From afa7e083de878d560747123e1624ffd3d82ad4af Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Mon, 1 Sep 2025 17:33:54 +0200
Subject: [PATCH] Use bufferless transforms

Don't pull the input stream as much while the output stream isn't being
read yet.

This should reduce memory usage somewhat when streaming.
---
 package-lock.json              |  9 ++++-----
 package.json                   |  2 +-
 test/general/signature.js      | 13 ++++++++-----
 test/typescript/definitions.ts |  8 ++++----
 4 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0cfca5a9..7559850f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
         "@openpgp/jsdoc": "^4.0.4",
         "@openpgp/seek-bzip": "^1.0.5-git",
         "@openpgp/tweetnacl": "^1.0.4-2",
-        "@openpgp/web-stream-tools": "~0.2.1",
+        "@openpgp/web-stream-tools": "~0.3.0",
         "@rollup/plugin-alias": "^5.1.1",
         "@rollup/plugin-commonjs": "^28.0.9",
         "@rollup/plugin-node-resolve": "^16.0.3",
@@ -1429,11 +1429,10 @@
       "license": "Unlicense"
     },
     "node_modules/@openpgp/web-stream-tools": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/@openpgp/web-stream-tools/-/web-stream-tools-0.2.1.tgz",
-      "integrity": "sha512-gE6+8mVrpKOa9RurAP+TToUo/DCGLNfpnRiq/YuA5Dq/rUAVSeM6Ejrgl25qpRiOQb/qcGyM25m1l9eE4aPdfw==",
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@openpgp/web-stream-tools/-/web-stream-tools-0.3.0.tgz",
+      "integrity": "sha512-WGCcIti5uAwySkdny5IJ975Vu6fS45LE9Ce3M7vylIWOZwzL4qFUFclskZ6JU7rQ1zgoze6CQ//QKFc/ML2uqw==",
       "dev": true,
-      "license": "MIT",
       "engines": {
         "node": ">= 18.0.0"
       },
diff --git a/package.json b/package.json
index 2356b8b7..477f4425 100644
--- a/package.json
+++ b/package.json
@@ -70,7 +70,7 @@
     "@openpgp/jsdoc": "^4.0.4",
     "@openpgp/seek-bzip": "^1.0.5-git",
     "@openpgp/tweetnacl": "^1.0.4-2",
-    "@openpgp/web-stream-tools": "~0.2.1",
+    "@openpgp/web-stream-tools": "~0.3.0",
     "@rollup/plugin-alias": "^5.1.1",
     "@rollup/plugin-commonjs": "^28.0.9",
     "@rollup/plugin-node-resolve": "^16.0.3",
diff --git a/test/general/signature.js b/test/general/signature.js
index d3f251bf..3075e395 100644
--- a/test/general/signature.js
+++ b/test/general/signature.js
@@ -988,12 +988,12 @@ AkLaG/AkATpuH+DMkYDmKbDLGgD+N4yuxXBJmBfC2IBe4J1S2Gg=
       format: 'object'
     });
     await loadStreamsPolyfill();
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
       verificationKeys: expiredKey,
       message: await openpgp.readMessage({ armoredMessage: stream.toStream(armoredMessage) }),
       config: { minRSABits: 1024 }
-
     });
+    await stream.readToEnd(data);
     await expect(sigInfo.verified).to.be.rejectedWith(/Primary key is expired/);
   });
 
@@ -1019,11 +1019,12 @@ aMsUdQBgnPAcSGVsbG8gV29ybGQgOik=
       format: 'object'
     });
     await loadStreamsPolyfill();
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
       verificationKeys: expiredKey,
       message: await openpgp.readMessage({ armoredMessage: stream.toStream(armoredMessage) }),
       config: { minRSABits: 1024 }
     });
+    await stream.readToEnd(data);
     await expect(sigInfo.verified).to.be.rejectedWith(/Primary key is expired/);
   });
 
@@ -1049,11 +1050,12 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
       format: 'object'
     });
     await loadStreamsPolyfill();
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
       verificationKeys: expiredKey,
       message: await openpgp.readMessage({ armoredMessage: stream.toStream(armoredMessage) }),
       config: { minRSABits: 1024 }
     });
+    await stream.readToEnd(data);
     expect(await sigInfo.verified).to.be.true;
   });
 
@@ -1078,11 +1080,12 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
       date: key.keyPacket.created,
       format: 'object'
     });
-    const { signatures: [sigInfo] } = await openpgp.verify({
+    const { data, signatures: [sigInfo] } = await openpgp.verify({
       verificationKeys: expiredKey,
       message: await openpgp.readMessage({ armoredMessage }),
       config: { minRSABits: 1024 }
     });
+    await stream.readToEnd(data);
     expect(await sigInfo.verified).to.be.true;
   });
 
diff --git a/test/typescript/definitions.ts b/test/typescript/definitions.ts
index 10449442..70f4c50d 100644
--- a/test/typescript/definitions.ts
+++ b/test/typescript/definitions.ts
@@ -223,10 +223,10 @@ import {
   } catch {}
   const webTextStream = new WebReadableStream<string>();
   const messageFromWebTextStream = await createMessage({ text: webTextStream });
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-  (await encrypt({ message: messageFromWebTextStream, passwords: 'password', format: 'armored' })) as WebStream<string>;
   messageFromWebTextStream.getText() as WebStream<string>;
   messageFromWebTextStream.getLiteralData() as WebStream<Uint8Array>;
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
+  (await encrypt({ message: messageFromWebTextStream, passwords: 'password', format: 'armored' })) as WebStream<string>;
 
   // Streaming - encrypt binary message (binary output)
   try {
@@ -237,10 +237,10 @@ import {
   } catch {}
   const webBinaryStream = new WebReadableStream<Uint8Array>();
   const messageFromWebBinaryStream = await createMessage({ binary: webBinaryStream });
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-  (await encrypt({ message: messageFromWebBinaryStream, passwords: 'password', format: 'binary' })) as WebStream<Uint8Array>;
   messageFromWebBinaryStream.getText() as WebStream<string>;
   messageFromWebBinaryStream.getLiteralData() as WebStream<Uint8Array>;
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
+  (await encrypt({ message: messageFromWebBinaryStream, passwords: 'password', format: 'binary' })) as WebStream<Uint8Array>;
 
   console.log('TypeScript definitions are correct');
 })().catch(e => {