chore(deps): update rust crate pgp to 0.19 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
pgp	workspace.dependencies	minor	0.16 → 0.19

GitHub Vulnerability Alerts

GHSA-7587-4wv6-m68m

Summary

It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use, which prevents this issue.

Details

While parsing a special RSA secret key packet, rPGP calls the rsa crate with the provided key. On vulnerable versions, this results in a Rust "panic" during key construction. Note that an attacker can trigger this situation even in places where applications don't expect to handle foreign key material, for example while attempting to receive a message.

For more information on the rsa crate vulnerability, see GHSA-9c48-w39g-hm26 and https://github.com/RustCrypto/RSA/pull/624.
In rPGP, this has been fixed via https://github.com/rpgp/rpgp/pull/698.

Impact

This issue impacts availability (i.e. applications can crash).

Affected rPGP versions: rPGP 0.16.0-alpha.0 to 0.18.0
Vulnerable rsa versions: all before version 0.9.10

Workaround

The issue depends on the combination of affected rPGP and rsa versions. Users of affected rPGP versions can pin the patched rsa 0.9.10 via a cargo lockfile to mitigate the issue.

Attribution

Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG.

GHSA-8h58-w33p-wq3g

Summary

Previous rPGP versions could be caused to crash with a "stack overflow" when parsing messages that contain deeply nested message layers, such as messages with many signatures.

rPGP 0.19.0 resolves this issue with a more robust message handling implementation (via https://github.com/rpgp/rpgp/pull/625).

Impact

An attacker could cause applications to crash in rPGP's message parsing subsystem, when applications attempt to ingest messages.

Attribution

Discovered internally during rPGP development, using a fuzz test suite previously contributed by Christian Reitter.

GHSA-c7ph-f7jm-xv4w

Summary

For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid.

Details

When decrypting SEIPD (Symmetrically Encrypted and Integrity Protected Data Packet), rPGP previously did not under all circumstances report the absence of valid integrity protection to callers of the library.

Impact

While the resulting invalid decryption output is not attacker controlled, its contents may be a security concern if an attacker can gain access to it.

Attribution

Discovered internally in the course of rPGP development work.

---

Release Notes

rpgp/rpgp (pgp)

v0.19.0

Compare Source

⛰️ Features

• Add helper to use multiple secret keys for decryption - (4176c07)
• Add back capability to build a SignedPublicKey from a key held externally (#​678) - (066d0c5)
• Expand zeroizing of secret values - (4db0b6d)

🐛 Bug Fixes

• Support RSA keys up to 8k by default (#​664) - (4c42ec1)
• Loosen trait requirements to KeyDetails, where appropriate (#​680) - (9221ea1)
• Adds CertCasual (#​691) - (a3e387c)
• Ensure trailing packets are consumed - (16c2457)
• Recursion issues in deeply nested messages - (e82f2c7)
• Handling of multiple trailing zeros in ecdh for malformed-artifact-compat - (7eb0682)

🚜 Refactor

• [breaking] Drop encrypt methods from secret key types (#​670) - (cf8a770)
• [breaking] Simplify key generation by always signing immediately - (e111ba1)
• [breaking] Introduce EncryptionKey trait (#​668) - (4a85df9)
• [breaking] New structure for key traits (#​672) - (90999d9)
• [breaking] Adjust subpacket name "Issuer Key ID", to align with RFC 9580 (#​674) - (23214a8)
• [breaking] Replace chrono::DateTime with custom Timestamp (#​673) - (2435971)
• [breaking] Verify -> verify_bindings (#​675) - (7ac79b7)
• [breaking] Introduce DecryptionKey (#​679) - (86881b3)
• [breaking] Don't export symbols in duplicate - (96d94e3)
• Move support for large rsa keys into a separate feature (#​696) - (135017f)
• Move some unused decryption code behind cfg(test) - (73cb9d1)
• [breaking] Distinguish can_encrypt_comms and can_encrypt_storage in key builder (#​685) - (7e3b6c0)
• [breaking] Clearly mark v3 key expiration fields as legacy (#​695) - (f2aefc8)

📚 Documentation

• Reorganize some module-level documentation (#​677) - (e2242d6)
• Add some more API docs (#​640) - (29a668e)

🧪 Testing

• (fuzz) Port to current API (#​701) - (5fd74d0)
• Armor with very long line (#​704) - (36125a5)
• Cleartext message with "NotDashEscaped" header - (21b56ad)

⚙️ Miscellaneous Tasks

• (cargo-deny) Ignore ml-dsa advisory for now (#​710) - (19e469b)
• Update zeroize_derive to 1.4.3 - (d155807)

v0.18.0

Compare Source

⛰️ Features

• Add Signature::verify_key_third_party - (91f8a02)
• [breaking] Improve handling of large RSA keys - (466ec9d)
• [breaking] Decryption support for draft-wussler-openpgp-forwarding (#​637) - (1e6ac17)

🐛 Bug Fixes

• Handle edge case in NormalizedReader LF mode - (caf31af)

🚜 Refactor

• In text signatures, don't normalize single \r characters (#​650) - (410c844)

📚 Documentation

• Update status information in README (#​645) - (f92caf5)
• Expand "users" section (#​646) - (cfe71ab)
• Simplify README example code; minor tweaks (#​647) - (035d2f6)
• Add example + references for encrypt_to_key on Builder - (dfe1f01)

⚙️ Miscellaneous Tasks

• Bump MSRV to 1.88 - (ad00ed9)
• Happier clippy - (a02cf93)
• [breaking] Drop unintended visibilities - (204c51f)

Cleanup

• [breaking] Drop some high-level semantics functions from the API - (0f58ea1)

v0.17.0

Compare Source

⛰️ Features

• (deps) Update bitfields to 1.0 (#​588) - (617f6e0)
• Helpers for improved string handling - (80977ca)
• Adds signature::Signer compatibility wrappers - (854387a)
• [breaking] Improve Signature api - (500c52e)
• Add EcdsaPublicParams::curve and is_supported (#​586) - (7d20b3e)
• Improve and expand string APIs (#​587) - (4687bcf)
• Decryption of v5 SKESK (GnuPG proprietary) - (a5a9f93)
• Decryption of packet type 20 AEAD format (GnuPG proprietary) - (ab0deb8)
• Implement several standard library extension traits for Fingerprint (#​600) - (e0357f2)
• [breaking] Configurable signature type for user id/attribute third party certifications - (e9847b5)
• Allow custom signature subpacket configuration in message builder (#​610) - (3542021)
• Allow user-provided session key in message builder (#​611) - (f168ff3)
• Handle utf-8 literal data in message builder (#​612) - (85439d2)
• Implement signing in DetachedSignature - (5298f1a)
• Support optional handling of some malformed artifacts (#​636) - (e8798c1)

🐛 Bug Fixes

• Handle parsing of unknown PKESK packets (#​568) - (09a6b1e)
• Handle PQC algorithms in PublicKeyTrait::is_*_key (#​589) - (9a558f8)
• Make user id self certifications as CertPositive - (45a318a)
• Make user id self certifications as CertPositive - (9cec3bb)
• Always produce IssuerFingerprint subpacket for signatures (#​609) - (d2275c1)
• Disable crc24 check while dearmoring, by default (#​604) - (e7825d4)
• Message::Encrypted may contain zero ESKs (#​615) - (f376798)
• Skip non-critical packets in message reader - (c60d2b6)
• If ops metadata doesn't match signature, don't validate (#​616) - (a9038e3)
• Csf handling for mixed CR+LF and LF endings (#​626) - (7c64f67)
• Limit length of DSA public parameters (#​627) - (26734bb)
• Use correct key size when using s2k derive_key (#​644) - (3bd7801)

🚜 Refactor

• Restructure Tag ranges to align with RFC 9580 - (b08c08a)
• Rename StandaloneSignature to DetachedSignature - (47d0581)
• Use bare signature packets in CleartextSignedMessage - (3f7b661)
• Minor code cleanup (#​635) - (cb2c08a)

📚 Documentation

• Update FAQ entry about PQC (#​566) - (aaea3c6)
• Fix top level example in README (#​598) - (89ce8b7)
• Typo fix (#​608) - (d945332)
• Add examples of key generation and encryption/decryption (#​601) - (cccb248)
• Examples README (#​631) - (850cf82)
• Notes on weak hash algorithms in SECURITY_STATUS.md - (c64708e)
• Some OpenPGP context, outline rPGP's scope - (90ea61d)
• Move information about features to README (#​642) - (e38cafd)

⚡ Performance

• Avoid double buffering in aead decryptor (#​576) - (c8e8035)
• [breaking] Improve encrypt and decrypt performance - (c359bea)

🧪 Testing

• (fuzz) Adjust to rPGP API (#​621) - (cec6cc0)
• (fuzz) Some improvements to the fuzz tests (#​633) - (2d571f8)
• Impl proptest for encrypted data packets (#​606) - (5af9c10)

⚙️ Miscellaneous Tasks

• Run Windows tests with the specified target triple - (8dd4843)
• Happy clippy - (7bf62ef)
• Cleanup crate-type (#​594) - (8250edb)

Adapter

• Expose the public key (#​603) - (9b83ac8)

Cleanup

• Rename Tag::GnupgAead to GnupgAeadData (#​624) - (ffa34ad)
• Rename GnupgAeadConfig to GnupgAeadDataConfig (#​641) - (1b6fbc2)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.