[PATCH 03/18] crypto: use stashed session-key properties for decryption, if available

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 26 12:00:41 PDT 2017 

On Wed 2017-10-25 02:51:48 -0400, Daniel Kahn Gillmor wrote:
> diff --git a/util/crypto.c b/util/crypto.c
> index 087536ec..e014db5d 100644
> --- a/util/crypto.c
> +++ b/util/crypto.c
> @@ -140,13 +140,42 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypto_t *crypto))
>  #endif
>  
>  GMimeObject *
> -_notmuch_crypto_decrypt (g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
> +_notmuch_crypto_decrypt (notmuch_message_t *message,
> +			 g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
>  			 GMimeMultipartEncrypted *part,
>  			 GMimeDecryptResult **decrypt_result,
>  			 GError **err)
>  {
>      GMimeObject *ret = NULL;
>  
> +    /* the versions of notmuch that can support session key decryption */
> +#if (GMIME_MAJOR_VERSION >= 3 || (GMIME_MAJOR_VERSION == 2 && GMIME_MINOR_VERSION == 6 && GMIME_MICRO_VERSION >= 21))
> +    if (message) {
> +	notmuch_message_properties_t *list = NULL;
> +
> +	for (list = notmuch_message_get_properties (message, "session-key", TRUE);
> +	     notmuch_message_properties_valid (list); notmuch_message_properties_move_to_next (list)) {
> +#if (GMIME_MAJOR_VERSION < 3)
> +	    ret = g_mime_multipart_encrypted_decrypt_session (part,
> +							      crypto_ctx,
> +							      notmuch_message_properties_value (list),
> +							      decrypt_result, err);
> +#else
> +	    ret = g_mime_multipart_encrypted_decrypt (part,
> +						      GMIME_DECRYPT_NONE,
> +						      notmuch_message_properties_value (list),
> +						      decrypt_result, err);
> +#endif
> +	    if (ret)
> +		break;
> +	}
> +	if (list)
> +	    notmuch_message_properties_destroy (list);
> +	if (ret)
> +	    return ret;
> +    }
> +#endif
> +
>  #if (GMIME_MAJOR_VERSION < 3)
>      ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
>  					     decrypt_result, err);

In the change above, i realized that we might accidentally clobber the
GError of any intermediate failed decryption attempt, which would
produce a GLib warning to stderr.

In my revised/updated series ("session-keys" on
https://gitlab.com/dkg/notmuch), i clear err (if present) before each
attempted decryption.  This effectively throws away all errors except
for the last one, but i think that's the right thing to do -- we'll try
whatever we can for decrypting, but if the final decryption fails,
that's the error we'd want reported back anyway.

           --dkg the self-reviewer :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20171026/5fe9e2ff/attachment.sig>

More information about the notmuch mailing list