Merge pull request #589 from str4d/age-0.11.2

`age 0.11.2`

Author: str4d

Cargo.lock

@@ -21,6 +21,15 @@ to 1.0.0 are beta releases.
   cross-thread uses of `IdentityFile`, which were unintentionally disabled in
   0.11.0.
 
+## [0.11.2] - 2025-12-07
+### Fixed
+- `age::armor::ArmoredWriter::poll_write` no longer panics when writing more
+  than 6144 bytes.
+- `age::encrypted::Identity` no longer causes a panic when being decrypted if
+  the `age::Callbacks::request_passphrase` impl returns `None`.
+- `age::plugin::{Identity, RecipientPluginV1, IdentityPluginV1}` now correctly
+  reject the empty plugin name (like `age::plugin::Recipient` already was).
+
 ## [0.6.1, 0.7.2, 0.8.2, 0.9.3, 0.10.1, 0.11.1] - 2024-11-18
 ### Security
 - Fixed a security vulnerability that could allow an attacker to execute an

age/CHANGELOG.md

@@ -1,7 +1,7 @@
 [package]
 name = "age"
 description = "[BETA] A simple, secure, and modern encryption library."
-version = "0.11.1"
+version = "0.11.2"
 authors.workspace = true
 repository.workspace = true
 readme = "README.md"

age/Cargo.toml

@@ -50,7 +50,7 @@ impl<R: io::Read, C: Callbacks> EncryptedIdentity<R, C> {
             filename = filename.unwrap_or_default()
         )) {
             Some(passphrase) => passphrase,
-            None => todo!(),
+            None => Err(DecryptError::KeyDecryptionFailed)?,
         };
 
         let mut identity = scrypt::Identity::new(passphrase);
@@ -251,10 +251,10 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
     const TEST_RECIPIENT: &str = "age1ysxuaeqlk7xd8uqsh8lsnfwt9jzzjlqf49ruhpjrrj5yatlcuf7qke4pqe";
 
     #[derive(Clone)]
-    struct MockCallbacks(Arc<Mutex<Option<&'static str>>>);
+    struct MockCallbacks(Arc<Mutex<Option<Option<&'static str>>>>);
 
     impl MockCallbacks {
-        fn new(passphrase: &'static str) -> Self {
+        fn new(passphrase: Option<&'static str>) -> Self {
             MockCallbacks(Arc::new(Mutex::new(Some(passphrase))))
         }
     }
@@ -274,9 +274,13 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
 
         /// This intentionally panics if called twice.
         fn request_passphrase(&self, _: &str) -> Option<SecretString> {
-            Some(SecretString::from(
-                self.0.lock().unwrap().take().unwrap().to_owned(),
-            ))
+            self.0
+                .lock()
+                .unwrap()
+                .take()
+                .expect("passphrase is only input once")
+                .to_owned()
+                .map(SecretString::from)
         }
     }
 
@@ -293,10 +297,28 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
         // Unwrapping with the wrong passphrase fails.
         {
             let buf = ArmoredReader::new(TEST_ENCRYPTED_IDENTITY.as_bytes());
-            let identity =
-                Identity::from_buffer(buf, None, MockCallbacks::new("wrong passphrase"), None)
-                    .unwrap()
-                    .unwrap();
+            let identity = Identity::from_buffer(
+                buf,
+                None,
+                MockCallbacks::new(Some("wrong passphrase")),
+                None,
+            )
+            .unwrap()
+            .unwrap();
+
+            if let Err(e) = identity.unwrap_stanzas(&wrapped).unwrap() {
+                assert!(matches!(e, DecryptError::KeyDecryptionFailed));
+            } else {
+                panic!("Should have failed");
+            }
+        }
+
+        // Unwrapping fails if we cannot obtain a passphrase.
+        {
+            let buf = ArmoredReader::new(TEST_ENCRYPTED_IDENTITY.as_bytes());
+            let identity = Identity::from_buffer(buf, None, MockCallbacks::new(None), None)
+                .unwrap()
+                .unwrap();
 
             if let Err(e) = identity.unwrap_stanzas(&wrapped).unwrap() {
                 assert!(matches!(e, DecryptError::KeyDecryptionFailed));
@@ -309,7 +331,7 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
         let identity = Identity::from_buffer(
             buf,
             None,
-            MockCallbacks::new(TEST_ENCRYPTED_IDENTITY_PASSPHRASE),
+            MockCallbacks::new(Some(TEST_ENCRYPTED_IDENTITY_PASSPHRASE)),
             None,
         )
         .unwrap()

age/src/encrypted.rs

@@ -48,6 +48,7 @@ fn valid_plugin_name(plugin_name: &str) -> bool {
     plugin_name
         .bytes()
         .all(|b| b.is_ascii_alphanumeric() | matches!(b, b'+' | b'-' | b'.' | b'_'))
+        && !plugin_name.is_empty()
 }
 
 fn binary_name(plugin_name: &str) -> String {
@@ -753,6 +754,13 @@ mod tests {
         );
     }
 
+    #[test]
+    fn recipient_rejects_empty_name() {
+        let invalid_recipient =
+            bech32::encode(PLUGIN_RECIPIENT_PREFIX, [], bech32::Variant::Bech32).unwrap();
+        assert!(invalid_recipient.parse::<Recipient>().is_err());
+    }
+
     #[test]
     fn recipient_rejects_invalid_chars() {
         let invalid_recipient = bech32::encode(
@@ -764,6 +772,18 @@ mod tests {
         assert!(invalid_recipient.parse::<Recipient>().is_err());
     }
 
+    #[test]
+    fn identity_rejects_empty_name() {
+        let invalid_identity = bech32::encode(
+            &format!("{}-", PLUGIN_IDENTITY_PREFIX),
+            [],
+            bech32::Variant::Bech32,
+        )
+        .expect("HRP is valid")
+        .to_uppercase();
+        assert!(invalid_identity.parse::<Identity>().is_err());
+    }
+
     #[test]
     fn identity_rejects_invalid_chars() {
         let invalid_identity = bech32::encode(
@@ -776,12 +796,26 @@ mod tests {
         assert!(invalid_identity.parse::<Identity>().is_err());
     }
 
+    #[test]
+    #[should_panic]
+    fn identity_default_for_plugin_rejects_empty_name() {
+        Identity::default_for_plugin("");
+    }
+
     #[test]
     #[should_panic]
     fn identity_default_for_plugin_rejects_invalid_chars() {
         Identity::default_for_plugin(INVALID_PLUGIN_NAME);
     }
 
+    #[test]
+    fn recipient_plugin_v1_rejects_empty_name() {
+        assert!(matches!(
+            RecipientPluginV1::new("", &[], &[], NoCallbacks),
+            Err(EncryptError::MissingPlugin { binary_name }) if binary_name.is_empty(),
+        ));
+    }
+
     #[test]
     fn recipient_plugin_v1_rejects_invalid_chars() {
         assert!(matches!(
@@ -790,6 +824,14 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn identity_plugin_v1_rejects_empty_name() {
+        assert!(matches!(
+            IdentityPluginV1::new("", &[], NoCallbacks),
+            Err(DecryptError::MissingPlugin { binary_name }) if binary_name.is_empty(),
+        ));
+    }
+
     #[test]
     fn identity_plugin_v1_rejects_invalid_chars() {
         assert!(matches!(

age/src/plugin.rs

@@ -517,11 +517,11 @@ impl<W: AsyncWrite> AsyncWrite for ArmoredWriter<W> {
                             BASE64_STANDARD
                                 .encode_slice(&byte_buf, &mut encoded_buf[..],)
                                 .expect("byte_buf.len() <= BASE64_CHUNK_SIZE_BYTES"),
-                            ARMORED_COLUMNS_PER_LINE
+                            BASE64_CHUNK_SIZE_COLUMNS
                         );
                         *encoded_line = Some(EncodedBytes {
                             offset: 0,
-                            end: ARMORED_COLUMNS_PER_LINE,
+                            end: BASE64_CHUNK_SIZE_COLUMNS,
                         });
                         byte_buf.clear();
                     }
@@ -1523,4 +1523,73 @@ mod tests {
         r.read_exact(&mut buf).unwrap();
         assert_eq!(&buf[..], &data[data.len() - 1337..data.len() - 1237]);
     }
+
+    #[cfg(feature = "async")]
+    #[test]
+    fn armored_async_cross_check() {
+        let data =
+            vec![42; (super::BASE64_CHUNK_SIZE_BYTES * 2) + (super::ARMORED_BYTES_PER_LINE * 10)];
+
+        let mut encoded_sync = vec![];
+        {
+            let mut out =
+                ArmoredWriter::wrap_output(&mut encoded_sync, Format::AsciiArmor).unwrap();
+            out.write_all(&data).unwrap();
+            out.finish().unwrap();
+        }
+
+        let mut encoded_async = vec![];
+        {
+            let w = ArmoredWriter::wrap_async_output(&mut encoded_async, Format::AsciiArmor);
+            pin_mut!(w);
+
+            let mut cx = noop_context();
+
+            let mut tmp = &data[..];
+            loop {
+                match w.as_mut().poll_write(&mut cx, tmp) {
+                    Poll::Ready(Ok(0)) => break,
+                    Poll::Ready(Ok(written)) => tmp = &tmp[written..],
+                    Poll::Ready(Err(e)) => panic!("Unexpected error: {}", e),
+                    Poll::Pending => panic!("Unexpected Pending"),
+                }
+            }
+            loop {
+                match w.as_mut().poll_close(&mut cx) {
+                    Poll::Ready(Ok(())) => break,
+                    Poll::Ready(Err(e)) => panic!("Unexpected error: {}", e),
+                    Poll::Pending => panic!("Unexpected Pending"),
+                }
+            }
+        }
+
+        assert_eq!(encoded_sync, encoded_async);
+
+        let mut buf_sync = vec![];
+        {
+            let mut input = ArmoredReader::new(&encoded_sync[..]);
+            input.read_to_end(&mut buf_sync).unwrap();
+        }
+
+        let mut buf_async = vec![];
+        {
+            let input = ArmoredReader::from_async_reader(&encoded_async[..]);
+            pin_mut!(input);
+
+            let mut cx = noop_context();
+
+            let mut tmp = [0; 4096];
+            loop {
+                match input.as_mut().poll_read(&mut cx, &mut tmp) {
+                    Poll::Ready(Ok(0)) => break,
+                    Poll::Ready(Ok(read)) => buf_async.extend_from_slice(&tmp[..read]),
+                    Poll::Ready(Err(e)) => panic!("Unexpected error: {}", e),
+                    Poll::Pending => panic!("Unexpected Pending"),
+                }
+            }
+        }
+
+        assert_eq!(buf_async, data);
+        assert_eq!(buf_sync, data);
+    }
 }