|
|
a1174d |
# HG changeset patch
|
|
|
a1174d |
# User Kai Engert <kaie@kuix.de>
|
|
|
a1174d |
# Date 1664378971 0
|
|
|
a1174d |
# Wed Sep 28 15:29:31 2022 +0000
|
|
|
a1174d |
# Node ID 98bde42cf14e966da1cdf098e2d0917032c0f327
|
|
|
a1174d |
# Parent af0b1f5e4c7710f824c6141103e516ca60bc78aa
|
|
|
a1174d |
Bug 1791195 - Adjust OpenPGP signature handling for RNP >= 0.16.2. r=mkmelin
|
|
|
a1174d |
|
|
|
a1174d |
Differential Revision: https://phabricator.services.mozilla.com/D158270
|
|
|
a1174d |
|
|
|
a1174d |
diff --git a/comm/mail/extensions/openpgp/content/modules/RNP.jsm b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
|
a1174d |
--- a/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
|
a1174d |
+++ b/comm/mail/extensions/openpgp/content/modules/RNP.jsm
|
|
|
a1174d |
@@ -1150,22 +1150,25 @@ var RNP = {
|
|
|
a1174d |
|
|
|
a1174d |
result.exitCode = RNPLib.rnp_op_verify_execute(verify_op);
|
|
|
a1174d |
|
|
|
a1174d |
let rnpCannotDecrypt = false;
|
|
|
a1174d |
let queryAllEncryptionRecipients = false;
|
|
|
a1174d |
+ let stillUndecidedIfSignatureIsBad = false;
|
|
|
a1174d |
|
|
|
a1174d |
let useDecodedData;
|
|
|
a1174d |
let processSignature;
|
|
|
a1174d |
switch (result.exitCode) {
|
|
|
a1174d |
case RNPLib.RNP_SUCCESS:
|
|
|
a1174d |
useDecodedData = true;
|
|
|
a1174d |
processSignature = true;
|
|
|
a1174d |
break;
|
|
|
a1174d |
case RNPLib.RNP_ERROR_SIGNATURE_INVALID:
|
|
|
a1174d |
- result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;
|
|
|
a1174d |
+ // Either the signing key is unavailable, or the signature is
|
|
|
a1174d |
+ // indeed bad. Must check signature status below.
|
|
|
a1174d |
+ stillUndecidedIfSignatureIsBad = true;
|
|
|
a1174d |
useDecodedData = true;
|
|
|
a1174d |
- processSignature = false;
|
|
|
a1174d |
+ processSignature = true;
|
|
|
a1174d |
break;
|
|
|
a1174d |
case RNPLib.RNP_ERROR_SIGNATURE_EXPIRED:
|
|
|
a1174d |
useDecodedData = true;
|
|
|
a1174d |
processSignature = false;
|
|
|
a1174d |
result.statusFlags |= EnigmailConstants.EXPIRED_SIGNATURE;
|
|
|
a1174d |
@@ -1320,13 +1323,30 @@ var RNP = {
|
|
|
a1174d |
options.fromAddr,
|
|
|
a1174d |
options.msgDate,
|
|
|
a1174d |
verify_op,
|
|
|
a1174d |
result
|
|
|
a1174d |
);
|
|
|
a1174d |
+
|
|
|
a1174d |
+ if (
|
|
|
a1174d |
+ (result.statusFlags &
|
|
|
a1174d |
+ (EnigmailConstants.GOOD_SIGNATURE |
|
|
|
a1174d |
+ EnigmailConstants.UNCERTAIN_SIGNATURE |
|
|
|
a1174d |
+ EnigmailConstants.EXPIRED_SIGNATURE |
|
|
|
a1174d |
+ EnigmailConstants.BAD_SIGNATURE)) !=
|
|
|
a1174d |
+ 0
|
|
|
a1174d |
+ ) {
|
|
|
a1174d |
+ // A decision was already made.
|
|
|
a1174d |
+ stillUndecidedIfSignatureIsBad = false;
|
|
|
a1174d |
+ }
|
|
|
a1174d |
}
|
|
|
a1174d |
}
|
|
|
a1174d |
|
|
|
a1174d |
+ if (stillUndecidedIfSignatureIsBad) {
|
|
|
a1174d |
+ // We didn't find more details above, so conclude it's bad.
|
|
|
a1174d |
+ result.statusFlags |= EnigmailConstants.BAD_SIGNATURE;
|
|
|
a1174d |
+ }
|
|
|
a1174d |
+
|
|
|
a1174d |
RNPLib.rnp_input_destroy(input_from_memory);
|
|
|
a1174d |
RNPLib.rnp_output_destroy(output_to_memory);
|
|
|
a1174d |
RNPLib.rnp_op_verify_destroy(verify_op);
|
|
|
a1174d |
|
|
|
a1174d |
if (
|
|
|
a1174d |
@@ -1458,10 +1478,12 @@ var RNP = {
|
|
|
a1174d |
let have_signer_key = false;
|
|
|
a1174d |
let use_signer_key = false;
|
|
|
a1174d |
|
|
|
a1174d |
if (query_signer) {
|
|
|
a1174d |
if (RNPLib.rnp_op_verify_signature_get_key(sig, signer_key.address())) {
|
|
|
a1174d |
+ // If sig_status isn't RNP_ERROR_KEY_NOT_FOUND then we must
|
|
|
a1174d |
+ // be able to obtain the signer key.
|
|
|
a1174d |
throw new Error("rnp_op_verify_signature_get_key");
|
|
|
a1174d |
}
|
|
|
a1174d |
|
|
|
a1174d |
have_signer_key = true;
|
|
|
a1174d |
use_signer_key = !this.isBadKey(signer_key);
|