Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/openpgp: PromptFunction infinite loop #9315

Closed
AndrewVos opened this issue Dec 14, 2014 · 6 comments
Closed

x/crypto/openpgp: PromptFunction infinite loop #9315

AndrewVos opened this issue Dec 14, 2014 · 6 comments

Comments

@AndrewVos
Copy link

ReadMessage PromptFunction is called forever.

If PromptFunction returns the correct key the first time, then decryption succeeds. If, however, you return the correct key any time after the first time then decryption will never succeed and PromptFunction gets called forever.

@AndrewVos
Copy link
Author

Example code is here: https://gist.github.com/AndrewVos/2378569c32d4fbff9b49

@mikioh mikioh changed the title go.crypto/openpgp PromptFunction infinite loop openpgp: PromptFunction infinite loop Jan 4, 2015
@marete
Copy link
Contributor

marete commented Jan 4, 2015

I am happy to tackle this if no one else is working on it. You may assign it to me.

@mikioh
Copy link
Contributor

mikioh commented Jan 6, 2015

@marete, feel free to send a cl (changelist); http://golang.org/doc/contribute.html

@marete
Copy link
Contributor

marete commented Jan 8, 2015

AndrewVos: Please download and test this CL, which should fix the problem: https://go-review.googlesource.com/2570

@rsc rsc added this to the Unplanned milestone Apr 10, 2015
@rsc rsc removed the release-none label Apr 10, 2015
@rsc rsc changed the title openpgp: PromptFunction infinite loop x/crypto/openpgp: PromptFunction infinite loop Apr 14, 2015
@rsc rsc modified the milestones: Unreleased, Unplanned Apr 14, 2015
@rsc rsc removed the repo-crypto label Apr 14, 2015
@odeke-em
Copy link
Member

odeke-em commented May 8, 2016

@marete and @bradfitz, I think @agl fixed this issue with https://go-review.googlesource.com/#/c/14038 but since in the commit message of that CL the magic word Fixes golang/go#9315 wasn't used but instead used Fixes #9315 yet openpgp project belongs under golang/x/crypto, this issue was not auto-closed nor referenced here. This also means that CL https://go-review.googlesource.com/2570 may not be needed either.
Please get the latest @AndrewVos and verify.

@odeke-em
Copy link
Member

Ping!

@golang golang locked and limited conversation to collaborators Jul 17, 2017
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Nov 24, 2019
SymmetricKeyEncrypted cached the results of decryption so, if a bad
password was given, ReadMessage would prompt forever because a later,
correct password wouldn't override the cached decryption.

The SymmetricKeyEncrypted object can't know whether a given passphrase
is correct so it should never have been a mutable object in the first
place. This change makes it so that it doesn't cache anything.

Fixes golang#9315

Change-Id: Ic2b75f7f60a575e2182ac7e5c5d4198597c5d0a2
Reviewed-on: https://go-review.googlesource.com/14038
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
@rsc rsc unassigned marete Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

8 participants