[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#40397: 28.0.50; epg decrypt does not verify signed content in smime
From: |
Sebastian Fieber |
Subject: |
bug#40397: 28.0.50; epg decrypt does not verify signed content in smime |
Date: |
Tue, 07 Apr 2020 21:22:26 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
On Mo, Apr 06 2020, Noam Postavsky <npostavs@gmail.com> wrote:
> This hunk looks a bit suspicious to me as well, I don't think you can
> apply operators like "?" to anchors.
>
> @@ -759,7 +782,7 @@ MIME-Version header before proceeding."
> (mb enable-multibyte-characters)
> beg)
> (goto-char (point-min))
> - (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
> + (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
> (setq beg (point))
> (with-current-buffer
> (generate-new-buffer " *mm*")
>
Yes, this sections is also wrong.
>> Since you have looked over the patch: What do you think about the
>> approach to internally structure application/pkcs7-mime parts like
>> multipart parts containing the mime type with text properties until the
>> decrypted, maybe verified singlepart in the car of the handle?
> Sorry, I'm not familiar enough with how this code is currently
> structured to say anything intelligent about that.
No problem :)
I have attached a new patch which fixes the problem and also does
implement support for the security buttons for application/pkcs7-mime
parts. This is quite nice as application/pkcs7-mime parts are not
handled automatically by default in gnus. ATM you have to set
mm-decrypt-option and mm-verify-option at least to 'ask. So with this
supported it should now work out of the box even without setting
mm-decrypt-option and mm-verify-option because now gnus shows the
buttons properly and one can click on them and decrypt/verify the part
"manually".
This time the patch should be clean and was tested properly at least
with mml-smime-use 'epg. I'm not quite sure if the patch breaks using
openssl as I didn't get this running. Maybe someone can test this? If
this does break using openssl modifying mm-views decrypt and verify
function should suffice to fix any problems.
The gist of the patch is: treat application/pkcs7-mime like multipart
mails and especially multipart/encrypted with protocol
application/pgp-encrypted and change not more stuff than necessary.
Here is the commit message which is a bit more detailed (also found in
the patch):
"This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.
Also this patch enables proper security-buttons for pkcs7-mime
encrypted and/or signed mails.
Changes:
- don't force Content-type header to text/plain in front of decrypted
content for smime decryption using mm-view-pkcs7. This fixes the
initial bug where the signed part was not verified due to the wrong
content type header.
- structure the result of mm-dissect-buffer of application/pkcs7-mime
like a multipart mail so there is no loosing of information of
verification and decryption results which can now be displayed by
gnus-mime-display-security
- adjust gnus-mime-display-part to handle application/pkcs7-mime like
multipart/encrypted or multipart/signed
- add dummy entries to mm-verify-function-alist and
mm-decrypt-function-alist so gnus-mime-display-security correctly
displays "S/MIME" and not "unknown protocol"
- don't just check for multipart/signed in
gnus-insert-mime-security-button but also for the pkcs7-mime mimetypes
to print "Encrypted" or "Signed" accordingly in the security button
- adjust mm-possibly-verify-or-decrypt to check for smime-type to ask
wether to verify or decrypt the part and not to always ask to decrypt
- adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so
success information can be displayed by gnus-mime-display-security
- in mm-view-pkcs7-verify also remove carriage returns like in
mm-view-pkcs7-decrypt
- adjust gnus-mime-security-verify-or-decrypt to handle pkcs7-mime
right with the done changes
TODO: mm-view-pkcs7-decrypt and verify error handling and
reporting. ATM there is only the good case implemented - at least for
reporting with gnus-mime-display-security."
0001-fix-bug-40397.patch
Description: Text Data
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message, Sebastian Fieber, 2020/04/02
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Sebastian Fieber, 2020/04/03
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Sebastian Fieber, 2020/04/03
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Sebastian Fieber, 2020/04/04
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Sebastian Fieber, 2020/04/05
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Noam Postavsky, 2020/04/05
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Sebastian Fieber, 2020/04/06
- bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Noam Postavsky, 2020/04/06
bug#40397: 28.0.50; epg decrypt does not verify signed content in smime,
Sebastian Fieber <=