From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eric Abrahamsen Newsgroups: gmane.emacs.bugs Subject: bug#67931: [PATCH] Use S/MIME key from content for mail signing via OpenSSL Date: Fri, 10 May 2024 13:02:14 -0700 Message-ID: <8734qpqvuh.fsf@ericabrahamsen.net> References: <8734vx6mk7.fsf@yshyn.com> <86y18lajgd.fsf@gnu.org> <87wmo5rq93.fsf@ericabrahamsen.net> <87fruqsg3i.fsf@ericabrahamsen.net> <8734qp3obp.fsf@yshyn.com> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="16500"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) To: 67931@debbugs.gnu.org Cancel-Lock: sha1:ueTXEi+2vw4UjqvTQHkQe2ysMPc= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri May 10 22:03:24 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1s5WSi-00049J-Ax for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 10 May 2024 22:03:24 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s5WSP-0003LC-CH; Fri, 10 May 2024 16:03:05 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s5WSN-0003Ko-7a for bug-gnu-emacs@gnu.org; Fri, 10 May 2024 16:03:03 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s5WSM-0000H5-VF for bug-gnu-emacs@gnu.org; Fri, 10 May 2024 16:03:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s5WSL-0001l6-QS for bug-gnu-emacs@gnu.org; Fri, 10 May 2024 16:03:01 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: <8734vx6mk7.fsf@yshyn.com> Resent-From: Eric Abrahamsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 10 May 2024 20:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67931 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.17153713556753 (code B ref -1); Fri, 10 May 2024 20:03:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 10 May 2024 20:02:35 +0000 Original-Received: from localhost ([127.0.0.1]:43850 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s5WRu-0001kr-R6 for submit@debbugs.gnu.org; Fri, 10 May 2024 16:02:35 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:51364) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s5WRs-0001kl-Bl for submit@debbugs.gnu.org; Fri, 10 May 2024 16:02:32 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s5WRt-0003DI-4c for bug-gnu-emacs@gnu.org; Fri, 10 May 2024 16:02:33 -0400 Original-Received: from ciao.gmane.io ([116.202.254.214]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s5WRn-0000Ey-2V for bug-gnu-emacs@gnu.org; Fri, 10 May 2024 16:02:31 -0400 Original-Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1s5WRk-0002mc-QB for bug-gnu-emacs@gnu.org; Fri, 10 May 2024 22:02:24 +0200 X-Injected-Via-Gmane: http://gmane.org/ Received-SPF: pass client-ip=116.202.254.214; envelope-from=geb-bug-gnu-emacs@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:284832 Archived-At: illia@yshyn.com writes: > Eric Abrahamsen writes: > >> I'm mostly trying to understand how broken this was, prior to this >> patch. Obviously there was the hard-coding of the key, the original >> issue. Has encryption been broken this whole time, too? > > Encryption is working as intended, I haven't encountered any problems > with it yet. > >> Encryption is a separate MML tag, right? And also a separate cert (the >> recipient's, not the user's). Why would additional certificates on your >> own certfile interfere with the process of encrypting to the user? > > Actually, when signing and encrypting at the same time, both use a > single "signencrypt" tag. This is what mml-secure-message-encrypt-smime > outputs currently: > > <#secure method=smime mode=signencrypt keyfile=keyfile.pem certfile=recip.gpg> > > mml-parse-1 converts this into an alist, spliting "signencrypt" into two > separate "sign" and "encrypt" parameters. These are then processed in > mml-generate-mime-1, which consults mml-signencrypt-style-alist if it > encounters both sign and encrypt in the same tag. > > With my previous patch (6 May) reusing the certfile parameter, the tag > would include chain certificates as certfiles: > > <#secure method=smime mode=signencrypt keyfile=keyfile.pem certfile=chain.pem certfile=recip.pem> > > With the same alist is passed to both mml-smime-openssl-sign and > mml-smime-openssl-encrypt, this had the unintended effect of (1) > encrypting for chain.pem and (2) including recip{1,2}.pem in the message > when signing. > > With the latest patch, the tag looks like this: > > <#secure method=smime mode=signencrypt keyfile=keyfile.pem chainfile=chain.pem certfile=recip.pem> > > As mml-smime-openssl-sign expects chainfiles, mml-smime-openssl-encrypt > expects certfiles, and they don't interfere with each other anymore. Thank you very much, this was the hand-holding I needed. >> I'm not trying to be difficult, I'd just like to have a better grasp of >> what's going on here! > > No worries, I appreciate the additional caution with security-sensitive > code. Also that part of the code seems to have been a bit neglected. As we can see from the previous bug report, no one seems to understand how this works! Though the punchline probably is: you're the only one still using S/MIME. Anyway, I'm feeling okay about this. If you think this is ready to go, I'll put it in. Thanks, Eric