diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-18 13:06:12 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:51:33 +0200 |
commit | 47362eed301a4954af94afe84df16ab6eddecf8d (patch) | |
tree | f341bceb44d84b0cf071376f1165537e9ee39cb9 /openpgp/src/packet/pkesk.rs | |
parent | b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff) |
openpgp: Change PKESK::decrypt to return an Option<_>.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
Diffstat (limited to 'openpgp/src/packet/pkesk.rs')
-rw-r--r-- | openpgp/src/packet/pkesk.rs | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs index 0724e50f..f92c596e 100644 --- a/openpgp/src/packet/pkesk.rs +++ b/openpgp/src/packet/pkesk.rs @@ -128,8 +128,22 @@ impl PKESK3 { /// /// Returns the session key and symmetric algorithm used to /// encrypt the following payload. + /// + /// Returns `None` on errors. This prevents leaking information + /// to an attacker, which could lead to compromise of secret key + /// material with certain algorithms (RSA). See [Section 14 of + /// RFC 4880]. + /// + /// [Section 14 of RFC 4880]: https://tools.ietf.org/html/rfc4880#section-14 pub fn decrypt(&self, decryptor: &mut dyn Decryptor, sym_algo_hint: Option<SymmetricAlgorithm>) + -> Option<(SymmetricAlgorithm, SessionKey)> + { + self.decrypt_insecure(decryptor, sym_algo_hint).ok() + } + + fn decrypt_insecure(&self, decryptor: &mut dyn Decryptor, + sym_algo_hint: Option<SymmetricAlgorithm>) -> Result<(SymmetricAlgorithm, SessionKey)> { let plaintext_len = if let Some(s) = sym_algo_hint { |