From aaf564ace324cba8f96be63c505293f3f893bcd8 Mon Sep 17 00:00:00 2001 From: Alexander Golubev Date: Tue, 10 Mar 2026 06:33:44 +0300 Subject: kmail: fix signature verification in cyphered messages If messages were simultaneously encrypted and signed with GPG, kmail were incorrectly claiming that "The validity of the signature cannot be verified" when it were already verified. This patch fixes that by requesting the key after the DecryptVerify job. Also the commit has some minor refactoring like reordering arguments of writeOpaqueOrMultipartSignedData(). Closes: https://mirror.git.trinitydesktop.org/gitea/TDE/tdepim/issues/187 Signed-off-by: Alexander Golubev --- kmail/objecttreeparser.cpp | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) (limited to 'kmail/objecttreeparser.cpp') diff --git a/kmail/objecttreeparser.cpp b/kmail/objecttreeparser.cpp index de0faee2..9613a64b 100644 --- a/kmail/objecttreeparser.cpp +++ b/kmail/objecttreeparser.cpp @@ -415,9 +415,10 @@ namespace KMail { partNode& sign, const TQString& fromAddress, bool doCheck, + bool hideErrors, TQCString* cleartextData, const std::vector & paramSignatures, - bool hideErrors ) + const GpgME::Key & paramKey) { bool bIsOpaqueSigned = false; enum { NO_PLUGIN, NOT_INITIALIZED, CANT_VERIFY_SIGNATURES } @@ -477,8 +478,12 @@ namespace KMail { } std::vector signatures; - if ( !doCheck ) + GpgME::Key key; + + if ( !doCheck ) { signatures = paramSignatures; + key = paramKey; + } PartMetaData messagePart; messagePart.isSigned = true; @@ -490,8 +495,6 @@ namespace KMail { messagePart.status = i18n("Wrong Crypto Plug-In."); messagePart.status_code = GPGME_SIG_STAT_NONE; - GpgME::Key key; - if ( doCheck && cryptProto ) { GpgME::VerificationResult result; if ( data ) { // detached @@ -775,6 +778,7 @@ bool ObjectTreeParser::okDecryptMIME( partNode& data, TQCString& decryptedData, bool& signatureFound, std::vector &signatures, + GpgME::Key &key, bool showWarning, bool& passphraseError, bool& actuallyEncrypted, @@ -839,7 +843,7 @@ bool ObjectTreeParser::okDecryptMIME( partNode& data, cryptProto = 0; } else { DecryptVerifyBodyPartMemento * newM - = new DecryptVerifyBodyPartMemento( job, ciphertext ); + = new DecryptVerifyBodyPartMemento( job, cryptProto->keyListJob(), ciphertext ); if ( allowAsync() ) { if ( newM->start() ) { decryptionStarted = true; @@ -868,6 +872,7 @@ bool ObjectTreeParser::okDecryptMIME( partNode& data, //kdDebug(5006) << ss.str().c_str() << endl; signatureFound = verifyResult.signatures().size() > 0; signatures = verifyResult.signatures(); + key = m->signingKey(); bDecryptionOk = !decryptResult.error(); passphraseError = decryptResult.error().isCanceled() || decryptResult.error().code() == GPG_ERR_NO_SECKEY; @@ -1402,6 +1407,7 @@ namespace KMail { TQCString decryptedData; bool signatureFound; std::vector signatures; + GpgME::Key signingKey; bool passphraseError; bool actuallyEncrypted = true; bool decryptionStarted; @@ -1410,6 +1416,7 @@ namespace KMail { decryptedData, signatureFound, signatures, + signingKey, true, passphraseError, actuallyEncrypted, @@ -1450,9 +1457,10 @@ namespace KMail { *node, node->trueFromAddress(), false, + false, &decryptedData, signatures, - false ); + signingKey ); node->setSignatureState( KMMsgFullySigned ); } else { insertAndParseNewChildNode( *node, @@ -1566,6 +1574,7 @@ namespace KMail { TQCString decryptedData; bool signatureFound; std::vector signatures; + GpgME::Key signingKey; bool passphraseError; bool actuallyEncrypted = true; bool decryptionStarted; @@ -1574,6 +1583,7 @@ namespace KMail { decryptedData, signatureFound, signatures, + signingKey, true, passphraseError, actuallyEncrypted, @@ -1742,6 +1752,7 @@ namespace KMail { messagePart.isSigned = false; bool signatureFound; std::vector signatures; + GpgME::Key signingKey; bool passphraseError; bool actuallyEncrypted = true; bool decryptionStarted; @@ -1755,6 +1766,7 @@ namespace KMail { decryptedData, signatureFound, signatures, + signingKey, false, passphraseError, actuallyEncrypted, @@ -1826,8 +1838,6 @@ namespace KMail { *signTestNode, node->trueFromAddress(), true, - 0, - std::vector(), isEncrypted ); if ( sigFound ) { if ( !isSigned ) { -- cgit v1.2.3