GNU bug report logs - #67931
[PATCH] Use S/MIME key from content for mail signing via OpenSSL

Previous Next

Package: emacs;

Reported by: Illia Ostapyshyn <illia <at> yshyn.com>

Date: Wed, 20 Dec 2023 13:59:01 UTC

Severity: normal

Tags: patch

Done: Eric Abrahamsen <eric <at> ericabrahamsen.net>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 67931 <at> debbugs.gnu.org (full text, mbox):

From: Eric Abrahamsen <eric <at> ericabrahamsen.net>
To: Illia Ostapyshyn <illia <at> yshyn.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, 67931 <at> debbugs.gnu.org, larsi <at> gnus.org,
 stefankangas <at> gmail.com
Subject: Re: bug#67931: [PATCH] Use S/MIME key from content for mail signing
 via OpenSSL
Date: Tue, 07 May 2024 19:05:04 -0700

Illia Ostapyshyn <illia <at> yshyn.com> writes:

> Eli Zaretskii <eliz <at> gnu.org> writes:
>
>>> Cc: Lars Ingebrigtsen <larsi <at> gnus.org>, 17780 <at> debbugs.gnu.org,
>>>  Stefan Kangas <stefankangas <at> gmail.com>, Jan Beich <jbeich <at> vfemail.net>,
>>>  67931 <at> debbugs.gnu.org
>>> From: Illia Ostapyshyn <illia <at> yshyn.com>
>>> Date: Mon, 06 May 2024 20:46:33 +0200
>>> 
>>> Sorry, forgot to attach the patch, sending it with this email.
>>
>> Thanks, I'm adding Eric to the discussion.
>
> Thanks!
>
> I've realized that reusing certfile parameter for signing will have
> unintended side-effects when encrypting and signing a message.  When a
> single signencrypt MML tag is used for both this results in all
> certfiles passed to both `smime-encrypt-buffer' and `smime-sign-buffer'.
>
> I'm sending a new patch that introduces a parameter called chainfile for
> signatures instead.

Thanks for the report, and the code. I haven't been able to get the
reproducer to work so far (in Emacs -Q), because it always ends up at
`mml-smime-sign-query' instead of `mml-smime-sign-buffer', and the
latter seems to be the only way to (eventually) end up at
`mml-smime-openssl-sign', where the problem is:

- mml-smime-sign-buffer
- mml-smime-sign
- (funcall (nth 1 (assq 'openssl mml-smime-function-alist)))
- mml-smime-openssl-sign

`mml-smime-sign' is the only place that does (nth 1 (assq 'openssl
mml-smime-function-alist))

The only way to call `mml-smime-sign-buffer' instead of
`mml-smime-sign-query' is if some code ran:

(funcall (nth 1 (assoc "smime" mml-sign-alist)))

And so far as I can tell, no code does that.

Obviously you arrived at that function somehow, otherwise we wouldn't
have this bug report, but so far I can't figure out how!

Thanks,
Eric
This bug report was last modified 1 year and 100 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.