openpgp: Change PKESK::decrypt to return an Option<_>.

- Returning rich errors from this function may compromise secret key material due to Bleichenbacher-style attacks. Change the API to prevent this. - Hat tip to Hanno Böck. - See #507.
author: Justus Winter <justus@sequoia-pgp.org> 2020-05-18 13:06:12 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-05-28 11:51:33 +0200
commit: 47362eed301a4954af94afe84df16ab6eddecf8d (patch)
tree: f341bceb44d84b0cf071376f1165537e9ee39cb9 /guide
parent: b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff)
1 files changed, 12 insertions, 8 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md
index 64ba07cb..91b01513 100644
--- a/guide/src/chapter_02.md
+++ b/guide/src/chapter_02.md
@@ -137,10 +137,11 @@ fn main() {
 #         let mut pair = key.into_keypair().unwrap();
 #
 #         pkesks[0].decrypt(&mut pair, sym_algo)
-#             .and_then(|(algo, session_key)| decrypt(algo, &session_key))
-#             .map(|_| None)
+#             .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok());
+#
 #         // XXX: In production code, return the Fingerprint of the
 #         // recipient's Cert here
+#         Ok(None)
 #     }
 # }
 ```
@@ -282,10 +283,11 @@ fn generate() -> openpgp::Result<openpgp::Cert> {
 #         let mut pair = key.into_keypair().unwrap();
 #
 #         pkesks[0].decrypt(&mut pair, sym_algo)
-#             .and_then(|(algo, session_key)| decrypt(algo, &session_key))
-#             .map(|_| None)
+#             .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok());
+#
 #         // XXX: In production code, return the Fingerprint of the
 #         // recipient's Cert here
+#         Ok(None)
 #     }
 # }
 ```
@@ -427,10 +429,11 @@ fn encrypt(policy: &dyn Policy,
 #         let mut pair = key.into_keypair().unwrap();
 #
 #         pkesks[0].decrypt(&mut pair, sym_algo)
-#             .and_then(|(algo, session_key)| decrypt(algo, &session_key))
-#             .map(|_| None)
+#             .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok());
+#
 #         // XXX: In production code, return the Fingerprint of the
 #         // recipient's Cert here
+#         Ok(None)
 #     }
 # }
 ```
@@ -586,10 +589,11 @@ impl<'a> DecryptionHelper for Helper<'a> {
         let mut pair = key.into_keypair().unwrap();
 
         pkesks[0].decrypt(&mut pair, sym_algo)
-            .and_then(|(algo, session_key)| decrypt(algo, &session_key))
-            .map(|_| None)
+            .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok());
+
         // XXX: In production code, return the Fingerprint of the
         // recipient's Cert here
+		Ok(None)
     }
 }
 ```
author	Justus Winter <justus@sequoia-pgp.org>	2020-05-18 13:06:12 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-05-28 11:51:33 +0200
commit	47362eed301a4954af94afe84df16ab6eddecf8d (patch)
tree	f341bceb44d84b0cf071376f1165537e9ee39cb9 /guide
parent	b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff)