From 271280e62d1e0ee64a8f4cbb5766b17e3edf947d Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Mon, 25 May 2020 13:20:15 +0200
Subject: openpgp: Change the `decrypt` proxy in the decryption helper.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

  - Returning rich errors from this function may compromise secret key
    material due to Bleichenbacher-style attacks.  Change the API to
    prevent this.

  - Hat tip to Hanno Böck.

  - Fixes #507.
---
 sop/src/main.rs | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'sop')

diff --git a/sop/src/main.rs b/sop/src/main.rs
index 5d707b8c..15eccf4c 100644
--- a/sop/src/main.rs
+++ b/sop/src/main.rs
@@ -672,12 +672,12 @@ impl<'a> Helper<'a> {
                       -> Option<(SymmetricAlgorithm,
                                  SessionKey,
                                  Option<Fingerprint>)>
-        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
+        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
     {
         let keyid = keypair.public().fingerprint().into();
         let (algo, sk) = pkesk.decrypt(keypair, algo)
             .and_then(|(algo, sk)| {
-                decrypt(algo, &sk).ok()?; Some((algo, sk))
+                if decrypt(algo, &sk) { Some((algo, sk)) } else { None }
             })?;
 
         Some((algo, sk, self.identities.get(&keyid).map(|fp| fp.clone())))
@@ -705,7 +705,7 @@ impl<'a> DecryptionHelper for Helper<'a> {
     fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK],
                   algo: Option<SymmetricAlgorithm>,
                   mut decrypt: D) -> openpgp::Result<Option<Fingerprint>>
-        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
+        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
     {
         // First, try all supplied session keys.
         while let Some(sk) = self.session_keys.pop() {
@@ -713,7 +713,7 @@ impl<'a> DecryptionHelper for Helper<'a> {
                 .filter(|a| a.key_size().map(|size| size == sk.len())
                         .unwrap_or(false))
             {
-                if decrypt(algo, &sk).is_ok() {
+                if decrypt(algo, &sk) {
                     self.dump_session_key(algo, &sk)?;
                     return Ok(None);
                 }
@@ -764,10 +764,13 @@ impl<'a> DecryptionHelper for Helper<'a> {
         // Finally, try to decrypt using the SKESKs.
         for password in self.passwords.iter() {
             for skesk in skesks {
-                if let Ok((algo, sk)) = skesk.decrypt(password)
+                if let Some((algo, sk)) = skesk.decrypt(password).ok()
                     .and_then(|(algo, sk)| {
-                        decrypt(algo, &sk)?;
-                        Ok((algo, sk))
+                        if decrypt(algo, &sk) {
+                            Some((algo, sk))
+                        } else {
+                            None
+                        }
                     })
                 {
                     self.dump_session_key(algo, &sk)?;
-- 
cgit v1.2.3