From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dkg@fifthhorseman.net>
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id 674A96DE0A7F
 for <notmuch@notmuchmail.org>; Thu, 26 Oct 2017 12:32:02 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: -0.033
X-Spam-Level: 
X-Spam-Status: No, score=-0.033 tagged_above=-999 required=5
 tests=[AWL=-0.033] autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZYo5XVLb108z for <notmuch@notmuchmail.org>;
 Thu, 26 Oct 2017 12:32:01 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])
 by arlo.cworth.org (Postfix) with ESMTP id 10F976DE01EA
 for <notmuch@notmuchmail.org>; Thu, 26 Oct 2017 12:32:00 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130])
 by che.mayfirst.org (Postfix) with ESMTPSA id 42A89F99A
 for <notmuch@notmuchmail.org>; Thu, 26 Oct 2017 15:31:59 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
 id 32637209D0; Thu, 26 Oct 2017 15:00:45 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: Re: [PATCH 03/18] crypto: use stashed session-key properties for
 decryption, if available
In-Reply-To: <20171025065203.24403-4-dkg@fifthhorseman.net>
References: <20171025065203.24403-1-dkg@fifthhorseman.net>
 <20171025065203.24403-4-dkg@fifthhorseman.net>
Date: Thu, 26 Oct 2017 15:00:41 -0400
Message-ID: <87d159ybs6.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2017 19:32:02 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed 2017-10-25 02:51:48 -0400, Daniel Kahn Gillmor wrote:
> diff --git a/util/crypto.c b/util/crypto.c
> index 087536ec..e014db5d 100644
> --- a/util/crypto.c
> +++ b/util/crypto.c
> @@ -140,13 +140,42 @@ void _notmuch_crypto_cleanup (unused(_notmuch_crypt=
o_t *crypto))
>  #endif
>=20=20
>  GMimeObject *
> -_notmuch_crypto_decrypt (g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
> +_notmuch_crypto_decrypt (notmuch_message_t *message,
> +			 g_mime_3_unused(GMimeCryptoContext* crypto_ctx),
>  			 GMimeMultipartEncrypted *part,
>  			 GMimeDecryptResult **decrypt_result,
>  			 GError **err)
>  {
>      GMimeObject *ret =3D NULL;
>=20=20
> +    /* the versions of notmuch that can support session key decryption */
> +#if (GMIME_MAJOR_VERSION >=3D 3 || (GMIME_MAJOR_VERSION =3D=3D 2 && GMIM=
E_MINOR_VERSION =3D=3D 6 && GMIME_MICRO_VERSION >=3D 21))
> +    if (message) {
> +	notmuch_message_properties_t *list =3D NULL;
> +
> +	for (list =3D notmuch_message_get_properties (message, "session-key", T=
RUE);
> +	     notmuch_message_properties_valid (list); notmuch_message_propertie=
s_move_to_next (list)) {
> +#if (GMIME_MAJOR_VERSION < 3)
> +	    ret =3D g_mime_multipart_encrypted_decrypt_session (part,
> +							      crypto_ctx,
> +							      notmuch_message_properties_value (list),
> +							      decrypt_result, err);
> +#else
> +	    ret =3D g_mime_multipart_encrypted_decrypt (part,
> +						      GMIME_DECRYPT_NONE,
> +						      notmuch_message_properties_value (list),
> +						      decrypt_result, err);
> +#endif
> +	    if (ret)
> +		break;
> +	}
> +	if (list)
> +	    notmuch_message_properties_destroy (list);
> +	if (ret)
> +	    return ret;
> +    }
> +#endif
> +
>  #if (GMIME_MAJOR_VERSION < 3)
>      ret =3D g_mime_multipart_encrypted_decrypt(part, crypto_ctx,
>  					     decrypt_result, err);

In the change above, i realized that we might accidentally clobber the
GError of any intermediate failed decryption attempt, which would
produce a GLib warning to stderr.

In my revised/updated series ("session-keys" on
https://gitlab.com/dkg/notmuch), i clear err (if present) before each
attempted decryption.  This effectively throws away all errors except
for the last one, but i think that's the right thing to do -- we'll try
whatever we can for decrypting, but if the final decryption fails,
that's the error we'd want reported back anyway.

           --dkg the self-reviewer :)

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlnyMNkACgkQFJitxsGS
Mje5jg//a0k1bbzVFs0IbUeVFnThWiYC5seMIKAryF1hXKC8TndENwNBdgZwahA5
2MgP9bWihyGh8WmwsiHl9sM3E/aejUbdrTHwqr40UzQZDA+jXm8T+0FXPovjsSG/
njWde9rvwBcMsTDalcphAYLmy4zThbJHMxb92X6EgV/vKLTk5WEk57BAEW7C50bG
SJw/cGlIerHIfMYp98xBOqsMtK7I/n6fXUhF4r3jRexZ6fTpnBWrD5D4vmsGibOE
CjrtsgeYUqos+xY7pYaDe7gLCZCC1D+3Y9L4lks9PTkUR6LR3ZcfK3pquv0DGkRH
oWajuuZrJdlC8Zl4oj5fJsGxJzhZ5VRd1EjfoUuqB2s+sNMQ56gD6JDbiGxNvrCH
pPqJatP6zLg3wPQCh5g7tYxcM2mQezBjgdt11FEExaE3+m+xUAFRNDMnkidkaura
O38SI0B09p+JMv6dHSI5F9meFKOWuGbN9h7avAKISnb2SXWu4FuolvKZfu5l5oU4
CaXnIq2w/bt7o6ZwrIz2fJ++EP9NM4WYDIjstC5OSXo39k/HywBeXOE3GlAxIUq6
E6acIQ6Y62QLnGBoqIXbHg3MEYiBGGRtMrCaJDCaVoz+IjiKgpqpDSXxYxz1oSBZ
8MLtPlNPy8lC4H7zvegBhoQul55dVhhVcHM/bjwMfgiUoUYp9Yc=
=JbU0
-----END PGP SIGNATURE-----
--=-=-=--