NeoMutt  2025-12-11-980-ge38c27
Teaching an old dog new tricks
DOXYGEN
Loading...
Searching...
No Matches
smime.c
Go to the documentation of this file.
1
27
33
34#include "config.h"
35#include <limits.h>
36#include <stdbool.h>
37#include <stdio.h>
38#include <string.h>
39#include <sys/types.h>
40#include <unistd.h>
41#include "private.h"
42#include "mutt/lib.h"
43#include "address/lib.h"
44#include "config/lib.h"
45#include "email/lib.h"
46#include "core/lib.h"
47#include "alias/lib.h"
48#include "gui/lib.h"
49#include "mutt.h"
50#include "lib.h"
51#include "editor/lib.h"
52#include "expando/lib.h"
53#include "history/lib.h"
54#include "question/lib.h"
55#include "send/lib.h"
56#include "crypt.h"
57#include "cryptglue.h"
58#include "expando_smime.h"
59#include "module_data.h"
60#include "mutt_logging.h"
61#ifdef CRYPT_BACKEND_CLASSIC_SMIME
62#include "smime.h"
63#endif
64
68void smime_init(void)
69{
71 buf_alloc(&mod_data->smime_key_to_use, 256);
72 buf_alloc(&mod_data->smime_cert_to_use, 256);
73 buf_alloc(&mod_data->smime_intermediate_to_use, 256);
74}
75
80void smime_cleanup(struct NcryptModuleData *mod_data)
81{
82 buf_dealloc(&mod_data->smime_key_to_use);
85}
86
91static void smime_key_free(struct SmimeKey **keylist)
92{
93 if (!keylist)
94 return;
95
96 struct SmimeKey *key = NULL;
97
98 while (*keylist)
99 {
100 key = *keylist;
101 *keylist = (*keylist)->next;
102
103 FREE(&key->email);
104 FREE(&key->hash);
105 FREE(&key->label);
106 FREE(&key->issuer);
107 FREE(&key);
108 }
109}
110
116static struct SmimeKey *smime_copy_key(struct SmimeKey *key)
117{
118 if (!key)
119 return NULL;
120
121 struct SmimeKey *copy = NULL;
122
123 copy = MUTT_MEM_CALLOC(1, struct SmimeKey);
124 copy->email = mutt_str_dup(key->email);
125 copy->hash = mutt_str_dup(key->hash);
126 copy->label = mutt_str_dup(key->label);
127 copy->issuer = mutt_str_dup(key->issuer);
128 copy->trust = key->trust;
129 copy->flags = key->flags;
130
131 return copy;
132}
133
138{
140 memset(mod_data->smime_pass, 0, sizeof(mod_data->smime_pass));
141 mod_data->smime_exp_time = 0;
142}
143
148{
150 const time_t now = mutt_date_now();
151 if (now < mod_data->smime_exp_time)
152 {
153 /* Use cached copy. */
154 return true;
155 }
156
158
159 struct Buffer *buf = buf_pool_get();
160 const int rc = mw_get_field(_("Enter S/MIME passphrase:"), buf,
162 mutt_str_copy(mod_data->smime_pass, buf_string(buf), sizeof(mod_data->smime_pass));
163 buf_pool_release(&buf);
164
165 if (rc == 0)
166 {
167 const short c_smime_timeout = cs_subset_number(NeoMutt->sub, "smime_timeout");
168 mod_data->smime_exp_time = mutt_date_add_timeout(now, c_smime_timeout);
169 return true;
170 }
171 else
172 {
173 mod_data->smime_exp_time = 0;
174 }
175
176 return false;
177}
178
185static void smime_command(struct Buffer *buf, struct SmimeCommandContext *cctx,
186 const struct Expando *exp)
187{
189 mutt_debug(LL_DEBUG2, "%s\n", buf_string(buf));
190}
191
214static pid_t smime_invoke(FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err,
215 int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd,
216 const char *fname, const char *sig_fname, const char *cryptalg,
217 const char *digestalg, const char *key, const char *certificates,
218 const char *intermediates, const struct Expando *exp)
219{
220 struct SmimeCommandContext cctx = { 0 };
221
222 if (!exp)
223 return (pid_t) -1;
224
225 cctx.fname = fname;
226 cctx.sig_fname = sig_fname;
227 cctx.key = key;
228 cctx.cryptalg = cryptalg;
229 cctx.digestalg = digestalg;
232
233 struct Buffer *cmd = buf_pool_get();
234 smime_command(cmd, &cctx, exp);
235
236 pid_t pid = filter_create_fd(buf_string(cmd), fp_smime_in, fp_smime_out,
237 fp_smime_err, fp_smime_infd, fp_smime_outfd,
238 fp_smime_errfd, NeoMutt->env);
239 buf_pool_release(&cmd);
240 return pid;
241}
242
249static struct SmimeKey *smime_parse_key(char *buf)
250{
251 char *pend = NULL;
252 char *p = NULL;
253 int field = 0;
254
255 struct SmimeKey *key = MUTT_MEM_CALLOC(1, struct SmimeKey);
256
257 for (p = buf; p; p = pend)
258 {
259 /* Some users manually maintain their .index file, and use a tab
260 * as a delimiter, which the old parsing code (using fscanf)
261 * happened to allow. smime_keys uses a space, so search for both. */
262 if ((pend = strchr(p, ' ')) || (pend = strchr(p, '\t')) || (pend = strchr(p, '\n')))
263 *pend++ = 0;
264
265 /* For backward compatibility, don't count consecutive delimiters
266 * as an empty field. */
267 if (*p == '\0')
268 continue;
269
270 field++;
271
272 switch (field)
273 {
274 case 1: /* mailbox */
275 key->email = mutt_str_dup(p);
276 break;
277 case 2: /* hash */
278 key->hash = mutt_str_dup(p);
279 break;
280 case 3: /* label */
281 key->label = mutt_str_dup(p);
282 break;
283 case 4: /* issuer */
284 key->issuer = mutt_str_dup(p);
285 break;
286 case 5: /* trust */
287 key->trust = *p;
288 break;
289 case 6: /* purpose */
290 while (*p)
291 {
292 switch (*p++)
293 {
294 case 'e':
296 break;
297
298 case 's':
299 key->flags |= KEYFLAG_CANSIGN;
300 break;
301 }
302 }
303 break;
304 }
305 }
306
307 /* Old index files could be missing issuer, trust, and purpose,
308 * but anything less than that is an error. */
309 if (field < 3)
310 {
311 smime_key_free(&key);
312 return NULL;
313 }
314
315 if (field < 4)
316 key->issuer = mutt_str_dup("?");
317
318 if (field < 5)
319 key->trust = 't';
320
321 if (field < 6)
323
324 return key;
325}
326
333static struct SmimeKey *smime_get_candidates(const char *search, bool only_public_key)
334{
335 char buf[1024] = { 0 };
336 struct SmimeKey *key = NULL;
337 struct SmimeKey *results = NULL;
338 struct SmimeKey **results_end = &results;
339
340 struct Buffer *index_file = buf_pool_get();
341 const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
342 const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
343 buf_printf(index_file, "%s/.index",
344 only_public_key ? NONULL(c_smime_certificates) : NONULL(c_smime_keys));
345
346 FILE *fp = mutt_file_fopen(buf_string(index_file), "r");
347 if (!fp)
348 {
349 mutt_perror("%s", buf_string(index_file));
350 buf_pool_release(&index_file);
351 return NULL;
352 }
353 buf_pool_release(&index_file);
354
355 while (fgets(buf, sizeof(buf), fp))
356 {
357 if (((*search == '\0')) || mutt_istr_find(buf, search))
358 {
359 key = smime_parse_key(buf);
360 if (key)
361 {
362 *results_end = key;
363 results_end = &key->next;
364 }
365 }
366 }
367
368 mutt_file_fclose(&fp);
369
370 return results;
371}
372
382static struct SmimeKey *smime_get_key_by_hash(const char *hash, bool only_public_key)
383{
384 struct SmimeKey *match = NULL;
385 struct SmimeKey *results = smime_get_candidates(hash, only_public_key);
386 for (struct SmimeKey *result = results; result; result = result->next)
387 {
388 if (mutt_istr_equal(hash, result->hash))
389 {
390 match = smime_copy_key(result);
391 break;
392 }
393 }
394
395 smime_key_free(&results);
396
397 return match;
398}
399
408static struct SmimeKey *smime_get_key_by_addr(const char *mailbox, KeyFlags abilities,
409 bool only_public_key, bool oppenc_mode)
410{
411 if (!mailbox)
412 return NULL;
413
414 struct SmimeKey *results = NULL;
415 struct SmimeKey *result = NULL;
416 struct SmimeKey *matches = NULL;
417 struct SmimeKey **matches_end = &matches;
418 struct SmimeKey *match = NULL;
419 struct SmimeKey *trusted_match = NULL;
420 struct SmimeKey *valid_match = NULL;
421 struct SmimeKey *return_key = NULL;
422 bool multi_trusted_matches = false;
423
424 results = smime_get_candidates(mailbox, only_public_key);
425 for (result = results; result; result = result->next)
426 {
427 if (abilities && !(result->flags & abilities))
428 {
429 continue;
430 }
431
432 if (mutt_istr_equal(mailbox, result->email))
433 {
434 match = smime_copy_key(result);
435 *matches_end = match;
436 matches_end = &match->next;
437
438 if (match->trust == 't')
439 {
440 if (trusted_match && !mutt_istr_equal(match->hash, trusted_match->hash))
441 {
442 multi_trusted_matches = true;
443 }
444 trusted_match = match;
445 }
446 else if ((match->trust == 'u') || (match->trust == 'v'))
447 {
448 valid_match = match;
449 }
450 }
451 }
452
453 smime_key_free(&results);
454
455 if (matches)
456 {
457 if (oppenc_mode || !isatty(STDIN_FILENO))
458 {
459 const bool c_crypt_opportunistic_encrypt_strong_keys =
460 cs_subset_bool(NeoMutt->sub, "crypt_opportunistic_encrypt_strong_keys");
461 if (trusted_match)
462 return_key = smime_copy_key(trusted_match);
463 else if (valid_match && !c_crypt_opportunistic_encrypt_strong_keys)
464 return_key = smime_copy_key(valid_match);
465 else
466 return_key = NULL;
467 }
468 else if (trusted_match && !multi_trusted_matches)
469 {
470 return_key = smime_copy_key(trusted_match);
471 }
472 else
473 {
474 return_key = smime_copy_key(dlg_smime(matches, mailbox));
475 }
476
477 smime_key_free(&matches);
478 }
479
480 return return_key;
481}
482
490static struct SmimeKey *smime_get_key_by_str(const char *str, KeyFlags abilities, bool only_public_key)
491{
492 if (!str)
493 return NULL;
494
495 struct SmimeKey *results = NULL;
496 struct SmimeKey *result = NULL;
497 struct SmimeKey *matches = NULL;
498 struct SmimeKey **matches_end = &matches;
499 struct SmimeKey *match = NULL;
500 struct SmimeKey *return_key = NULL;
501
502 results = smime_get_candidates(str, only_public_key);
503 for (result = results; result; result = result->next)
504 {
505 if (abilities && !(result->flags & abilities))
506 {
507 continue;
508 }
509
510 if (mutt_istr_equal(str, result->hash) ||
511 mutt_istr_find(result->email, str) || mutt_istr_find(result->label, str))
512 {
513 match = smime_copy_key(result);
514 *matches_end = match;
515 matches_end = &match->next;
516 }
517 }
518
519 smime_key_free(&results);
520
521 if (matches)
522 {
523 return_key = smime_copy_key(dlg_smime(matches, str));
524 smime_key_free(&matches);
525 }
526
527 return return_key;
528}
529
537static struct SmimeKey *smime_ask_for_key(const char *prompt, KeyFlags abilities, bool only_public_key)
538{
539 if (!prompt)
540 return NULL;
541
542 struct SmimeKey *key = NULL;
543 struct Buffer *resp = buf_pool_get();
544
546
547 while (true)
548 {
549 buf_reset(resp);
550 if (mw_get_field(prompt, resp, MUTT_COMP_NONE, HC_OTHER, NULL, NULL) != 0)
551 {
552 goto done;
553 }
554
555 if (buf_is_empty(resp))
556 goto done;
557
558 key = smime_get_key_by_str(buf_string(resp), abilities, only_public_key);
559 if (key)
560 goto done;
561
562 mutt_error(_("No matching keys found for \"%s\""), buf_string(resp));
563 }
564
565done:
566 buf_pool_release(&resp);
567 return key;
568}
569
577static void getkeys(const char *mailbox)
578{
580 const char *k = NULL;
581
582 struct SmimeKey *key = smime_get_key_by_addr(mailbox, KEYFLAG_CANENCRYPT, false, false);
583
584 if (!key)
585 {
586 struct Buffer *prompt = buf_pool_get();
587 buf_printf(prompt, _("Enter keyID for %s: "), mailbox);
588 key = smime_ask_for_key(buf_string(prompt), KEYFLAG_CANENCRYPT, false);
589 buf_pool_release(&prompt);
590 }
591
592 const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
593 size_t smime_keys_len = mutt_str_len(c_smime_keys);
594
595 const char *const c_smime_default_key = cs_subset_string(NeoMutt->sub, "smime_default_key");
596 k = key ? key->hash : NONULL(c_smime_default_key);
597
598 /* if the key is different from last time */
599 if ((buf_len(&mod_data->smime_key_to_use) <= smime_keys_len) ||
600 !mutt_istr_equal(k, mod_data->smime_key_to_use.data + smime_keys_len + 1))
601 {
603 buf_printf(&mod_data->smime_key_to_use, "%s/%s", NONULL(c_smime_keys), k);
604 const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
605 buf_printf(&mod_data->smime_cert_to_use, "%s/%s", NONULL(c_smime_certificates), k);
606 }
607
608 smime_key_free(&key);
609}
610
615{
617 const bool c_smime_decrypt_use_default_key = cs_subset_bool(NeoMutt->sub, "smime_decrypt_use_default_key");
618 const char *const c_smime_default_key = cs_subset_string(NeoMutt->sub, "smime_default_key");
619 if (c_smime_decrypt_use_default_key && c_smime_default_key)
620 {
621 const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
622 buf_printf(&mod_data->smime_key_to_use, "%s/%s", NONULL(c_smime_keys), c_smime_default_key);
623 const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
624 buf_printf(&mod_data->smime_cert_to_use, "%s/%s",
625 NONULL(c_smime_certificates), c_smime_default_key);
626 return;
627 }
628
629 struct Address *a = NULL;
630 TAILQ_FOREACH(a, &env->to, entries)
631 {
632 if (mutt_addr_is_user(a))
633 {
635 return;
636 }
637 }
638
639 TAILQ_FOREACH(a, &env->cc, entries)
640 {
641 if (mutt_addr_is_user(a))
642 {
644 return;
645 }
646 }
647
648 struct Address *f = mutt_default_from(NeoMutt->sub);
650 mutt_addr_free(&f);
651}
652
656char *smime_class_find_keys(const struct AddressList *al, bool oppenc_mode)
657{
658 struct SmimeKey *key = NULL;
659 char *keyid = NULL;
660 char *keylist = NULL;
661 size_t keylist_size = 0;
662 size_t keylist_used = 0;
663
664 struct Address *a = NULL;
665 TAILQ_FOREACH(a, al, entries)
666 {
667 key = smime_get_key_by_addr(buf_string(a->mailbox), KEYFLAG_CANENCRYPT, true, oppenc_mode);
668 if (!key && !oppenc_mode && isatty(STDIN_FILENO))
669 {
670 struct Buffer *prompt = buf_pool_get();
671 buf_printf(prompt, _("Enter keyID for %s: "), buf_string(a->mailbox));
672 key = smime_ask_for_key(buf_string(prompt), KEYFLAG_CANENCRYPT, true);
673 buf_pool_release(&prompt);
674 }
675 if (!key)
676 {
677 if (!oppenc_mode)
678 mutt_message(_("No (valid) certificate found for %s"), buf_string(a->mailbox));
679 FREE(&keylist);
680 return NULL;
681 }
682
683 keyid = key->hash;
684 keylist_size += mutt_str_len(keyid) + 2;
685 MUTT_MEM_REALLOC(&keylist, keylist_size, char);
686 sprintf(keylist + keylist_used, "%s%s", keylist_used ? " " : "", keyid);
687 keylist_used = mutt_str_len(keylist);
688
689 smime_key_free(&key);
690 }
691 return keylist;
692}
693
705static int smime_handle_cert_email(const char *certificate, const char *mailbox,
706 bool copy, char ***buffer, int *num)
707{
708 char email[256] = { 0 };
709 int rc = -1;
710 int count = 0;
711 pid_t pid;
712
713 FILE *fp_err = mutt_file_mkstemp();
714 if (!fp_err)
715 {
716 mutt_perror(_("Can't create temporary file"));
717 return 1;
718 }
719
720 FILE *fp_out = mutt_file_mkstemp();
721 if (!fp_out)
722 {
723 mutt_file_fclose(&fp_err);
724 mutt_perror(_("Can't create temporary file"));
725 return 1;
726 }
727
728 const struct Expando *c_smime_get_cert_email_command =
729 cs_subset_expando(NeoMutt->sub, "smime_get_cert_email_command");
730 pid = smime_invoke(NULL, NULL, NULL, -1, fileno(fp_out), fileno(fp_err), certificate,
731 NULL, NULL, NULL, NULL, NULL, NULL, c_smime_get_cert_email_command);
732 if (pid == -1)
733 {
734 mutt_message(_("Error: unable to create OpenSSL subprocess"));
735 mutt_file_fclose(&fp_err);
736 mutt_file_fclose(&fp_out);
737 return 1;
738 }
739
740 filter_wait(pid);
741
742 fflush(fp_out);
743 rewind(fp_out);
744 fflush(fp_err);
745 rewind(fp_err);
746
747 while ((fgets(email, sizeof(email), fp_out)))
748 {
749 size_t len = mutt_str_len(email);
750 if (len && (email[len - 1] == '\n'))
751 email[len - 1] = '\0';
752 if (mutt_istr_startswith(email, mailbox))
753 rc = 1;
754
755 rc = (rc < 0) ? 0 : rc;
756 count++;
757 }
758
759 if (rc == -1)
760 {
761 mutt_endwin();
762 mutt_file_copy_stream(fp_err, stdout);
763 mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
764 rc = 1;
765 }
766 else if (rc == 0)
767 {
768 rc = 1;
769 }
770 else
771 {
772 rc = 0;
773 }
774
775 if (copy && buffer && num)
776 {
777 (*num) = count;
778 *buffer = MUTT_MEM_CALLOC(count, char *);
779 count = 0;
780
781 rewind(fp_out);
782 while ((fgets(email, sizeof(email), fp_out)))
783 {
784 size_t len = mutt_str_len(email);
785 if (len && (email[len - 1] == '\n'))
786 email[len - 1] = '\0';
787 (*buffer)[count] = MUTT_MEM_CALLOC(mutt_str_len(email) + 1, char);
788 strncpy((*buffer)[count], email, mutt_str_len(email));
789 count++;
790 }
791 }
792 else if (copy)
793 {
794 rc = 2;
795 }
796
797 mutt_file_fclose(&fp_out);
798 mutt_file_fclose(&fp_err);
799
800 return rc;
801}
802
808static char *smime_extract_certificate(const char *infile)
809{
810 FILE *fp_err = NULL;
811 FILE *fp_out = NULL;
812 FILE *fp_cert = NULL;
813 char *rc = NULL;
814 pid_t pid;
815 int empty;
816
817 struct Buffer *pk7out = buf_pool_get();
818 struct Buffer *certfile = buf_pool_get();
819
820 fp_err = mutt_file_mkstemp();
821 if (!fp_err)
822 {
823 mutt_perror(_("Can't create temporary file"));
824 goto cleanup;
825 }
826
827 buf_mktemp(pk7out);
828 fp_out = mutt_file_fopen(buf_string(pk7out), "w+");
829 if (!fp_out)
830 {
831 mutt_perror("%s", buf_string(pk7out));
832 goto cleanup;
833 }
834
835 /* Step 1: Convert the signature to a PKCS#7 structure, as we can't
836 * extract the full set of certificates directly. */
837 const struct Expando *c_smime_pk7out_command = cs_subset_expando(NeoMutt->sub, "smime_pk7out_command");
838 pid = smime_invoke(NULL, NULL, NULL, -1, fileno(fp_out), fileno(fp_err), infile,
839 NULL, NULL, NULL, NULL, NULL, NULL, c_smime_pk7out_command);
840 if (pid == -1)
841 {
842 mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
843 goto cleanup;
844 }
845
846 filter_wait(pid);
847
848 fflush(fp_out);
849 rewind(fp_out);
850 fflush(fp_err);
851 rewind(fp_err);
852 empty = (fgetc(fp_out) == EOF);
853 if (empty)
854 {
855 mutt_perror("%s", buf_string(pk7out));
856 mutt_file_copy_stream(fp_err, stdout);
857 goto cleanup;
858 }
859 mutt_file_fclose(&fp_out);
860
861 buf_mktemp(certfile);
862 fp_cert = mutt_file_fopen(buf_string(certfile), "w+");
863 if (!fp_cert)
864 {
865 mutt_perror("%s", buf_string(certfile));
867 goto cleanup;
868 }
869
870 // Step 2: Extract the certificates from a PKCS#7 structure.
871 const struct Expando *c_smime_get_cert_command = cs_subset_expando(NeoMutt->sub, "smime_get_cert_command");
872 pid = smime_invoke(NULL, NULL, NULL, -1, fileno(fp_cert), fileno(fp_err),
873 buf_string(pk7out), NULL, NULL, NULL, NULL, NULL, NULL,
874 c_smime_get_cert_command);
875 if (pid == -1)
876 {
877 mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
879 goto cleanup;
880 }
881
882 filter_wait(pid);
883
885
886 fflush(fp_cert);
887 rewind(fp_cert);
888 fflush(fp_err);
889 rewind(fp_err);
890 empty = (fgetc(fp_cert) == EOF);
891 if (empty)
892 {
893 mutt_file_copy_stream(fp_err, stdout);
894 goto cleanup;
895 }
896
897 mutt_file_fclose(&fp_cert);
898
899 rc = buf_strdup(certfile);
900
901cleanup:
902 mutt_file_fclose(&fp_err);
903 if (fp_out)
904 {
905 mutt_file_fclose(&fp_out);
907 }
908 if (fp_cert)
909 {
910 mutt_file_fclose(&fp_cert);
911 mutt_file_unlink(buf_string(certfile));
912 }
913 buf_pool_release(&pk7out);
914 buf_pool_release(&certfile);
915 return rc;
916}
917
923static char *smime_extract_signer_certificate(const char *infile)
924{
925 char *cert = NULL;
926 struct Buffer *certfile = NULL;
927 pid_t pid;
928 int empty;
929
930 FILE *fp_err = mutt_file_mkstemp();
931 if (!fp_err)
932 {
933 mutt_perror(_("Can't create temporary file"));
934 return NULL;
935 }
936
937 certfile = buf_pool_get();
938 buf_mktemp(certfile);
939 FILE *fp_out = mutt_file_fopen(buf_string(certfile), "w+");
940 if (!fp_out)
941 {
942 mutt_file_fclose(&fp_err);
943 mutt_perror("%s", buf_string(certfile));
944 goto cleanup;
945 }
946
947 /* Extract signer's certificate
948 */
949 const struct Expando *c_smime_get_signer_cert_command =
950 cs_subset_expando(NeoMutt->sub, "smime_get_signer_cert_command");
951 pid = smime_invoke(NULL, NULL, NULL, -1, -1, fileno(fp_err), infile, NULL, NULL, NULL,
952 NULL, buf_string(certfile), NULL, c_smime_get_signer_cert_command);
953 if (pid == -1)
954 {
955 mutt_any_key_to_continue(_("Error: unable to create OpenSSL subprocess"));
956 goto cleanup;
957 }
958
959 filter_wait(pid);
960
961 fflush(fp_out);
962 rewind(fp_out);
963 fflush(fp_err);
964 rewind(fp_err);
965 empty = (fgetc(fp_out) == EOF);
966 if (empty)
967 {
968 mutt_endwin();
969 mutt_file_copy_stream(fp_err, stdout);
971 goto cleanup;
972 }
973
974 mutt_file_fclose(&fp_out);
975 cert = buf_strdup(certfile);
976
977cleanup:
978 mutt_file_fclose(&fp_err);
979 if (fp_out)
980 {
981 mutt_file_fclose(&fp_out);
982 mutt_file_unlink(buf_string(certfile));
983 }
984 buf_pool_release(&certfile);
985 return cert;
986}
987
991void smime_class_invoke_import(const char *infile, const char *mailbox)
992{
993 char *certfile = NULL;
994 struct Buffer *buf = NULL;
995
996 FILE *fp_out = NULL;
997 FILE *fp_err = mutt_file_mkstemp();
998 if (!fp_err)
999 {
1000 mutt_perror(_("Can't create temporary file"));
1001 goto done;
1002 }
1003
1004 fp_out = mutt_file_mkstemp();
1005 if (!fp_out)
1006 {
1007 mutt_perror(_("Can't create temporary file"));
1008 goto done;
1009 }
1010
1011 buf = buf_pool_get();
1012 const bool c_smime_ask_cert_label = cs_subset_bool(NeoMutt->sub, "smime_ask_cert_label");
1013 if (c_smime_ask_cert_label)
1014 {
1015 if ((mw_get_field(_("Label for certificate: "), buf, MUTT_COMP_NONE,
1016 HC_OTHER, NULL, NULL) != 0) ||
1017 buf_is_empty(buf))
1018 {
1019 goto done;
1020 }
1021 }
1022
1023 mutt_endwin();
1024 certfile = smime_extract_certificate(infile);
1025 if (certfile)
1026 {
1027 mutt_endwin();
1028
1029 const struct Expando *c_smime_import_cert_command =
1030 cs_subset_expando(NeoMutt->sub, "smime_import_cert_command");
1031 FILE *fp_smime_in = NULL;
1032 pid_t pid = smime_invoke(&fp_smime_in, NULL, NULL, -1, fileno(fp_out),
1033 fileno(fp_err), certfile, NULL, NULL, NULL, NULL,
1034 NULL, NULL, c_smime_import_cert_command);
1035 if (pid == -1)
1036 {
1037 mutt_message(_("Error: unable to create OpenSSL subprocess"));
1038 goto done;
1039 }
1040 fputs(buf_string(buf), fp_smime_in);
1041 fputc('\n', fp_smime_in);
1042 mutt_file_fclose(&fp_smime_in);
1043
1044 filter_wait(pid);
1045
1046 mutt_file_unlink(certfile);
1047 FREE(&certfile);
1048 }
1049
1050 fflush(fp_out);
1051 rewind(fp_out);
1052 fflush(fp_err);
1053 rewind(fp_err);
1054
1055 mutt_file_copy_stream(fp_out, stdout);
1056 mutt_file_copy_stream(fp_err, stdout);
1057
1058done:
1059 mutt_file_fclose(&fp_out);
1060 mutt_file_fclose(&fp_err);
1061 buf_pool_release(&buf);
1062}
1063
1067int smime_class_verify_sender(struct Email *e, struct Message *msg)
1068{
1069 const char *mbox = NULL;
1070 const char *certfile = NULL;
1071 int rc = 1;
1072
1073 struct Buffer *tempfname = buf_pool_get();
1074 buf_mktemp(tempfname);
1075 FILE *fp_out = mutt_file_fopen(buf_string(tempfname), "w");
1076 if (!fp_out)
1077 {
1078 mutt_perror("%s", buf_string(tempfname));
1079 goto cleanup;
1080 }
1081
1082 const bool encrypt = e->security & SEC_ENCRYPT;
1083 mutt_copy_message(fp_out, e, msg,
1085 encrypt ? (CH_MIME | CH_WEED | CH_NONEWLINE) : CH_NONE, 0);
1086
1087 fflush(fp_out);
1088 mutt_file_fclose(&fp_out);
1089
1090 if (!TAILQ_EMPTY(&e->env->from))
1091 {
1093 mbox = buf_string(TAILQ_FIRST(&e->env->from)->mailbox);
1094 }
1095 else if (!TAILQ_EMPTY(&e->env->sender))
1096 {
1098 mbox = buf_string(TAILQ_FIRST(&e->env->sender)->mailbox);
1099 }
1100
1101 if (mbox)
1102 {
1103 certfile = smime_extract_signer_certificate(buf_string(tempfname));
1104 if (certfile)
1105 {
1106 mutt_file_unlink(buf_string(tempfname));
1107 if (smime_handle_cert_email(certfile, mbox, false, NULL, NULL))
1108 {
1109 if (isendwin())
1111 }
1112 else
1113 {
1114 rc = 0;
1115 }
1116 mutt_file_unlink(certfile);
1117 FREE(&certfile);
1118 }
1119 else
1120 {
1121 mutt_any_key_to_continue(_("no certfile"));
1122 }
1123 }
1124 else
1125 {
1126 mutt_any_key_to_continue(_("no mbox"));
1127 }
1128
1129 mutt_file_unlink(buf_string(tempfname));
1130
1131cleanup:
1132 buf_pool_release(&tempfname);
1133 return rc;
1134}
1135
1152static pid_t smime_invoke_encrypt(FILE **fp_smime_in, FILE **fp_smime_out,
1153 FILE **fp_smime_err, int fp_smime_infd,
1154 int fp_smime_outfd, int fp_smime_errfd,
1155 const char *fname, const char *uids)
1156{
1157 const char *const c_smime_encrypt_with = cs_subset_string(NeoMutt->sub, "smime_encrypt_with");
1158 const struct Expando *c_smime_encrypt_command = cs_subset_expando(NeoMutt->sub, "smime_encrypt_command");
1159 return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd,
1160 fp_smime_outfd, fp_smime_errfd, fname, NULL, c_smime_encrypt_with,
1161 NULL, NULL, uids, NULL, c_smime_encrypt_command);
1162}
1163
1179static pid_t smime_invoke_sign(FILE **fp_smime_in, FILE **fp_smime_out,
1180 FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd,
1181 int fp_smime_errfd, const char *fname)
1182{
1184 const char *const c_smime_sign_digest_alg = cs_subset_string(NeoMutt->sub, "smime_sign_digest_alg");
1185 const struct Expando *c_smime_sign_command = cs_subset_expando(NeoMutt->sub, "smime_sign_command");
1186 return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd,
1187 fp_smime_outfd, fp_smime_errfd, fname, NULL, NULL,
1188 c_smime_sign_digest_alg, buf_string(&mod_data->smime_key_to_use),
1189 buf_string(&mod_data->smime_cert_to_use),
1190 buf_string(&mod_data->smime_intermediate_to_use), c_smime_sign_command);
1191}
1192
1196struct Body *smime_class_build_smime_entity(struct Body *b, char *certlist)
1197{
1198 char buf[1024] = { 0 };
1199 char certfile[PATH_MAX] = { 0 };
1200 char *cert_end = NULL;
1201 FILE *fp_smime_in = NULL;
1202 FILE *fp_smime_err = NULL;
1203 FILE *fp_out = NULL;
1204 FILE *fp_tmp = NULL;
1205 struct Body *b_enc = NULL;
1206 bool err = false;
1207 int empty;
1208 int off;
1209 pid_t pid;
1210
1211 struct Buffer *tempfile = buf_pool_get();
1212 struct Buffer *smime_infile = buf_pool_get();
1213
1214 buf_mktemp(tempfile);
1215 fp_out = mutt_file_fopen(buf_string(tempfile), "w+");
1216 if (!fp_out)
1217 {
1218 mutt_perror("%s", buf_string(tempfile));
1219 goto cleanup;
1220 }
1221
1222 fp_smime_err = mutt_file_mkstemp();
1223 if (!fp_smime_err)
1224 {
1225 mutt_perror(_("Can't create temporary file"));
1226 goto cleanup;
1227 }
1228
1229 buf_mktemp(smime_infile);
1230 fp_tmp = mutt_file_fopen(buf_string(smime_infile), "w+");
1231 if (!fp_tmp)
1232 {
1233 mutt_perror("%s", buf_string(smime_infile));
1234 goto cleanup;
1235 }
1236
1237 *certfile = '\0';
1238 for (char *cert_start = certlist; cert_start; cert_start = cert_end)
1239 {
1240 cert_end = strchr(cert_start, ' ');
1241 if (cert_end)
1242 *cert_end = '\0';
1243 if (*cert_start)
1244 {
1245 off = mutt_str_len(certfile);
1246 const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
1247 snprintf(certfile + off, sizeof(certfile) - off, "%s%s/%s",
1248 (off != 0) ? " " : "", NONULL(c_smime_certificates), cert_start);
1249 }
1250 if (cert_end)
1251 *cert_end++ = ' ';
1252 }
1253
1254 /* write a MIME entity */
1255 mutt_write_mime_header(b, fp_tmp, NeoMutt->sub);
1256 fputc('\n', fp_tmp);
1257 mutt_write_mime_body(b, fp_tmp, NeoMutt->sub);
1258 mutt_file_fclose(&fp_tmp);
1259
1260 pid = smime_invoke_encrypt(&fp_smime_in, NULL, NULL, -1, fileno(fp_out),
1261 fileno(fp_smime_err), buf_string(smime_infile), certfile);
1262 if (pid == -1)
1263 {
1264 mutt_file_unlink(buf_string(smime_infile));
1265 goto cleanup;
1266 }
1267
1268 mutt_file_fclose(&fp_smime_in);
1269
1270 filter_wait(pid);
1271 mutt_file_unlink(buf_string(smime_infile));
1272
1273 fflush(fp_out);
1274 rewind(fp_out);
1275 empty = (fgetc(fp_out) == EOF);
1276 mutt_file_fclose(&fp_out);
1277
1278 fflush(fp_smime_err);
1279 rewind(fp_smime_err);
1280 while (fgets(buf, sizeof(buf) - 1, fp_smime_err))
1281 {
1282 err = true;
1283 fputs(buf, stdout);
1284 }
1285 mutt_file_fclose(&fp_smime_err);
1286
1287 /* pause if there is any error output from SMIME */
1288 if (err)
1290
1291 if (empty)
1292 {
1293 /* fatal error while trying to encrypt message */
1294 if (!err)
1295 mutt_any_key_to_continue(_("No output from OpenSSL..."));
1296 mutt_file_unlink(buf_string(tempfile));
1297 goto cleanup;
1298 }
1299
1300 b_enc = mutt_body_new();
1301 b_enc->type = TYPE_APPLICATION;
1302 b_enc->subtype = mutt_str_dup("pkcs7-mime");
1303 mutt_param_set(&b_enc->parameter, "name", "smime.p7m");
1304 mutt_param_set(&b_enc->parameter, "smime-type", "enveloped-data");
1305 b_enc->encoding = ENC_BASE64; /* The output of OpenSSL SHOULD be binary */
1306 b_enc->use_disp = true;
1307 b_enc->disposition = DISP_ATTACH;
1308 b_enc->d_filename = mutt_str_dup("smime.p7m");
1309 b_enc->filename = buf_strdup(tempfile);
1310 b_enc->unlink = true; /* delete after sending the message */
1311 b_enc->parts = NULL;
1312 b_enc->next = NULL;
1313
1314cleanup:
1315 if (fp_out)
1316 {
1317 mutt_file_fclose(&fp_out);
1318 mutt_file_unlink(buf_string(tempfile));
1319 }
1320 mutt_file_fclose(&fp_smime_err);
1321 if (fp_tmp)
1322 {
1323 mutt_file_fclose(&fp_tmp);
1324 mutt_file_unlink(buf_string(smime_infile));
1325 }
1326 buf_pool_release(&tempfile);
1327 buf_pool_release(&smime_infile);
1328
1329 return b_enc;
1330}
1331
1344static char *openssl_md_to_smime_micalg(const char *md)
1345{
1346 if (!md)
1347 return NULL;
1348
1349 char *micalg = NULL;
1350 if (mutt_istr_startswith(md, "sha"))
1351 {
1352 mutt_str_asprintf(&micalg, "sha-%s", md + 3);
1353 }
1354 else
1355 {
1356 micalg = mutt_str_dup(md);
1357 }
1358
1359 return micalg;
1360}
1361
1365struct Body *smime_class_sign_message(struct Body *b, const struct AddressList *from)
1366{
1368 struct Body *b_sign = NULL;
1369 struct Body *rc = NULL;
1370 char buf[1024] = { 0 };
1371 struct Buffer *filetosign = NULL;
1372 struct Buffer *signedfile = NULL;
1373 FILE *fp_smime_in = NULL;
1374 FILE *fp_smime_out = NULL;
1375 FILE *fp_smime_err = NULL;
1376 FILE *fp_sign = NULL;
1377 bool err = false;
1378 int empty = 0;
1379 pid_t pid;
1380 const char *intermediates = NULL;
1381
1382 const char *const c_smime_sign_as = cs_subset_string(NeoMutt->sub, "smime_sign_as");
1383 const char *const c_smime_default_key = cs_subset_string(NeoMutt->sub, "smime_default_key");
1384 const char *signas = c_smime_sign_as ? c_smime_sign_as : c_smime_default_key;
1385 if (!signas || (*signas == '\0'))
1386 {
1387 mutt_error(_("Can't sign: No key specified. Use Sign As."));
1388 return NULL;
1389 }
1390
1391 crypt_convert_to_7bit(b); /* Signed data _must_ be in 7-bit format. */
1392
1393 filetosign = buf_pool_get();
1394 signedfile = buf_pool_get();
1395
1396 buf_mktemp(filetosign);
1397 fp_sign = mutt_file_fopen(buf_string(filetosign), "w+");
1398 if (!fp_sign)
1399 {
1400 mutt_perror("%s", buf_string(filetosign));
1401 goto cleanup;
1402 }
1403
1404 buf_mktemp(signedfile);
1405 fp_smime_out = mutt_file_fopen(buf_string(signedfile), "w+");
1406 if (!fp_smime_out)
1407 {
1408 mutt_perror("%s", buf_string(signedfile));
1409 goto cleanup;
1410 }
1411
1412 mutt_write_mime_header(b, fp_sign, NeoMutt->sub);
1413 fputc('\n', fp_sign);
1414 mutt_write_mime_body(b, fp_sign, NeoMutt->sub);
1415 mutt_file_fclose(&fp_sign);
1416
1417 const char *const c_smime_keys = cs_subset_path(NeoMutt->sub, "smime_keys");
1418 const char *const c_smime_certificates = cs_subset_path(NeoMutt->sub, "smime_certificates");
1419 buf_printf(&mod_data->smime_key_to_use, "%s/%s", NONULL(c_smime_keys), signas);
1420 buf_printf(&mod_data->smime_cert_to_use, "%s/%s", NONULL(c_smime_certificates), signas);
1421
1422 struct SmimeKey *signas_key = smime_get_key_by_hash(signas, 1);
1423 if (!signas_key || mutt_str_equal("?", signas_key->issuer))
1424 intermediates = signas; /* so openssl won't complain in any case */
1425 else
1426 intermediates = signas_key->issuer;
1427
1428 buf_printf(&mod_data->smime_intermediate_to_use, "%s/%s",
1429 NONULL(c_smime_certificates), intermediates);
1430
1431 smime_key_free(&signas_key);
1432
1433 pid = smime_invoke_sign(&fp_smime_in, NULL, &fp_smime_err, -1,
1434 fileno(fp_smime_out), -1, buf_string(filetosign));
1435 if (pid == -1)
1436 {
1437 mutt_perror(_("Can't open OpenSSL subprocess"));
1438 mutt_file_unlink(buf_string(filetosign));
1439 goto cleanup;
1440 }
1441 fputs(mod_data->smime_pass, fp_smime_in);
1442 fputc('\n', fp_smime_in);
1443 mutt_file_fclose(&fp_smime_in);
1444
1445 filter_wait(pid);
1446
1447 /* check for errors from OpenSSL */
1448 err = false;
1449 fflush(fp_smime_err);
1450 rewind(fp_smime_err);
1451 while (fgets(buf, sizeof(buf) - 1, fp_smime_err))
1452 {
1453 err = true;
1454 fputs(buf, stdout);
1455 }
1456 mutt_file_fclose(&fp_smime_err);
1457
1458 fflush(fp_smime_out);
1459 rewind(fp_smime_out);
1460 empty = (fgetc(fp_smime_out) == EOF);
1461 mutt_file_fclose(&fp_smime_out);
1462
1463 mutt_file_unlink(buf_string(filetosign));
1464
1465 if (err)
1466 {
1469 }
1470
1471 if (empty)
1472 {
1473 mutt_any_key_to_continue(_("No output from OpenSSL..."));
1474 mutt_file_unlink(buf_string(signedfile));
1475 goto cleanup; /* fatal error while signing */
1476 }
1477
1478 b_sign = mutt_body_new();
1479 b_sign->type = TYPE_MULTIPART;
1480 b_sign->subtype = mutt_str_dup("signed");
1481 b_sign->encoding = ENC_7BIT;
1482 b_sign->use_disp = false;
1483 b_sign->disposition = DISP_INLINE;
1484
1486
1487 const char *const c_smime_sign_digest_alg = cs_subset_string(NeoMutt->sub, "smime_sign_digest_alg");
1488 char *micalg = openssl_md_to_smime_micalg(c_smime_sign_digest_alg);
1489 mutt_param_set(&b_sign->parameter, "micalg", micalg);
1490 FREE(&micalg);
1491
1492 mutt_param_set(&b_sign->parameter, "protocol", "application/pkcs7-signature");
1493
1494 b_sign->parts = b;
1495 rc = b_sign;
1496
1497 b_sign->parts->next = mutt_body_new();
1498 b_sign = b_sign->parts->next;
1499 b_sign->type = TYPE_APPLICATION;
1500 b_sign->subtype = mutt_str_dup("pkcs7-signature");
1501 b_sign->filename = buf_strdup(signedfile);
1502 b_sign->d_filename = mutt_str_dup("smime.p7s");
1503 b_sign->use_disp = true;
1504 b_sign->disposition = DISP_ATTACH;
1505 b_sign->encoding = ENC_BASE64;
1506 b_sign->unlink = true; /* ok to remove this file after sending. */
1507
1508cleanup:
1509 if (fp_sign)
1510 {
1511 mutt_file_fclose(&fp_sign);
1512 mutt_file_unlink(buf_string(filetosign));
1513 }
1514 if (fp_smime_out)
1515 {
1516 mutt_file_fclose(&fp_smime_out);
1517 mutt_file_unlink(buf_string(signedfile));
1518 }
1519 buf_pool_release(&filetosign);
1520 buf_pool_release(&signedfile);
1521 return rc;
1522}
1523
1541static pid_t smime_invoke_verify(FILE **fp_smime_in, FILE **fp_smime_out,
1542 FILE **fp_smime_err, int fp_smime_infd,
1543 int fp_smime_outfd, int fp_smime_errfd,
1544 const char *fname, const char *sig_fname, int opaque)
1545{
1546 const struct Expando *c_smime_verify_opaque_command =
1547 cs_subset_expando(NeoMutt->sub, "smime_verify_opaque_command");
1548 const struct Expando *c_smime_verify_command = cs_subset_expando(NeoMutt->sub, "smime_verify_command");
1549 return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd, fp_smime_outfd,
1550 fp_smime_errfd, fname, sig_fname, NULL, NULL, NULL, NULL, NULL,
1551 (opaque ? c_smime_verify_opaque_command : c_smime_verify_command));
1552}
1553
1569static pid_t smime_invoke_decrypt(FILE **fp_smime_in, FILE **fp_smime_out,
1570 FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd,
1571 int fp_smime_errfd, const char *fname)
1572{
1574 const struct Expando *c_smime_decrypt_command = cs_subset_expando(NeoMutt->sub, "smime_decrypt_command");
1575 return smime_invoke(fp_smime_in, fp_smime_out, fp_smime_err, fp_smime_infd,
1576 fp_smime_outfd, fp_smime_errfd, fname, NULL, NULL, NULL,
1577 buf_string(&mod_data->smime_key_to_use),
1578 buf_string(&mod_data->smime_cert_to_use), NULL,
1579 c_smime_decrypt_command);
1580}
1581
1585int smime_class_verify_one(struct Body *b, struct State *state, const char *tempfile)
1586{
1587 FILE *fp = NULL;
1588 FILE *fp_smime_out = NULL;
1589 FILE *fp_smime_err = NULL;
1590 pid_t pid;
1591 int badsig = -1;
1592
1593 LOFF_T tmpoffset = 0;
1594 size_t tmplength = 0;
1595 int orig_type = b->type;
1596
1597 struct Buffer *signedfile = buf_pool_get();
1598
1599 buf_printf(signedfile, "%s.sig", tempfile);
1600
1601 /* decode to a tempfile, saving the original destination */
1602 fp = state->fp_out;
1603 state->fp_out = mutt_file_fopen(buf_string(signedfile), "w");
1604 if (!state->fp_out)
1605 {
1606 mutt_perror("%s", buf_string(signedfile));
1607 goto cleanup;
1608 }
1609 /* decoding the attachment changes the size and offset, so save a copy
1610 * of the "real" values now, and restore them after processing */
1611 tmplength = b->length;
1612 tmpoffset = b->offset;
1613
1614 /* if we are decoding binary bodies, we don't want to prefix each
1615 * line with the prefix or else the data will get corrupted. */
1616 const char *save_prefix = state->prefix;
1617 state->prefix = NULL;
1618
1619 mutt_decode_attachment(b, state);
1620
1621 b->length = ftello(state->fp_out);
1622 b->offset = 0;
1623 mutt_file_fclose(&state->fp_out);
1624
1625 /* restore final destination and substitute the tempfile for input */
1626 state->fp_out = fp;
1627 fp = state->fp_in;
1628 state->fp_in = mutt_file_fopen(buf_string(signedfile), "r");
1629
1630 /* restore the prefix */
1631 state->prefix = save_prefix;
1632
1633 b->type = orig_type;
1634
1635 fp_smime_err = mutt_file_mkstemp();
1636 if (!fp_smime_err)
1637 {
1638 mutt_perror(_("Can't create temporary file"));
1639 goto cleanup;
1640 }
1641
1642 crypt_current_time(state, "OpenSSL");
1643
1644 pid = smime_invoke_verify(NULL, &fp_smime_out, NULL, -1, -1, fileno(fp_smime_err),
1645 tempfile, buf_string(signedfile), 0);
1646 if (pid != -1)
1647 {
1648 fflush(fp_smime_out);
1649 mutt_file_fclose(&fp_smime_out);
1650
1651 if (filter_wait(pid))
1652 {
1653 badsig = -1;
1654 }
1655 else
1656 {
1657 char *line = NULL;
1658 size_t linelen = 0;
1659
1660 fflush(fp_smime_err);
1661 rewind(fp_smime_err);
1662
1663 line = mutt_file_read_line(line, &linelen, fp_smime_err, NULL, MUTT_RL_NONE);
1664 if (linelen && mutt_istr_equal(line, "verification successful"))
1665 badsig = 0;
1666
1667 FREE(&line);
1668 }
1669 }
1670
1671 fflush(fp_smime_err);
1672 rewind(fp_smime_err);
1673 mutt_file_copy_stream(fp_smime_err, state->fp_out);
1674 mutt_file_fclose(&fp_smime_err);
1675
1676 state_attach_puts(state, _("[-- End of OpenSSL output --]\n\n"));
1677
1678 mutt_file_unlink(buf_string(signedfile));
1679
1680 b->length = tmplength;
1681 b->offset = tmpoffset;
1682
1683 /* restore the original source stream */
1684 mutt_file_fclose(&state->fp_in);
1685 state->fp_in = fp;
1686
1687cleanup:
1688 buf_pool_release(&signedfile);
1689 return badsig;
1690}
1691
1701static struct Body *smime_handle_entity(struct Body *b, struct State *state, FILE *fp_out_file)
1702{
1704 struct Buffer *tmpfname = buf_pool_get();
1705 FILE *fp_smime_out = NULL;
1706 FILE *fp_smime_in = NULL;
1707 FILE *fp_smime_err = NULL;
1708 FILE *fp_tmp = NULL;
1709 FILE *fp_out = NULL;
1710 struct Body *p = NULL;
1711 pid_t pid = -1;
1713
1714 if (!(type & APPLICATION_SMIME))
1715 return NULL;
1716
1717 /* Because of the mutt_body_handler() we avoid the buffer pool. */
1718 fp_smime_out = mutt_file_mkstemp();
1719 if (!fp_smime_out)
1720 {
1721 mutt_perror(_("Can't create temporary file"));
1722 goto cleanup;
1723 }
1724
1725 fp_smime_err = mutt_file_mkstemp();
1726 if (!fp_smime_err)
1727 {
1728 mutt_perror(_("Can't create temporary file"));
1729 goto cleanup;
1730 }
1731
1732 buf_mktemp(tmpfname);
1733 fp_tmp = mutt_file_fopen(buf_string(tmpfname), "w+");
1734 if (!fp_tmp)
1735 {
1736 mutt_perror("%s", buf_string(tmpfname));
1737 goto cleanup;
1738 }
1739
1740 if (!mutt_file_seek(state->fp_in, b->offset, SEEK_SET))
1741 {
1742 goto cleanup;
1743 }
1744
1745 mutt_file_copy_bytes(state->fp_in, fp_tmp, b->length);
1746
1747 fflush(fp_tmp);
1748 mutt_file_fclose(&fp_tmp);
1749
1750 if ((type & SEC_ENCRYPT) &&
1751 ((pid = smime_invoke_decrypt(&fp_smime_in, NULL, NULL, -1, fileno(fp_smime_out),
1752 fileno(fp_smime_err), buf_string(tmpfname))) == -1))
1753 {
1754 mutt_file_unlink(buf_string(tmpfname));
1755 if (state->flags & STATE_DISPLAY)
1756 {
1757 state_attach_puts(state, _("[-- Error: unable to create OpenSSL subprocess --]\n"));
1758 }
1759 goto cleanup;
1760 }
1761 else if ((type & SEC_SIGNOPAQUE) &&
1762 ((pid = smime_invoke_verify(&fp_smime_in, NULL, NULL, -1,
1763 fileno(fp_smime_out), fileno(fp_smime_err), NULL,
1764 buf_string(tmpfname), SEC_SIGNOPAQUE)) == -1))
1765 {
1766 mutt_file_unlink(buf_string(tmpfname));
1767 if (state->flags & STATE_DISPLAY)
1768 {
1769 state_attach_puts(state, _("[-- Error: unable to create OpenSSL subprocess --]\n"));
1770 }
1771 goto cleanup;
1772 }
1773
1774 if (type & SEC_ENCRYPT)
1775 {
1778 fputs(mod_data->smime_pass, fp_smime_in);
1779 fputc('\n', fp_smime_in);
1780 }
1781
1782 mutt_file_fclose(&fp_smime_in);
1783
1784 filter_wait(pid);
1785 mutt_file_unlink(buf_string(tmpfname));
1786
1787 if (state->flags & STATE_DISPLAY)
1788 {
1789 fflush(fp_smime_err);
1790 rewind(fp_smime_err);
1791
1792 const int c = fgetc(fp_smime_err);
1793 if (c != EOF)
1794 {
1795 ungetc(c, fp_smime_err);
1796
1797 crypt_current_time(state, "OpenSSL");
1798 mutt_file_copy_stream(fp_smime_err, state->fp_out);
1799 state_attach_puts(state, _("[-- End of OpenSSL output --]\n\n"));
1800 }
1801
1802 if (type & SEC_ENCRYPT)
1803 {
1804 state_attach_puts(state, _("[-- The following data is S/MIME encrypted --]\n"));
1805 }
1806 else
1807 {
1808 state_attach_puts(state, _("[-- The following data is S/MIME signed --]\n"));
1809 }
1810 }
1811
1812 fflush(fp_smime_out);
1813 rewind(fp_smime_out);
1814
1815 if (type & SEC_ENCRYPT)
1816 {
1817 /* void the passphrase, even if that wasn't the problem */
1818 if (fgetc(fp_smime_out) == EOF)
1819 {
1820 mutt_error(_("Decryption failed"));
1822 }
1823 rewind(fp_smime_out);
1824 }
1825
1826 if (fp_out_file)
1827 {
1828 fp_out = fp_out_file;
1829 }
1830 else
1831 {
1832 fp_out = mutt_file_mkstemp();
1833 if (!fp_out)
1834 {
1835 mutt_perror(_("Can't create temporary file"));
1836 goto cleanup;
1837 }
1838 }
1839 char buf[8192] = { 0 };
1840 while (fgets(buf, sizeof(buf) - 1, fp_smime_out))
1841 {
1842 const size_t len = mutt_str_len(buf);
1843 if ((len > 1) && (buf[len - 2] == '\r'))
1844 {
1845 buf[len - 2] = '\n';
1846 buf[len - 1] = '\0';
1847 }
1848 fputs(buf, fp_out);
1849 }
1850 fflush(fp_out);
1851 rewind(fp_out);
1852
1853 const long size = mutt_file_get_size_fp(fp_out);
1854 if (size == 0)
1855 {
1856 goto cleanup;
1857 }
1858 p = mutt_read_mime_header(fp_out, 0);
1859 if (p)
1860 {
1861 p->length = size - p->offset;
1862
1863 mutt_parse_part(fp_out, p);
1864
1865 if (state->flags & STATE_DISPLAY)
1867
1868 /* Store any protected headers in the parent so they can be
1869 * accessed for index updates after the handler recursion is done.
1870 * This is done before the handler to prevent a nested encrypted
1871 * handler from freeing the headers. */
1873 b->mime_headers = p->mime_headers;
1874 p->mime_headers = NULL;
1875
1876 if (state->fp_out)
1877 {
1878 rewind(fp_out);
1879 FILE *fp_tmp_buffer = state->fp_in;
1880 state->fp_in = fp_out;
1881 mutt_body_handler(p, state);
1882 state->fp_in = fp_tmp_buffer;
1883 }
1884
1885 /* Embedded multipart signed protected headers override the
1886 * encrypted headers. We need to do this after the handler so
1887 * they can be printed in the pager. */
1888 if (!(type & SMIME_SIGN) && mutt_is_multipart_signed(p) && p->parts &&
1889 p->parts->mime_headers)
1890 {
1893 p->parts->mime_headers = NULL;
1894 }
1895 }
1896 mutt_file_fclose(&fp_smime_out);
1897
1898 if (!fp_out_file)
1899 {
1900 mutt_file_fclose(&fp_out);
1901 mutt_file_unlink(buf_string(tmpfname));
1902 }
1903 fp_out = NULL;
1904
1905 if (state->flags & STATE_DISPLAY)
1906 {
1907 if (type & SEC_ENCRYPT)
1908 state_attach_puts(state, _("[-- End of S/MIME encrypted data --]\n"));
1909 else
1910 state_attach_puts(state, _("[-- End of S/MIME signed data --]\n"));
1911 }
1912
1913 if (type & SEC_SIGNOPAQUE)
1914 {
1915 char *line = NULL;
1916 size_t linelen = 0;
1917
1918 rewind(fp_smime_err);
1919
1920 line = mutt_file_read_line(line, &linelen, fp_smime_err, NULL, MUTT_RL_NONE);
1921 if (linelen && mutt_istr_equal(line, "verification successful"))
1922 b->goodsig = true;
1923 FREE(&line);
1924 }
1925 else if (p)
1926 {
1927 b->goodsig = p->goodsig;
1928 b->badsig = p->badsig;
1929 }
1930
1931cleanup:
1932 mutt_file_fclose(&fp_smime_out);
1933 mutt_file_fclose(&fp_smime_err);
1934 mutt_file_fclose(&fp_tmp);
1935 mutt_file_fclose(&fp_out);
1936 buf_pool_release(&tmpfname);
1937 return p;
1938}
1939
1943int smime_class_decrypt_mime(FILE *fp_in, FILE **fp_out, struct Body *b, struct Body **b_dec)
1944{
1945 struct State state = { 0 };
1946 LOFF_T tmpoffset = b->offset;
1947 size_t tmplength = b->length;
1948 int rc = -1;
1949
1951 return -1;
1952
1953 if (b->parts)
1954 return -1;
1955
1956 state.fp_in = fp_in;
1957 if (!mutt_file_seek(state.fp_in, b->offset, SEEK_SET))
1958 {
1959 return -1;
1960 }
1961
1962 FILE *fp_tmp = mutt_file_mkstemp();
1963 if (!fp_tmp)
1964 {
1965 mutt_perror(_("Can't create temporary file"));
1966 return -1;
1967 }
1968
1969 state.fp_out = fp_tmp;
1970 mutt_decode_attachment(b, &state);
1971 fflush(fp_tmp);
1972 b->length = ftello(state.fp_out);
1973 b->offset = 0;
1974 rewind(fp_tmp);
1975 state.fp_in = fp_tmp;
1976 state.fp_out = 0;
1977
1979 if (!*fp_out)
1980 {
1981 mutt_perror(_("Can't create temporary file"));
1982 goto bail;
1983 }
1984
1985 *b_dec = smime_handle_entity(b, &state, *fp_out);
1986 if (!*b_dec)
1987 goto bail;
1988
1989 (*b_dec)->goodsig = b->goodsig;
1990 (*b_dec)->badsig = b->badsig;
1991 rc = 0;
1992
1993bail:
1994 b->length = tmplength;
1995 b->offset = tmpoffset;
1996 mutt_file_fclose(&fp_tmp);
1997 if (*fp_out)
1998 rewind(*fp_out);
1999
2000 return rc;
2001}
2002
2006int smime_class_application_handler(struct Body *b, struct State *state)
2007{
2008 int rc = -1;
2009
2010 /* clear out any mime headers before the handler, so they can't be spoofed. */
2012
2013 struct Body *tattach = smime_handle_entity(b, state, NULL);
2014 if (tattach)
2015 {
2016 rc = 0;
2017 mutt_body_free(&tattach);
2018 }
2019 return rc;
2020}
2021
2026{
2027 struct SmimeKey *key = NULL;
2028 const char *prompt = NULL;
2029 const char *letters = NULL;
2030 const char *choices = NULL;
2031 int choice;
2032
2034 return e->security;
2035
2037
2038 /* Opportunistic encrypt is controlling encryption.
2039 * NOTE: "Signing" and "Clearing" only adjust the sign bit, so we have different
2040 * letter choices for those. */
2041 const bool c_crypt_opportunistic_encrypt = cs_subset_bool(NeoMutt->sub, "crypt_opportunistic_encrypt");
2042 if (c_crypt_opportunistic_encrypt && (e->security & SEC_OPPENCRYPT))
2043 {
2044 /* L10N: S/MIME options (opportunistic encryption is on) */
2045 prompt = _("S/MIME (s)ign, encrypt (w)ith, sign (a)s, (c)lear, or (o)ppenc mode off?");
2046 /* L10N: S/MIME options (opportunistic encryption is on) */
2047 letters = _("swaco");
2048 choices = "SwaCo";
2049 }
2050 else if (c_crypt_opportunistic_encrypt)
2051 {
2052 /* Opportunistic encryption option is set, but is toggled off
2053 * for this message. */
2054 /* L10N: S/MIME options (opportunistic encryption is off) */
2055 prompt = _("S/MIME (e)ncrypt, (s)ign, encrypt (w)ith, sign (a)s, (b)oth, (c)lear, or (o)ppenc mode?");
2056 /* L10N: S/MIME options (opportunistic encryption is off) */
2057 letters = _("eswabco");
2058 choices = "eswabcO";
2059 }
2060 else
2061 {
2062 /* Opportunistic encryption is unset */
2063 /* L10N: S/MIME options */
2064 prompt = _("S/MIME (e)ncrypt, (s)ign, encrypt (w)ith, sign (a)s, (b)oth, or (c)lear?");
2065 /* L10N: S/MIME options */
2066 letters = _("eswabc");
2067 choices = "eswabc";
2068 }
2069
2070 choice = mw_multi_choice(prompt, letters);
2071 if (choice > 0)
2072 {
2073 switch (choices[choice - 1])
2074 {
2075 case 'a': /* sign (a)s */
2076 key = smime_ask_for_key(_("Sign as: "), KEYFLAG_CANSIGN, false);
2077 if (key)
2078 {
2079 cs_subset_str_string_set(NeoMutt->sub, "smime_sign_as", key->hash, NULL);
2080 smime_key_free(&key);
2081
2082 e->security |= SEC_SIGN;
2083
2084 /* probably need a different passphrase */
2086 }
2087
2088 break;
2089
2090 case 'b': /* (b)oth */
2091 e->security |= (SEC_ENCRYPT | SEC_SIGN);
2092 break;
2093
2094 case 'c': /* (c)lear */
2095 e->security &= ~(SEC_ENCRYPT | SEC_SIGN);
2096 break;
2097
2098 case 'C':
2099 e->security &= ~SEC_SIGN;
2100 break;
2101
2102 case 'e': /* (e)ncrypt */
2103 e->security |= SEC_ENCRYPT;
2104 e->security &= ~SEC_SIGN;
2105 break;
2106
2107 case 'O': /* oppenc mode on */
2110 break;
2111
2112 case 'o': /* oppenc mode off */
2114 break;
2115
2116 case 'S': /* (s)ign in oppenc mode */
2117 e->security |= SEC_SIGN;
2118 break;
2119
2120 case 's': /* (s)ign */
2121 e->security &= ~SEC_ENCRYPT;
2122 e->security |= SEC_SIGN;
2123 break;
2124
2125 case 'w': /* encrypt (w)ith */
2126 {
2127 e->security |= SEC_ENCRYPT;
2128 do
2129 {
2130 struct Buffer *errmsg = buf_pool_get();
2131 int rc = CSR_SUCCESS;
2132 switch (mw_multi_choice(_("Choose algorithm family: (1) DES, (2) RC2, (3) AES, or (c)lear?"),
2133 // L10N: Options for: Choose algorithm family: (1) DES, (2) RC2, (3) AES, or (c)lear?
2134 _("123c")))
2135 {
2136 case 1:
2137 switch (choice = mw_multi_choice(_("(1) DES, (2) Triple-DES?"),
2138 // L10N: Options for: (1) DES, (2) Triple-DES
2139 _("12")))
2140 {
2141 case 1:
2142 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2143 "des", errmsg);
2144 break;
2145 case 2:
2146 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2147 "des3", errmsg);
2148 break;
2149 }
2150 break;
2151
2152 case 2:
2153 switch (choice = mw_multi_choice(_("(1) RC2-40, (2) RC2-64, (3) RC2-128?"),
2154 // L10N: Options for: (1) RC2-40, (2) RC2-64, (3) RC2-128
2155 _("123")))
2156 {
2157 case 1:
2158 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2159 "rc2-40", errmsg);
2160 break;
2161 case 2:
2162 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2163 "rc2-64", errmsg);
2164 break;
2165 case 3:
2166 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2167 "rc2-128", errmsg);
2168 break;
2169 }
2170 break;
2171
2172 case 3:
2173 switch (choice = mw_multi_choice(_("(1) AES128, (2) AES192, (3) AES256?"),
2174 // L10N: Options for: (1) AES128, (2) AES192, (3) AES256
2175 _("123")))
2176 {
2177 case 1:
2178 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2179 "aes128", errmsg);
2180 break;
2181 case 2:
2182 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2183 "aes192", errmsg);
2184 break;
2185 case 3:
2186 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with",
2187 "aes256", errmsg);
2188 break;
2189 }
2190 break;
2191
2192 case 4:
2193 rc = cs_subset_str_string_set(NeoMutt->sub, "smime_encrypt_with", NULL, errmsg);
2194 /* (c)lear */
2196
2197 case -1: /* Ctrl-G or Enter */
2198 choice = 0;
2199 break;
2200 }
2201
2202 if ((CSR_RESULT(rc) != CSR_SUCCESS) && !buf_is_empty(errmsg))
2203 mutt_error("%s", buf_string(errmsg));
2204
2205 buf_pool_release(&errmsg);
2206 } while (choice == -1);
2207 break;
2208 }
2209 }
2210 }
2211
2212 return e->security;
2213}
void mutt_addr_free(struct Address **ptr)
Free a single Address.
Definition address.c:463
Email Address Handling.
Email Aliases.
void mutt_expand_aliases(struct AddressList *al)
Expand aliases in a List of Addresses.
Definition alias.c:297
bool mutt_addr_is_user(const struct Address *addr)
Does the address belong to the user.
Definition alias.c:601
int buf_printf(struct Buffer *buf, const char *fmt,...)
Format a string overwriting a Buffer.
Definition buffer.c:168
size_t buf_len(const struct Buffer *buf)
Calculate the length of a Buffer.
Definition buffer.c:497
void buf_dealloc(struct Buffer *buf)
Release the memory allocated by a buffer.
Definition buffer.c:383
void buf_reset(struct Buffer *buf)
Reset an existing Buffer.
Definition buffer.c:89
bool buf_is_empty(const struct Buffer *buf)
Is the Buffer empty?
Definition buffer.c:298
char * buf_strdup(const struct Buffer *buf)
Copy a Buffer's string.
Definition buffer.c:577
void buf_alloc(struct Buffer *buf, size_t new_size)
Make sure a buffer can store at least new_size bytes.
Definition buffer.c:342
static const char * buf_string(const struct Buffer *buf)
Convert a buffer to a const char * "string".
Definition buffer.h:96
const char * cs_subset_string(const struct ConfigSubset *sub, const char *name)
Get a string config item by name.
Definition helpers.c:291
short cs_subset_number(const struct ConfigSubset *sub, const char *name)
Get a number config item by name.
Definition helpers.c:143
const char * cs_subset_path(const struct ConfigSubset *sub, const char *name)
Get a path config item by name.
Definition helpers.c:168
bool cs_subset_bool(const struct ConfigSubset *sub, const char *name)
Get a boolean config item by name.
Definition helpers.c:47
const struct Expando * cs_subset_expando(const struct ConfigSubset *sub, const char *name)
Get an Expando config item by name.
Convenience wrapper for the config headers.
#define CSR_RESULT(x)
Extract the result code from CSR_* flags.
Definition set.h:53
#define CSR_SUCCESS
Action completed successfully.
Definition set.h:33
int mutt_copy_message(FILE *fp_out, struct Email *e, struct Message *msg, CopyMessageFlags cmflags, CopyHeaderFlags chflags, int wraplen)
Copy a message from a Mailbox.
Definition copy_email.c:920
@ MUTT_CM_DECODE_SMIME
Used for decoding S/MIME messages.
Definition copy_email.h:52
@ MUTT_CM_NONE
No flags are set.
Definition copy_email.h:41
#define MUTT_CM_DECODE_CRYPT
Combination flag for decoding any kind of cryptography (PGP or S/MIME)
Definition copy_email.h:58
@ CH_WEED
Weed the headers?
Definition copy_email.h:67
@ CH_MIME
Ignore MIME fields.
Definition copy_email.h:75
@ CH_NONE
No flags are set.
Definition copy_email.h:65
@ CH_NONEWLINE
Don't output terminating newline after the header.
Definition copy_email.h:74
Convenience wrapper for the core headers.
void crypt_opportunistic_encrypt(struct Email *e)
Can all recipients be determined.
Definition crypt.c:1051
SecurityFlags mutt_is_multipart_signed(struct Body *b)
Is a message signed?
Definition crypt.c:409
SecurityFlags mutt_is_application_smime(struct Body *b)
Does the message use S/MIME?
Definition crypt.c:610
void crypt_current_time(struct State *state, const char *app_name)
Print the current time.
Definition crypt.c:64
void crypt_convert_to_7bit(struct Body *b)
Convert an email to 7bit encoding.
Definition crypt.c:815
Signing/encryption multiplexor.
void crypt_smime_void_passphrase(void)
Wrapper for CryptModuleSpecs::void_passphrase()
Definition cryptglue.c:484
Wrapper around crypto functions.
int mutt_any_key_to_continue(const char *s)
Prompt the user to 'press any key' and wait.
Definition curs_lib.c:174
void mutt_endwin(void)
Shutdown curses.
Definition curs_lib.c:152
Edit a string.
@ MUTT_COMP_UNBUFFERED
Ignore macro buffer.
Definition wdata.h:49
@ MUTT_COMP_PASS
Password mode (no echo)
Definition wdata.h:48
@ MUTT_COMP_NONE
No flags are set.
Definition wdata.h:46
void mutt_body_free(struct Body **ptr)
Free a Body.
Definition body.c:58
struct Body * mutt_body_new(void)
Create a new Body.
Definition body.c:44
Structs that make up an email.
void mutt_parse_part(FILE *fp, struct Body *b)
Parse a MIME part.
Definition parse.c:1949
struct Body * mutt_read_mime_header(FILE *fp, bool digest)
Parse a MIME header.
Definition parse.c:1484
void mutt_env_free(struct Envelope **ptr)
Free an Envelope.
Definition envelope.c:125
int expando_render(const struct Expando *exp, const struct ExpandoRenderCallback *erc, void *data, MuttFormatFlags flags, int max_cols, struct Buffer *buf)
Render an Expando + data into a string.
Definition expando.c:118
Parse Expando string.
const struct ExpandoRenderCallback SmimeCommandRenderCallbacks[]
Callbacks for Smime Command Expandos.
Ncrypt Smime Expando definitions.
int mutt_file_copy_stream(FILE *fp_in, FILE *fp_out)
Copy the contents of one file into another.
Definition file.c:224
char * mutt_file_read_line(char *line, size_t *size, FILE *fp, int *line_num, ReadLineFlags flags)
Read a line from a file.
Definition file.c:678
int mutt_file_copy_bytes(FILE *fp_in, FILE *fp_out, size_t size)
Copy some content from one file to another.
Definition file.c:192
long mutt_file_get_size_fp(FILE *fp)
Get the size of a file.
Definition file.c:1433
bool mutt_file_seek(FILE *fp, LOFF_T offset, int whence)
Wrapper for fseeko with error handling.
Definition file.c:648
void mutt_file_unlink(const char *s)
Delete a file, carefully.
Definition file.c:156
#define mutt_file_fclose(FP)
Definition file.h:144
#define mutt_file_fopen(PATH, MODE)
Definition file.h:143
@ MUTT_RL_NONE
No flags are set.
Definition file.h:43
int smime_class_application_handler(struct Body *b, struct State *state)
Manage the MIME type "application/pgp" or "application/smime" - Implements CryptModuleSpecs::applicat...
Definition smime.c:2006
int smime_class_decrypt_mime(FILE *fp_in, FILE **fp_out, struct Body *b, struct Body **b_dec)
Decrypt an encrypted MIME part - Implements CryptModuleSpecs::decrypt_mime() -.
Definition smime.c:1943
char * smime_class_find_keys(const struct AddressList *al, bool oppenc_mode)
Find the keyids of the recipients of a message - Implements CryptModuleSpecs::find_keys() -.
Definition smime.c:656
SecurityFlags smime_class_send_menu(struct Email *e)
Ask the user whether to sign and/or encrypt the email - Implements CryptModuleSpecs::send_menu() -.
Definition smime.c:2025
struct Body * smime_class_sign_message(struct Body *b, const struct AddressList *from)
Cryptographically sign the Body of a message - Implements CryptModuleSpecs::sign_message() -.
Definition smime.c:1365
struct Body * smime_class_build_smime_entity(struct Body *b, char *certlist)
Encrypt the email body to all recipients - Implements CryptModuleSpecs::smime_build_smime_entity() -.
Definition smime.c:1196
void smime_class_getkeys(struct Envelope *env)
Get the S/MIME keys required to encrypt this email - Implements CryptModuleSpecs::smime_getkeys() -.
Definition smime.c:614
void smime_class_invoke_import(const char *infile, const char *mailbox)
Add a certificate and update index file (externally) - Implements CryptModuleSpecs::smime_invoke_impo...
Definition smime.c:991
int smime_class_verify_sender(struct Email *e, struct Message *msg)
Does the sender match the certificate?
Definition smime.c:1067
bool smime_class_valid_passphrase(void)
Ensure we have a valid passphrase - Implements CryptModuleSpecs::valid_passphrase() -.
Definition smime.c:147
int smime_class_verify_one(struct Body *b, struct State *state, const char *tempfile)
Check a signed MIME part against a signature - Implements CryptModuleSpecs::verify_one() -.
Definition smime.c:1585
void smime_class_void_passphrase(void)
Forget the cached passphrase - Implements CryptModuleSpecs::void_passphrase() -.
Definition smime.c:137
struct SmimeKey * dlg_smime(struct SmimeKey *keys, const char *query)
Get the user to select a key -.
Definition dlg_smime.c:195
int mw_get_field(const char *prompt, struct Buffer *buf, CompletionFlags complete, enum HistoryClass hclass, const struct CompleteOps *comp_api, void *cdata)
Ask the user for a string -.
Definition window.c:502
int mw_multi_choice(const char *prompt, const char *letters)
Offer the user a multiple choice question -.
Definition question.c:62
int mutt_protected_headers_handler(struct Body *b_email, struct State *state)
Handler for protected headers - Implements handler_t -.
Definition crypt.c:1123
#define mutt_error(...)
Definition logging2.h:94
#define mutt_message(...)
Definition logging2.h:93
#define mutt_debug(LEVEL,...)
Definition logging2.h:91
#define mutt_perror(...)
Definition logging2.h:95
Convenience wrapper for the gui headers.
int mutt_body_handler(struct Body *b, struct State *state)
Handler for the Body of an email.
Definition handler.c:1668
void mutt_decode_attachment(const struct Body *b, struct State *state)
Decode an email's attachment.
Definition handler.c:1943
Read/write command history from/to a file.
@ HC_OTHER
Miscellaneous strings.
Definition lib.h:61
@ LL_DEBUG2
Log at debug level 2.
Definition logging2.h:46
#define FREE(x)
Free memory and set the pointer to NULL.
Definition memory.h:68
#define MUTT_MEM_CALLOC(n, type)
Definition memory.h:52
#define MUTT_MEM_REALLOC(pptr, n, type)
Definition memory.h:55
static int search(struct Menu *menu, int op, int *match)
Search a menu.
Definition functions.c:59
@ ENC_7BIT
7-bit text
Definition mime.h:49
@ ENC_BASE64
Base-64 encoded text.
Definition mime.h:52
@ TYPE_MULTIPART
Type: 'multipart/*'.
Definition mime.h:37
@ TYPE_APPLICATION
Type: 'application/*'.
Definition mime.h:33
@ DISP_ATTACH
Content is attached.
Definition mime.h:63
@ DISP_INLINE
Content is inline.
Definition mime.h:62
@ MODULE_ID_NCRYPT
ModuleNcrypt, Ncrypt
Definition module_api.h:82
void mutt_generate_boundary(struct ParameterList *pl)
Create a unique boundary id for a MIME part.
Definition multipart.c:93
time_t mutt_date_add_timeout(time_t now, time_t timeout)
Safely add a timeout to a given time_t value.
Definition date.c:896
time_t mutt_date_now(void)
Return the number of seconds since the Unix epoch.
Definition date.c:459
int filter_wait(pid_t pid)
Wait for the exit of a process and return its status.
Definition filter.c:231
pid_t filter_create_fd(const char *cmd, FILE **fp_in, FILE **fp_out, FILE **fp_err, int fdin, int fdout, int fderr, char **envlist)
Run a command on a pipe (optionally connect stdin/stdout)
Definition filter.c:62
Convenience wrapper for the library headers.
#define FALLTHROUGH
Definition lib.h:117
#define _(a)
Definition message.h:28
void state_attach_puts(struct State *state, const char *t)
Write a string to the state.
Definition state.c:104
@ STATE_DISPLAY
Output is displayed to the user.
Definition state.h:37
bool mutt_istr_equal(const char *a, const char *b)
Compare two strings, ignoring case.
Definition string.c:678
char * mutt_str_dup(const char *str)
Copy a string, safely.
Definition string.c:257
int mutt_str_asprintf(char **strp, const char *fmt,...)
Definition string.c:809
bool mutt_str_equal(const char *a, const char *b)
Compare two strings.
Definition string.c:666
const char * mutt_istr_find(const char *haystack, const char *needle)
Find first occurrence of string (ignoring case)
Definition string.c:528
size_t mutt_str_len(const char *a)
Calculate the length of a string, safely.
Definition string.c:503
size_t mutt_str_copy(char *dest, const char *src, size_t dsize)
Copy a string into a buffer (guaranteeing NUL-termination)
Definition string.c:587
size_t mutt_istr_startswith(const char *str, const char *prefix)
Check whether a string starts with a prefix, ignoring case.
Definition string.c:246
Many unsorted constants and some structs.
#define PATH_MAX
Definition mutt.h:49
void mutt_clear_error(void)
Clear the message line (bottom line of screen)
NeoMutt Logging.
API for encryption/signing of emails.
uint16_t SecurityFlags
Definition lib.h:104
@ SEC_OPPENCRYPT
Opportunistic encrypt mode.
Definition lib.h:100
@ SEC_SIGNOPAQUE
Email has an opaque signature (encrypted)
Definition lib.h:97
@ SEC_SIGN
Email is signed.
Definition lib.h:93
@ SEC_ENCRYPT
Email is encrypted.
Definition lib.h:92
uint16_t KeyFlags
Definition lib.h:159
#define SMIME_SIGN
Email is S/MIME signed.
Definition lib.h:119
#define APPLICATION_SMIME
Use SMIME to encrypt/sign.
Definition lib.h:107
@ KEYFLAG_CANSIGN
Key is suitable for signing.
Definition lib.h:147
@ KEYFLAG_CANENCRYPT
Key is suitable for encryption.
Definition lib.h:148
#define WithCrypto
Definition lib.h:132
Ncrypt private Module data.
Shared constants/structs that are private to libconn.
void * neomutt_get_module_data(struct NeoMutt *n, enum ModuleId id)
Get the private data for a Module.
Definition neomutt.c:666
void mutt_param_set(struct ParameterList *pl, const char *attribute, const char *value)
Set a Parameter.
Definition parameter.c:111
struct Buffer * buf_pool_get(void)
Get a Buffer from the pool.
Definition pool.c:91
void buf_pool_release(struct Buffer **ptr)
Return a Buffer to the pool.
Definition pool.c:111
Ask the user a question.
#define TAILQ_FOREACH(var, head, field)
Definition queue.h:782
#define TAILQ_FIRST(head)
Definition queue.h:780
#define TAILQ_EMPTY(head)
Definition queue.h:778
@ MUTT_FORMAT_NONE
No flags are set.
Definition render.h:37
int mutt_write_mime_body(struct Body *b, FILE *fp, struct ConfigSubset *sub)
Write a MIME part.
Definition body.c:304
int mutt_write_mime_header(struct Body *b, FILE *fp, struct ConfigSubset *sub)
Create a MIME header.
Definition header.c:763
Convenience wrapper for the send headers.
struct Address * mutt_default_from(struct ConfigSubset *sub)
Get a default 'from' Address.
Definition send.c:1405
static struct SmimeKey * smime_get_key_by_hash(const char *hash, bool only_public_key)
Find a key by its hash.
Definition smime.c:382
static pid_t smime_invoke_sign(FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname)
Use SMIME to sign a file.
Definition smime.c:1179
static void getkeys(const char *mailbox)
Get the keys for a mailbox.
Definition smime.c:577
static struct SmimeKey * smime_copy_key(struct SmimeKey *key)
Copy an SMIME key.
Definition smime.c:116
static struct SmimeKey * smime_get_key_by_str(const char *str, KeyFlags abilities, bool only_public_key)
Find an SMIME key by string.
Definition smime.c:490
void smime_init(void)
Initialise smime globals.
Definition smime.c:68
void smime_cleanup(struct NcryptModuleData *mod_data)
Clean up smime globals.
Definition smime.c:80
static pid_t smime_invoke_verify(FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname, const char *sig_fname, int opaque)
Use SMIME to verify a file.
Definition smime.c:1541
static char * smime_extract_signer_certificate(const char *infile)
Extract the signer's certificate.
Definition smime.c:923
static struct Body * smime_handle_entity(struct Body *b, struct State *state, FILE *fp_out_file)
Handle type application/pkcs7-mime.
Definition smime.c:1701
static struct SmimeKey * smime_parse_key(char *buf)
Parse an SMIME key block.
Definition smime.c:249
static pid_t smime_invoke_decrypt(FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname)
Use SMIME to decrypt a file.
Definition smime.c:1569
static struct SmimeKey * smime_get_candidates(const char *search, bool only_public_key)
Find keys matching a string.
Definition smime.c:333
static char * smime_extract_certificate(const char *infile)
Extract an SMIME certificate from a file.
Definition smime.c:808
static int smime_handle_cert_email(const char *certificate, const char *mailbox, bool copy, char ***buffer, int *num)
Process an email containing certificates.
Definition smime.c:705
static struct SmimeKey * smime_get_key_by_addr(const char *mailbox, KeyFlags abilities, bool only_public_key, bool oppenc_mode)
Find an SIME key by address.
Definition smime.c:408
static pid_t smime_invoke(FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname, const char *sig_fname, const char *cryptalg, const char *digestalg, const char *key, const char *certificates, const char *intermediates, const struct Expando *exp)
Run an SMIME command.
Definition smime.c:214
static pid_t smime_invoke_encrypt(FILE **fp_smime_in, FILE **fp_smime_out, FILE **fp_smime_err, int fp_smime_infd, int fp_smime_outfd, int fp_smime_errfd, const char *fname, const char *uids)
Use SMIME to encrypt a file.
Definition smime.c:1152
static void smime_key_free(struct SmimeKey **keylist)
Free a list of SMIME keys.
Definition smime.c:91
static char * openssl_md_to_smime_micalg(const char *md)
Change the algorithm names.
Definition smime.c:1344
static void smime_command(struct Buffer *buf, struct SmimeCommandContext *cctx, const struct Expando *exp)
Format an SMIME command string.
Definition smime.c:185
static struct SmimeKey * smime_ask_for_key(const char *prompt, KeyFlags abilities, bool only_public_key)
Ask the user to select a key.
Definition smime.c:537
SMIME helper routines.
#define NONULL(x)
Definition string2.h:44
An email address.
Definition address.h:35
struct Buffer * mailbox
Mailbox and host address.
Definition address.h:37
The body of an email.
Definition body.h:36
char * d_filename
filename to be used for the content-disposition header If NULL, filename is used instead.
Definition body.h:56
struct Body * parts
parts of a multipart or message/rfc822
Definition body.h:73
LOFF_T offset
offset where the actual data begins
Definition body.h:52
bool unlink
If true, filename should be unlink()ed before free()ing this structure.
Definition body.h:68
bool badsig
Bad cryptographic signature (needed to check encrypted s/mime-signatures)
Definition body.h:43
struct Envelope * mime_headers
Memory hole protected headers.
Definition body.h:76
LOFF_T length
length (in bytes) of attachment
Definition body.h:53
struct ParameterList parameter
Parameters of the content-type.
Definition body.h:63
bool use_disp
Content-Disposition uses filename= ?
Definition body.h:47
unsigned int disposition
content-disposition, ContentDisposition
Definition body.h:42
struct Body * next
next attachment in the list
Definition body.h:72
char * subtype
content-type subtype
Definition body.h:61
unsigned int encoding
content-transfer-encoding, ContentEncoding
Definition body.h:41
bool goodsig
Good cryptographic signature.
Definition body.h:45
unsigned int type
content-type primary type, ContentType
Definition body.h:40
char * filename
When sending a message, this is the file to which this structure refers.
Definition body.h:59
String manipulation buffer.
Definition buffer.h:36
size_t dsize
Length of data.
Definition buffer.h:39
char * data
Pointer to data.
Definition buffer.h:37
The envelope/body of an email.
Definition email.h:39
struct Envelope * env
Envelope information.
Definition email.h:68
SecurityFlags security
bit 0-10: flags, bit 11,12: application, bit 13: traditional pgp See: ncrypt/lib.h pgplib....
Definition email.h:43
The header of an Email.
Definition envelope.h:57
struct AddressList to
Email's 'To' list.
Definition envelope.h:60
struct AddressList cc
Email's 'Cc' list.
Definition envelope.h:61
struct AddressList sender
Email's sender.
Definition envelope.h:63
struct AddressList from
Email's 'From' list.
Definition envelope.h:59
Parsed Expando trees.
Definition expando.h:41
A local copy of an email.
Definition message.h:34
Ncrypt private Module data.
Definition module_data.h:39
struct Buffer smime_cert_to_use
S/MIME certificate to use.
Definition module_data.h:59
char smime_pass[256]
Cached S/MIME Passphrase.
Definition module_data.h:56
time_t smime_exp_time
Unix time when smime_pass expires.
Definition module_data.h:57
struct Buffer smime_intermediate_to_use
S/MIME intermediate certificate to use.
Definition module_data.h:60
struct Buffer smime_key_to_use
S/MIME key to use.
Definition module_data.h:58
Container for Accounts, Notifications.
Definition neomutt.h:41
char ** env
Private copy of the environment variables.
Definition neomutt.h:57
struct ConfigSubset * sub
Inherited config items.
Definition neomutt.h:49
Data for a SIME command.
Definition smime.h:58
const char * sig_fname
s
Definition smime.h:63
const char * intermediates
i
Definition smime.h:65
const char * digestalg
d
Definition smime.h:61
const char * cryptalg
a
Definition smime.h:60
const char * key
k
Definition smime.h:59
const char * fname
f
Definition smime.h:62
const char * certificates
c
Definition smime.h:64
An SIME key.
Definition smime.h:43
KeyFlags flags
Key flags.
Definition smime.h:49
char * hash
Key hash.
Definition smime.h:45
struct SmimeKey * next
Linked list.
Definition smime.h:50
char * issuer
Key issuer.
Definition smime.h:47
char * email
Email address.
Definition smime.h:44
char * label
Key label.
Definition smime.h:46
char trust
i=Invalid r=revoked e=expired u=unverified v=verified t=trusted
Definition smime.h:48
Keep track when processing files.
Definition state.h:54
StateFlags flags
Flags, e.g. STATE_DISPLAY.
Definition state.h:58
FILE * fp_out
File to write to.
Definition state.h:56
FILE * fp_in
File to read from.
Definition state.h:55
const char * prefix
String to add to the beginning of each output line.
Definition state.h:57
int cs_subset_str_string_set(const struct ConfigSubset *sub, const char *name, const char *value, struct Buffer *err)
Set a config item by string.
Definition subset.c:392
#define buf_mktemp(buf)
Definition tmp.h:33
#define mutt_file_mkstemp()
Definition tmp.h:36