diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-18 13:06:12 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-28 11:51:33 +0200 |
| commit | 47362eed301a4954af94afe84df16ab6eddecf8d (patch) | |
| tree | f341bceb44d84b0cf071376f1165537e9ee39cb9 /tool/src | |
| parent | b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff) | |
openpgp: Change PKESK::decrypt to return an Option<_>.
- Returning rich errors from this function may compromise secret key
material due to Bleichenbacher-style attacks. Change the API to
prevent this.
- Hat tip to Hanno Böck.
- See #507.
Diffstat (limited to 'tool/src')
| -rw-r--r-- | tool/src/commands/decrypt.rs | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs index 9e951af4..ea48eb0b 100644 --- a/tool/src/commands/decrypt.rs +++ b/tool/src/commands/decrypt.rs @@ -89,26 +89,22 @@ impl<'a> Helper<'a> { sym_algo: Option<SymmetricAlgorithm>, keypair: &mut dyn crypto::Decryptor, decrypt: &mut D) - -> openpgp::Result<Option<Fingerprint>> + -> Option<Option<Fingerprint>> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()> { let keyid = keypair.public().fingerprint().into(); match pkesk.decrypt(keypair, sym_algo) .and_then(|(algo, sk)| { - decrypt(algo, &sk)?; Ok(sk) + decrypt(algo, &sk).ok()?; Some(sk) }) { - Ok(sk) => { + Some(sk) => { if self.dump_session_key { eprintln!("Session key: {}", hex::encode(&sk)); } - Ok(self.key_identities.get(&keyid).map(|fp| fp.clone())) - }, - Err(e) => { - eprintln!("Decryption using {} failed:\n {}", - self.key_hints.get(&keyid).unwrap(), e); - Err(e) + Some(self.key_identities.get(&keyid).map(|fp| fp.clone())) }, + None => None, } } } @@ -144,7 +140,7 @@ impl<'a> DecryptionHelper for Helper<'a> { let keyid = pkesk.recipient(); if let Some(key) = self.secret_keys.get(&keyid) { if ! key.secret().is_encrypted() { - if let Ok(fp) = key.clone().into_keypair() + if let Some(fp) = key.clone().into_keypair().ok() .and_then(|mut k| self.try_decrypt(pkesk, sym_algo, &mut k, &mut decrypt)) { @@ -183,8 +179,10 @@ impl<'a> DecryptionHelper for Helper<'a> { } }; - if let Ok(fp) = self.try_decrypt(pkesk, sym_algo, &mut keypair, - &mut decrypt) { + if let Some(fp) = + self.try_decrypt(pkesk, sym_algo, &mut keypair, + &mut decrypt) + { return Ok(fp); } } @@ -196,7 +194,7 @@ impl<'a> DecryptionHelper for Helper<'a> { for pkesk in pkesks.iter().filter(|p| p.recipient().is_wildcard()) { for key in self.secret_keys.values() { if ! key.secret().is_encrypted() { - if let Ok(fp) = key.clone().into_keypair() + if let Some(fp) = key.clone().into_keypair().ok() .and_then(|mut k| self.try_decrypt(pkesk, sym_algo, &mut k, &mut decrypt)) { @@ -240,8 +238,10 @@ impl<'a> DecryptionHelper for Helper<'a> { } }; - if let Ok(fp) = self.try_decrypt(pkesk, sym_algo, &mut keypair, - &mut decrypt) { + if let Some(fp) = + self.try_decrypt(pkesk, sym_algo, &mut keypair, + &mut decrypt) + { return Ok(fp); } } |