From e66d44e42d0ae2cefd5acc993b01a7aa6ca36d55 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Thu, 28 Jun 2018 19:22:53 +0200
Subject: [PATCH] Rename config.unsafe_stream to allow_unauthenticated_stream

---
 src/config/config.js                          |  5 ++
 .../sym_encrypted_integrity_protected.js      |  2 +-
 test/general/streaming.js                     | 48 +++++++++----------
 3 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/src/config/config.js b/src/config/config.js
index d519575e..d11b217c 100644
--- a/src/config/config.js
+++ b/src/config/config.js
@@ -93,6 +93,11 @@ export default {
    * @property {Boolean} ignore_mdc_error Fail on decrypt if message is not integrity protected
    */
   ignore_mdc_error:         false,
+  /**
+   * @memberof module:config
+   * @property {Boolean} allow_unauthenticated_stream Stream unauthenticated data before integrity has been checked
+   */
+  allow_unauthenticated_stream: false,
   /**
    * @memberof module:config
    * @property {Boolean} checksum_required Do not throw error when armor is missing a checksum
diff --git a/src/packet/sym_encrypted_integrity_protected.js b/src/packet/sym_encrypted_integrity_protected.js
index a142a61a..6b6b2397 100644
--- a/src/packet/sym_encrypted_integrity_protected.js
+++ b/src/packet/sym_encrypted_integrity_protected.js
@@ -148,7 +148,7 @@ SymEncryptedIntegrityProtected.prototype.decrypt = async function (sessionKeyAlg
   });
   let packetbytes = stream.slice(bytes, 0, -2);
   packetbytes = stream.concat([packetbytes, stream.fromAsync(() => verifyHash)]);
-  if (!util.isStream(encrypted) || !config.unsafe_stream) {
+  if (!util.isStream(encrypted) || !config.allow_unauthenticated_stream) {
     packetbytes = await stream.readToEnd(packetbytes);
   }
   await this.packets.read(packetbytes);
diff --git a/test/general/streaming.js b/test/general/streaming.js
index a1e0e7ab..0945d82a 100644
--- a/test/general/streaming.js
+++ b/test/general/streaming.js
@@ -226,9 +226,9 @@ describe('Streaming', function() {
     expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
   });
 
-  it('Encrypt and decrypt larger message roundtrip (unsafe_stream=true)', async function() {
-    let unsafe_streamValue = openpgp.config.unsafe_stream;
-    openpgp.config.unsafe_stream = true;
+  it('Encrypt and decrypt larger message roundtrip (allow_unauthenticated_stream=true)', async function() {
+    let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
+    openpgp.config.allow_unauthenticated_stream = true;
     try {
       let plaintext = [];
       let i = 0;
@@ -263,13 +263,13 @@ describe('Streaming', function() {
       expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
       expect(decrypted.signatures).to.exist.and.have.length(0);
     } finally {
-      openpgp.config.unsafe_stream = unsafe_streamValue;
+      openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
     }
   });
 
-  it('Encrypt and decrypt larger message roundtrip using public keys (unsafe_stream=true)', async function() {
-    let unsafe_streamValue = openpgp.config.unsafe_stream;
-    openpgp.config.unsafe_stream = true;
+  it('Encrypt and decrypt larger message roundtrip using public keys (allow_unauthenticated_stream=true)', async function() {
+    let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
+    openpgp.config.allow_unauthenticated_stream = true;
     try {
       const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
       const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
@@ -308,13 +308,13 @@ describe('Streaming', function() {
       if (i > 10) throw new Error('Data did not arrive early.');
       expect(await openpgp.stream.readToEnd(decrypted.data)).to.deep.equal(util.concatUint8Array(plaintext));
     } finally {
-      openpgp.config.unsafe_stream = unsafe_streamValue;
+      openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
     }
   });
 
-  it('Detect MDC modifications (unsafe_stream=true)', async function() {
-    let unsafe_streamValue = openpgp.config.unsafe_stream;
-    openpgp.config.unsafe_stream = true;
+  it('Detect MDC modifications (allow_unauthenticated_stream=true)', async function() {
+    let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
+    openpgp.config.allow_unauthenticated_stream = true;
     try {
       let plaintext = [];
       let i = 0;
@@ -352,13 +352,13 @@ describe('Streaming', function() {
       await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Modification detected.');
       expect(decrypted.signatures).to.exist.and.have.length(0);
     } finally {
-      openpgp.config.unsafe_stream = unsafe_streamValue;
+      openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
     }
   });
 
-  it('Detect armor checksum error (unsafe_stream=true)', async function() {
-    let unsafe_streamValue = openpgp.config.unsafe_stream;
-    openpgp.config.unsafe_stream = true;
+  it('Detect armor checksum error (allow_unauthenticated_stream=true)', async function() {
+    let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
+    openpgp.config.allow_unauthenticated_stream = true;
     try {
       const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
       const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
@@ -401,13 +401,13 @@ describe('Streaming', function() {
       await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
       expect(decrypted.signatures).to.exist.and.have.length(1);
     } finally {
-      openpgp.config.unsafe_stream = unsafe_streamValue;
+      openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
     }
   });
 
-  it('Detect armor checksum error when not passing public keys (unsafe_stream=true)', async function() {
-    let unsafe_streamValue = openpgp.config.unsafe_stream;
-    openpgp.config.unsafe_stream = true;
+  it('Detect armor checksum error when not passing public keys (allow_unauthenticated_stream=true)', async function() {
+    let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
+    openpgp.config.allow_unauthenticated_stream = true;
     try {
       const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
       const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
@@ -450,13 +450,13 @@ describe('Streaming', function() {
       expect(decrypted.signatures).to.exist.and.have.length(1);
       expect(await decrypted.signatures[0].verified).to.be.null;
     } finally {
-      openpgp.config.unsafe_stream = unsafe_streamValue;
+      openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
     }
   });
 
-  it('Sign/verify: Detect armor checksum error (unsafe_stream=true)', async function() {
-    let unsafe_streamValue = openpgp.config.unsafe_stream;
-    openpgp.config.unsafe_stream = true;
+  it('Sign/verify: Detect armor checksum error (allow_unauthenticated_stream=true)', async function() {
+    let allow_unauthenticated_streamValue = openpgp.config.allow_unauthenticated_stream;
+    openpgp.config.allow_unauthenticated_stream = true;
     try {
       const pubKey = (await openpgp.key.readArmored(pub_key)).keys[0];
       const privKey = (await openpgp.key.readArmored(priv_key)).keys[0];
@@ -496,7 +496,7 @@ describe('Streaming', function() {
       await expect(openpgp.stream.readToEnd(decrypted.data)).to.be.rejectedWith('Ascii armor integrity check on message failed');
       expect(decrypted.signatures).to.exist.and.have.length(1);
     } finally {
-      openpgp.config.unsafe_stream = unsafe_streamValue;
+      openpgp.config.allow_unauthenticated_stream = allow_unauthenticated_streamValue;
     }
   });