
},
"path_in_vcs": ""
}
\ Kein Zeilenumbruch am Dateiende.
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/changelog rust-sequoia-octopus-librnp-1.11.1/debian/changelog
--- rust-sequoia-octopus-librnp-1.11.0/debian/changelog 2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/changelog 2025-07-09 14:49:09.000000000 +0200
@@ -1,3 +1,11 @@
+rust-sequoia-octopus-librnp (1.11.1-1) unstable; urgency=medium
+
+ * Package sequoia-octopus-librnp 1.11.1 from crates.io using debcargo 2.7.8
+ - Closes: #1109001.
+ - refresh patches.
+
+ -- Holger Levsen <holger@debian.org> Wed, 09 Jul 2025 14:49:09 +0200
+
rust-sequoia-octopus-librnp (1.11.0-1) unstable; urgency=medium
* Package sequoia-octopus-librnp 1.11.0 from crates.io using debcargo 2.7.8
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/control rust-sequoia-octopus-librnp-1.11.1/debian/control
--- rust-sequoia-octopus-librnp-1.11.0/debian/control 2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/control 2025-07-09 14:49:09.000000000 +0200
@@ -4,7 +4,7 @@
Build-Depends: debhelper-compat (= 13),
dh-sequence-cargo
Build-Depends-Arch: cargo:native <!nocheck>,
- rustc:native (>= 1.79) <!nocheck>,
+ rustc:native (>= 1.85) <!nocheck>,
libstd-rust-dev <!nocheck>,
librust-anyhow-1+default-dev <!nocheck>,
librust-buffered-reader-1+default-dev <!nocheck>,
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/control.debcargo.hint rust-sequoia-octopus-librnp-1.11.1/debian/control.debcargo.hint
--- rust-sequoia-octopus-librnp-1.11.0/debian/control.debcargo.hint 2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/control.debcargo.hint 2025-07-09 14:49:09.000000000 +0200
@@ -4,7 +4,7 @@
Build-Depends: debhelper-compat (= 13),
dh-sequence-cargo
Build-Depends-Arch: cargo:native <!nocheck>,
- rustc:native (>= 1.79) <!nocheck>,
+ rustc:native (>= 1.85) <!nocheck>,
libstd-rust-dev <!nocheck>,
librust-anyhow-1+default-dev <!nocheck>,
librust-chrono-0.4+default-dev <!nocheck>,
@@ -108,11 +108,11 @@
librust-sequoia-octopus-librnp-1.11+crypto-nettle-dev (= ${binary:Version}),
librust-sequoia-octopus-librnp-1.11+crypto-openssl-dev (= ${binary:Version}),
librust-sequoia-octopus-librnp-1.11+default-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-botan-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-botan2-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-nettle-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+crypto-openssl-dev (= ${binary:Version}),
- librust-sequoia-octopus-librnp-1.11.0+default-dev (= ${binary:Version})
+ librust-sequoia-octopus-librnp-1.11.1-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-botan-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-botan2-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-nettle-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+crypto-openssl-dev (= ${binary:Version}),
+ librust-sequoia-octopus-librnp-1.11.1+default-dev (= ${binary:Version})
Description: Reimplementation of librnp for Thunderbird by Sequoia - Rust source code
Source code for Debianized Rust crate "sequoia-octopus-librnp"
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/patches/drop-windows.patch rust-sequoia-octopus-librnp-1.11.1/debian/patches/drop-windows.patch
--- rust-sequoia-octopus-librnp-1.11.0/debian/patches/drop-windows.patch 2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/patches/drop-windows.patch 2025-07-09 14:49:09.000000000 +0200
@@ -8,7 +8,7 @@
===================================================================
--- sequoia-octopus-librnp.orig/Cargo.toml
+++ sequoia-octopus-librnp/Cargo.toml
-@@ -172,7 +172,3 @@ features = [
+@@ -174,15 +174,3 @@ features = [
"git2",
]
default-features = false
@@ -16,3 +16,11 @@
-[target."cfg(windows)".dependencies.rusqlite]
-version = ">=0.24, <0.32"
-features = ["bundled"]
+-
+-[target."cfg(windows)".build-dependencies.vergen]
+-version = "8"
+-features = [
+- "git",
+- "gitcl",
+-]
+-default-features = false
diff -Nru rust-sequoia-octopus-librnp-1.11.0/debian/tests/control.debcargo.hint rust-sequoia-octopus-librnp-1.11.1/debian/tests/control.debcargo.hint
--- rust-sequoia-octopus-librnp-1.11.0/debian/tests/control.debcargo.hint 2025-03-31 12:25:52.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/debian/tests/control.debcargo.hint 2025-07-09 14:49:09.000000000 +0200
@@ -1,34 +1,34 @@
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --all-features
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --all-features
Features: test-name=rust-sequoia-octopus-librnp:@
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-botan
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-botan
Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-botan
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-botan2
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-botan2
Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-botan2
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-nettle
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-nettle
Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-nettle
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features --features crypto-openssl
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features --features crypto-openssl
Features: test-name=librust-sequoia-octopus-librnp-dev:crypto-openssl
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets
Features: test-name=librust-sequoia-octopus-librnp-dev:default
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
-Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.0 --all-targets --no-default-features
+Test-Command: /usr/share/cargo/bin/cargo-auto-test sequoia-octopus-librnp 1.11.1 --all-targets --no-default-features
Features: test-name=librust-sequoia-octopus-librnp-dev:
-Depends: dh-cargo (>= 31), rustc (>= 1.79), @
+Depends: dh-cargo (>= 31), rustc (>= 1.85), @
Restrictions: allow-stderr, skip-not-installable
diff -Nru rust-sequoia-octopus-librnp-1.11.0/src/dump_packets/dump.rs rust-sequoia-octopus-librnp-1.11.1/src/dump_packets/dump.rs
--- rust-sequoia-octopus-librnp-1.11.0/src/dump_packets/dump.rs 2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/src/dump_packets/dump.rs 2006-07-24 03:21:28.000000000 +0200
@@ -106,12 +106,20 @@
#[allow(clippy::redundant_pattern_matching)]
pub fn dump<W>(input: &mut (dyn io::Read + Sync + Send),
output: &mut dyn io::Write,
+ max_decompressed_literal_data: Option<usize>,
mpis: bool, hex: bool,
sk: Option<&SessionKey>,
width: W)
-> Result<Kind>
where W: Into<Option<usize>>
{
+ rnp_function!(dump, crate::TRACE);
+
+ // If no limit is supplied, stop after 100 MB.
+ let max_decompressed_literal_data
+ = max_decompressed_literal_data.unwrap_or(100 * 1024 * 1024);
+ let mut saw_decompression_packet = false;
+
let mut ppr
= self::openpgp::parse::PacketParserBuilder::from_reader(input)?;
@@ -145,14 +153,55 @@
skesks.push(p.clone());
vec![]
},
+ Packet::CompressedData(_) => {
+ t!("Encountered compressed data packet. \
+ Activating zip bomb protection.");
+ saw_decompression_packet = true;
+ Vec::new()
+ }
Packet::Literal(_) => {
let mut prefix = vec![0; 40];
let n = pp.read(&mut prefix)?;
- vec![
+ let summary = vec![
format!("Content: {:?}{}",
String::from_utf8_lossy(&prefix[..n]),
if n == prefix.len() { "..." } else { "" }),
- ]
+ ];
+
+ if saw_decompression_packet {
+ // Protect against a possible zip bomb.
+ t!("Zip bomb protection activated. Will abort after \
+ reading more than {} bytes of literal data.",
+ max_decompressed_literal_data);
+
+ const BUFFER_SIZE: usize = 1024 * 1024;
+ let mut buffer = vec![0; BUFFER_SIZE];
+ let mut literal_data_read = prefix.len();
+ while literal_data_read <= max_decompressed_literal_data {
+ let remaining
+ = max_decompressed_literal_data - literal_data_read + 1;
+
+ let read = pp.read(
+ &mut buffer[..remaining.min(BUFFER_SIZE)])?;
+ if read == 0 {
+ // EOF.
+ break;
+ }
+
+ literal_data_read += read;
+ }
+ t!("Read {} bytes of literal data",
+ literal_data_read);
+
+ if literal_data_read > max_decompressed_literal_data {
+ t!("Zip bomb detected");
+ return Err(crate::Error::BadParameters.into());
+ } else {
+ t!("No zip bomb detected");
+ }
+ }
+
+ summary
},
Packet::SEIP(ref s) => {
let version = s.version();
diff -Nru rust-sequoia-octopus-librnp-1.11.0/src/dump_packets.rs rust-sequoia-octopus-librnp-1.11.1/src/dump_packets.rs
--- rust-sequoia-octopus-librnp-1.11.0/src/dump_packets.rs 2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/src/dump_packets.rs 2006-07-24 03:21:28.000000000 +0200
@@ -30,7 +30,15 @@
// Key grips are a proprietary GnuPG extension. No.
let _dump_grip = flags & RNP_DUMP_GRIP > 0;
- rnp_try_or!(dump::dump(input, output, dump_mpis, dump_hex, None, None),
+ let max_decompressed_literal_data
+ = if let RnpOutput::Buf((_buf, Some(max))) = output {
+ Some(*max)
+ } else {
+ None
+ };
+
+ rnp_try_or!(dump::dump(input, output, max_decompressed_literal_data,
+ dump_mpis, dump_hex, None, None),
RNP_ERROR_GENERIC);
rnp_success!()
}
diff -Nru rust-sequoia-octopus-librnp-1.11.0/src/lib.rs rust-sequoia-octopus-librnp-1.11.1/src/lib.rs
--- rust-sequoia-octopus-librnp-1.11.0/src/lib.rs 2006-07-24 03:21:28.000000000 +0200
+++ rust-sequoia-octopus-librnp-1.11.1/src/lib.rs 2006-07-24 03:21:28.000000000 +0200
@@ -32,10 +32,12 @@
UserID,
},
policy::{
+ HashAlgoSecurity,
NullPolicy,
StandardPolicy,
},
serialize::Serialize,
+ types::HashAlgorithm,
};
/// Controls tracing.
@@ -169,12 +171,12 @@
plaintext_cache: recombine::PlaintextCache,
}
-type RnpPasswordCb = unsafe extern fn(*mut RnpContext,
- *mut c_void,
- *const RnpKey,
- *const c_char,
- *mut c_char,
- size_t) -> bool;
+type RnpPasswordCb = unsafe extern "C" fn(*mut RnpContext,
+ *mut c_void,
+ *const RnpKey,
+ *const c_char,
+ *mut c_char,
+ size_t) -> bool;
#[no_mangle] pub unsafe extern "C"
fn rnp_ffi_create(ctx: *mut *mut RnpContext,
@@ -252,7 +254,29 @@
if let Err(e) = policy.parse_default_config() {
global_warn!("Reading crypto policy: {}", e);
}
- let policy = policy.build();
+ let mut policy = policy.build();
+
+ // Thunderbird checks that MD5 and SHA-1 for self-signatures are
+ // disabled and refuses to fully initialize RNP otherwise. Meet
+ // its expectations.
+
+ let now = std::time::SystemTime::now();
+ for (algo, prop) in [
+ (HashAlgorithm::MD5, HashAlgoSecurity::CollisionResistance),
+ (HashAlgorithm::MD5, HashAlgoSecurity::SecondPreImageResistance),
+ (HashAlgorithm::SHA1, HashAlgoSecurity::CollisionResistance),
+ ]
+ {
+ let cutoff = policy.hash_cutoff(algo, prop);
+ t!("{} for {:?}: {:?}", algo, prop, cutoff);
+ if cutoff.unwrap_or(now) >= now {
+ warn!("Your crypto policy enables {} in contexts where {:?} is \
+ needed ({:?}). Unconditionally rejecting it.",
+ algo, prop, cutoff);
+ policy.reject_hash_property_at(
+ algo, prop, std::time::UNIX_EPOCH);
+ }
+ }
*ctx = Box::into_raw(Box::new(RnpContext {
policy: Arc::new(RwLock::new(policy)),
Attachment:
signature.asc
Description: PGP signature