From 3b0b2e2905f03befa9e14163764c9cb797caf9d9 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Mon, 23 Nov 2020 14:30:46 +0100
Subject: openpgp: Require Mode to be Send + Sync.

---
 Cargo.lock                                     | 58 +++++++++++---------------
 openpgp/Cargo.toml                             |  4 +-
 openpgp/src/crypto/backend/cng/symmetric.rs    | 24 +++++++----
 openpgp/src/crypto/backend/nettle/symmetric.rs |  2 +-
 openpgp/src/crypto/symmetric.rs                |  2 +-
 5 files changed, 43 insertions(+), 47 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f699f174..96ba0e7b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -216,15 +216,6 @@ dependencies = [
  "generic-array 0.14.4",
 ]
 
-[[package]]
-name = "block-cipher"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f337a3e6da609650eb74e02bc9fac7b735049f7623ab12f2e4c719316fcc7e80"
-dependencies = [
- "generic-array 0.14.4",
-]
-
 [[package]]
 name = "block-padding"
 version = "0.1.5"
@@ -370,6 +361,15 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "cipher"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801"
+dependencies = [
+ "generic-array 0.14.4",
+]
+
 [[package]]
 name = "clang-sys"
 version = "0.28.1"
@@ -398,9 +398,9 @@ dependencies = [
 
 [[package]]
 name = "cmac"
-version = "0.4.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5220604fe5c112e2851b00da795c72cbb71bf112f2cbd532bdcfb4106eeb320b"
+checksum = "73d4de4f7724e5fe70addfb2bd37c2abd2f95084a429d7773b0b9645499b4272"
 dependencies = [
  "crypto-mac",
  "dbl",
@@ -489,11 +489,11 @@ dependencies = [
 
 [[package]]
 name = "crypto-mac"
-version = "0.9.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "58bcd97a54c7ca5ce2f6eb16f6bede5b0ab5f0055fedc17d2f0b4466e21671ca"
+checksum = "4857fd85a0c34b3c3297875b747c1e02e06b6a0ea32dd892d8192b9ce0813ea6"
 dependencies = [
- "block-cipher",
+ "cipher",
  "generic-array 0.14.4",
  "subtle",
 ]
@@ -532,11 +532,11 @@ dependencies = [
 
 [[package]]
 name = "ctr"
-version = "0.5.0"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc03dee3a2843ac6eb4b5fb39cfcf4cb034d078555d1f4a0afbed418b822f3c2"
+checksum = "fb4a30d54f7443bf3d6191dcd486aca19e67cb3c49fa7a06a319966346707e7f"
 dependencies = [
- "stream-cipher",
+ "cipher",
 ]
 
 [[package]]
@@ -649,12 +649,12 @@ checksum = "4c53dc3a653e0f64081026e4bf048d48fec9fce90c66e8326ca7292df0ff2d82"
 
 [[package]]
 name = "eax"
-version = "0.2.0"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f8b7fcdee0a9cc0d80bb9547c4298efddced5744be0018aad97133efeda6474"
+checksum = "e1f76e7a5e594b299a0fa9a99de627530725e341df41376aa342aecb2c5eb76e"
 dependencies = [
  "aead",
- "block-cipher",
+ "cipher",
  "cmac",
  "ctr",
  "subtle",
@@ -2102,7 +2102,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b5c5bac82e1474cc9c934496c444da0e1ee7d55ae29e3e675c9a6c587daca5d"
 dependencies = [
  "digest 0.9.0",
- "generic-array 0.12.3",
+ "generic-array 0.14.4",
  "libc",
 ]
 
@@ -2189,16 +2189,6 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
-[[package]]
-name = "stream-cipher"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c80e15f898d8d8f25db24c253ea615cc14acf418ff307822995814e7d42cfa89"
-dependencies = [
- "block-cipher",
- "generic-array 0.14.4",
-]
-
 [[package]]
 name = "string_cache"
 version = "0.8.0"
@@ -2551,11 +2541,11 @@ checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
 
 [[package]]
 name = "win-crypto-ng"
-version = "0.3.0"
+version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46f32a81d56493638a7f2d1f63e927f6ca706072b3b6c818a8cb071d65a6c9d8"
+checksum = "24cf92e98e8f4ade45b5140795415a0f256fd9b69a1919248dcda11ba5d6466c"
 dependencies = [
- "block-cipher",
+ "cipher",
  "doc-comment",
  "rand_core",
  "winapi 0.3.9",
diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml
index 7edae719..000de1d0 100644
--- a/openpgp/Cargo.toml
+++ b/openpgp/Cargo.toml
@@ -44,11 +44,11 @@ backtrace = "0.3.46"
 unicode-normalization = "0.1.9"
 
 [target.'cfg(windows)'.dependencies]
-win-crypto-ng = { version = "0.3", features = ["rand", "block-cipher"], optional = true }
+win-crypto-ng = { version = "0.4", features = ["rand", "block-cipher"], optional = true }
 num-bigint-dig = { version = "0.6", default-features = false, optional = true }
 ed25519-dalek = { version = "1", default-features = false, features = ["rand", "u64_backend"], optional = true }
 winapi = { version = "0.3", default-features = false, features = ["bcrypt"], optional = true }
-eax = "0.2"
+eax = "0.3"
 
 [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dependencies]
 chrono = { version = "0.4", default-features = false, features = ["std"] }
diff --git a/openpgp/src/crypto/backend/cng/symmetric.rs b/openpgp/src/crypto/backend/cng/symmetric.rs
index 7d8281e7..432e6679 100644
--- a/openpgp/src/crypto/backend/cng/symmetric.rs
+++ b/openpgp/src/crypto/backend/cng/symmetric.rs
@@ -1,4 +1,5 @@
 use std::convert::TryFrom;
+use std::sync::Mutex;
 
 use win_crypto_ng::symmetric as cng;
 
@@ -8,9 +9,10 @@ use crate::{Error, Result};
 use crate::types::SymmetricAlgorithm;
 
 
-impl Mode for cng::SymmetricAlgorithmKey {
+impl Mode for Mutex<cng::SymmetricAlgorithmKey> {
     fn block_size(&self) -> usize {
-        self.block_size().expect("CNG not to fail internally")
+        self.lock().expect("Mutex not to be poisoned")
+            .block_size().expect("CNG not to fail internally")
     }
 
     fn encrypt(
@@ -35,7 +37,9 @@ impl Mode for cng::SymmetricAlgorithmKey {
 
         let len = std::cmp::min(src.len(), dst.len());
         // NOTE: `None` IV is required for ECB mode but we don't ever use it.
-        let buffer = cng::SymmetricAlgorithmKey::encrypt(self, Some(iv), src, None)?;
+        let buffer = cng::SymmetricAlgorithmKey::encrypt(
+            &*self.lock().expect("Mutex not to be poisoned"),
+            Some(iv), src, None)?;
         Ok(dst[..len].copy_from_slice(&buffer.as_slice()[..len]))
     }
 
@@ -61,7 +65,9 @@ impl Mode for cng::SymmetricAlgorithmKey {
 
         let len = std::cmp::min(src.len(), dst.len());
         // NOTE: `None` IV is required for ECB mode but we don't ever use it.
-        let buffer = cng::SymmetricAlgorithmKey::decrypt(self, Some(iv), src, None)?;
+        let buffer = cng::SymmetricAlgorithmKey::decrypt(
+            &*self.lock().expect("Mutex not to be poisoned"),
+            Some(iv), src, None)?;
         dst[..len].copy_from_slice(&buffer.as_slice()[..len]);
 
         Ok(())
@@ -151,7 +157,7 @@ impl SymmetricAlgorithm {
         // set to 8-bit CFB)
         key.set_msg_block_len(key.block_size()?)?;
 
-        Ok(Box::new(key))
+        Ok(Box::new(Mutex::new(key)))
     }
 
     /// Creates a symmetric cipher context for decrypting in CFB mode.
@@ -165,11 +171,11 @@ impl SymmetricAlgorithm {
 
         let algo = cng::SymmetricAlgorithm::open(algo, cng::ChainingMode::Cbc)?;
 
-        Ok(Box::new(
+        Ok(Box::new(Mutex::new(
             algo.new_key(key).expect(
                 "CNG to successfully create a symmetric key for valid/supported algorithm"
             )
-        ))
+        )))
     }
 
     /// Creates a Nettle context for decrypting in CBC mode.
@@ -178,10 +184,10 @@ impl SymmetricAlgorithm {
 
         let algo = cng::SymmetricAlgorithm::open(algo, cng::ChainingMode::Cbc)?;
 
-        Ok(Box::new(
+        Ok(Box::new(Mutex::new(
             algo.new_key(key).expect(
                 "CNG to successfully create a symmetric key for valid/supported algorithm"
             )
-        ))
+        )))
     }
 }
diff --git a/openpgp/src/crypto/backend/nettle/symmetric.rs b/openpgp/src/crypto/backend/nettle/symmetric.rs
index f25bcd7e..8ce4cdc6 100644
--- a/openpgp/src/crypto/backend/nettle/symmetric.rs
+++ b/openpgp/src/crypto/backend/nettle/symmetric.rs
@@ -6,7 +6,7 @@ use crate::crypto::symmetric::Mode;
 use crate::{Error, Result};
 use crate::types::SymmetricAlgorithm;
 
-impl<T: nettle::mode::Mode> Mode for T {
+impl<T: nettle::mode::Mode + Send + Sync> Mode for T {
     fn block_size(&self) -> usize {
         self.block_size()
     }
diff --git a/openpgp/src/crypto/symmetric.rs b/openpgp/src/crypto/symmetric.rs
index 089efd5d..d442a684 100644
--- a/openpgp/src/crypto/symmetric.rs
+++ b/openpgp/src/crypto/symmetric.rs
@@ -13,7 +13,7 @@ use buffered_reader::BufferedReader;
 /// Block cipher mode of operation.
 ///
 /// Block modes govern how a block cipher processes data spanning multiple blocks.
-pub(crate) trait Mode {
+pub(crate) trait Mode: Send + Sync {
     /// Block size of the underlying cipher in bytes.
     fn block_size(&self) -> usize;
 
-- 
cgit v1.2.3