From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Sat, 26 Aug 2023 21:25:50 +0000 (-0400)
Subject: mail-crypt: Remove crypt_write_version setting
X-Git-Tag: 2.4.1~1177
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=824092a12222d2db460d682877db97a573bc25d4;p=thirdparty%2Fdovecot%2Fcore.git

mail-crypt: Remove crypt_write_version setting

It's no longer possible to write new version 1 files, but they can be read.
---

diff --git a/src/plugins/mail-crypt/crypt-settings.c b/src/plugins/mail-crypt/crypt-settings.c
index 652775a7c4..09c3494d4d 100644
--- a/src/plugins/mail-crypt/crypt-settings.c
+++ b/src/plugins/mail-crypt/crypt-settings.c
@@ -43,7 +43,6 @@ static const struct setting_define crypt_setting_defines[] = {
 	   .filter_array_field_name = "crypt_private_key_name" },
 
 	DEF(STR, crypt_write_algorithm),
-	DEF(UINT, crypt_write_version),
 
 	{ .type = SET_FILTER_ARRAY, .key = "crypt_user_key_encryption_key",
 	   .offset = offsetof(struct crypt_settings, crypt_user_key_encryption_keys),
@@ -62,7 +61,6 @@ static const struct crypt_settings crypt_default_settings = {
 	.crypt_global_private_keys = ARRAY_INIT,
 
 	.crypt_write_algorithm = "aes-256-gcm-sha256",
-	.crypt_write_version = UINT_MAX,
 
 	.crypt_user_key_encryption_keys = ARRAY_INIT,
 	.crypt_user_key_password = "",
diff --git a/src/plugins/mail-crypt/crypt-settings.h b/src/plugins/mail-crypt/crypt-settings.h
index 7934b6d62a..b561d2b02f 100644
--- a/src/plugins/mail-crypt/crypt-settings.h
+++ b/src/plugins/mail-crypt/crypt-settings.h
@@ -18,7 +18,6 @@ struct crypt_settings {
 	ARRAY_TYPE(const_string) crypt_global_private_keys;
 
 	const char *crypt_write_algorithm;
-	unsigned int crypt_write_version;
 
 	/* for user-specific keys: */
 	ARRAY_TYPE(const_string) crypt_user_key_encryption_keys;
diff --git a/src/plugins/mail-crypt/mail-crypt-plugin.c b/src/plugins/mail-crypt/mail-crypt-plugin.c
index cc78144585..4c096de88d 100644
--- a/src/plugins/mail-crypt/mail-crypt-plugin.c
+++ b/src/plugins/mail-crypt/mail-crypt-plugin.c
@@ -261,13 +261,11 @@ mail_crypt_mail_save_begin(struct mail_save_context *ctx,
 
 	enum io_stream_encrypt_flags enc_flags = 0;
 	if (muser != NULL && muser->set->crypt_write_algorithm[0] != '\0') {
-		if (muser->set->crypt_write_version == 1) {
-			enc_flags = IO_STREAM_ENC_VERSION_1;
-		} else if (muser->set->crypt_write_version == 2) {
+		if (strstr(muser->set->crypt_write_algorithm, "gcm") != NULL ||
+		    strstr(muser->set->crypt_write_algorithm, "ccm") != NULL)
 			enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD;
-		} else {
-			i_assert(muser->set->crypt_write_version == 0);
-		}
+		else
+			enc_flags = IO_STREAM_ENC_INTEGRITY_HMAC;
 	}
 
 	if (mbox->module_ctx.super.save_begin(ctx, input) < 0)
@@ -276,15 +274,6 @@ mail_crypt_mail_save_begin(struct mail_save_context *ctx,
 	if (enc_flags == 0)
 		return 0;
 
-	if (muser->set->crypt_write_version != 2)
-		;
-	else if (strstr(muser->set->crypt_write_algorithm, "gcm") != NULL ||
-		 strstr(muser->set->crypt_write_algorithm, "ccm") != NULL) {
-		enc_flags = IO_STREAM_ENC_INTEGRITY_AEAD;
-	} else {
-		enc_flags = IO_STREAM_ENC_INTEGRITY_HMAC;
-	}
-
 	struct dcrypt_public_key *pub_key;
 	if (muser->global_keys.public_key != NULL)
 		pub_key = muser->global_keys.public_key;
@@ -308,16 +297,6 @@ mail_crypt_mail_save_begin(struct mail_save_context *ctx,
 				return ret;
 			}
 
-			if (muser->set->crypt_write_version < 2) {
-				mail_storage_set_error(box->storage,
-                                        MAIL_ERROR_PARAMS,
-                                        t_strdup_printf("generate_keypair(%s) failed: "
-                                                        "unsupported crypt_write_version=%d",
-                                                        mailbox_get_vname(box),
-                                                        muser->set->crypt_write_version));
-                                return -1;
-			}
-
 			if (mail_crypt_box_generate_keypair(box, &pair, NULL,
 							    &pubid, &error) < 0) {
 				mail_storage_set_error(box->storage,
@@ -366,7 +345,6 @@ mail_crypt_mailbox_copy(struct mail_save_context *ctx, struct mail *mail)
 		/* Within same user, consider safe only the case where
 		   encryption is enabled and keys are global. */
 		raw_copy = muser != NULL &&
-			   muser->set->crypt_write_version != 0 &&
 			   muser->set->crypt_write_algorithm[0] != '\0' &&
 			   muser->global_keys.public_key != NULL;
 	}
@@ -408,7 +386,7 @@ static void mail_crypt_mailbox_allocated(struct mailbox *box)
 		v->save_begin = mail_crypt_mail_save_begin;
 		v->copy = mail_crypt_mailbox_copy;
 
-		if (muser == NULL || muser->set->crypt_write_version == 0 ||
+		if (muser == NULL ||
 		    muser->set->crypt_write_algorithm[0] == '\0')
 			v->save_finish = mail_crypt_mail_save_finish;
 	}
@@ -452,17 +430,6 @@ static void mail_crypt_mail_user_created(struct mail_user *user)
 			muser->set->crypt_user_key_curve, error);
 	}
 
-	if (muser->set->crypt_write_version == UINT_MAX) {
-		user->error = p_strdup_printf(user->pool,
-				"mail_crypt_plugin: "
-				"crypt_write_version setting missing");
-	} else if (muser->set->crypt_write_version > 2) {
-		user->error = p_strdup_printf(user->pool,
-				"mail_crypt_plugin: Invalid "
-				"crypt_write_version %u: use 0, 1, or 2 ",
-				muser->set->crypt_write_version);
-	}
-
 	if (mail_crypt_global_keys_load(user->event, muser->set,
 					&muser->global_keys, &error) < 0) {
 		user->error = p_strdup_printf(user->pool,