[PATCH] crypto: Avoid pretending to verify signatures on unsigned encrypted mail

[PATCH] crypto: Avoid pretending to verify signatures on unsigned encrypted mail

[Daniel Kahn Gillmor]

Unsigned encrypted mail shows up with a weird empty signature list.
If we successfully decrypted and there was no signature in it, we
should just not show a sigstatus at all.

The documentation for g_mime_decrypt_result_get_signatures says:

    a GMimeSignatureList or NULL if the stream was not signed.
---
 mime-node.c         | 2 +-
 test/T350-crypto.sh | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

This was originally sent to the list as part of a longer patch series
in id:20180511055544.13676-3-dkg@fifthhorseman.net but i think it
stands alone, and it would help me to reduce the size of the
outstanding patch series to get it applied to master :)

diff --git a/mime-node.c b/mime-node.c
index 2a24e537..1bfb479b 100644
--- a/mime-node.c
+++ b/mime-node.c
@@ -218,12 +218,12 @@ node_decrypt_and_verify (mime_node_t *node, GMimeObject *part,
     }
 
     node->decrypt_success = true;
-    node->verify_attempted = true;
 
     if (decrypt_result) {
 	/* This may be NULL if the part is not signed. */
 	node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
 	if (node->sig_list) {
+	    node->verify_attempted = true;
 	    g_object_ref (node->sig_list);
 	    set_signature_list_destructor (node);
 	}
diff --git a/test/T350-crypto.sh b/test/T350-crypto.sh
index 73aa58de..80d57847 100755
--- a/test/T350-crypto.sh
+++ b/test/T350-crypto.sh
@@ -271,7 +271,6 @@ expected='[[[{"id": "XXXXX",
  "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
  "body": [{"id": 1,
  "encstatus": [{"status": "good"}],
- "sigstatus": [],
  "content-type": "multipart/encrypted",
  "content": [{"id": 2,
  "content-type": "application/pgp-encrypted",
-- 
2.20.1

Re: [PATCH] crypto: Avoid pretending to verify signatures on unsigned encrypted mail

[Daniel Kahn Gillmor]

On Sat 2019-04-20 13:02:57 -0400, Daniel Kahn Gillmor wrote:
> Unsigned encrypted mail shows up with a weird empty signature list.
> If we successfully decrypted and there was no signature in it, we
> should just not show a sigstatus at all.

Just a ping on this -- i don't think it should be particularly
controversial, and the tests all pass!

    --dkg

Re: [PATCH] crypto: Avoid pretending to verify signatures on unsigned encrypted mail

[David Bremner]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> Unsigned encrypted mail shows up with a weird empty signature list.
> If we successfully decrypted and there was no signature in it, we
> should just not show a sigstatus at all.
>
> The documentation for g_mime_decrypt_result_get_signatures says:
>
>     a GMimeSignatureList or NULL if the stream was not signed.

pushed to master,

d