smime.c File Reference

SMIME helper routines. More...

#include "config.h"
#include <limits.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include "private.h"
#include "mutt/lib.h"
#include "address/lib.h"
#include "config/lib.h"
#include "email/lib.h"
#include "core/lib.h"
#include "alias/lib.h"
#include "gui/lib.h"
#include "mutt.h"
#include "lib.h"
#include "editor/lib.h"
#include "expando/lib.h"
#include "history/lib.h"
#include "question/lib.h"
#include "send/lib.h"
#include "crypt.h"
#include "cryptglue.h"
#include "expando_smime.h"
#include "module_data.h"
#include "mutt_logging.h"
#include "smime.h"

Include dependency graph for smime.c:

Go to the source code of this file.

Functions
void	smime_init (void)
	Initialise smime globals.
void	smime_cleanup (struct NcryptModuleData *mod_data)
	Clean up smime globals.
static void	smime_key_free (struct SmimeKey **keylist)
	Free a list of SMIME keys.
static struct SmimeKey *	smime_copy_key (struct SmimeKey *key)
	Copy an SMIME key.
void	smime_class_void_passphrase (void)
	Forget the cached passphrase - Implements CryptModuleSpecs::void_passphrase() -.
bool	smime_class_valid_passphrase (void)
	Ensure we have a valid passphrase - Implements CryptModuleSpecs::valid_passphrase() -.
static void	smime_command (struct Buffer *buf, struct SmimeCommandContext *cctx, const struct Expando *exp)
	Format an SMIME command string.
static pid_t	smime_invoke (FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname, const char *sig_fname, const char *cryptalg, const char *digestalg, const char *key, const char *certificates, const char *intermediates, const struct Expando *exp)
	Run an SMIME command.
static struct SmimeKey *	smime_parse_key (char *buf)
	Parse an SMIME key block.
static struct SmimeKey *	smime_get_candidates (const char *search, bool only_public_key)
	Find keys matching a string.
static struct SmimeKey *	smime_get_key_by_hash (const char *hash, bool only_public_key)
	Find a key by its hash.
static struct SmimeKey *	smime_get_key_by_addr (const char *mailbox, KeyFlags abilities, bool only_public_key, bool oppenc_mode)
	Find an SIME key by address.
static struct SmimeKey *	smime_get_key_by_str (const char *str, KeyFlags abilities, bool only_public_key)
	Find an SMIME key by string.
static struct SmimeKey *	smime_ask_for_key (const char *prompt, KeyFlags abilities, bool only_public_key)
	Ask the user to select a key.
static void	getkeys (const char *mailbox)
	Get the keys for a mailbox.
void	smime_class_getkeys (struct Envelope *env)
	Get the S/MIME keys required to encrypt this email - Implements CryptModuleSpecs::smime_getkeys() -.
char *	smime_class_find_keys (const struct AddressList *al, bool oppenc_mode)
	Find the keyids of the recipients of a message - Implements CryptModuleSpecs::find_keys() -.
static int	smime_handle_cert_email (const char *certificate, const char *mailbox, bool copy, char ***buffer, int *num)
	Process an email containing certificates.
static char *	smime_extract_certificate (const char *infile)
	Extract an SMIME certificate from a file.
static char *	smime_extract_signer_certificate (const char *infile)
	Extract the signer's certificate.
void	smime_class_invoke_import (const char *infile, const char *mailbox)
	Add a certificate and update index file (externally) - Implements CryptModuleSpecs::smime_invoke_import() -.
int	smime_class_verify_sender (struct Email *e, struct Message *msg)
	Does the sender match the certificate?
static pid_t	smime_invoke_encrypt (FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname, const char *uids)
	Use SMIME to encrypt a file.
static pid_t	smime_invoke_sign (FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname)
	Use SMIME to sign a file.
struct Body *	smime_class_build_smime_entity (struct Body *b, char *certlist)
	Encrypt the email body to all recipients - Implements CryptModuleSpecs::smime_build_smime_entity() -.
static char *	openssl_md_to_smime_micalg (const char *md)
	Change the algorithm names.
struct Body *	smime_class_sign_message (struct Body *b, const struct AddressList *from)
	Cryptographically sign the Body of a message - Implements CryptModuleSpecs::sign_message() -.
static pid_t	smime_invoke_verify (FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname, const char *sig_fname, int opaque)
	Use SMIME to verify a file.
static pid_t	smime_invoke_decrypt (FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname)
	Use SMIME to decrypt a file.
int	smime_class_verify_one (struct Body *b, struct State *state, const char *tempfile)
	Check a signed MIME part against a signature - Implements CryptModuleSpecs::verify_one() -.
static struct Body *	smime_handle_entity (struct Body *b, struct State *state, FILE *fp_out_file)
	Handle type application/pkcs7-mime.
int	smime_class_decrypt_mime (FILE *fp_in, FILE **fp_out, struct Body *b, struct Body **b_dec)
	Decrypt an encrypted MIME part - Implements CryptModuleSpecs::decrypt_mime() -.
int	smime_class_application_handler (struct Body *b, struct State *state)
	Manage the MIME type "application/pgp" or "application/smime" - Implements CryptModuleSpecs::application_handler() -.
SecurityFlags	smime_class_send_menu (struct Email *e)
	Ask the user whether to sign and/or encrypt the email - Implements CryptModuleSpecs::send_menu() -.

Detailed Description

SMIME helper routines.

Authors

• Richard Russon
• Pietro Cerutti
• Lars Haalck
• Anna Figueiredo Gomes
• Alejandro Colomar
• Tóth János

Copyright

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file smime.c.

Function Documentation

smime_init()

void smime_init

(

void

)

Initialise smime globals.

Definition at line 68 of file smime.c.

{
  struct NcryptModuleData *mod_data = neomutt_get_module_data(NeoMutt, MODULE_ID_NCRYPT);
  buf_alloc(&mod_data->smime_key_to_use, 256);
  buf_alloc(&mod_data->smime_cert_to_use, 256);
  buf_alloc(&mod_data->smime_intermediate_to_use, 256);
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_cleanup()

void smime_cleanup

(

struct NcryptModuleData *

mod_data

)

Clean up smime globals.

Parameters

mod_data

Ncrypt module data

Definition at line 80 of file smime.c.

{
  buf_dealloc(&mod_data->smime_key_to_use);
  buf_dealloc(&mod_data->smime_cert_to_use);
  buf_dealloc(&mod_data->smime_intermediate_to_use);
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_key_free()

static void smime_key_free ( struct SmimeKey ** keylist )

static

Free a list of SMIME keys.

Parameters

[out]

keylist

List of keys to free

Definition at line 91 of file smime.c.

{
  if (!keylist)
    return;
 
  struct SmimeKey *key = NULL;
 
  while (*keylist)
  {
    key = *keylist;
    *keylist = (*keylist)->next;
 
    FREE(&key->email);
    FREE(&key->hash);
    FREE(&key->label);
    FREE(&key->issuer);
    FREE(&key);
  }
}

Here is the caller graph for this function:

smime_copy_key()

static struct SmimeKey * smime_copy_key ( struct SmimeKey * key )

static

Copy an SMIME key.

Parameters

key	Key to copy

Return values

ptr	Newly allocated SMIME key

Definition at line 116 of file smime.c.

{
  if (!key)
    return NULL;
 
  struct SmimeKey *copy = NULL;
 
  copy = MUTT_MEM_CALLOC(1, struct SmimeKey);
  copy->email = mutt_str_dup(key->email);
  copy->hash = mutt_str_dup(key->hash);
  copy->label = mutt_str_dup(key->label);
  copy->issuer = mutt_str_dup(key->issuer);
  copy->trust = key->trust;
  copy->flags = key->flags;
 
  return copy;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_command()

static void smime_command ( struct Buffer * buf, struct SmimeCommandContext * cctx, const struct Expando * exp )

static

Format an SMIME command string.

Parameters

buf	Buffer for the result
cctx	Data to pass to the formatter
exp	Expando to use

Definition at line 185 of file smime.c.

{
  expando_render(exp, SmimeCommandRenderCallbacks, cctx, MUTT_FORMAT_NONE, buf->dsize, buf);
  mutt_debug(LL_DEBUG2, "%s\n", buf_string(buf));
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_invoke()

static pid_t smime_invoke ( FILE ** fp_smime_in, FILE ** fp_smime_out, FILE ** fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char * fname, const char * sig_fname, const char * cryptalg, const char * digestalg, const char * key, const char * certificates, const char * intermediates, const struct Expando * exp )

static

Run an SMIME command.

Parameters

[out]	fp_smime_in	stdin for the command, or NULL (OPTIONAL)
[out]	fp_smime_out	stdout for the command, or NULL (OPTIONAL)
[out]	fp_smime_err	stderr for the command, or NULL (OPTIONAL)
[in]	fp_smime_infd	stdin for the command, or -1 (OPTIONAL)
[in]	fp_smime_outfd	stdout for the command, or -1 (OPTIONAL)
[in]	fp_smime_errfd	stderr for the command, or -1 (OPTIONAL)
[in]	fname	Filename to pass to the command
[in]	sig_fname	Signature filename to pass to the command
[in]	cryptalg	Encryption algorithm
[in]	digestalg	Hashing algorithm
[in]	key	SMIME key
[in]	certificates	Public certificates
[in]	intermediates	Intermediate certificates
[in]	exp	Expando format string

Return values

num	PID of the created process
-1	Error creating pipes or forking

Note

fp_smime_in has priority over fp_smime_infd. Likewise fp_smime_out and fp_smime_err.

Definition at line 214 of file smime.c.

{
  struct SmimeCommandContext cctx = { 0 };
 
  if (!exp)
    return (pid_t) -1;
 
  cctx.fname = fname;
  cctx.sig_fname = sig_fname;
  cctx.key = key;
  cctx.cryptalg = cryptalg;
  cctx.digestalg = digestalg;
  cctx.certificates = certificates;
  cctx.intermediates = intermediates;
 
  struct Buffer *cmd = buf_pool_get();
  smime_command(cmd, &cctx, exp);
 
  pid_t pid = filter_create_fd(buf_string(cmd), fp_smime_in, fp_smime_out,
                               fp_smime_err, fp_smime_infd, fp_smime_outfd,
                               fp_smime_errfd, NeoMutt->env);
  buf_pool_release(&cmd);
  return pid;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_parse_key()

static struct SmimeKey * smime_parse_key ( char * buf )

static

Parse an SMIME key block.

Parameters

buf	String to parse

Return values

ptr	SMIME key
NULL	Error

Definition at line 249 of file smime.c.

{
  char *pend = NULL, *p = NULL;
  int field = 0;
 
  struct SmimeKey *key = MUTT_MEM_CALLOC(1, struct SmimeKey);
 
  for (p = buf; p; p = pend)
  {
    /* Some users manually maintain their .index file, and use a tab
     * as a delimiter, which the old parsing code (using fscanf)
     * happened to allow.  smime_keys uses a space, so search for both.  */
    if ((pend = strchr(p, ' ')) || (pend = strchr(p, '\t')) || (pend = strchr(p, '\n')))
      *pend++ = 0;
 
    /* For backward compatibility, don't count consecutive delimiters
     * as an empty field.  */
    if (*p == '\0')
      continue;
 
    field++;
 
    switch (field)
    {
      case 1: /* mailbox */
        key->email = mutt_str_dup(p);
        break;
      case 2: /* hash */
        key->hash = mutt_str_dup(p);
        break;
      case 3: /* label */
        key->label = mutt_str_dup(p);
        break;
      case 4: /* issuer */
        key->issuer = mutt_str_dup(p);
        break;
      case 5: /* trust */
        key->trust = *p;
        break;
      case 6: /* purpose */
        while (*p)
        {
          switch (*p++)
          {
            case 'e':
              key->flags |= KEYFLAG_CANENCRYPT;
              break;
 
            case 's':
              key->flags |= KEYFLAG_CANSIGN;
              break;
          }
        }
        break;
    }
  }
 
  /* Old index files could be missing issuer, trust, and purpose,
   * but anything less than that is an error. */
  if (field < 3)
  {
    smime_key_free(&key);
    return NULL;
  }
 
  if (field < 4)
    key->issuer = mutt_str_dup("?");
 
  if (field < 5)
    key->trust = 't';
 
  if (field < 6)
    key->flags = (KEYFLAG_CANENCRYPT | KEYFLAG_CANSIGN);
 
  return key;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_get_candidates()

static struct SmimeKey * smime_get_candidates ( const char * search, bool only_public_key )

static

Find keys matching a string.

Parameters

search	String to match
only_public_key	If true, only get the public keys

Return values

ptr	Matching key

Definition at line 332 of file smime.c.

{
  char buf[1024] = { 0 };
  struct SmimeKey *key = NULL, *results = NULL;
  struct SmimeKey **results_end = &results;
 
  struct Buffer *index_file = buf_pool_get();
  const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
  const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
  buf_printf(index_file, "%s/.index",
             only_public_key ? NONULL(c_smime_certificates) : NONULL(c_smime_keys));
 
  FILE *fp = mutt_file_fopen(buf_string(index_file), "r");
  if (!fp)
  {
    mutt_perror("%s", buf_string(index_file));
    buf_pool_release(&index_file);
    return NULL;
  }
  buf_pool_release(&index_file);
 
  while (fgets(buf, sizeof(buf), fp))
  {
    if (((*search == '\0')) || mutt_istr_find(buf, search))
    {
      key = smime_parse_key(buf);
      if (key)
      {
        *results_end = key;
        results_end = &key->next;
      }
    }
  }
 
  mutt_file_fclose(&fp);
 
  return results;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_get_key_by_hash()

static struct SmimeKey * smime_get_key_by_hash ( const char * hash, bool only_public_key )

static

Find a key by its hash.

Parameters

hash	Hash to find
only_public_key	If true, only get the public keys

Return values

ptr	Matching key

Returns the first matching key record, without prompting or checking of abilities or trust.

Definition at line 380 of file smime.c.

{
  struct SmimeKey *match = NULL;
  struct SmimeKey *results = smime_get_candidates(hash, only_public_key);
  for (struct SmimeKey *result = results; result; result = result->next)
  {
    if (mutt_istr_equal(hash, result->hash))
    {
      match = smime_copy_key(result);
      break;
    }
  }
 
  smime_key_free(&results);
 
  return match;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_get_key_by_addr()

static struct SmimeKey * smime_get_key_by_addr ( const char * mailbox, KeyFlags abilities, bool only_public_key, bool oppenc_mode )

static

Find an SIME key by address.

Parameters

mailbox	Email address to match
abilities	Abilities to match, see KeyFlags
only_public_key	If true, only get the public keys
oppenc_mode	If true, use opportunistic encryption

Return values

ptr	Matching key

Definition at line 406 of file smime.c.

{
  if (!mailbox)
    return NULL;
 
  struct SmimeKey *results = NULL, *result = NULL;
  struct SmimeKey *matches = NULL;
  struct SmimeKey **matches_end = &matches;
  struct SmimeKey *match = NULL;
  struct SmimeKey *trusted_match = NULL;
  struct SmimeKey *valid_match = NULL;
  struct SmimeKey *return_key = NULL;
  bool multi_trusted_matches = false;
 
  results = smime_get_candidates(mailbox, only_public_key);
  for (result = results; result; result = result->next)
  {
    if (abilities && !(result->flags & abilities))
    {
      continue;
    }
 
    if (mutt_istr_equal(mailbox, result->email))
    {
      match = smime_copy_key(result);
      *matches_end = match;
      matches_end = &match->next;
 
      if (match->trust == 't')
      {
        if (trusted_match && !mutt_istr_equal(match->hash, trusted_match->hash))
        {
          multi_trusted_matches = true;
        }
        trusted_match = match;
      }
      else if ((match->trust == 'u') || (match->trust == 'v'))
      {
        valid_match = match;
      }
    }
  }
 
  smime_key_free(&results);
 
  if (matches)
  {
    if (oppenc_mode || !isatty(STDIN_FILENO))
    {
      const bool c_crypt_opportunistic_encrypt_strong_keys =
          cs_subset_bool(NeoMutt->sub, "crypt_opportunistic_encrypt_strong_keys");
      if (trusted_match)
        return_key = smime_copy_key(trusted_match);
      else if (valid_match && !c_crypt_opportunistic_encrypt_strong_keys)
        return_key = smime_copy_key(valid_match);
      else
        return_key = NULL;
    }
    else if (trusted_match && !multi_trusted_matches)
    {
      return_key = smime_copy_key(trusted_match);
    }
    else
    {
      return_key = smime_copy_key(dlg_smime(matches, mailbox));
    }
 
    smime_key_free(&matches);
  }
 
  return return_key;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_get_key_by_str()

static struct SmimeKey * smime_get_key_by_str ( const char * str, KeyFlags abilities, bool only_public_key )

static

Find an SMIME key by string.

Parameters

str	String to match
abilities	Abilities to match, see KeyFlags
only_public_key	If true, only get the public keys

Return values

ptr	Matching key

Definition at line 487 of file smime.c.

{
  if (!str)
    return NULL;
 
  struct SmimeKey *results = NULL, *result = NULL;
  struct SmimeKey *matches = NULL;
  struct SmimeKey **matches_end = &matches;
  struct SmimeKey *match = NULL;
  struct SmimeKey *return_key = NULL;
 
  results = smime_get_candidates(str, only_public_key);
  for (result = results; result; result = result->next)
  {
    if (abilities && !(result->flags & abilities))
    {
      continue;
    }
 
    if (mutt_istr_equal(str, result->hash) ||
        mutt_istr_find(result->email, str) || mutt_istr_find(result->label, str))
    {
      match = smime_copy_key(result);
      *matches_end = match;
      matches_end = &match->next;
    }
  }
 
  smime_key_free(&results);
 
  if (matches)
  {
    return_key = smime_copy_key(dlg_smime(matches, str));
    smime_key_free(&matches);
  }
 
  return return_key;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_ask_for_key()

static struct SmimeKey * smime_ask_for_key ( const char * prompt, KeyFlags abilities, bool only_public_key )

static

Ask the user to select a key.

Parameters

prompt	Prompt to show the user
abilities	Abilities to match, see KeyFlags
only_public_key	If true, only get the public keys

Return values

ptr	Selected SMIME key

Definition at line 533 of file smime.c.

{
  if (!prompt)
    return NULL;
 
  struct SmimeKey *key = NULL;
  struct Buffer *resp = buf_pool_get();
 
  mutt_clear_error();
 
  while (true)
  {
    buf_reset(resp);
    if (mw_get_field(prompt, resp, MUTT_COMP_NONE, HC_OTHER, NULL, NULL) != 0)
    {
      goto done;
    }
 
    key = smime_get_key_by_str(buf_string(resp), abilities, only_public_key);
    if (key)
      goto done;
 
    mutt_error(_("No matching keys found for \"%s\""), buf_string(resp));
  }
 
done:
  buf_pool_release(&resp);
  return key;
}

Here is the call graph for this function:

Here is the caller graph for this function:

getkeys()

static void getkeys ( const char * mailbox )

static

Get the keys for a mailbox.

Parameters

mailbox

Email address

This sets the '*ToUse' variables for an upcoming decryption, where the required key is different from $smime_default_key.

Definition at line 570 of file smime.c.

{
  struct NcryptModuleData *mod_data = neomutt_get_module_data(NeoMutt, MODULE_ID_NCRYPT);
  const char *k = NULL;
 
  struct SmimeKey *key = smime_get_key_by_addr(mailbox, KEYFLAG_CANENCRYPT, false, false);
 
  if (!key)
  {
    struct Buffer *prompt = buf_pool_get();
    buf_printf(prompt, _("Enter keyID for %s: "), mailbox);
    key = smime_ask_for_key(buf_string(prompt), KEYFLAG_CANENCRYPT, false);
    buf_pool_release(&prompt);
  }
 
  const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
  size_t smime_keys_len = mutt_str_len(c_smime_keys);
 
  const char *const c_smime_default_key = cs_subset_string(NeoMutt->sub, "smime_default_key");
  k = key ? key->hash : NONULL(c_smime_default_key);
 
  /* if the key is different from last time */
  if ((buf_len(&mod_data->smime_key_to_use) <= smime_keys_len) ||
      !mutt_istr_equal(k, mod_data->smime_key_to_use.data + smime_keys_len + 1))
  {
    smime_class_void_passphrase();
    buf_printf(&mod_data->smime_key_to_use, "%s/%s", NONULL(c_smime_keys), k);
    const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
    buf_printf(&mod_data->smime_cert_to_use, "%s/%s", NONULL(c_smime_certificates), k);
  }
 
  smime_key_free(&key);
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_handle_cert_email()

static int smime_handle_cert_email ( const char * certificate, const char * mailbox, bool copy, char *** buffer, int * num )

static

Process an email containing certificates.

Parameters

[in]	certificate	Email with certificates
[in]	mailbox	Email address
[in]	copy	If true, save the certificates to buffer
[out]	buffer	Buffer allocated to hold certificates
[out]	num	Number of certificates in buffer

Return values

0	Success
-1	Error
-2	Error

Definition at line 697 of file smime.c.

{
  char email[256] = { 0 };
  int rc = -1, count = 0;
  pid_t pid;
 
  FILE *fp_err = mutt_file_mkstemp();
  if (!fp_err)
  {
    mutt_perror(_("Can't create temporary file"));
    return 1;
  }
 
  FILE *fp_out = mutt_file_mkstemp();
  if (!fp_out)
  {
    mutt_file_fclose(&fp_err);
    mutt_perror(_("Can't create temporary file"));
    return 1;
  }
 
  const struct Expando *c_smime_get_cert_email_command =
      cs_subset_expando(NeoMutt->sub, "smime_get_cert_email_command");
  pid = smime_invoke(NULL, NULL, NULL, -1, fileno(fp_out), fileno(fp_err), certificate,
                     NULL, NULL, NULL, NULL, NULL, NULL, c_smime_get_cert_email_command);
  if (pid == -1)
  {
    mutt_message(_("Error: unable to create OpenSSL subprocess"));
    mutt_file_fclose(&fp_err);
    mutt_file_fclose(&fp_out);
    return 1;
  }
 
  filter_wait(pid);
 
  fflush(fp_out);
  rewind(fp_out);
  fflush(fp_err);
  rewind(fp_err);
 
  while ((fgets(email, sizeof(email), fp_out)))
  {
    size_t len = mutt_str_len(email);
    if (len && (email[len - 1] == '\n'))
      email[len - 1] = '\0';
    if (mutt_istr_startswith(email, mailbox))
      rc = 1;
 
    rc = (rc < 0) ? 0 : rc;
    count++;
  }
 
  if (rc == -1)
  {
    mutt_endwin();
    mutt_file_copy_stream(fp_err, stdout);
    mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
    rc = 1;
  }
  else if (rc == 0)
  {
    rc = 1;
  }
  else
  {
    rc = 0;
  }
 
  if (copy && buffer && num)
  {
    (*num) = count;
    *buffer = MUTT_MEM_CALLOC(count, char *);
    count = 0;
 
    rewind(fp_out);
    while ((fgets(email, sizeof(email), fp_out)))
    {
      size_t len = mutt_str_len(email);
      if (len && (email[len - 1] == '\n'))
        email[len - 1] = '\0';
      (*buffer)[count] = MUTT_MEM_CALLOC(mutt_str_len(email) + 1, char);
      strncpy((*buffer)[count], email, mutt_str_len(email));
      count++;
    }
  }
  else if (copy)
  {
    rc = 2;
  }
 
  mutt_file_fclose(&fp_out);
  mutt_file_fclose(&fp_err);
 
  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_extract_certificate()

static char * smime_extract_certificate ( const char * infile )

static

Extract an SMIME certificate from a file.

Parameters

infile

File to read

Return values

ptr	Filename of temporary file containing certificate

Definition at line 799 of file smime.c.

{
  FILE *fp_err = NULL;
  FILE *fp_out = NULL;
  FILE *fp_cert = NULL;
  char *rc = NULL;
  pid_t pid;
  int empty;
 
  struct Buffer *pk7out = buf_pool_get();
  struct Buffer *certfile = buf_pool_get();
 
  fp_err = mutt_file_mkstemp();
  if (!fp_err)
  {
    mutt_perror(_("Can't create temporary file"));
    goto cleanup;
  }
 
  buf_mktemp(pk7out);
  fp_out = mutt_file_fopen(buf_string(pk7out), "w+");
  if (!fp_out)
  {
    mutt_perror("%s", buf_string(pk7out));
    goto cleanup;
  }
 
  /* Step 1: Convert the signature to a PKCS#7 structure, as we can't
   * extract the full set of certificates directly. */
  const struct Expando *c_smime_pk7out_command = cs_subset_expando(NeoMutt->sub, "smime_pk7out_command");
  pid = smime_invoke(NULL, NULL, NULL, -1, fileno(fp_out), fileno(fp_err), infile,
                     NULL, NULL, NULL, NULL, NULL, NULL, c_smime_pk7out_command);
  if (pid == -1)
  {
    mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
    goto cleanup;
  }
 
  filter_wait(pid);
 
  fflush(fp_out);
  rewind(fp_out);
  fflush(fp_err);
  rewind(fp_err);
  empty = (fgetc(fp_out) == EOF);
  if (empty)
  {
    mutt_perror("%s", buf_string(pk7out));
    mutt_file_copy_stream(fp_err, stdout);
    goto cleanup;
  }
  mutt_file_fclose(&fp_out);
 
  buf_mktemp(certfile);
  fp_cert = mutt_file_fopen(buf_string(certfile), "w+");
  if (!fp_cert)
  {
    mutt_perror("%s", buf_string(certfile));
    mutt_file_unlink(buf_string(pk7out));
    goto cleanup;
  }
 
  // Step 2: Extract the certificates from a PKCS#7 structure.
  const struct Expando *c_smime_get_cert_command = cs_subset_expando(NeoMutt->sub, "smime_get_cert_command");
  pid = smime_invoke(NULL, NULL, NULL, -1, fileno(fp_cert), fileno(fp_err),
                     buf_string(pk7out), NULL, NULL, NULL, NULL, NULL, NULL,
                     c_smime_get_cert_command);
  if (pid == -1)
  {
    mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
    mutt_file_unlink(buf_string(pk7out));
    goto cleanup;
  }
 
  filter_wait(pid);
 
  mutt_file_unlink(buf_string(pk7out));
 
  fflush(fp_cert);
  rewind(fp_cert);
  fflush(fp_err);
  rewind(fp_err);
  empty = (fgetc(fp_cert) == EOF);
  if (empty)
  {
    mutt_file_copy_stream(fp_err, stdout);
    goto cleanup;
  }
 
  mutt_file_fclose(&fp_cert);
 
  rc = buf_strdup(certfile);
 
cleanup:
  mutt_file_fclose(&fp_err);
  if (fp_out)
  {
    mutt_file_fclose(&fp_out);
    mutt_file_unlink(buf_string(pk7out));
  }
  if (fp_cert)
  {
    mutt_file_fclose(&fp_cert);
    mutt_file_unlink(buf_string(certfile));
  }
  buf_pool_release(&pk7out);
  buf_pool_release(&certfile);
  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_extract_signer_certificate()

static char * smime_extract_signer_certificate ( const char * infile )

static

Extract the signer's certificate.

Parameters

infile

File to read

Return values

ptr	Name of temporary file containing certificate

Definition at line 914 of file smime.c.

{
  char *cert = NULL;
  struct Buffer *certfile = NULL;
  pid_t pid;
  int empty;
 
  FILE *fp_err = mutt_file_mkstemp();
  if (!fp_err)
  {
    mutt_perror(_("Can't create temporary file"));
    return NULL;
  }
 
  certfile = buf_pool_get();
  buf_mktemp(certfile);
  FILE *fp_out = mutt_file_fopen(buf_string(certfile), "w+");
  if (!fp_out)
  {
    mutt_file_fclose(&fp_err);
    mutt_perror("%s", buf_string(certfile));
    goto cleanup;
  }
 
  /* Extract signer's certificate
   */
  const struct Expando *c_smime_get_signer_cert_command =
      cs_subset_expando(NeoMutt->sub, "smime_get_signer_cert_command");
  pid = smime_invoke(NULL, NULL, NULL, -1, -1, fileno(fp_err), infile, NULL, NULL, NULL,
                     NULL, buf_string(certfile), NULL, c_smime_get_signer_cert_command);
  if (pid == -1)
  {
    mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
    goto cleanup;
  }
 
  filter_wait(pid);
 
  fflush(fp_out);
  rewind(fp_out);
  fflush(fp_err);
  rewind(fp_err);
  empty = (fgetc(fp_out) == EOF);
  if (empty)
  {
    mutt_endwin();
    mutt_file_copy_stream(fp_err, stdout);
    mutt_any_key_to_continue(NULL);
    goto cleanup;
  }
 
  mutt_file_fclose(&fp_out);
  cert = buf_strdup(certfile);
 
cleanup:
  mutt_file_fclose(&fp_err);
  if (fp_out)
  {
    mutt_file_fclose(&fp_out);
    mutt_file_unlink(buf_string(certfile));
  }
  buf_pool_release(&certfile);
  return cert;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_invoke_encrypt()

static pid_t smime_invoke_encrypt ( FILE ** fp_smime_in, FILE ** fp_smime_out, FILE ** fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char * fname, const char * uids )

static

Use SMIME to encrypt a file.

Parameters

[out]	fp_smime_in	stdin for the command, or NULL (OPTIONAL)
[out]	fp_smime_out	stdout for the command, or NULL (OPTIONAL)
[out]	fp_smime_err	stderr for the command, or NULL (OPTIONAL)
[in]	fp_smime_infd	stdin for the command, or -1 (OPTIONAL)
[in]	fp_smime_outfd	stdout for the command, or -1 (OPTIONAL)
[in]	fp_smime_errfd	stderr for the command, or -1 (OPTIONAL)
[in]	fname	Filename to pass to the command
[in]	uids	List of IDs/fingerprints, space separated

Return values

num	PID of the created process
-1	Error creating pipes or forking

Note

fp_smime_in has priority over fp_smime_infd. Likewise fp_smime_out and fp_smime_err.

Definition at line 1142 of file smime.c.

{
  const char *const c_smime_encrypt_with = cs_subset_string(NeoMutt->sub, "smime_encrypt_with");
  const struct Expando *c_smime_encrypt_command = cs_subset_expando(NeoMutt->sub, "smime_encrypt_command");
  return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd,
                      fp_smime_outfd, fp_smime_errfd, fname, NULL, c_smime_encrypt_with,
                      NULL, NULL, uids, NULL, c_smime_encrypt_command);
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_invoke_sign()

static pid_t smime_invoke_sign ( FILE ** fp_smime_in, FILE ** fp_smime_out, FILE ** fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char * fname )

static

Use SMIME to sign a file.

Parameters

[out]	fp_smime_in	stdin for the command, or NULL (OPTIONAL)
[out]	fp_smime_out	stdout for the command, or NULL (OPTIONAL)
[out]	fp_smime_err	stderr for the command, or NULL (OPTIONAL)
[in]	fp_smime_infd	stdin for the command, or -1 (OPTIONAL)
[in]	fp_smime_outfd	stdout for the command, or -1 (OPTIONAL)
[in]	fp_smime_errfd	stderr for the command, or -1 (OPTIONAL)
[in]	fname	Filename to pass to the command

Return values

num	PID of the created process
-1	Error creating pipes or forking

Note

fp_smime_in has priority over fp_smime_infd. Likewise fp_smime_out and fp_smime_err.

Definition at line 1169 of file smime.c.

{
  struct NcryptModuleData *mod_data = neomutt_get_module_data(NeoMutt, MODULE_ID_NCRYPT);
  const char *const c_smime_sign_digest_alg = cs_subset_string(NeoMutt->sub, "smime_sign_digest_alg");
  const struct Expando *c_smime_sign_command = cs_subset_expando(NeoMutt->sub, "smime_sign_command");
  return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd,
                      fp_smime_outfd, fp_smime_errfd, fname, NULL, NULL,
                      c_smime_sign_digest_alg, buf_string(&mod_data->smime_key_to_use),
                      buf_string(&mod_data->smime_cert_to_use),
                      buf_string(&mod_data->smime_intermediate_to_use), c_smime_sign_command);
}

Here is the call graph for this function:

Here is the caller graph for this function:

openssl_md_to_smime_micalg()

static char * openssl_md_to_smime_micalg ( const char * md )

static

Change the algorithm names.

Parameters

md	OpenSSL message digest name

Return values

ptr	SMIME Message Integrity Check algorithm

The openssl -md doesn't want hyphens: md5, sha1, sha224, sha256, sha384, sha512 However, the micalg does: md5, sha-1, sha-224, sha-256, sha-384, sha-512

Note

The caller should free the returned string

Definition at line 1330 of file smime.c.

{
  if (!md)
    return NULL;
 
  char *micalg = NULL;
  if (mutt_istr_startswith(md, "sha"))
  {
    mutt_str_asprintf(&micalg, "sha-%s", md + 3);
  }
  else
  {
    micalg = mutt_str_dup(md);
  }
 
  return micalg;
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_invoke_verify()

static pid_t smime_invoke_verify ( FILE ** fp_smime_in, FILE ** fp_smime_out, FILE ** fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char * fname, const char * sig_fname, int opaque )

static

Use SMIME to verify a file.

Parameters

[out]	fp_smime_in	stdin for the command, or NULL (OPTIONAL)
[out]	fp_smime_out	stdout for the command, or NULL (OPTIONAL)
[out]	fp_smime_err	stderr for the command, or NULL (OPTIONAL)
[in]	fp_smime_infd	stdin for the command, or -1 (OPTIONAL)
[in]	fp_smime_outfd	stdout for the command, or -1 (OPTIONAL)
[in]	fp_smime_errfd	stderr for the command, or -1 (OPTIONAL)
[in]	fname	Filename to pass to the command
[in]	sig_fname	Signature filename to pass to the command
[in]	opaque	If true, use $smime_verify_opaque_command else $smime_verify_command

Return values

num	PID of the created process
-1	Error creating pipes or forking

Note

fp_smime_in has priority over fp_smime_infd. Likewise fp_smime_out and fp_smime_err.

Definition at line 1523 of file smime.c.

{
  const struct Expando *c_smime_verify_opaque_command =
      cs_subset_expando(NeoMutt->sub, "smime_verify_opaque_command");
  const struct Expando *c_smime_verify_command = cs_subset_expando(NeoMutt->sub, "smime_verify_command");
  return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd, fp_smime_outfd,
                      fp_smime_errfd, fname, sig_fname, NULL, NULL, NULL, NULL, NULL,
                      (opaque ? c_smime_verify_opaque_command : c_smime_verify_command));
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_invoke_decrypt()

static pid_t smime_invoke_decrypt ( FILE ** fp_smime_in, FILE ** fp_smime_out, FILE ** fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char * fname )

static

Use SMIME to decrypt a file.

Parameters

[out]	fp_smime_in	stdin for the command, or NULL (OPTIONAL)
[out]	fp_smime_out	stdout for the command, or NULL (OPTIONAL)
[out]	fp_smime_err	stderr for the command, or NULL (OPTIONAL)
[in]	fp_smime_infd	stdin for the command, or -1 (OPTIONAL)
[in]	fp_smime_outfd	stdout for the command, or -1 (OPTIONAL)
[in]	fp_smime_errfd	stderr for the command, or -1 (OPTIONAL)
[in]	fname	Filename to pass to the command

Return values

num	PID of the created process
-1	Error creating pipes or forking

Note

fp_smime_in has priority over fp_smime_infd. Likewise fp_smime_out and fp_smime_err.

Definition at line 1551 of file smime.c.

{
  struct NcryptModuleData *mod_data = neomutt_get_module_data(NeoMutt, MODULE_ID_NCRYPT);
  const struct Expando *c_smime_decrypt_command = cs_subset_expando(NeoMutt->sub, "smime_decrypt_command");
  return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd,
                      fp_smime_outfd, fp_smime_errfd, fname, NULL, NULL, NULL,
                      buf_string(&mod_data->smime_key_to_use),
                      buf_string(&mod_data->smime_cert_to_use), NULL,
                      c_smime_decrypt_command);
}

Here is the call graph for this function:

Here is the caller graph for this function:

smime_handle_entity()

static struct Body * smime_handle_entity ( struct Body * b, struct State * state, FILE * fp_out_file )

static

Handle type application/pkcs7-mime.

Parameters

b	Body to handle
state	State to use
fp_out_file	File for the result

Return values

ptr	Body for parsed MIME part

This can either be a signed or an encrypted message.

Definition at line 1681 of file smime.c.

{
  struct NcryptModuleData *mod_data = neomutt_get_module_data(NeoMutt, MODULE_ID_NCRYPT);
  struct Buffer *tmpfname = buf_pool_get();
  FILE *fp_smime_out = NULL, *fp_smime_in = NULL, *fp_smime_err = NULL;
  FILE *fp_tmp = NULL, *fp_out = NULL;
  struct Body *p = NULL;
  pid_t pid = -1;
  SecurityFlags type = mutt_is_application_smime(b);
 
  if (!(type & APPLICATION_SMIME))
    return NULL;
 
  /* Because of the mutt_body_handler() we avoid the buffer pool. */
  fp_smime_out = mutt_file_mkstemp();
  if (!fp_smime_out)
  {
    mutt_perror(_("Can't create temporary file"));
    goto cleanup;
  }
 
  fp_smime_err = mutt_file_mkstemp();
  if (!fp_smime_err)
  {
    mutt_perror(_("Can't create temporary file"));
    goto cleanup;
  }
 
  buf_mktemp(tmpfname);
  fp_tmp = mutt_file_fopen(buf_string(tmpfname), "w+");
  if (!fp_tmp)
  {
    mutt_perror("%s", buf_string(tmpfname));
    goto cleanup;
  }
 
  if (!mutt_file_seek(state->fp_in, b->offset, SEEK_SET))
  {
    goto cleanup;
  }
 
  mutt_file_copy_bytes(state->fp_in, fp_tmp, b->length);
 
  fflush(fp_tmp);
  mutt_file_fclose(&fp_tmp);
 
  if ((type & SEC_ENCRYPT) &&
      ((pid = smime_invoke_decrypt(&fp_smime_in, NULL, NULL, -1, fileno(fp_smime_out),
                                   fileno(fp_smime_err), buf_string(tmpfname))) == -1))
  {
    mutt_file_unlink(buf_string(tmpfname));
    if (state->flags & STATE_DISPLAY)
    {
      state_attach_puts(state, _("[-- Error: unable to create OpenSSL subprocess --]\n"));
    }
    goto cleanup;
  }
  else if ((type & SEC_SIGNOPAQUE) &&
           ((pid = smime_invoke_verify(&fp_smime_in, NULL, NULL, -1,
                                       fileno(fp_smime_out), fileno(fp_smime_err), NULL,
                                       buf_string(tmpfname), SEC_SIGNOPAQUE)) == -1))
  {
    mutt_file_unlink(buf_string(tmpfname));
    if (state->flags & STATE_DISPLAY)
    {
      state_attach_puts(state, _("[-- Error: unable to create OpenSSL subprocess --]\n"));
    }
    goto cleanup;
  }
 
  if (type & SEC_ENCRYPT)
  {
    if (!smime_class_valid_passphrase())
      smime_class_void_passphrase();
    fputs(mod_data->smime_pass, fp_smime_in);
    fputc('\n', fp_smime_in);
  }
 
  mutt_file_fclose(&fp_smime_in);
 
  filter_wait(pid);
  mutt_file_unlink(buf_string(tmpfname));
 
  if (state->flags & STATE_DISPLAY)
  {
    fflush(fp_smime_err);
    rewind(fp_smime_err);
 
    const int c = fgetc(fp_smime_err);
    if (c != EOF)
    {
      ungetc(c, fp_smime_err);
 
      crypt_current_time(state, "OpenSSL");
      mutt_file_copy_stream(fp_smime_err, state->fp_out);
      state_attach_puts(state, _("[-- End of OpenSSL output --]\n\n"));
    }
 
    if (type & SEC_ENCRYPT)
    {
      state_attach_puts(state, _("[-- The following data is S/MIME encrypted --]\n"));
    }
    else
    {
      state_attach_puts(state, _("[-- The following data is S/MIME signed --]\n"));
    }
  }
 
  fflush(fp_smime_out);
  rewind(fp_smime_out);
 
  if (type & SEC_ENCRYPT)
  {
    /* void the passphrase, even if that wasn't the problem */
    if (fgetc(fp_smime_out) == EOF)
    {
      mutt_error(_("Decryption failed"));
      smime_class_void_passphrase();
    }
    rewind(fp_smime_out);
  }
 
  if (fp_out_file)
  {
    fp_out = fp_out_file;
  }
  else
  {
    fp_out = mutt_file_mkstemp();
    if (!fp_out)
    {
      mutt_perror(_("Can't create temporary file"));
      goto cleanup;
    }
  }
  char buf[8192] = { 0 };
  while (fgets(buf, sizeof(buf) - 1, fp_smime_out))
  {
    const size_t len = mutt_str_len(buf);
    if ((len > 1) && (buf[len - 2] == '\r'))
    {
      buf[len - 2] = '\n';
      buf[len - 1] = '\0';
    }
    fputs(buf, fp_out);
  }
  fflush(fp_out);
  rewind(fp_out);
 
  const long size = mutt_file_get_size_fp(fp_out);
  if (size == 0)
  {
    goto cleanup;
  }
  p = mutt_read_mime_header(fp_out, 0);
  if (p)
  {
    p->length = size - p->offset;
 
    mutt_parse_part(fp_out, p);
 
    if (state->flags & STATE_DISPLAY)
      mutt_protected_headers_handler(p, state);
 
    /* Store any protected headers in the parent so they can be
     * accessed for index updates after the handler recursion is done.
     * This is done before the handler to prevent a nested encrypted
     * handler from freeing the headers. */
    mutt_env_free(&b->mime_headers);
    b->mime_headers = p->mime_headers;
    p->mime_headers = NULL;
 
    if (state->fp_out)
    {
      rewind(fp_out);
      FILE *fp_tmp_buffer = state->fp_in;
      state->fp_in = fp_out;
      mutt_body_handler(p, state);
      state->fp_in = fp_tmp_buffer;
    }
 
    /* Embedded multipart signed protected headers override the
     * encrypted headers.  We need to do this after the handler so
     * they can be printed in the pager. */
    if (!(type & SMIME_SIGN) && mutt_is_multipart_signed(p) && p->parts &&
        p->parts->mime_headers)
    {
      mutt_env_free(&b->mime_headers);
      b->mime_headers = p->parts->mime_headers;
      p->parts->mime_headers = NULL;
    }
  }
  mutt_file_fclose(&fp_smime_out);
 
  if (!fp_out_file)
  {
    mutt_file_fclose(&fp_out);
    mutt_file_unlink(buf_string(tmpfname));
  }
  fp_out = NULL;
 
  if (state->flags & STATE_DISPLAY)
  {
    if (type & SEC_ENCRYPT)
      state_attach_puts(state, _("[-- End of S/MIME encrypted data --]\n"));
    else
      state_attach_puts(state, _("[-- End of S/MIME signed data --]\n"));
  }
 
  if (type & SEC_SIGNOPAQUE)
  {
    char *line = NULL;
    size_t linelen;
 
    rewind(fp_smime_err);
 
    line = mutt_file_read_line(line, &linelen, fp_smime_err, NULL, MUTT_RL_NONE);
    if (linelen && mutt_istr_equal(line, "verification successful"))
      b->goodsig = true;
    FREE(&line);
  }
  else if (p)
  {
    b->goodsig = p->goodsig;
    b->badsig = p->badsig;
  }
 
cleanup:
  mutt_file_fclose(&fp_smime_out);
  mutt_file_fclose(&fp_smime_err);
  mutt_file_fclose(&fp_tmp);
  mutt_file_fclose(&fp_out);
  buf_pool_release(&tmpfname);
  return p;
}

Here is the call graph for this function:

Here is the caller graph for this function: