diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-25 13:20:15 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:52:26 +0200 |
commit | 271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch) | |
tree | d30a6172c9626e6fb36db62f336bd7d80abce819 /guide | |
parent | 94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff) |
openpgp: Change the `decrypt` proxy in the decryption helper.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- Fixes #507.
Diffstat (limited to 'guide')
-rw-r--r-- | guide/src/chapter_02.md | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 91b01513..fe7e9856 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -126,7 +126,7 @@ fn main() { # sym_algo: Option<SymmetricAlgorithm>, # mut decrypt: D) # -> openpgp::Result<Option<openpgp::Fingerprint>> -# where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> +# where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool # { # // The encryption key is the first and only subkey. # let key = self.secret.keys().unencrypted_secret() @@ -137,7 +137,7 @@ fn main() { # let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) -# .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); +# .map(|(algo, session_key)| decrypt(algo, &session_key)); # # // XXX: In production code, return the Fingerprint of the # // recipient's Cert here @@ -272,7 +272,7 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # sym_algo: Option<SymmetricAlgorithm>, # mut decrypt: D) # -> openpgp::Result<Option<openpgp::Fingerprint>> -# where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> +# where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool # { # // The encryption key is the first and only subkey. # let key = self.secret.keys().unencrypted_secret() @@ -283,7 +283,7 @@ fn generate() -> openpgp::Result<openpgp::Cert> { # let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) -# .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); +# .map(|(algo, session_key)| decrypt(algo, &session_key)); # # // XXX: In production code, return the Fingerprint of the # // recipient's Cert here @@ -418,7 +418,7 @@ fn encrypt(policy: &dyn Policy, # sym_algo: Option<SymmetricAlgorithm>, # mut decrypt: D) # -> openpgp::Result<Option<openpgp::Fingerprint>> -# where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> +# where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool # { # // The encryption key is the first and only subkey. # let key = self.secret.keys().unencrypted_secret() @@ -429,7 +429,7 @@ fn encrypt(policy: &dyn Policy, # let mut pair = key.into_keypair().unwrap(); # # pkesks[0].decrypt(&mut pair, sym_algo) -# .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); +# .map(|(algo, session_key)| decrypt(algo, &session_key)); # # // XXX: In production code, return the Fingerprint of the # // recipient's Cert here @@ -578,7 +578,7 @@ impl<'a> DecryptionHelper for Helper<'a> { sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> openpgp::Result<Option<openpgp::Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> + where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool { // The encryption key is the first and only subkey. let key = self.secret.keys().unencrypted_secret() @@ -589,7 +589,7 @@ impl<'a> DecryptionHelper for Helper<'a> { let mut pair = key.into_keypair().unwrap(); pkesks[0].decrypt(&mut pair, sym_algo) - .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()); + .map(|(algo, session_key)| decrypt(algo, &session_key)); // XXX: In production code, return the Fingerprint of the // recipient's Cert here |