[PATCH 03/18] crypto: use stashed session-key properties for decryption, if available
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Oct 26 12:00:41 PDT 2017
On Wed 2017-10-25 02:51:48 -0400, Daniel Kahn Gillmor wrote:
> diff --git a/util/crypto.c b/util/crypto.c
> index 087536ec..e014db5d 100644
> --- a/util/crypto.c
> +++ b/util/crypto.c
> @@ -140,13 +140,42 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypto_t *crypto))
> #endif
>
> GMimeObject *
> -_notmuch_crypto_decrypt (g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
> +_notmuch_crypto_decrypt (notmuch_message_t *message,
> + g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
> GMimeMultipartEncrypted *part,
> GMimeDecryptResult **decrypt_result,
> GError **err)
> {
> GMimeObject *ret = NULL;
>
> + /* the versions of notmuch that can support session key decryption */
> +#if (GMIME_MAJOR_VERSION >= 3 || (GMIME_MAJOR_VERSION == 2 && GMIME_MINOR_VERSION == 6 && GMIME_MICRO_VERSION >= 21))
> + if (message) {
> + notmuch_message_properties_t *list = NULL;
> +
> + for (list = notmuch_message_get_properties (message, "session-key", TRUE);
> + notmuch_message_properties_valid (list); notmuch_message_properties_move_to_next (list)) {
> +#if (GMIME_MAJOR_VERSION < 3)
> + ret = g_mime_multipart_encrypted_decrypt_session (part,
> + crypto_ctx,
> + notmuch_message_properties_value (list),
> + decrypt_result, err);
> +#else
> + ret = g_mime_multipart_encrypted_decrypt (part,
> + GMIME_DECRYPT_NONE,
> + notmuch_message_properties_value (list),
> + decrypt_result, err);
> +#endif
> + if (ret)
> + break;
> + }
> + if (list)
> + notmuch_message_properties_destroy (list);
> + if (ret)
> + return ret;
> + }
> +#endif
> +
> #if (GMIME_MAJOR_VERSION < 3)
> ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
> decrypt_result, err);
In the change above, i realized that we might accidentally clobber the
GError of any intermediate failed decryption attempt, which would
produce a GLib warning to stderr.
In my revised/updated series ("session-keys" on
https://gitlab.com/dkg/notmuch), i clear err (if present) before each
attempted decryption. This effectively throws away all errors except
for the last one, but i think that's the right thing to do -- we'll try
whatever we can for decrypting, but if the final decryption fails,
that's the error we'd want reported back anyway.
--dkg the self-reviewer :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20171026/5fe9e2ff/attachment.sig>
More information about the notmuch
mailing list