diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-18 13:06:12 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:51:33 +0200 |
| commit | 47362eed301a4954af94afe84df16ab6eddecf8d (patch) | |
| tree | f341bceb44d84b0cf071376f1165537e9ee39cb9 /openpgp/src/policy.rs | |
| parent | b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff) | |
openpgp: Change PKESK::decrypt to return an Option<_>.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
Diffstat (limited to 'openpgp/src/policy.rs')
| -rw-r--r-- | openpgp/src/policy.rs | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 259099d2..fe266b79 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -1819,8 +1819,9 @@ mod test { .for_transport_encryption().secret().nth(0).unwrap() .key().clone().into_keypair()?; pkesks[0].decrypt(&mut pair, algo) - .and_then(|(algo, session_key)| decrypt(algo, &session_key)) - .map(|_| None) + .and_then(|(algo, session_key)| + decrypt(algo, &session_key).ok()); + Ok(None) } } |