Received: (at 67931) by debbugs.gnu.org; 11 Jan 2024 21:05:52 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 11 16:05:52 2024 Received: from localhost ([127.0.0.1]:34136 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO2FM-0000Ob-Ik for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 16:05:52 -0500 Received: from mail-lj1-x22e.google.com ([2a00:1450:4864:20::22e]:49496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <stefankangas@HIDDEN>) id 1rO2FK-0000OM-GD for 67931 <at> debbugs.gnu.org; Thu, 11 Jan 2024 16:05:52 -0500 Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2ccbc328744so69984621fa.3 for <67931 <at> debbugs.gnu.org>; Thu, 11 Jan 2024 13:05:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705007147; x=1705611947; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=6I2LW+qDHg9+f2iW16ddV+EQnIn2Voi5Lo3I1D3cKfw=; b=gSlIqcDJMS+9cJ2WczvkRhhD+cphjPRZ01Qh3/0k2QdSHGkb5+2uxyuDL7g0y0sj7G SR79Mu6JuEcIXx2D3vk9C4piIZJoHtC8oLsuq4DAVQZt4uY/Xu1WeHZqy82fLAkM/uhM EtxshvwaE5mY22bgjV7iTCpUBPY6r2y0figs0Jxs1VsaIQBQi/obhBUFg0pRHTM3wdhS P/6I3DmFRUOmuArCHF55ZMHpx7tYefJ2sRxYYwarU7YTnGIEzxJM8a7r3HVnmfkbO8XL Gm4Ev26Is7JCCPiaDrnx1kVEEIdvl7CeR4VoLEkLYvlG7wd0vEL+bAc2oLU5Gecd2d0L uPzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705007147; x=1705611947; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6I2LW+qDHg9+f2iW16ddV+EQnIn2Voi5Lo3I1D3cKfw=; b=l38UqpMqOncMjYs3g/wVRsCFwO0MflExVuvZxJ+w6FD/qAJ4SiJl4CXcaRJJDiQvXL XvjDoa7/8BGoGCbgdyTf4nLBTT4hOqkEMK7QQdy875tsXOO2oWL7meoWN8ArxB5xDIQe ts1+XVVdfdF/65spIgTEDqtd/C8V5Rmu6sjylcfLvx9YIHuF0B39d1kw0NhwHk4zaPSc oCKKOYDMIQ/k5CJpI1Z7380pF/7fyluN9SUJ+tWainS+T9CPqKA2PmZ9ggJlPkJl8Roi vzcw2OlJZF8WSL4rQHuHmzlJ/pc7UswrsR8C29q/WuxETg9UJ/54Pj8FdXr8qt/4ul5+ erhA== X-Gm-Message-State: AOJu0YwUWkRRL93MNokFeJXqxvXJVncWgsb8NyZAWXlx8MsAhKOkiZYE WEtAW9DELrPn/YUSuzsML6+8FI2njENjVjPIYwVLroXQ1ZI= X-Google-Smtp-Source: AGHT+IE+juVNTEWBa7DXQS5kHikuDp1QztfM/cyZ/qEFU3pLl/6cCCX6PGwVVPMTdWKQ2Itv+BqEt69wFKEQvNWDZw4= X-Received: by 2002:a2e:9b91:0:b0:2cd:1ca6:87c0 with SMTP id z17-20020a2e9b91000000b002cd1ca687c0mr175128lji.23.1705007146671; Thu, 11 Jan 2024 13:05:46 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Thu, 11 Jan 2024 13:05:46 -0800 From: Stefan Kangas <stefankangas@HIDDEN> In-Reply-To: <8734vx6mk7.fsf@HIDDEN> (Illia Ostapyshyn's message of "Wed, 20 Dec 2023 14:16:56 +0100") References: <8734vx6mk7.fsf@HIDDEN> MIME-Version: 1.0 Date: Thu, 11 Jan 2024 13:05:46 -0800 Message-ID: <CADwFkmnTan0CHsY7EEBD8XH4cuZa8OpXN6paSFzHg4q1stoGFg@HIDDEN> Subject: Re: bug#67931: [PATCH] Use S/MIME key from content for mail signing via OpenSSL To: Illia Ostapyshyn <illia@HIDDEN> Content-Type: text/plain; charset="UTF-8" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 67931 Cc: Lars Ingebrigtsen <larsi@HIDDEN>, 67931 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Illia Ostapyshyn <illia@HIDDEN> writes: > * Bug > > mml-smime-openssl-sign always takes the cdar of smime-keys, resulting in > keyfile parameter of the #secure tag being ignored. Hence, only the > first entry of smime-keys is used, regardless of the mail contents or > sender address. > > * Fix > > The relevant information (returned from mml-smime-openssl-sign-query) is > already in the cont alist passed to mml-smime-openssl-sign, just use > that instead. Thanks for the patch. Could you please provide a way to reproduce the issue that you're seeing? We don't have anyone onboard that is deeply familiar with this code, I think, and it is security-sensitive. Therefore, I'd like to be careful when making changes here. If we could have unit tests for this, it would be even better, of course.
bug-gnu-emacs@HIDDEN
:bug#67931
; Package emacs
.
Full text available.Received: (at submit) by debbugs.gnu.org; 20 Dec 2023 13:58:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Dec 20 08:58:38 2023 Received: from localhost ([127.0.0.1]:38938 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rFx5p-00040P-9e for submit <at> debbugs.gnu.org; Wed, 20 Dec 2023 08:58:38 -0500 Received: from lists.gnu.org ([2001:470:142::17]:60850) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <illia@HIDDEN>) id 1rFwSJ-0006Bl-Rw for submit <at> debbugs.gnu.org; Wed, 20 Dec 2023 08:17:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <illia@HIDDEN>) id 1rFwRp-0007qk-R9 for bug-gnu-emacs@HIDDEN; Wed, 20 Dec 2023 08:17:18 -0500 Received: from mailout1n.rrzn.uni-hannover.de ([130.75.2.107]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <illia@HIDDEN>) id 1rFwRn-0002MA-LP for bug-gnu-emacs@HIDDEN; Wed, 20 Dec 2023 08:17:17 -0500 Received: from yowie (dyn-148141.mip.uni-hannover.de [10.172.148.141]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout1n.rrzn.uni-hannover.de (Postfix) with ESMTPSA id E98C71F4; Wed, 20 Dec 2023 14:17:06 +0100 (CET) From: Illia Ostapyshyn <illia@HIDDEN> To: bug-gnu-emacs@HIDDEN Subject: [PATCH] Use S/MIME key from content for mail signing via OpenSSL Date: Wed, 20 Dec 2023 14:16:56 +0100 Message-ID: <8734vx6mk7.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Virus-Scanned: clamav-milter 0.103.9 at mailout1n X-Virus-Status: Clean Received-SPF: softfail client-ip=130.75.2.107; envelope-from=illia@HIDDEN; helo=mailout1n.rrzn.uni-hannover.de X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, FROM_FMBLA_NEWDOM28=0.799, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.8 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * Bug mml-smime-openssl-sign always takes the cdar of smime-keys, resulting in keyfile parameter of the #secure tag being ignored. Hence, only the first entry of smime-keys is used, regardless of the mail c [...] Content analysis details: (1.8 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.8 FROM_FMBLA_NEWDOM28 From domain was registered in last 14-28 days X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Wed, 20 Dec 2023 08:58:35 -0500 Cc: Lars Ingebrigtsen <larsi@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.8 (/) --=-=-= Content-Type: text/plain * Bug mml-smime-openssl-sign always takes the cdar of smime-keys, resulting in keyfile parameter of the #secure tag being ignored. Hence, only the first entry of smime-keys is used, regardless of the mail contents or sender address. * Fix The relevant information (returned from mml-smime-openssl-sign-query) is already in the cont alist passed to mml-smime-openssl-sign, just use that instead. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-Use-S-MIME-key-from-content-for-mail-signing-via-Ope.patch Content-Description: Patch From 477badfc705c5dd59cfd8a577eab9eaf4a510e0f Mon Sep 17 00:00:00 2001 From: Illia Ostapyshyn <illia@HIDDEN> Date: Wed, 20 Dec 2023 13:57:28 +0100 Subject: [PATCH] Use S/MIME key from content for mail signing via OpenSSL * lisp/gnus/mml-smime.el (mml-smime-openssl-sign): Use the key passed in the cont argument instead of the first smime-keys entry. --- lisp/gnus/mml-smime.el | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lisp/gnus/mml-smime.el b/lisp/gnus/mml-smime.el index 896c95f8d3e..713b7fe5b68 100644 --- a/lisp/gnus/mml-smime.el +++ b/lisp/gnus/mml-smime.el @@ -130,10 +130,7 @@ mml-smime-verify-test (funcall func handle ctl)))) (defun mml-smime-openssl-sign (_cont) - (when (null smime-keys) - (customize-variable 'smime-keys) - (error "No S/MIME keys configured, use customize to add your key")) - (smime-sign-buffer (cdar smime-keys)) + (smime-sign-buffer (cdr (assq 'keyfile cont))) (goto-char (point-min)) (while (search-forward "\r\n" nil t) (replace-match "\n" t t)) -- 2.43.0 --=-=-=--
Illia Ostapyshyn <illia@HIDDEN>
:bug-gnu-emacs@HIDDEN
.
Full text available.bug-gnu-emacs@HIDDEN
:bug#67931
; Package emacs
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.