GNU bug report logs - #40397
28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message

Previous Next

Packages: emacs, gnus;

Reported by: Sebastian Fieber <sebastian.fieber <at> web.de>

Date: Thu, 2 Apr 2020 23:38:03 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Sebastian Fieber <sebastian.fieber <at> web.de>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: 40397 <at> debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in smime
Date: Tue, 07 Apr 2020 21:22:26 +0200

[Message part 1 (text/plain, inline)]
On Mo, Apr 06 2020, Noam Postavsky <npostavs <at> gmail.com> wrote:

> This hunk looks a bit suspicious to me as well, I don't think you can
> apply operators like "?" to anchors.
>
> @@ -759,7 +782,7 @@ MIME-Version header before proceeding."
>          (mb enable-multibyte-characters)
>          beg)
>      (goto-char (point-min))
> -    (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
> +    (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
>      (setq beg (point))
>      (with-current-buffer
>            (generate-new-buffer " *mm*")
>

Yes, this sections is also wrong.

>> Since you have looked over the patch: What do you think about the
>> approach to internally structure application/pkcs7-mime parts like
>> multipart parts containing the mime type with text properties until the
>> decrypted, maybe verified singlepart in the car of the handle?
> Sorry, I'm not familiar enough with how this code is currently
> structured to say anything intelligent about that.

No problem :)

I have attached a new patch which fixes the problem and also does
implement support for the security buttons for application/pkcs7-mime
parts.  This is quite nice as application/pkcs7-mime parts are not
handled automatically by default in gnus.  ATM you have to set
mm-decrypt-option and mm-verify-option at least to 'ask.  So with this
supported it should now work out of the box even without setting
mm-decrypt-option and mm-verify-option because now gnus shows the
buttons properly and one can click on them and decrypt/verify the part
"manually".

This time the patch should be clean and was tested properly at least
with mml-smime-use 'epg.  I'm not quite sure if the patch breaks using
openssl as I didn't get this running.  Maybe someone can test this? If
this does break using openssl modifying mm-views decrypt and verify
function should suffice to fix any problems.

The gist of the patch is: treat application/pkcs7-mime like multipart
mails and especially multipart/encrypted with protocol
application/pgp-encrypted and change not more stuff than necessary.

Here is the commit message which is a bit more detailed (also found in
the patch):

"This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.

Also this patch enables proper security-buttons for pkcs7-mime
encrypted and/or signed mails.

Changes:
- don't force Content-type header to text/plain in front of decrypted
  content for smime decryption using mm-view-pkcs7.  This fixes the
  initial bug where the signed part was not verified due to the wrong
  content type header.

- structure the result of mm-dissect-buffer of application/pkcs7-mime
  like a multipart mail so there is no loosing of information of
  verification and decryption results which can now be displayed by
  gnus-mime-display-security

- adjust gnus-mime-display-part to handle application/pkcs7-mime like
  multipart/encrypted or multipart/signed

- add dummy entries to mm-verify-function-alist and
  mm-decrypt-function-alist so gnus-mime-display-security correctly
  displays "S/MIME" and not "unknown protocol"

- don't just check for multipart/signed in
  gnus-insert-mime-security-button but also for the pkcs7-mime mimetypes
  to print "Encrypted" or "Signed" accordingly in the security button

- adjust mm-possibly-verify-or-decrypt to check for smime-type to ask
  wether to verify or decrypt the part and not to always ask to decrypt

- adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so
  success information can be displayed by gnus-mime-display-security

- in mm-view-pkcs7-verify also remove carriage returns like in
  mm-view-pkcs7-decrypt

- adjust gnus-mime-security-verify-or-decrypt to handle pkcs7-mime
  right with the done changes

TODO: mm-view-pkcs7-decrypt and verify error handling and
reporting. ATM there is only the good case implemented - at least for
reporting with gnus-mime-display-security."


[0001-fix-bug-40397.patch (text/x-patch, attachment)]
This bug report was last modified 3 years and 208 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.