Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: ReadMessage never returns an error if decryption failed #26963

Open
xqianwang opened this issue Aug 13, 2018 · 0 comments
Open

x/crypto/openpgp: ReadMessage never returns an error if decryption failed #26963

xqianwang opened this issue Aug 13, 2018 · 0 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
Milestone
Unreleased

Comments

@xqianwang
Copy link

xqianwang commented Aug 13, 2018
edited by FiloSottile

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

1.10.2

Does this issue reproduce with the latest release?

I don't know

What operating system and processor architecture are you using (go env)?

set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\xqian\AppData\Local\go-build
set GOEXE=.exe
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOOS=windows
set GOPATH=******
set GORACE=
set GOROOT=C:\Go
set GOTMPDIR=
set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users******\AppData\Local\Temp\go-build060555462=/tmp/go-build -gno-record-gcc-switches

What did you do?

func (o *OpenpgpEntity) decryptFile(file *BankFile, entityList openpgp.EntityList, passphrase []byte, testEnv bool) (bankFile *BankFile, err error) {
	zipFile := NewBankFile()
	zipFile.Path = file.DstPath
	zipFile.DstPath = file.DstPath
	fs := strings.Split(file.Filename, ".")
	zipFile.Filename = fs[0]
	nf := filepath.Join(zipFile.Path, zipFile.Filename)
	w, err := os.Create(nf)
	if err != nil {
		return nil, fmt.Errorf("Failed to create new file %s, Error: %s", nf, err)
	}

	fr, err := os.Open(filepath.Join(file.DstPath, file.Filename))
	if err != nil {
		return nil, err
	}
	defer func() {
		if err = fr.Close(); err != nil {
			log.Panicln(err)
		}
	}()

	block, err := armor.Decode(fr)
	if err != nil {
		return nil, fmt.Errorf("Failed to decode, error: %s", err)
	}
	if testEnv == true {
		if block.Type != "Message" {
			return nil, errors.New("Invalid message type")
		}
	} else {
		if block.Type != "PGP MESSAGE" {
			return nil, errors.New("Invalid message type")
		}
	}

	prompt := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		if symmetric {
			return nil, errors.New("prompt: message was marked as symmetrically encrypted")
		}

		if len(keys) == 0 {
			return nil, errors.New("prompt: no keys requested")
		}

		err = keys[0].PrivateKey.Decrypt(passphrase)
		if err != nil {
			return nil, fmt.Errorf("prompt: error decrypting key, error: %s", err)
		}

		return nil, nil
	}

	md, err := openpgp.ReadMessage(block.Body, entityList, prompt, getConfig())
	if err != nil || md == nil {
		return nil, errors.New("Failed to read content")
	}
	n, err := io.Copy(w, md.UnverifiedBody)
	if err != nil || n == 0 {
		return nil, errors.New("Failed to write to zip file")
	}
	if err = w.Close(); err != nil {
		log.Panicln(err)
	}
	zipFile.Filesize = int64(n)
	return zipFile, nil
}

What did you expect to see?

returned file point should not be nil, if it is nil, there should be some error returned when doing decruption

What did you see instead?

returned file pointer is nil and there was no error before that
@gopherbot gopherbot added this to the Unreleased milestone Aug 13, 2018
@xqianwang xqianwang changed the title x/crypto/openpgp openpgp.ReadMessage never returns an error if decryption failed. x/crypto/openpgp openpgp.ReadMessage never returns an error if decryption failed. Is openpgp compatible with gnupg version > 2.1? Aug 13, 2018
@bradfitz bradfitz changed the title x/crypto/openpgp openpgp.ReadMessage never returns an error if decryption failed. Is openpgp compatible with gnupg version > 2.1? x/crypto/openpgp: ReadMessage never returns an error if decryption failed. Is openpgp compatible with gnupg version > 2.1? Aug 13, 2018
@FiloSottile FiloSottile removed their assignment Mar 8, 2019
@FiloSottile FiloSottile added Security NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Mar 8, 2019
@FiloSottile FiloSottile changed the title x/crypto/openpgp: ReadMessage never returns an error if decryption failed. Is openpgp compatible with gnupg version > 2.1? x/crypto/openpgp: ReadMessage never returns an error if decryption failed Mar 29, 2021
@CmdrVasquess CmdrVasquess mentioned this issue May 2, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Security
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@FiloSottile @gopherbot @xqianwang