diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-18 13:06:12 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:51:33 +0200 |
commit | 47362eed301a4954af94afe84df16ab6eddecf8d (patch) | |
tree | f341bceb44d84b0cf071376f1165537e9ee39cb9 /guide | |
parent | b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff) |
openpgp: Change PKESK::decrypt to return an Option<_>.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
Diffstat (limited to 'guide')
-rw-r--r-- | guide/src/chapter_02.md | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 64ba07cb..91b01513 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -137,10 +137,11 @@ fn main() { # let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) -# .and_then(|(algo, session_key)| decrypt(algo, &session_key)) -# .map(|_| None) +# .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); +# # // XXX: In production code, return the Fingerprint of the # // recipient's Cert here +# Ok(None) # } # } ``` @@ -282,10 +283,11 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) -# .and_then(|(algo, session_key)| decrypt(algo, &session_key)) -# .map(|_| None) +# .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); +# # // XXX: In production code, return the Fingerprint of the # // recipient's Cert here +# Ok(None) # } # } ``` @@ -427,10 +429,11 @@ fn encrypt(policy: &dyn Policy, # let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) -# .and_then(|(algo, session_key)| decrypt(algo, &session_key)) -# .map(|_| None) +# .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); +# # // XXX: In production code, return the Fingerprint of the # // recipient's Cert here +# Ok(None) # } # } ``` @@ -586,10 +589,11 @@ impl<'a> DecryptionHelper for Helper<'a> { let mut pair = key.into_keypair().unwrap(); pkesks[0].decrypt(&mut pair, sym_algo) - .and_then(|(algo, session_key)| decrypt(algo, &session_key)) - .map(|_| None) + .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); + // XXX: In production code, return the Fingerprint of the // recipient's Cert here + Ok(None) } } ``` |