Prepare release v2.9.0

.github/workflows/android.yml

@@ -9,7 +9,7 @@ on:
 jobs:
   build:
     name: Build library for Android with gomobile
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
     - name: Set up JDK 1.8
@@ -18,7 +18,7 @@ jobs:
         java-version: 1.8
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
         go-version: ^1.16
       id: go

.github/workflows/go.yml

@@ -15,37 +15,22 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up latest golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: ^1.18
+          go-version: '^1.18'
 
       - name: Test
         run: go test -v -race ./...
-
-  test-old:
-    name: Test with 1.17
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out repo
-      uses: actions/checkout@v4
-
-    - name: Set up Go 1.17
-      uses: actions/setup-go@v3
-      with:
-        go-version: 1.17
-
-    - name: Test
-      run: go test -v -race ./...
 
   lint:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
-          go-version: 1.17
+          go-version: '1.22'
       - uses: actions/checkout@v4
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.50.1
+          version: v1.54.2

.golangci.yml

@@ -8,7 +8,7 @@ linters-settings:
     statements: 80
   cyclop:
     # the minimal code complexity to report
-    max-complexity: 20
+    max-complexity: 26
   gocognit:
     min-complexity: 45
 
@@ -18,6 +18,8 @@ issues:
     - Using the variable on range scope `tt` in function literal
     - GetJsonSHA256Fingerprints should be GetJSONSHA256Fingerprints
     - ST1003  # CamelCase variables; see constants/cipher.go
+    - "SA1019: rsaPriv.Precomputed" # we don't use them but only clear them
+    - "G101: Potential hardcoded credentials"
 
 linters:
   enable-all: true
@@ -47,4 +49,6 @@ linters:
     - forcetypeassert   # Forces to assert types in tests
     - nonamedreturns    # Disallows named returns
     - exhaustruct       # Forces all structs to be named
-    - nosnakecase       # Disallows snake case 
+    - nosnakecase       # Disallows snake case 
+    - depguard
+    - nestif

CHANGELOG.md

@@ -4,10 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.9.0] 2025-05-23
+### Changed
+- Update go-crypto to `1.3.0`.
+
 ## [2.8.3] 2024-02-27
 ### Changed
 - Update go-crypto to `1.1.6`.
-- 
+
 ## [2.8.2] 2024-11-25
 ### Changed
 - Update go-crypto to `1.1.4`.

armor/armor.go

@@ -5,7 +5,6 @@ package armor
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
 	"github.com/ProtonMail/gopenpgp/v2/constants"
@@ -48,7 +47,7 @@ func Unarmor(input string) ([]byte, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "gopengp: unable to unarmor")
 	}
-	return ioutil.ReadAll(b.Body)
+	return io.ReadAll(b.Body)
 }
 
 func armorWithTypeAndHeaders(input []byte, armorType string, headers map[string]string) (string, error) {

constants/armor.go

@@ -3,7 +3,7 @@ package constants
 
 // Constants for armored data.
 const (
-	ArmorHeaderVersion = "GopenPGP 2.8.3"
+	ArmorHeaderVersion = "GopenPGP 2.9.0"
 	ArmorHeaderComment = "https://gopenpgp.org"
 	PGPMessageHeader   = "PGP MESSAGE"
 	PGPSignatureHeader = "PGP SIGNATURE"

constants/version.go

@@ -1,3 +1,3 @@
 package constants
 
-const Version = "2.8.3"
+const Version = "2.9.0"

crypto/attachment.go

@@ -3,7 +3,6 @@ package crypto
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"runtime"
 	"sync"
 	"time"
@@ -92,7 +91,7 @@ func (keyRing *KeyRing) newAttachmentProcessor(
 
 	go func() {
 		defer attachmentProc.done.Done()
-		ciphertext, _ := ioutil.ReadAll(reader)
+		ciphertext, _ := io.ReadAll(reader)
 		message := &PGPMessage{
 			Data: ciphertext,
 		}
@@ -171,7 +170,7 @@ func (keyRing *KeyRing) DecryptAttachment(message *PGPSplitMessage) (*PlainMessa
 	}
 
 	decrypted := md.UnverifiedBody
-	b, err := ioutil.ReadAll(decrypted)
+	b, err := io.ReadAll(decrypted)
 	if err != nil {
 		return nil, errors.Wrap(err, "gopengpp: unable to read attachment body")
 	}

crypto/attachment_manual.go

@@ -2,7 +2,6 @@ package crypto
 
 import (
 	"io"
-	"io/ioutil"
 	"runtime"
 	"runtime/debug"
 	"sync"
@@ -104,7 +103,7 @@ func (keyRing *KeyRing) NewManualAttachmentProcessor(
 	attachmentProc.done.Add(1)
 	go func() {
 		defer attachmentProc.done.Done()
-		keyPacket, err := ioutil.ReadAll(keyReader)
+		keyPacket, err := io.ReadAll(keyReader)
 		if err != nil {
 			attachmentProc.err = err
 		} else {

crypto/base_test.go

@@ -2,8 +2,8 @@ package crypto
 
 import (
 	"crypto/rsa"
-	"io/ioutil"
 	"math/big"
+	"os"
 	"strings"
 	"testing"
 
@@ -16,7 +16,7 @@ import (
 const testTime = 1557754627 // 2019-05-13T13:37:07+00:00
 
 func readTestFile(name string, trimNewlines bool) string {
-	data, err := ioutil.ReadFile("testdata/" + name) //nolint
+	data, err := os.ReadFile("testdata/" + name) //nolint
 	if err != nil {
 		panic(err)
 	}

crypto/key_test.go

@@ -3,7 +3,7 @@ package crypto
 import (
 	"crypto/rsa"
 	"encoding/base64"
-	"io/ioutil"
+	"io"
 	"regexp"
 	"strings"
 	"testing"
@@ -309,14 +309,14 @@ func TestGetArmoredPublicKey(t *testing.T) {
 
 	assert.Exactly(t, expected.Type, block.Type)
 
-	b, err := ioutil.ReadAll(block.Body)
+	b, err := io.ReadAll(block.Body)
 	if err != nil {
-		t.Fatal("Expected no error while reading armored public key body, got:", err)
+		t.Fatal("Expected no error while reading armored key, got:", err)
 	}
 
-	eb, err := ioutil.ReadAll(expected.Body)
+	eb, err := io.ReadAll(expected.Body)
 	if err != nil {
-		t.Fatal("Expected no error while reading expected armored public key body, got:", err)
+		t.Fatal("Expected no error while reading expected armored key, got:", err)
 	}
 
 	assert.Exactly(t, eb, b)

crypto/keyring_message.go

@@ -3,7 +3,6 @@ package crypto
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"time"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
@@ -292,7 +291,7 @@ func asymmetricDecrypt(
 		return nil, err
 	}
 
-	body, err := ioutil.ReadAll(messageDetails.UnverifiedBody)
+	body, err := io.ReadAll(messageDetails.UnverifiedBody)
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: error in reading message body")
 	}

crypto/keyring_message_test.go

@@ -1,14 +1,14 @@
 package crypto
 
 import (
-	"io/ioutil"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestAEADKeyRingDecryption(t *testing.T) {
-	pgpMessageData, err := ioutil.ReadFile("testdata/gpg2.3-aead-pgp-message.pgp")
+	pgpMessageData, err := os.ReadFile("testdata/gpg2.3-aead-pgp-message.pgp")
 	if err != nil {
 		t.Fatal("Expected no error when reading message data, got:", err)
 	}

crypto/keyring_streaming_test.go

@@ -3,7 +3,6 @@ package crypto
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"reflect"
 	"testing"
 
@@ -68,7 +67,7 @@ func TestKeyRing_EncryptDecryptStream(t *testing.T) {
 	if err == nil {
 		t.Fatal("Expected an error while verifying the signature before reading the data, got nil")
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -91,7 +90,7 @@ func TestKeyRing_EncryptDecryptStream(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while calling decrypting stream with key ring, got:", err)
 	}
-	decryptedBytes, err = ioutil.ReadAll(decryptedReaderNoVerify)
+	decryptedBytes, err = io.ReadAll(decryptedReaderNoVerify)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -160,7 +159,7 @@ func TestKeyRing_EncryptDecryptStreamWithContext(t *testing.T) {
 	if err == nil {
 		t.Fatal("Expected an error while verifying the signature before reading the data, got nil")
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -183,7 +182,7 @@ func TestKeyRing_EncryptDecryptStreamWithContext(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while calling decrypting stream with key ring, got:", err)
 	}
-	decryptedBytes, err = ioutil.ReadAll(decryptedReaderNoVerify)
+	decryptedBytes, err = io.ReadAll(decryptedReaderNoVerify)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -252,7 +251,7 @@ func TestKeyRing_EncryptDecryptStreamWithContextAndCompression(t *testing.T) {
 	if err == nil {
 		t.Fatal("Expected an error while verifying the signature before reading the data, got nil")
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -275,7 +274,7 @@ func TestKeyRing_EncryptDecryptStreamWithContextAndCompression(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while calling decrypting stream with key ring, got:", err)
 	}
-	decryptedBytes, err = ioutil.ReadAll(decryptedReaderNoVerify)
+	decryptedBytes, err = io.ReadAll(decryptedReaderNoVerify)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -399,7 +398,7 @@ func TestKeyRing_DecryptStreamCompatible(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while calling decrypting stream with key ring, got:", err)
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -468,7 +467,7 @@ func TestKeyRing_EncryptDecryptSplitStream(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while decrypting split stream with key ring, got:", err)
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -523,7 +522,7 @@ func TestKeyRing_EncryptDecryptSplitStreamWithCont(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while decrypting split stream with key ring, got:", err)
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}
@@ -665,7 +664,7 @@ func TestKeyRing_DecryptSplitStreamCompatible(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error while decrypting split stream with key ring, got:", err)
 	}
-	decryptedBytes, err := ioutil.ReadAll(decryptedReader)
+	decryptedBytes, err := io.ReadAll(decryptedReader)
 	if err != nil {
 		t.Fatal("Expected no error while reading the decrypted data, got:", err)
 	}

crypto/message.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	goerrors "errors"
 	"io"
-	"io/ioutil"
 	"regexp"
 	"strings"
 	"time"
@@ -114,7 +113,7 @@ func NewPGPMessageFromArmored(armored string) (*PGPMessage, error) {
 		return nil, errors.Wrap(err, "gopenpgp: error in unarmoring message")
 	}
 
-	message, err := ioutil.ReadAll(encryptedIO.Body)
+	message, err := io.ReadAll(encryptedIO.Body)
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: error in reading armored message")
 	}
@@ -159,7 +158,7 @@ func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error) {
 		return nil, errors.Wrap(err, "gopenpgp: error in unarmoring signature")
 	}
 
-	signature, err := ioutil.ReadAll(encryptedIO.Body)
+	signature, err := io.ReadAll(encryptedIO.Body)
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: error in reading armored signature")
 	}
@@ -186,7 +185,7 @@ func NewClearTextMessageFromArmored(signedMessage string) (*ClearTextMessage, er
 		return nil, errors.New("gopenpgp: extra data after modulus")
 	}
 
-	signature, err := ioutil.ReadAll(modulusBlock.ArmoredSignature.Body)
+	signature, err := io.ReadAll(modulusBlock.ArmoredSignature.Body)
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: error in reading cleartext message")
 	}