Skip to content

Commit

Permalink
docs: Add comments when handling parsing errors
Browse files Browse the repository at this point in the history
  • Loading branch information
@lubux
lubux committed Nov 14, 2024
1 parent 6525f78 commit 6e34c69
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
8 changes: 8 additions & 0 deletions openpgp/read.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,8 +234,12 @@ FindKey:
mdFinal, sensitiveParsingErr := readSignedMessage(packets, md, keyring, config)
if sensitiveParsingErr != nil {
if md.decrypted != nil {
// The data is read from a stream that decrypts using a session key;
// therefore, we need to handle parsing errors appropriately.
// It's essential to mitigate the risk of oracle attacks.
return nil, errors.HandleDecryptionSensitiveParsingError(sensitiveParsingErr)
}
// Data was not encrypted and is directly read in plaintext.
return nil, errors.StructuralError(errors.GenericParsingErrorMessage)
}
return mdFinal, nil
Expand Down Expand Up @@ -447,8 +451,12 @@ func (scr *signatureCheckReader) Read(buf []byte) (int, error) {

if sensitiveParsingError != nil {
if scr.md.decrypted != nil {
// The data is read from a stream that decrypts using a session key;
// therefore, we need to handle parsing errors appropriately.
// This is essential to mitigate the risk of oracle attacks.
return n, errors.HandleDecryptionSensitiveParsingError(sensitiveParsingError)
}
// Data was not encrypted and is directly read in plaintext.
return n, errors.StructuralError(errors.GenericParsingErrorMessage)
}

Expand Down
8 changes: 8 additions & 0 deletions openpgp/v2/read.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,8 +269,12 @@ FindKey:
mdFinal, sensitiveParsingErr := readSignedMessage(packets, md, keyring, config)
if sensitiveParsingErr != nil {
if md.decrypted != nil {
// The data is read from a stream that decrypts using a session key;
// therefore, we need to handle parsing errors appropriately.
// This is essential to mitigate the risk of oracle attacks.
return nil, errors.HandleDecryptionSensitiveParsingError(sensitiveParsingErr)
}
// Data was not encrypted and is directly read in plaintext.
return nil, errors.StructuralError(errors.GenericParsingErrorMessage)
}
return mdFinal, nil
Expand Down Expand Up @@ -654,8 +658,12 @@ func (scr *signatureCheckReader) Read(buf []byte) (int, error) {

if sensitiveParsingError != nil {
if scr.md.decrypted != nil {
// The data is read from a stream that decrypts using a session key;
// therefore, we need to handle parsing errors appropriately.
// This is essential to mitigate the risk of oracle attacks.
return n, errors.HandleDecryptionSensitiveParsingError(sensitiveParsingError)
}
// Data was not encrypted and is directly read in plaintext.
return n, errors.StructuralError(errors.GenericParsingErrorMessage)
}

Expand Down

0 comments on commit 6e34c69

Please sign in to comment.