sloppy-rfc4880 0.2.0

RFC 4880 parser extract from the openpgp crate
Documentation

sloppy-rfc4880 Build Status crates.io docs.rs

Pure rust parser for RFC-4880 (OpenPGP Message Format). The codebase is heavily based on the openpgp crate, but all crypto code has been removed to keep the number of dependencies low for projects that only need to decode the binary packet format.

In addition, the codebase has been hardened to ensure it can handle arbitrary input without crashing. Also, an optional allocation limit has been added to avoid OOM on bogus inputs.

Fuzzing

The codebase was extensively fuzzed using cargo-fuzz and libfuzzer. The corpus folder has been bootstrapped using a full dump of a pgp keyserver:

git clone https://github.com/kpcyrd/sloppy-rfc4880
mkdir pgp
cd pgp
wget -c -r -p -e robots=off -N -l1 --cut-dirs=3 -nH http://pgp.key-server.io/dump/2018-10-07/
cd ../sloppy-rfc4880

for x in ../pgp/sks-dump-*; do
    cat "$x" | cargo run --release --example split fuzz/corpus/rfc4880/pgp
    cargo +nightly fuzz cmin --release rfc4880
done

You can download a copy of a pre-processed corpus folder from the release page.

To start fuzzing, run:

cargo +nightly fuzz run --release rfc4880 -j $(nproc) -- -timeout=240 -rss_limit_mb=500

License

Apache-2.0