Skip to content

Fix endless loop in x/crypto/openpgp func ReadMessage#690

Merged
autrilla merged 4 commits intogetsops:developfrom
uwehdaub:develop
Jul 14, 2020
Merged

Fix endless loop in x/crypto/openpgp func ReadMessage#690
autrilla merged 4 commits intogetsops:developfrom
uwehdaub:develop

Conversation

@uwehdaub
Copy link
Contributor

@uwehdaub uwehdaub commented Jul 8, 2020

I wasn't able to write tests for it, because for this problem to occur, I had to produce a slightly inconsistent state
with private keys. I guess this only occurs if some old private key (GPG 1?) are migrated to GPG 2.
But this is only guessing.

Nevertheless I was able to test it locally with my GPG key, which produced this problem, before I fixed it.

@metro-digital-github-maintenance
Fix tests
285f4dc
@metro-digital-github-maintenance
Fix endless loop in x/crypto/openpgp func ReadMessage
46babd0 
This fixes getsops#665
See also golang/go#28786

In some strange situations it can happen, that openpgp.ReadMessage()
runs into a endless loop. This seems to be triggered by a slightly
inconsistency in key settings.
It happened to me, but I wasn't able to reproduce it with a fresh key.
A proposed solution from the x/crypto community was, to break this loop
in the callback passphrasePrompt.
@uwehdaub uwehdaub mentioned this pull request Jul 8, 2020
Closed
@uwehdaub
Copy link
Contributor Author

uwehdaub commented Jul 8, 2020
edited
Loading

I fixed the test, so that they run locally, but this now breaks TravisCI.
Is this a well-known problem with the tests?

autrilla
autrilla approved these changes Jul 8, 2020
View reviewed changes
Copy link
Contributor

@autrilla autrilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. The lack of tests is acceptable in this case.

pgp/keysource.go Outdated
maxCalls := 3
return func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
if callCounter >= maxCalls {
return nil, fmt.Errorf("function passphrasePrompt called more than once")
Copy link
Contributor

@autrilla autrilla Jul 8, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return nil, fmt.Errorf("function passphrasePrompt called more than once")
return nil, fmt.Errorf("function passphrasePrompt called too many times")

I have no idea what the cause of the issue is, but if it's known, we could hint at the user what it is.

@autrilla
Copy link
Contributor

autrilla commented Jul 8, 2020

I fixed the test, so that they run locally, but this now breaks TravisCI.
Is this a well-known problem with the tests?

It is. #576 had a fix for it, but we never ended up merging it.

@codecov-commenter
Copy link

codecov-commenter commented Jul 9, 2020

Codecov Report

Merging #690 into develop will increase coverage by 0.02%.
The diff coverage is 12.50%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #690      +/-   ##
===========================================
+ Coverage    38.23%   38.26%   +0.02%     
===========================================
  Files           23       23              
  Lines         3329     3335       +6     
===========================================
+ Hits          1273     1276       +3     
- Misses        1927     1929       +2     
- Partials       129      130       +1
Impacted Files Coverage Δ
pgp/keysource.go 32.89% <12.50%> (+0.46%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7ae1968...5ff1968. Read the comment docs.

@autrilla
Copy link
Contributor

autrilla commented Jul 14, 2020

Thanks!

@autrilla autrilla merged commit 4f06780 into getsops:develop Jul 14, 2020
@ursuad ursuad mentioned this pull request Jul 16, 2020
Closed
clelange pushed a commit to clelange/sops that referenced this pull request Jul 19, 2020
@uwehdaub @clelange
Fix endless loop in x/crypto/openpgp func ReadMessage (getsops#690)
7af0d43 
* Fix tests

* Fix endless loop in x/crypto/openpgp func ReadMessage

This fixes getsops#665
See also golang/go#28786

In some strange situations it can happen, that openpgp.ReadMessage()
runs into a endless loop. This seems to be triggered by a slightly
inconsistency in key settings.
It happened to me, but I wasn't able to reproduce it with a fresh key.
A proposed solution from the x/crypto community was, to break this loop
in the callback passphrasePrompt.

* Revert "Fix tests"

This reverts commit 285f4dc.

* Improve error description

getsops#690 (comment)
Ph0tonic added a commit to Ph0tonic/sops that referenced this pull request Nov 14, 2023
@Ph0tonic
Reactivate tests waiting for getsops#690
4282e76 
Signed-off-by: Bastien <bastien.wermeille@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@autrilla autrilla autrilla approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@uwehdaub @autrilla @codecov-commenter @metro-digital-github-maintenance