diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-25 13:20:15 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:52:26 +0200 |
commit | 271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch) | |
tree | d30a6172c9626e6fb36db62f336bd7d80abce819 /openpgp/src/policy.rs | |
parent | 94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff) |
openpgp: Change the `decrypt` proxy in the decryption helper.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- Fixes #507.
Diffstat (limited to 'openpgp/src/policy.rs')
-rw-r--r-- | openpgp/src/policy.rs | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index fe266b79..a4635201 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -1201,7 +1201,7 @@ mod test { fn decrypt<D>(&mut self, _: &[PKESK], _: &[SKESK], _: Option<SymmetricAlgorithm>,_: D) -> Result<Option<Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> + where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool { unreachable!(); } @@ -1640,7 +1640,7 @@ mod test { fn decrypt<D>(&mut self, _: &[PKESK], _: &[SKESK], _: Option<SymmetricAlgorithm>,_: D) -> Result<Option<Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> + where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool { unreachable!(); } @@ -1763,7 +1763,7 @@ mod test { fn decrypt<D>(&mut self, _: &[PKESK], _: &[SKESK], _: Option<SymmetricAlgorithm>, _: D) -> Result<Option<Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> { + where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool { Ok(None) } } @@ -1810,7 +1810,7 @@ mod test { fn decrypt<D>(&mut self, pkesks: &[PKESK], _: &[SKESK], algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> Result<Option<Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> + where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool { let p = &P::new(); let mut pair = Cert::from_bytes( @@ -1819,8 +1819,7 @@ mod test { .for_transport_encryption().secret().nth(0).unwrap() .key().clone().into_keypair()?; pkesks[0].decrypt(&mut pair, algo) - .and_then(|(algo, session_key)| - decrypt(algo, &session_key).ok()); + .map(|(algo, session_key)| decrypt(algo, &session_key)); Ok(None) } } |