openpgp: Change the `decrypt` proxy in the decryption helper.

- Returning rich errors from this function may compromise secret key material due to Bleichenbacher-style attacks. Change the API to prevent this. - Hat tip to Hanno Böck. - Fixes #507.
author: Justus Winter <justus@sequoia-pgp.org> 2020-05-25 13:20:15 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-05-28 11:52:26 +0200
commit: 271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch)
tree: d30a6172c9626e6fb36db62f336bd7d80abce819 /openpgp/src/policy.rs
parent: 94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs
index fe266b79..a4635201 100644
--- a/openpgp/src/policy.rs
+++ b/openpgp/src/policy.rs
@@ -1201,7 +1201,7 @@ mod test {
             fn decrypt<D>(&mut self, _: &[PKESK], _: &[SKESK],
                           _: Option<SymmetricAlgorithm>,_: D)
                           -> Result<Option<Fingerprint>>
-                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()>
+                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
             {
                 unreachable!();
             }
@@ -1640,7 +1640,7 @@ mod test {
             fn decrypt<D>(&mut self, _: &[PKESK], _: &[SKESK],
                           _: Option<SymmetricAlgorithm>,_: D)
                           -> Result<Option<Fingerprint>>
-                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()>
+                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
             {
                 unreachable!();
             }
@@ -1763,7 +1763,7 @@ mod test {
             fn decrypt<D>(&mut self, _: &[PKESK], _: &[SKESK],
                           _: Option<SymmetricAlgorithm>, _: D)
                           -> Result<Option<Fingerprint>>
-                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> {
+                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool {
                 Ok(None)
             }
         }
@@ -1810,7 +1810,7 @@ mod test {
             fn decrypt<D>(&mut self, pkesks: &[PKESK], _: &[SKESK],
                           algo: Option<SymmetricAlgorithm>, mut decrypt: D)
                           -> Result<Option<Fingerprint>>
-                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()>
+                where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
             {
                 let p = &P::new();
                 let mut pair = Cert::from_bytes(
@@ -1819,8 +1819,7 @@ mod test {
                     .for_transport_encryption().secret().nth(0).unwrap()
                     .key().clone().into_keypair()?;
                 pkesks[0].decrypt(&mut pair, algo)
-                    .and_then(|(algo, session_key)|
-                              decrypt(algo, &session_key).ok());
+                    .map(|(algo, session_key)| decrypt(algo, &session_key));
                 Ok(None)
             }
         }
author	Justus Winter <justus@sequoia-pgp.org>	2020-05-25 13:20:15 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-05-28 11:52:26 +0200
commit	271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch)
tree	d30a6172c9626e6fb36db62f336bd7d80abce819 /openpgp/src/policy.rs
parent	94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff)