From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH v2 15/21] crypto: record whether an actual decryption attempt happened
Date: Thu, 30 Nov 2017 03:59:40 -0500 [thread overview]
Message-ID: <20171130085946.11332-16-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20171130085946.11332-1-dkg@fifthhorseman.net>
In our consolidation of _notmuch_crypto_decrypt, the callers lost
track a little bit of whether any actual decryption was attempted.
Now that we have the more-subtle "auto" policy, it's possible that
_notmuch_crypto_decrypt could be called without having any actual
decryption take place.
This change lets the callers be a little bit smarter about whether or
not any decryption was actually attempted.
---
lib/index.cc | 17 ++++++++++++-----
mime-node.c | 4 ++--
util/crypto.c | 7 ++++++-
util/crypto.h | 3 ++-
4 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/lib/index.cc b/lib/index.cc
index af999bd3..3914012a 100644
--- a/lib/index.cc
+++ b/lib/index.cc
@@ -548,12 +548,19 @@ _index_encrypted_mime_part (notmuch_message_t *message,
}
}
#endif
- clear = _notmuch_crypto_decrypt (notmuch_indexopts_get_decrypt_policy (indexopts),
+ bool attempted = false;
+ clear = _notmuch_crypto_decrypt (&attempted, notmuch_indexopts_get_decrypt_policy (indexopts),
message, crypto_ctx, encrypted_data, NULL, &err);
- if (err) {
- _notmuch_database_log (notmuch, "Failed to decrypt during indexing. (%d:%d) [%s]\n",
- err->domain, err->code, err->message);
- g_error_free(err);
+ if (!attempted)
+ return;
+ if (err || !clear) {
+ if (err) {
+ _notmuch_database_log (notmuch, "Failed to decrypt during indexing. (%d:%d) [%s]\n",
+ err->domain, err->code, err->message);
+ g_error_free(err);
+ } else {
+ _notmuch_database_log (notmuch, "Failed to decrypt during indexing. (unknown error)\n");
+ }
/* Indicate that we failed to decrypt during indexing */
status = notmuch_message_add_property (message, "index.decryption", "failure");
if (status)
diff --git a/mime-node.c b/mime-node.c
index 49d668fe..11df082b 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -204,8 +204,8 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
if (parent->envelope_file)
break;
- node->decrypt_attempted = true;
- node->decrypted_child = _notmuch_crypto_decrypt (node->ctx->crypto->decrypt,
+ node->decrypted_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
+ node->ctx->crypto->decrypt,
parent ? parent->envelope_file : NULL,
cryptoctx, encrypteddata, &decrypt_result, &err);
}
diff --git a/util/crypto.c b/util/crypto.c
index bb587571..338f1d5d 100644
--- a/util/crypto.c
+++ b/util/crypto.c
@@ -140,7 +140,8 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypto_t *crypto))
#endif
GMimeObject *
-_notmuch_crypto_decrypt (notmuch_decryption_policy_t decrypt,
+_notmuch_crypto_decrypt (bool *attempted,
+ notmuch_decryption_policy_t decrypt,
notmuch_message_t *message,
g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
GMimeMultipartEncrypted *part,
@@ -162,6 +163,8 @@ _notmuch_crypto_decrypt (notmuch_decryption_policy_t decrypt,
g_error_free (*err);
*err = NULL;
}
+ if (attempted)
+ *attempted = true;
#if (GMIME_MAJOR_VERSION < 3)
ret = g_mime_multipart_encrypted_decrypt_session (part,
crypto_ctx,
@@ -191,6 +194,8 @@ _notmuch_crypto_decrypt (notmuch_decryption_policy_t decrypt,
if (decrypt == NOTMUCH_DECRYPT_AUTO)
return ret;
+ if (attempted)
+ *attempted = true;
#if (GMIME_MAJOR_VERSION < 3)
ret = g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
decrypt_result, err);
diff --git a/util/crypto.h b/util/crypto.h
index dc95b4ca..c384601c 100644
--- a/util/crypto.h
+++ b/util/crypto.h
@@ -16,7 +16,8 @@ typedef struct _notmuch_crypto {
} _notmuch_crypto_t;
GMimeObject *
-_notmuch_crypto_decrypt (notmuch_decryption_policy_t decrypt,
+_notmuch_crypto_decrypt (bool *attempted,
+ notmuch_decryption_policy_t decrypt,
notmuch_message_t *message,
GMimeCryptoContext* crypto_ctx,
GMimeMultipartEncrypted *part,
--
2.15.0
next prev parent reply other threads:[~2017-11-30 9:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-30 8:59 session keys, version 2 Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 01/21] mime-node: handle decrypt_result more safely Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 02/21] crypto: add _notmuch_crypto_decrypt wrapper function Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 03/21] configure: session key handling in gmime maps to built_with("session_key") Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 04/21] crypto: use stashed session-key properties for decryption, if available Daniel Kahn Gillmor
2017-11-30 15:06 ` Daniel Kahn Gillmor
2017-12-05 1:47 ` David Bremner
2017-11-30 8:59 ` [PATCH v2 05/21] test/corpora: add an encrypted message for index decryption tests Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 06/21] crypto: Test restore of cleartext index from stashed session keys Daniel Kahn Gillmor
2017-12-05 1:59 ` David Bremner
2017-12-06 2:12 ` Daniel Kahn Gillmor
2017-12-07 8:20 ` Jameson Graef Rollins
2017-12-08 7:03 ` Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 07/21] indexing: Change from try_decrypt to decrypt Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 08/21] indexopts: change _try_decrypt to _decrypt_policy Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 09/21] lib: convert notmuch decryption policy to an enum Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 10/21] crypto: new decryption policy "auto" Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 11/21] cli/reply: use decryption policy "auto" by default Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 12/21] cli/show: " Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 13/21] cli/show, reply: document use of stashed session keys in notmuch-properties Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 14/21] cli/new, insert, reindex: update documentation for --decrypt=auto Daniel Kahn Gillmor
2017-11-30 8:59 ` Daniel Kahn Gillmor [this message]
2017-11-30 8:59 ` [PATCH v2 16/21] cli/new, insert, reindex: change index.decrypt to "auto" by default Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 17/21] cli/reindex: destroy stashed session keys when --decrypt=false Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 18/21] crypto: actually stash session keys when decrypt=true Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 19/21] crypto: add --decrypt=nostash to avoid stashing session keys Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 20/21] docs: clean up documentation about decryption policies Daniel Kahn Gillmor
2017-11-30 8:59 ` [PATCH v2 21/21] python: add decrypt_policy argument to Database.index_file() Daniel Kahn Gillmor
2017-11-30 15:05 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171130085946.11332-16-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).