Closed Bug 1656023 Opened 4 years ago Closed 4 years ago

The contents of an inline PGP encrypted message aren't shown, if it has a bad signature

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Platform:
x86_64
Linux
Type:
defect

Tracking

(thunderbird_esr78 fixed, thunderbird80 fixed)

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
thunderbird_esr78 --- fixed
thunderbird80 --- fixed

People

(Reporter: chriechers, Assigned: KaiE)

Details

Attachments

(1 file)

Bug 1656023 - Don't abort processing of inline decrypted messages with bad signature. r=PatrickBrunschwig
47 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr78+
Details | Review

TB79.0 beta3, Linux

A plain text, inline PGP encrypted list message from one particular sender stills fails to decrypt. I.e. after pressing the 'Decrypt' button, the cipher text is still there.

The Error Console has this:
Uncaught (in promise) Error: unhandled partial PGP message with bad signature
updateHdrIcons chrome://openpgp/content/ui/enigmailMsgHdrViewOverlay.js:336
messageParseCallback chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1486
messageParse chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1278
messageDecryptCb chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1021
messageDecrypt chrome://openpgp/content/ui/enigmailMessengerOverlay.js:719
onData chrome://openpgp/content/modules/mime.jsm:459
onStopRequest chrome://openpgp/content/modules/streams.jsm:78
callbackWrapper chrome://openpgp/content/modules/timer.jsm:30
notify resource://gre/modules/Timer.jsm:62
enigmailMsgHdrViewOverlay.js:336:13

Can you please set environment variable RNP_LOG_CONSOLE=1 and start Thunderbird from that console?
Do you get log output from the RNP library?

Lines from RNP contain the text "home/user/github/rnp/src/" for example like this:
[signature_validate() /home/user/github/rnp/src/lib/crypto/signatures.cpp:214] wrong lbits
[signature_check() /home/user/github/rnp/src/librepgp/stream-sig.cpp:1051] invalid or untrusted key

Flags: needinfo?(chriechers)

Here's the log output:
[signature_parse_subpacket() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-packet.cpp:1460] unknown subpacket : 38
[signature_parse_subpacket() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-packet.cpp:1460] unknown subpacket : 38
[signed_src_finish() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-parse.cpp:930] signer's key not found
[signature_check() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-sig.cpp:1051] invalid or untrusted key
[signature_parse_subpacket() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-packet.cpp:1460] unknown subpacket : 38
[signature_parse_subpacket() /builds/worker/checkouts/gecko/comm/third_party/rnp/src/librepgp/stream-packet.cpp:1460] unknown subpacket : 38

Flags: needinfo?(chriechers)

Thanks for the log output.
We have two different problems here.

Problem 1 is caused by the message containing packets that RNP doesn't like.

Subpacket 38 isn't defined in RFC 4880, so apparently there is a nonstandard key involved.

Nickolay, do you think RNP might return an error message (or bad signature status) if it discovers a non-critical 38 ?
Or, because we see a non-success status, can we conclude that the packet 38 is defined as critical by the message?

Problem 2 is with Thunderbird code.

If we detect a bad signature error code, for a message that was identified as inline with surrounding text (partial openpgp), then currently we throw an exception and stop processing.

I'll create a patch that will avoid that exception, and will continue to process the message.

Assignee: nobody → kaie
Status: NEW → ASSIGNED
Summary: inline PGP encrypted list message from one particular sender still fails to decrypt → The contents of an inline PGP encrypted message aren't shown, if it has a bad signature

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/201a22f8e6ac
Don't abort processing of inline decrypted messages with bad signature. r=PatrickBrunschwig DONTBUILD

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
status-thunderbird80: --- → affected
status-thunderbird_esr78: --- → affected
Target Milestone: --- → 81 Branch

Comment on attachment 9168019 [details]
Bug 1656023 - Don't abort processing of inline decrypted messages with bad signature. r=PatrickBrunschwig

OpenPGP correctness fix. Only affects messages that were previously displayed incorrectly.

Attachment #9168019 - Flags: approval-comm-esr78?
Attachment #9168019 - Flags: approval-comm-beta?

Comment on attachment 9168019 [details]
Bug 1656023 - Don't abort processing of inline decrypted messages with bad signature. r=PatrickBrunschwig

[Triage Comment]
Approved for beta

Attachment #9168019 - Flags: approval-comm-beta? → approval-comm-beta+

Comment on attachment 9168019 [details]
Bug 1656023 - Don't abort processing of inline decrypted messages with bad signature. r=PatrickBrunschwig

[Triage Comment]
Approved for esr78

Attachment #9168019 - Flags: approval-comm-esr78? → approval-comm-esr78+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: