openpgp: Change PKESK::decrypt to return an Option<_>.

- Returning rich errors from this function may compromise secret key material due to Bleichenbacher-style attacks. Change the API to prevent this. - Hat tip to Hanno Böck. - See #507.
author: Justus Winter <justus@sequoia-pgp.org> 2020-05-18 13:06:12 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-05-28 11:51:33 +0200
commit: 47362eed301a4954af94afe84df16ab6eddecf8d (patch)
tree: f341bceb44d84b0cf071376f1165537e9ee39cb9 /openpgp-ffi
parent: b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/openpgp-ffi/src/packet/pkesk.rs b/openpgp-ffi/src/packet/pkesk.rs
index 084505ff..bbecddb0 100644
--- a/openpgp-ffi/src/packet/pkesk.rs
+++ b/openpgp-ffi/src/packet/pkesk.rs
@@ -48,7 +48,7 @@ pub extern "C" fn pgp_pkesk_decrypt(errp: Option<&mut *mut crate::error::Error>,
     {
         Ok(mut keypair) => {
             match pkesk.decrypt(&mut keypair, None /* XXX */) {
-                Ok((a, k)) => {
+                Some((a, k)) => {
                     *algo = a.into();
                     if !key.is_null() && *key_len >= k.len() {
                         unsafe {
@@ -60,7 +60,9 @@ pub extern "C" fn pgp_pkesk_decrypt(errp: Option<&mut *mut crate::error::Error>,
                     *key_len = k.len();
                     Status::Success
                 },
-                Err(e) => ffi_try_status!(Err::<(), anyhow::Error>(e)),
+                None => ffi_try_status!(Err::<(), anyhow::Error>(
+                    openpgp::Error::InvalidSessionKey(
+                        "Decryption failed".into()).into())),
             }
         },
         Err(e) => {
author	Justus Winter <justus@sequoia-pgp.org>	2020-05-18 13:06:12 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-05-28 11:51:33 +0200
commit	47362eed301a4954af94afe84df16ab6eddecf8d (patch)
tree	f341bceb44d84b0cf071376f1165537e9ee39cb9 /openpgp-ffi
parent	b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff)