(When config.allow_unauthenticated_stream is set or the message is
AEAD-encrypted.)
The issue was that, when hashing the data for verification, we would
only start hashing at the very end (and keep the message in memory)
because nobody was "pulling" the stream containing the hash yet, so
backpressure was keeping the data from being hashed.
Note that, of the two patches in this commit, only the onePassSig.hashed
property actually mattered, for some reason. Also, the minimum
highWaterMark of 1 should have pulled the hashed stream anyway, I think.
I'm not sure why that didn't happen.
Also, when generating RSA keys in JS, generate them with p < q, as per
the spec.
Also, when generating RSA keys using Web Crypto or Node crypto, swap the
generated p and q around, so that will satisfy p < q in most browsers
(but not old Microsoft Edge, 50% of the time) and so that we can use the
generated u coefficient (p^-1 mod q in OpenPGP, q^-1 mod p in RFC3447).
Then, when signing and verifying, swap p and q again, so that the key
hopefully satisfies Safari's requirement that p > q, and so that we can
keep using u again.
Backtracking regexes have pathological worst-case performance when
a long line contains a large amount of whitespace not followed by
a newline, since the regex engine will attempt to match the regex
at each whitespace character, read ahead to the non-whitespace non-
newline, declare no match, and try again at the next whitespace.
E.g. try running
util.removeTrailingSpaces(new Array(1e6).join(' ') + 'a').length
which would hang V8.
- Don't add an extraneous newline at the end of base64-encoded data
if it is a multiple of 60 characters long.
- Generate \r\n instead of \n in base64-encoded data.
- Generate one newline instead of two after END PGP PUBLIC KEY BLOCK
for consistency with the other footers.
Also, add a "asStream" parameter to high-level functions to control
whether the return value is a Stream; defaulting to whether the
parameter passed was a Stream.
- Allow leading spaces in headers (since we were already accepting
leading spaces everywhere else in the armored text).
- Read ReadableStreams before passing them to a Worker
* Various FIXME tags are removed
* In curve.js:
- webCrypto/nodeCrypto fallback bug is fixed
- Curve25519 has keyType ecdsa (won't be used for signing, but technically can be)
- webGenKeyPair is simplifed
* In base64.js:
- documentation added and arguments simplified
* In ecdsa.js and eddsa.js:
- hash_algo is now at least as strong as the default curve hash
- simplified the code by moving webSign/nodeSign and webVerify/nodeVerify to live in key.js (ht @ismaelbej)
* In message.js:
- in decryptSessionKey, loops break once a key packet is decrypted
* In key.js:
- getPreferredHashAlgorithm returns the best hash algorithm
- enums are used for curve selection
