diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-25 13:20:15 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:52:26 +0200 |
| commit | 271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch) | |
| tree | d30a6172c9626e6fb36db62f336bd7d80abce819 /ipc/examples | |
| parent | 94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff) | |
openpgp: Change the `decrypt` proxy in the decryption helper.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- Fixes #507.
Diffstat (limited to 'ipc/examples')
| -rw-r--r-- | ipc/examples/gpg-agent-decrypt.rs | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs index b580b353..76be71db 100644 --- a/ipc/examples/gpg-agent-decrypt.rs +++ b/ipc/examples/gpg-agent-decrypt.rs @@ -100,14 +100,15 @@ impl<'a> DecryptionHelper for Helper<'a> { sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> openpgp::Result<Option<openpgp::Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> + where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool { // Try each PKESK until we succeed. for pkesk in pkesks { if let Some(key) = self.keys.get(pkesk.recipient()) { let mut pair = KeyPair::new(self.ctx, key)?; - if let Some(_) = pkesk.decrypt(&mut pair, sym_algo) - .and_then(|(algo, session_key)| decrypt(algo, &session_key).ok()) + if pkesk.decrypt(&mut pair, sym_algo) + .map(|(algo, session_key)| decrypt(algo, &session_key)) + .unwrap_or(false) { break; } |