From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 674A96DE0A7F for ; Thu, 26 Oct 2017 12:32:02 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.033 X-Spam-Level: X-Spam-Status: No, score=-0.033 tagged_above=-999 required=5 tests=[AWL=-0.033] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYo5XVLb108z for ; Thu, 26 Oct 2017 12:32:01 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id 10F976DE01EA for ; Thu, 26 Oct 2017 12:32:00 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 42A89F99A for ; Thu, 26 Oct 2017 15:31:59 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 32637209D0; Thu, 26 Oct 2017 15:00:45 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available In-Reply-To: <20171025065203.24403-4-dkg@fifthhorseman.net> References: <20171025065203.24403-1-dkg@fifthhorseman.net> <20171025065203.24403-4-dkg@fifthhorseman.net> Date: Thu, 26 Oct 2017 15:00:41 -0400 Message-ID: <87d159ybs6.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Oct 2017 19:32:02 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed 2017-10-25 02:51:48 -0400, Daniel Kahn Gillmor wrote: > diff --git a/util/crypto.c b/util/crypto.c > index 087536ec..e014db5d 100644 > --- a/util/crypto.c > +++ b/util/crypto.c > @@ -140,13 +140,42 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypt= o_t *crypto)) > #endif >=20=20 > GMimeObject * > -_notmuch_crypto_decrypt (g_mime_3_unused(GMimeCryptoContext* crypto_ctx), > +_notmuch_crypto_decrypt (notmuch_message_t *message, > + g_mime_3_unused(GMimeCryptoContext* crypto_ctx), > GMimeMultipartEncrypted *part, > GMimeDecryptResult **decrypt_result, > GError **err) > { > GMimeObject *ret =3D NULL; >=20=20 > + /* the versions of notmuch that can support session key decryption */ > +#if (GMIME_MAJOR_VERSION >=3D 3 || (GMIME_MAJOR_VERSION =3D=3D 2 && GMIM= E_MINOR_VERSION =3D=3D 6 && GMIME_MICRO_VERSION >=3D 21)) > + if (message) { > + notmuch_message_properties_t *list =3D NULL; > + > + for (list =3D notmuch_message_get_properties (message, "session-key", T= RUE); > + notmuch_message_properties_valid (list); notmuch_message_propertie= s_move_to_next (list)) { > +#if (GMIME_MAJOR_VERSION < 3) > + ret =3D g_mime_multipart_encrypted_decrypt_session (part, > + crypto_ctx, > + notmuch_message_properties_value (list), > + decrypt_result, err); > +#else > + ret =3D g_mime_multipart_encrypted_decrypt (part, > + GMIME_DECRYPT_NONE, > + notmuch_message_properties_value (list), > + decrypt_result, err); > +#endif > + if (ret) > + break; > + } > + if (list) > + notmuch_message_properties_destroy (list); > + if (ret) > + return ret; > + } > +#endif > + > #if (GMIME_MAJOR_VERSION < 3) > ret =3D g_mime_multipart_encrypted_decrypt(part, crypto_ctx, > decrypt_result, err); In the change above, i realized that we might accidentally clobber the GError of any intermediate failed decryption attempt, which would produce a GLib warning to stderr. In my revised/updated series ("session-keys" on https://gitlab.com/dkg/notmuch), i clear err (if present) before each attempted decryption. This effectively throws away all errors except for the last one, but i think that's the right thing to do -- we'll try whatever we can for decrypting, but if the final decryption fails, that's the error we'd want reported back anyway. --dkg the self-reviewer :) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlnyMNkACgkQFJitxsGS Mje5jg//a0k1bbzVFs0IbUeVFnThWiYC5seMIKAryF1hXKC8TndENwNBdgZwahA5 2MgP9bWihyGh8WmwsiHl9sM3E/aejUbdrTHwqr40UzQZDA+jXm8T+0FXPovjsSG/ njWde9rvwBcMsTDalcphAYLmy4zThbJHMxb92X6EgV/vKLTk5WEk57BAEW7C50bG SJw/cGlIerHIfMYp98xBOqsMtK7I/n6fXUhF4r3jRexZ6fTpnBWrD5D4vmsGibOE CjrtsgeYUqos+xY7pYaDe7gLCZCC1D+3Y9L4lks9PTkUR6LR3ZcfK3pquv0DGkRH oWajuuZrJdlC8Zl4oj5fJsGxJzhZ5VRd1EjfoUuqB2s+sNMQ56gD6JDbiGxNvrCH pPqJatP6zLg3wPQCh5g7tYxcM2mQezBjgdt11FEExaE3+m+xUAFRNDMnkidkaura O38SI0B09p+JMv6dHSI5F9meFKOWuGbN9h7avAKISnb2SXWu4FuolvKZfu5l5oU4 CaXnIq2w/bt7o6ZwrIz2fJ++EP9NM4WYDIjstC5OSXo39k/HywBeXOE3GlAxIUq6 E6acIQ6Y62QLnGBoqIXbHg3MEYiBGGRtMrCaJDCaVoz+IjiKgpqpDSXxYxz1oSBZ 8MLtPlNPy8lC4H7zvegBhoQul55dVhhVcHM/bjwMfgiUoUYp9Yc= =JbU0 -----END PGP SIGNATURE----- --=-=-=--