diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-18 13:06:12 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:51:33 +0200 |
commit | 47362eed301a4954af94afe84df16ab6eddecf8d (patch) | |
tree | f341bceb44d84b0cf071376f1165537e9ee39cb9 /openpgp-ffi/src | |
parent | b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff) |
openpgp: Change PKESK::decrypt to return an Option<_>.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
Diffstat (limited to 'openpgp-ffi/src')
-rw-r--r-- | openpgp-ffi/src/packet/pkesk.rs | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/openpgp-ffi/src/packet/pkesk.rs b/openpgp-ffi/src/packet/pkesk.rs index 084505ff..bbecddb0 100644 --- a/openpgp-ffi/src/packet/pkesk.rs +++ b/openpgp-ffi/src/packet/pkesk.rs @@ -48,7 +48,7 @@ pub extern "C" fn pgp_pkesk_decrypt(errp: Option<&mut *mut crate::error::Error>, { Ok(mut keypair) => { match pkesk.decrypt(&mut keypair, None /* XXX */) { - Ok((a, k)) => { + Some((a, k)) => { *algo = a.into(); if !key.is_null() && *key_len >= k.len() { unsafe { @@ -60,7 +60,9 @@ pub extern "C" fn pgp_pkesk_decrypt(errp: Option<&mut *mut crate::error::Error>, *key_len = k.len(); Status::Success }, - Err(e) => ffi_try_status!(Err::<(), anyhow::Error>(e)), + None => ffi_try_status!(Err::<(), anyhow::Error>( + openpgp::Error::InvalidSessionKey( + "Decryption failed".into()).into())), } }, Err(e) => { |