Patch for smime-stuff

Patch for smime-stuff

[Arne Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 1229 bytes --]

Hi,

The attached patch has some changes for the S/MIME handling i Gnus
(inncluding the changes in the patch I posted four days ago).

From the ChangeLog:

       * smime.el (smime-ldap-host-list): Doc fix.
       (smime-ask-passphrase): Use `password-read-and-add' to read (and
       cache) password.
       (smime-sign-region): Use it.
       (smime-decrypt-region): Use it.
       (smime-sign-buffer): Signal an error if `smime-sign-region' fails.
       (smime-encrypt-buffer): Signal an error if `smime-encrypt-region'
       fails.
       (smime-cert-by-ldap-1): Use `base64-encode-string' to convert
       certificate from DER to PEM format rather than calling openssl.

       * mml-smime.el (mml-smime-encrypt-query): Remove obsolete comment.

       * mml-sec.el (mml-secure-message): Insert keyfile/certfile tags
       for signing/encryption.

       * mml.el (mml-parse-1): Use them.

The changes to mml-sec.el and mml.el makes "S/MIME Sign" and "S/MIME
Encrypt" work like "S/MIME Sign Part" and "S/MIME Encrypt Part" (it
will fetch the certificates). Maybe that will be removed later if we/I
postpone this until we send the message (as discussed ealier).

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: smime.patch --]
[-- Type: text/x-patch, Size: 9867 bytes --]

Index: lisp/ChangeLog
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v
retrieving revision 7.637
diff -u -p -r7.637 ChangeLog
--- lisp/ChangeLog	21 Feb 2005 15:51:07 -0000	7.637
+++ lisp/ChangeLog	21 Feb 2005 23:30:08 -0000
@@ -1,3 +1,23 @@
+2005-02-22  Arne J^[,Ax^[(Brgensen  <arne@arnested.dk>
+
+	* smime.el (smime-ldap-host-list): Doc fix.
+	(smime-ask-passphrase): Use `password-read-and-add' to read (and
+	cache) password.
+	(smime-sign-region): Use it.
+	(smime-decrypt-region): Use it.
+	(smime-sign-buffer): Signal an error if `smime-sign-region' fails.
+	(smime-encrypt-buffer): Signal an error if `smime-encrypt-region'
+	fails.
+	(smime-cert-by-ldap-1): Use `base64-encode-string' to convert
+	certificate from DER to PEM format rather than calling openssl.
+
+	* mml-smime.el (mml-smime-encrypt-query): Remove obsolete comment.
+
+	* mml-sec.el (mml-secure-message): Insert keyfile/certfile tags
+	for signing/encryption.
+
+	* mml.el (mml-parse-1): Use them.
+
 2005-02-21  Arne J^[,Ax^[(Brgensen <arne@arnested.dk>
 
 	* nnrss.el (nnrss-verbose): Removed.
Index: lisp/mml-sec.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml-sec.el,v
retrieving revision 7.6
diff -u -p -r7.6 mml-sec.el
--- lisp/mml-sec.el	13 Feb 2005 04:44:40 -0000	7.6
+++ lisp/mml-sec.el	21 Feb 2005 23:30:08 -0000
@@ -1,5 +1,5 @@
 ;;; mml-sec.el --- A package with security functions for MML documents
-;; Copyright (C) 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+;; Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
 ;; Author: Simon Josefsson <simon@josefsson.org>
 
@@ -224,6 +224,13 @@ You can also customize or set `mml-signe
 ;; defuns that add the proper <#secure ...> tag to the top of the message body
 (defun mml-secure-message (method &optional modesym)
   (let ((mode (prin1-to-string modesym))
+	(tags (append
+	       (if (or (eq modesym 'sign)
+		       (eq modesym 'signencrypt))
+		   (funcall (nth 2 (assoc method mml-sign-alist))))
+	       (if (or (eq modesym 'encrypt)
+		       (eq modesym 'signencrypt))
+		   (funcall (nth 2 (assoc method mml-encrypt-alist))))))
 	insert-loc)
     (mml-unsecure-message)
     (save-excursion
@@ -232,8 +239,8 @@ You can also customize or set `mml-signe
 	      (concat "^" (regexp-quote mail-header-separator) "\n") nil t)
 	     (goto-char (setq insert-loc (match-end 0)))
 	     (unless (looking-at "<#secure")
-	       (mml-insert-tag
-		'secure 'method method 'mode mode)))
+	       (apply 'mml-insert-tag
+		'secure 'method method 'mode mode tags)))
 	    (t (error
 		"The message is corrupted. No mail header separator"))))
     (when (eql insert-loc (point))
Index: lisp/mml-smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml-smime.el,v
retrieving revision 7.5
diff -u -p -r7.5 mml-smime.el
--- lisp/mml-smime.el	14 Feb 2005 15:22:17 -0000	7.5
+++ lisp/mml-smime.el	21 Feb 2005 23:30:08 -0000
@@ -135,7 +135,6 @@
     result))
 
 (defun mml-smime-encrypt-query ()
-  ;; todo: add ldap support (xemacs ldap api?)
   ;; todo: try dns/ldap automatically first, before prompting user
   (let (certs done)
     (while (not done)
Index: lisp/mml.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/mml.el,v
retrieving revision 7.24
diff -u -p -r7.24 mml.el
--- lisp/mml.el	19 Feb 2005 01:23:10 -0000	7.24
+++ lisp/mml.el	21 Feb 2005 23:30:09 -0000
@@ -158,6 +158,8 @@ one charsets.")
 	;; included in the message
 	(let* (secure-mode
 	       (taginfo (mml-read-tag))
+	       (keyfile (cdr (assq 'keyfile taginfo)))
+	       (certfile (cdr (assq 'certfile taginfo)))
 	       (recipients (cdr (assq 'recipients taginfo)))
 	       (sender (cdr (assq 'sender taginfo)))
 	       (location (cdr (assq 'tag-location taginfo)))
@@ -181,6 +183,10 @@ one charsets.")
 		 (setq tags (list "sign" method "encrypt" method))))
 	  (eval `(mml-insert-tag ,secure-mode
 				 ,@tags
+				 ,(if keyfile "keyfile")
+				 ,keyfile
+				 ,(if certfile "certfile")
+				 ,certfile
 				 ,(if recipients "recipients")
 				 ,recipients
 				 ,(if sender "sender")
Index: lisp/smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
retrieving revision 7.8
diff -u -p -r7.8 smime.el
--- lisp/smime.el	14 Feb 2005 15:24:44 -0000	7.8
+++ lisp/smime.el	21 Feb 2005 23:30:10 -0000
@@ -121,6 +121,7 @@
 
 (require 'dig)
 (require 'smime-ldap)
+(require 'password)
 (eval-when-compile (require 'cl))
 
 (defgroup smime nil
@@ -218,7 +219,9 @@ If nil, use system defaults."
   :group 'smime)
 
 (defcustom smime-ldap-host-list nil
-  "A list of LDAP hosts with S/MIME user certificates."
+  "A list of LDAP hosts with S/MIME user certificates.
+If needed search base, binddn, passwd, etc. for the LDAP host
+must be set in `ldap-host-parameters-alist'."
   :type '(repeat (string :tag "Host name"))
   :group 'smime)
 
@@ -238,11 +241,13 @@ If nil, use system defaults."
 
 ;; Password dialog function
 
-(defun smime-ask-passphrase ()
-  "Asks the passphrase to unlock the secret key."
+(defun smime-ask-passphrase (&optional cache-key)
+  "Asks the passphrase to unlock the secret key.
+If `cache-key' and `password-cache' is non-nil then cache the
+password under `cache-key'."
   (let ((passphrase
-	 (read-passwd
-	  "Passphrase for secret key (RET for no passphrase): ")))
+	 (password-read-and-add
+	  "Passphrase for secret key (RET for no passphrase): " cache-key)))
     (if (string= passphrase "")
 	nil
       passphrase)))
@@ -274,11 +279,11 @@ certificates to include in its caar.  If
 included, KEYFILE may be the file containing the PEM encoded private
 key and certificate itself."
   (smime-new-details-buffer)
-  (let ((keyfile (or (car-safe keyfile) keyfile))
-	(certfiles (and (cdr-safe keyfile) (cadr keyfile)))
-	(buffer (generate-new-buffer (generate-new-buffer-name " *smime*")))
-	(passphrase (smime-ask-passphrase))
-	(tmpfile (smime-make-temp-file "smime")))
+  (let* ((certfiles (and (cdr-safe keyfile) (cadr keyfile)))
+	 (keyfile (or (car-safe keyfile) keyfile))
+	 (buffer (generate-new-buffer (generate-new-buffer-name " *smime*")))
+	 (passphrase (smime-ask-passphrase (expand-file-name keyfile)))
+	 (tmpfile (smime-make-temp-file "smime")))
     (if passphrase
 	(setenv "GNUS_SMIME_PASSPHRASE" passphrase))
     (prog1
@@ -339,16 +344,17 @@ is expected to contain of a PEM encoded 
 KEYFILE should contain a PEM encoded key and certificate."
   (interactive)
   (with-current-buffer (or buffer (current-buffer))
-    (smime-sign-region
-     (point-min) (point-max)
-     (if keyfile
-	 keyfile
-       (smime-get-key-with-certs-by-email
-	(completing-read
-	 (concat "Sign using which key? "
-		 (if smime-keys (concat "(default " (caar smime-keys) ") ")
-		   ""))
-	 smime-keys nil nil (car-safe (car-safe smime-keys))))))))
+    (unless (smime-sign-region
+	     (point-min) (point-max)
+	     (if keyfile
+		 keyfile
+	       (smime-get-key-with-certs-by-email
+		(completing-read
+		 (concat "Sign using which key? "
+			 (if smime-keys (concat "(default " (caar smime-keys) ") ")
+			   ""))
+		 smime-keys nil nil (car-safe (car-safe smime-keys))))))
+      (error "Signing failed"))))
 
 (defun smime-encrypt-buffer (&optional certfiles buffer)
   "S/MIME encrypt BUFFER for recipients specified in CERTFILES.
@@ -357,11 +363,12 @@ a PEM encoded key and certificate.  Uses
 nil."
   (interactive)
   (with-current-buffer (or buffer (current-buffer))
-    (smime-encrypt-region
-     (point-min) (point-max)
-     (or certfiles
-	 (list (read-file-name "Recipient's S/MIME certificate: "
-			       smime-certificate-directory nil))))))
+    (unless (smime-encrypt-region
+	     (point-min) (point-max)
+	     (or certfiles
+		 (list (read-file-name "Recipient's S/MIME certificate: "
+				       smime-certificate-directory nil))))
+      (error "Encryption failed"))))
 
 ;; Verify+decrypt region
 
@@ -409,7 +416,7 @@ Any details (stderr on success, stdout a
 in the buffer specified by `smime-details-buffer'."
   (smime-new-details-buffer)
   (let ((buffer (generate-new-buffer (generate-new-buffer-name " *smime*")))
-	CAs (passphrase (smime-ask-passphrase))
+	CAs (passphrase (smime-ask-passphrase (expand-file-name keyfile)))
 	(tmpfile (smime-make-temp-file "smime")))
     (if passphrase
 	(setenv "GNUS_SMIME_PASSPHRASE" passphrase))
@@ -567,21 +574,21 @@ A string or a list of strings is returne
   "Get cetificate for MAIL from the ldap server at HOST."
   (let ((ldapresult (smime-ldap-search (concat "mail=" mail)
 				       host '("userCertificate") nil))
-	(retbuf (generate-new-buffer (format "*certificate for %s*" mail))))
+	(retbuf (generate-new-buffer (format "*certificate for %s*" mail)))
+	cert)
     (if (> (length ldapresult) 1)
 	(with-current-buffer retbuf
-	  (set-buffer-multibyte nil)
-	  (insert (nth 1 (car (nth 1 ldapresult))))
-	  (goto-char (point-min))
-	  (if (smime-call-openssl-region (point-min) (point-max) t "x509"
-					 "-inform" "DER" "-outform" "PEM")
-	      (progn
-		(delete-region (point) (point-max))
-		retbuf)
-	    (kill-buffer retbuf)
-	    nil))
+	  (setq cert (base64-encode-string (nth 1 (car (nth 1 ldapresult))) t))
+	  (insert "-----BEGIN CERTIFICATE-----\n")
+	  (let ((i 0) (len (length cert)))
+	    (while (> (- len 64) i)
+	      (insert (substring cert i (+ i 64)) "\n")
+	      (setq i (+ i 64)))
+	    (insert (substring cert i len) "\n"))
+	  (insert "-----END CERTIFICATE-----\n"))
       (kill-buffer retbuf)
-      nil)))
+      (setq retbuf nil))
+    retbuf))
 
 (defun smime-cert-by-ldap (mail)
   "Find certificate via LDAP for address MAIL."

Re: Patch for smime-stuff

[Simon Josefsson]

Arne Jørgensen <arne@arnested.dk> writes:

> The attached patch has some changes for the S/MIME handling i Gnus

Awesome!

Installed.

> The changes to mml-sec.el and mml.el makes "S/MIME Sign" and "S/MIME
> Encrypt" work like "S/MIME Sign Part" and "S/MIME Encrypt Part" (it
> will fetch the certificates). Maybe that will be removed later if we/I
> postpone this until we send the message (as discussed ealier).

Yup.

password-cache-expiry and encrypt-password-cache-expiry (was: Patch for smime-stuff)

[Arne Jørgensen]

Arne Jørgensen <arne@arnested.dk> writes:

>        (smime-ask-passphrase): Use `password-read-and-add' to read (and
>        cache) password.

I noticed that `encrypt-password-cache-expiry' defaults to 200 seconds
_and_ when set, sets `password-cache-expiry' (default value 16
seconds) too.

Since both are loaded by gnus the value of `password-cache-expiry'
ends up being 200 seconds. Is this wise?

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>

Re: password-cache-expiry and encrypt-password-cache-expiry

[Simon Josefsson]

Arne Jørgensen <arne@arnested.dk> writes:

> Arne Jørgensen <arne@arnested.dk> writes:
>
>>        (smime-ask-passphrase): Use `password-read-and-add' to read (and
>>        cache) password.
>
> I noticed that `encrypt-password-cache-expiry' defaults to 200 seconds
> _and_ when set, sets `password-cache-expiry' (default value 16
> seconds) too.
>
> Since both are loaded by gnus the value of `password-cache-expiry'
> ends up being 200 seconds. Is this wise?

I don't think so.

I removed e-p-c-e, it wasn't used except as part of the custom group,
and added the password-* variables to the defgroup MEMBERS parameter,
so they will end up in the encrypt custom group as well.

Ok, Ted?

Re: Patch for smime-stuff

[Arne Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 423 bytes --]

Arne Jørgensen <arne@arnested.dk> writes:

>        (smime-sign-buffer): Signal an error if `smime-sign-region' fails.
>        (smime-encrypt-buffer): Signal an error if `smime-encrypt-region'
>        fails.

Since this above changes is actually a security fix they should also
be commited to the v5-10 branch I think.

A patch for the v5-10 branch is attached.

Kind regards,
-- 
Arne Jørgensen <http://arnested.dk/>


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: smime_v5-10.patch --]
[-- Type: text/x-patch, Size: 2552 bytes --]

Index: lisp/ChangeLog
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/ChangeLog,v
retrieving revision 6.2771.2.115
diff -u -p -r6.2771.2.115 ChangeLog
--- lisp/ChangeLog	21 Feb 2005 13:38:17 -0000	6.2771.2.115
+++ lisp/ChangeLog	22 Feb 2005 22:16:09 -0000
@@ -1,3 +1,10 @@
+2005-02-22  Arne J^[,Ax^[(Brgensen  <arne@arnested.dk>
+
+	* smime.el (smime-sign-buffer): Signal an error if
+	`smime-sign-region' fails.
+	(smime-encrypt-buffer): Signal an error if `smime-encrypt-region'
+	fails.
+
 2005-02-21  Reiner Steib  <Reiner.Steib@gmx.de>
 
 	* gnus-art.el (gnus-parse-news-url, gnus-button-handle-news):
Index: lisp/smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
retrieving revision 6.33.2.3
diff -u -p -r6.33.2.3 smime.el
--- lisp/smime.el	13 Feb 2005 04:46:05 -0000	6.33.2.3
+++ lisp/smime.el	22 Feb 2005 22:16:10 -0000
@@ -332,16 +332,17 @@ is expected to contain of a PEM encoded 
 KEYFILE should contain a PEM encoded key and certificate."
   (interactive)
   (with-current-buffer (or buffer (current-buffer))
-    (smime-sign-region
-     (point-min) (point-max)
-     (if keyfile
-	 keyfile
-       (smime-get-key-with-certs-by-email
-	(completing-read
-	 (concat "Sign using which key? "
-		 (if smime-keys (concat "(default " (caar smime-keys) ") ")
-		   ""))
-	 smime-keys nil nil (car-safe (car-safe smime-keys))))))))
+    (unless (smime-sign-region
+	     (point-min) (point-max)
+	     (if keyfile
+		 keyfile
+	       (smime-get-key-with-certs-by-email
+		(completing-read
+		 (concat "Sign using which key? "
+			 (if smime-keys (concat "(default " (caar smime-keys) ") ")
+			   ""))
+		 smime-keys nil nil (car-safe (car-safe smime-keys))))))
+      (error "Signing failed"))))
 
 (defun smime-encrypt-buffer (&optional certfiles buffer)
   "S/MIME encrypt BUFFER for recipients specified in CERTFILES.
@@ -350,11 +351,12 @@ a PEM encoded key and certificate.  Uses
 nil."
   (interactive)
   (with-current-buffer (or buffer (current-buffer))
-    (smime-encrypt-region
-     (point-min) (point-max)
-     (or certfiles
-	 (list (read-file-name "Recipient's S/MIME certificate: "
-			       smime-certificate-directory nil))))))
+    (unless (smime-encrypt-region
+	     (point-min) (point-max)
+	     (or certfiles
+		 (list (read-file-name "Recipient's S/MIME certificate: "
+				       smime-certificate-directory nil))))
+      (error "Encryption failed"))))
 
 ;; Verify+decrypt region
 

Re: Patch for smime-stuff

[Simon Josefsson]

Arne Jørgensen <arne@arnested.dk> writes:

> Arne Jørgensen <arne@arnested.dk> writes:
>
>>        (smime-sign-buffer): Signal an error if `smime-sign-region' fails.
>>        (smime-encrypt-buffer): Signal an error if `smime-encrypt-region'
>>        fails.
>
> Since this above changes is actually a security fix they should also
> be commited to the v5-10 branch I think.

Right.

> A patch for the v5-10 branch is attached.

Applied.  Thanks!

Re: password-cache-expiry and encrypt-password-cache-expiry

[Ted Zlatanov]

On Tue, 22 Feb 2005, jas@extundo.com wrote:

> Arne Jørgensen <arne@arnested.dk> writes:
> 
>> Arne Jørgensen <arne@arnested.dk> writes:
>>
>>>        (smime-ask-passphrase): Use `password-read-and-add' to read (and
>>>        cache) password.
>>
>> I noticed that `encrypt-password-cache-expiry' defaults to 200 seconds
>> _and_ when set, sets `password-cache-expiry' (default value 16
>> seconds) too.
>>
>> Since both are loaded by gnus the value of `password-cache-expiry'
>> ends up being 200 seconds. Is this wise?
> 
> I don't think so.
> 
> I removed e-p-c-e, it wasn't used except as part of the custom group,
> and added the password-* variables to the defgroup MEMBERS parameter,
> so they will end up in the encrypt custom group as well.

This is fine.  I meant to fix it, myself, but forgot about it.  Sorry.

Thanks for catching it, Arne.

Ted