summaryrefslogtreecommitdiff
path: root/contrib/smime/pine-smime-20030115.diff
diff options
context:
space:
mode:
authorEduardo Chappa <echappa@gmx.com>2013-02-03 00:59:38 -0700
committerEduardo Chappa <echappa@gmx.com>2013-02-03 00:59:38 -0700
commit094ca96844842928810f14844413109fc6cdd890 (patch)
treee60efbb980f38ba9308ccb4fb2b77b87bbc115f3 /contrib/smime/pine-smime-20030115.diff
downloadalpine-094ca96844842928810f14844413109fc6cdd890.tar.xz
Initial Alpine Version
Diffstat (limited to 'contrib/smime/pine-smime-20030115.diff')
-rw-r--r--contrib/smime/pine-smime-20030115.diff3265
1 files changed, 3265 insertions, 0 deletions
diff --git a/contrib/smime/pine-smime-20030115.diff b/contrib/smime/pine-smime-20030115.diff
new file mode 100644
index 00000000..5744ce0d
--- /dev/null
+++ b/contrib/smime/pine-smime-20030115.diff
@@ -0,0 +1,3265 @@
+diff -Ncr pine4.53/imap/src/c-client/mail.c pine4.53-smime/imap/src/c-client/mail.c
+*** pine4.53/imap/src/c-client/mail.c Thu Jan 2 17:28:42 2003
+--- pine4.53-smime/imap/src/c-client/mail.c Wed Jan 15 12:48:15 2003
+***************
+*** 5198,5203 ****
+--- 5198,5207 ----
+
+ void mail_free_body_data (BODY *body)
+ {
++ /* cleanup body if requested by application */
++ if (body->cleanup)
++ (*body->cleanup)(body);
++
+ switch (body->type) { /* free contents */
+ case TYPEMULTIPART: /* multiple part */
+ mail_free_body_part (&body->nested.part);
+diff -Ncr pine4.53/imap/src/c-client/mail.h pine4.53-smime/imap/src/c-client/mail.h
+*** pine4.53/imap/src/c-client/mail.h Tue Jan 7 12:33:50 2003
+--- pine4.53-smime/imap/src/c-client/mail.h Wed Jan 15 12:48:15 2003
+***************
+*** 655,660 ****
+--- 655,663 ----
+ unsigned long bytes; /* size of text in octets */
+ } size;
+ char *md5; /* MD5 checksum */
++
++ void *sparep; /* spare pointer reserved for main program */
++ void (*cleanup)(BODY *); /* cleanup function */
+ };
+
+
+diff -Ncr pine4.53/pine/README.smime pine4.53-smime/pine/README.smime
+*** pine4.53/pine/README.smime Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/README.smime Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,129 ----
++ Quick Start
++ ===========
++
++ To enable S/MIME support, ensure the SSL related lines in the platform
++ makefile are uncommented (they're all next to one another).
++
++ CA certificates are expected to be found in the OpenSSL 'cert' dir, in the
++ standard hashed format.
++
++ User Configuration
++ ==================
++
++ A directory '~/.pine-smime' must be created. Within this, a further
++ three directories are required:
++
++ ~/.pine-smime/
++ ca/
++ private/
++ public/
++
++ Other people's certificate files should be copied into the 'public' directory.
++ Your certificate file(s) should be copied into the 'private' directory.
++ Certificates for any additional trusted CAs should be put in the 'ca' directory.
++
++ There are three extra configuration options:
++
++ sign-default-on
++ encrypt-default-on
++ remember-smime-passphrase
++
++ Certificates
++ ============
++
++ The certificate files specified above should have the following form:
++
++ public certificates: user@emaildomain.crt
++ private keys: user@emaildomain.key
++
++ Thus, a typical installation might look like this:
++
++ ~/.pine-smime/
++ ca/
++ [additional trusted CAs here]
++ private/
++ paisleyj@dcs.gla.ac.uk.crt
++ paisleyj@dcs.gla.ac.uk.key
++ public/
++ myfriend@dcs.gla.ac.uk.crt
++ myotherfriend@dcs.gla.ac.uk.crt
++
++ Implementation Details
++ ======================
++
++ Link with the OpenSSL crypto library for PKCS7 support.
++ Only tested on linux (slx) and solaris (so5).
++
++ Added three extra source files (+headers):
++
++ smime.c Main S/MIME support code
++ smkeys.c Very basic X509 key handling/storage (using the above dirs)
++ bss_so.c OpenSSL BIO using pine STORE_S objects
++
++ Patches to existing pine sources:
++
++ init.c
++ Add references to new configuration options.
++
++ mailcmd.c
++ Add implementation of MC_DECRYPT command which prompts
++ the user for a passphrase if it's required.
++
++ mailpart.c
++ Comment added to help me remember what I'd done.
++
++ mailview.c
++ Added description of Decrypt menu option.
++ Make calls out to smime.c functions to handle the decryption.
++ This is done shortly after the BODY of a message is
++ obtained.
++ Added function to describe encrypted messages when they're
++ being displayed.
++ Added code to describe the special case of PKCS7 attachments.
++
++ makefile.lnx
++ makefile.so5
++ Added SSL variables etc.
++
++ pine.h
++ Add enumerations for new configuration options and definition
++ of MC_DECRYPT command
++ Exported the prototype of pine_write_body_header,
++ pine_rfc822_output_body and pine_encode_body since they're
++ needed in smime.c.
++
++ pine.hlp
++ Added help info for new configuration options.
++
++ send.c
++ Added 'Encrypt' and 'Sign' menu options when sending email.
++ Make calls to smime.c functions to fiddle message on the
++ way out.
++ Extend pine_encode_body so it makes a few more checks
++ before adding a boundary.
++
++ Basic method:
++
++ Incoming
++
++ Scan BODY of viewed message before it is formatted. If it contains
++ PKCS7 parts, decode them and attempt to decrypt/verify signatures. The
++ original BODY is fiddled in place and turned into a multipart body
++ with one subpart -- the decrypted data. This may consist of a multipart
++ with attachments, for example.
++
++ This all depends on stashing a pointer to the decrypted data in
++ body->contents.text.data and relying on the fact that the mail_* routines
++ will use this data in preference to fetching it over the network. We
++ also depend on it not being garbage collected while the message is
++ being viewed!
++
++ Outgoing
++
++ smime.c pre-builds the message using pine_encode_body, pine_write_body_header
++ and pine_rfc822_output_body, encrypting/signing the resulting data. The
++ body that was going to be sent is then fiddled appropriately after
++ the PKCS7 objects have been built.
++
++ paisleyj@dcs.gla.ac.uk
++ Mar 7 2001
+diff -Ncr pine4.53/pine/TODO.smime pine4.53-smime/pine/TODO.smime
+*** pine4.53/pine/TODO.smime Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/TODO.smime Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,31 ----
++
++ Need to be able to view stored certificates to see details
++ (particularly the fingerprint for comparing over the phone, say)
++ --> proper key management system
++
++ Add client private key and certificate request generation.
++
++ Send certificate for CA along with certificate of signer.
++
++ Verify recipient certificate before sending encrypted message.
++
++ Verify certificates in general.
++
++ Cache the result of pre-formatting the message during the send/encrypt/sign
++ phase rather than letting call_mailer re-format it all over again.
++
++ Tidy up the use of global variables considerably.
++
++ Intelligently pick a certificate for signing purposes based on the
++ From address rather than just picking the first one on the list.
++
++ Figure out platform dependancies from using readdir() in smkeys.c
++
++ Handle message/rfc822 sub-parts!
++
++ Consider what happens with all our cached data.
++
++ S/MIME info screen help.
++
++ paisleyj@dcs.gla.ac.uk
++ Mar 7 2001
+diff -Ncr pine4.53/pine/bss_so.c pine4.53-smime/pine/bss_so.c
+*** pine4.53/pine/bss_so.c Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/bss_so.c Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,184 ----
++ #ifdef SMIME
++
++ /*
++ bss_so.c
++
++ Basic implementation of an OpenSSL BIO which is
++ backed by a pine STORE_S object
++ */
++
++ #include "headers.h"
++
++ #include <stdio.h>
++ #include <errno.h>
++ #include <openssl/bio.h>
++ #include <openssl/err.h>
++
++ static int bss_so_write(BIO *h, char *buf, int num);
++ static int bss_so_read(BIO *h, char *buf, int size);
++ static int bss_so_puts(BIO *h, char *str);
++ static int bss_so_gets(BIO *h, char *str, int size);
++ static long bss_so_ctrl(BIO *h, int cmd, long arg1, char *arg2);
++ static int bss_so_new(BIO *h);
++ static int bss_so_free(BIO *data);
++ static BIO_METHOD methods_sop =
++ {
++ BIO_TYPE_MEM,
++ "Storage Object",
++ bss_so_write,
++ bss_so_read,
++ bss_so_puts,
++ bss_so_gets,
++ bss_so_ctrl,
++ bss_so_new,
++ bss_so_free,
++ NULL,
++ };
++
++ BIO *BIO_new_so(STORE_S *so)
++ {
++ BIO *ret;
++
++ if ((ret = BIO_new(&methods_sop)) == NULL)
++ return (NULL);
++
++ BIO_set_fp(ret, (FILE*) so, 0);
++ return (ret);
++ }
++
++
++ static int bss_so_new(BIO *bi)
++ {
++ bi->init = 0;
++ bi->num = 0;
++ bi->ptr = NULL;
++ return (1);
++ }
++
++ static int bss_so_free(BIO *a)
++ {
++ if (a == NULL) return (0);
++ if (a->shutdown) {
++ if ((a->init) && (a->ptr != NULL)) {
++ a->ptr = NULL;
++ }
++ a->init = 0;
++ }
++ return (1);
++ }
++
++ static int bss_so_read(BIO *b, char *out, int outl)
++ {
++ int ret = 0;
++ STORE_S *so = (STORE_S*) b->ptr;
++
++ if (b->init && (out != NULL)) {
++
++ while (ret < outl) {
++ if (!so->readc((unsigned char *)out, so))
++ break;
++ out++;
++ ret++;
++ }
++
++ }
++ return (ret);
++ }
++
++ static int bss_so_write(BIO *b, char *in, int inl)
++ {
++ int ret = 0;
++
++ if (b->init && (in != NULL)) {
++ if (so_nputs((STORE_S *)b->ptr, in, inl))
++ ret = inl;
++
++ }
++ return (ret);
++ }
++
++ static long bss_so_ctrl(BIO *b, int cmd, long num, char *ptr)
++ {
++ long ret = 1;
++ STORE_S *so = (STORE_S *)b->ptr;
++ FILE **fpp;
++ char p[4];
++
++ switch (cmd) {
++ case BIO_C_FILE_SEEK:
++ case BIO_CTRL_RESET:
++ ret = so_seek(so, num, 0);
++ break;
++ case BIO_CTRL_EOF:
++ ret = 0;
++ break;
++ case BIO_C_FILE_TELL:
++ case BIO_CTRL_INFO:
++ ret = 0;
++ break;
++ case BIO_C_SET_FILE_PTR:
++ bss_so_free(b);
++ b->shutdown = (int)num & BIO_CLOSE;
++ b->ptr = (char *)ptr;
++ b->init = 1;
++ break;
++ case BIO_C_SET_FILENAME:
++ ret = 0;
++ break;
++ case BIO_C_GET_FILE_PTR:
++ if (ptr != NULL) {
++ fpp = (FILE **)ptr;
++ *fpp = (FILE *)NULL;
++ }
++ break;
++ case BIO_CTRL_GET_CLOSE:
++ ret = (long)b->shutdown;
++ break;
++ case BIO_CTRL_SET_CLOSE:
++ b->shutdown = (int)num;
++ break;
++ case BIO_CTRL_FLUSH:
++ break;
++ case BIO_CTRL_DUP:
++ ret = 1;
++ break;
++
++ case BIO_CTRL_WPENDING:
++ case BIO_CTRL_PENDING:
++ case BIO_CTRL_PUSH:
++ case BIO_CTRL_POP:
++ default:
++ ret = 0;
++ break;
++ }
++ return (ret);
++ }
++
++ static int bss_so_gets(BIO *bp, char *buf, int size)
++ {
++ int ret = 0;
++ char *b = buf;
++ char *bend = buf + size - 1;
++ STORE_S *so = (STORE_S*) bp->ptr;
++
++ do {
++ if (!so->readc((unsigned char *)b, so))
++ break;
++ b++;
++ } while (b < bend && b[ -1] != '\n');
++
++ *b = 0;
++
++ ret = b - buf;
++ return (ret);
++ }
++
++ static int bss_so_puts(BIO *bp, char *str)
++ {
++ STORE_S *so = (STORE_S*) bp->ptr;
++
++ return so->puts(so, str);
++ }
++
++
++ #endif /* SMIME */
+diff -Ncr pine4.53/pine/bss_so.h pine4.53-smime/pine/bss_so.h
+*** pine4.53/pine/bss_so.h Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/bss_so.h Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1 ----
++ BIO *BIO_new_so(STORE_S *so);
+diff -Ncr pine4.53/pine/filter.c pine4.53-smime/pine/filter.c
+*** pine4.53/pine/filter.c Wed Jan 8 12:13:50 2003
+--- pine4.53-smime/pine/filter.c Wed Jan 15 12:48:15 2003
+***************
+*** 903,909 ****
+
+
+ /* get a character from a file */
+! /* assumes gf_out struct is filled in */
+ int
+ gf_freadc(c)
+ unsigned char *c;
+--- 903,909 ----
+
+
+ /* get a character from a file */
+! /* assumes gf_in struct is filled in */
+ int
+ gf_freadc(c)
+ unsigned char *c;
+***************
+*** 938,944 ****
+
+
+ /* get a character from a string, return nonzero if things OK */
+! /* assumes gf_out struct is filled in */
+ int
+ gf_sreadc(c)
+ unsigned char *c;
+--- 938,944 ----
+
+
+ /* get a character from a string, return nonzero if things OK */
+! /* assumes gf_in struct is filled in */
+ int
+ gf_sreadc(c)
+ unsigned char *c;
+diff -Ncr pine4.53/pine/init.c pine4.53-smime/pine/init.c
+*** pine4.53/pine/init.c Mon Jan 6 19:39:16 2003
+--- pine4.53-smime/pine/init.c Wed Jan 15 12:48:15 2003
+***************
+*** 2445,2451 ****
+ F_MARK_FCC_SEEN, h_config_mark_fcc_seen, PREF_SEND},
+ {"use-sender-not-x-sender",
+ F_USE_SENDER_NOT_X, h_config_use_sender_not_x, PREF_SEND},
+!
+ /* Folder */
+ {"combined-subdirectory-display",
+ F_CMBND_SUBDIR_DISP, h_config_combined_subdir_display, PREF_FLDR},
+--- 2445,2458 ----
+ F_MARK_FCC_SEEN, h_config_mark_fcc_seen, PREF_SEND},
+ {"use-sender-not-x-sender",
+ F_USE_SENDER_NOT_X, h_config_use_sender_not_x, PREF_SEND},
+! #ifdef SMIME
+! {"sign-default-on",
+! F_SIGN_DEFAULT_ON, h_config_sign_default_on, PREF_SEND},
+! {"encrypt-default-on",
+! F_ENCRYPT_DEFAULT_ON, h_config_encrypt_default_on, PREF_SEND},
+! {"remember-smime-passphrase",
+! F_REMEMBER_SMIME_PASSPHRASE, h_config_remember_smime_passphrase, PREF_SEND},
+! #endif
+ /* Folder */
+ {"combined-subdirectory-display",
+ F_CMBND_SUBDIR_DISP, h_config_combined_subdir_display, PREF_FLDR},
+diff -Ncr pine4.53/pine/mailcmd.c pine4.53-smime/pine/mailcmd.c
+*** pine4.53/pine/mailcmd.c Fri Jan 10 15:29:29 2003
+--- pine4.53-smime/pine/mailcmd.c Wed Jan 15 12:48:15 2003
+***************
+*** 53,58 ****
+--- 53,59 ----
+ #include "headers.h"
+ #include "../c-client/imap4r1.h"
+
++ #include "smime.h"
+
+ /*
+ * Internal Prototypes
+***************
+*** 1439,1444 ****
+--- 1440,1458 ----
+ break;
+
+
++ #ifdef SMIME
++ /*------- Try to decrypt message -----------*/
++ case MC_DECRYPT:
++ if (g_need_passphrase)
++ get_passphrase();
++ a_changed = TRUE;
++ break;
++
++ case MC_SECURITY:
++ state->next_screen = smime_info_screen;
++ break;
++ #endif
++
+ /*------- Bounce -----------*/
+ case MC_BOUNCE :
+ cmd_bounce(state, msgmap, 0);
+diff -Ncr pine4.53/pine/mailpart.c pine4.53-smime/pine/mailpart.c
+*** pine4.53/pine/mailpart.c Wed Nov 27 15:22:54 2002
+--- pine4.53-smime/pine/mailpart.c Wed Jan 15 12:48:15 2003
+***************
+*** 4534,4539 ****
+--- 4534,4545 ----
+ frd->flags = flags;
+ frd->size = size;
+ frd->readc = fetch_readc;
++
++ /* The call to imap_cache below will return true in the case where
++ we've already stashed fake data in the content of the part.
++ This happens when an S/MIME message is decrypted.
++ */
++
+ if(modern_imap_stream(stream)
+ && !imap_cache(stream, msgno, section, NULL, NULL)
+ && size > INIT_FETCH_CHUNK
+diff -Ncr pine4.53/pine/mailview.c pine4.53-smime/pine/mailview.c
+*** pine4.53/pine/mailview.c Tue Jan 7 16:17:00 2003
+--- pine4.53-smime/pine/mailview.c Wed Jan 15 12:48:15 2003
+***************
+*** 47,52 ****
+--- 47,53 ----
+
+
+ #include "headers.h"
++ #include "smime.h"
+
+
+ /*----------------------------------------------------------------------
+***************
+*** 207,214 ****
+--- 208,220 ----
+
+ HELP_MENU,
+ OTHER_MENU,
++ #ifdef SMIME
++ {"^D","Decrypt", {MC_DECRYPT,1,{ctrl('d')},KS_NONE}},
++ {"^E","Security", {MC_SECURITY,1,{ctrl('e')},KS_NONE}},
++ #else
+ NULL_MENU,
+ NULL_MENU,
++ #endif
+ RCOMPOSE_MENU,
+ NULL_MENU,
+ NULL_MENU,
+***************
+*** 227,232 ****
+--- 233,240 ----
+ #define BOUNCE_KEY 33
+ #define FLAG_KEY 34
+ #define VIEW_PIPE_KEY 35
++ #define DECRYPT_KEY (VIEW_PIPE_KEY + 3)
++ #define SECURITY_KEY (DECRYPT_KEY + 1)
+
+ static struct key simple_text_keys[] =
+ {HELP_MENU,
+***************
+*** 432,437 ****
+--- 440,447 ----
+ else
+ ps->unseen_in_view = !mc->seen;
+
++ flags = 0;
++
+ #if defined(DOS) && !defined(WIN32)
+ /*
+ * Handle big text for DOS here.
+***************
+*** 459,465 ****
+ ps->ttyo->screen_rows - (SCROLL_LINES_ABOVE(ps)
+ + SCROLL_LINES_BELOW(ps)));
+
+! flags = FM_DISPLAY;
+ if((last_message_viewed != mn_get_cur(ps->msgmap)
+ || last_was_full_header == 1))
+ flags |= FM_NEW_MESS;
+--- 469,475 ----
+ ps->ttyo->screen_rows - (SCROLL_LINES_ABOVE(ps)
+ + SCROLL_LINES_BELOW(ps)));
+
+! flags |= FM_DISPLAY;
+ if((last_message_viewed != mn_get_cur(ps->msgmap)
+ || last_was_full_header == 1))
+ flags |= FM_NEW_MESS;
+***************
+*** 467,472 ****
+--- 477,488 ----
+ if(offset) /* no pre-paint during resize */
+ view_writec_killbuf();
+
++ #ifdef SMIME
++ /* Attempt to handle S/MIME bodies */
++ if (fiddle_smime_message(body,raw_msgno,(flags&FM_NEW_MESS)!=0))
++ flags |= FM_NEW_MESS; /* body was changed, force a reload */
++ #endif
++
+ #ifdef _WINDOWS
+ mswin_noscrollupdate(1);
+ #endif
+***************
+*** 541,546 ****
+--- 557,567 ----
+
+ if(F_OFF(F_ENABLE_FULL_HDR, ps_global))
+ clrbitn(VIEW_FULL_HEADERS_KEY, scrollargs.keys.bitmap);
++
++ #ifdef SMIME
++ if (!g_need_passphrase)
++ clrbitn(DECRYPT_KEY, scrollargs.keys.bitmap);
++ #endif
+
+ if(!handles){
+ /*
+***************
+*** 754,760 ****
+--- 775,821 ----
+ }
+
+
++ #ifdef SMIME
++ /*----------------------------------------------------------------------
++ Add descriptive lines to the top of a message being formatted
++ that describe the status of any S/MIME enclosures that
++ have been encountered.
++
++ Args: body -- top-level body of the message being described
++ pc -- output function for writing to the message display
++
++ ----*/
++ static int describe_smime_bodies(BODY *body,gf_io_t pc)
++ {
++ PART *part;
++ int result = 0;
++
++ if (!body)
++ return result;
++
++ if (body->type == TYPEMULTIPART) {
++
++ if (body->subtype && strucmp(body->subtype,"x-pkcs7-enclosure")==0) {
++
++ if (body->description) {
++ format_editorial(body->description,ps_global->ttyo->screen_cols,pc);
++ gf_puts(NEWLINE,pc);
++ result = 1;
++ }
+
++ for (part=body->nested.part; part; part=part->next) {
++ result |= describe_smime_bodies(&(part->body),pc);
++ }
++
++ }
++ } else if (body->type == TYPEMESSAGE &&
++ body->subtype && strucmp(body->subtype, "rfc822")==0) {
++ result |= describe_smime_bodies(body->nested.msg->body,pc);
++ }
++
++ return result;
++ }
++ #endif
+
+ /*----------------------------------------------------------------------
+ Add lines to the attachments structure
+***************
+*** 1677,1682 ****
+--- 1738,1751 ----
+
+ show_parts = 0;
+
++ #ifdef SMIME
++ if (flgs & FM_DISPLAY) {
++ if (describe_smime_bodies(body,pc)) {
++ gf_puts(NEWLINE, pc);
++ }
++ }
++ #endif
++
+ /*======== Now loop through formatting all the parts =======*/
+ for(a = ps_global->atmts; a->description != NULL; a++) {
+
+***************
+*** 6150,6155 ****
+--- 6219,6236 ----
+
+ t = &tmp_20k_buf[strlen(tmp_20k_buf)];
+
++ #ifdef SMIME
++ if (is_pkcs7_body(body) && type!=3) { /* if smime and not attempting print */
++
++ sstrcpy(&t,"\015\012");
++
++ sstrcpy(&t,
++ "This part is a PKCS7 S/MIME enclosure. "
++ "You may be able to view it by entering the correct passphrase "
++ "with the \"^D\" command. Press \"^E\" for more information.");
++
++ } else
++ #endif
+ if(type){
+ sstrcpy(&t, "\015\012");
+ switch(type) {
+diff -Ncr pine4.53/pine/makefile.lnx pine4.53-smime/pine/makefile.lnx
+*** pine4.53/pine/makefile.lnx Tue Sep 10 14:34:39 2002
+--- pine4.53-smime/pine/makefile.lnx Wed Jan 15 12:48:15 2003
+***************
+*** 60,79 ****
+ LDAPOFILES= addrbook.o adrbkcmd.o args.o bldaddr.o init.o \
+ mailview.o other.o pine.o strings.o takeaddr.o
+
+ STDLIBS= -lncurses
+ LOCLIBS= $(PICODIR)/libpico.a $(CCLIENTDIR)/c-client.a
+ LIBS= $(LOCLIBS) $(LDAPLIBS) $(STDLIBS) \
+ `cat $(CCLIENTDIR)/LDFLAGS`
+
+ STDCFLAGS= -DLNX -DSYSTYPE=\"LNX\" -DMOUSE
+ CFLAGS= $(OPTIMIZE) $(PROFILE) $(DEBUG) $(EXTRACFLAGS) $(LDAPCFLAGS) \
+ $(STDCFLAGS)
+
+ OFILES= addrbook.o adrbkcmd.o adrbklib.o args.o bldaddr.o context.o filter.o \
+ folder.o help.o helptext.o imap.o init.o mailcap.o mailcmd.o \
+ mailindx.o mailpart.o mailview.o newmail.o other.o pine.o \
+ reply.o screen.o send.o signals.o status.o strings.o takeaddr.o \
+! os.o
+
+ HFILES= headers.h os.h pine.h context.h helptext.h \
+ $(PICODIR)/headers.h $(PICODIR)/estruct.h \
+--- 60,92 ----
+ LDAPOFILES= addrbook.o adrbkcmd.o args.o bldaddr.o init.o \
+ mailview.o other.o pine.o strings.o takeaddr.o
+
++ SSLDIR= $(HOME)/local/ssl
++ SSLCERTS= $(SSLDIR)/certs
++ SSLINCLUDE= $(SSLDIR)/include
++ SSLLIB= $(SSLDIR)/lib
++
++ SSLCFLAGS= -I$(SSLINCLUDE) \
++ -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" \
++ -DSMIME
++ SSLLDFLAGS= -L$(SSLLIB) -lcrypto
++
++
+ STDLIBS= -lncurses
+ LOCLIBS= $(PICODIR)/libpico.a $(CCLIENTDIR)/c-client.a
+ LIBS= $(LOCLIBS) $(LDAPLIBS) $(STDLIBS) \
++ $(SSLLDFLAGS) \
+ `cat $(CCLIENTDIR)/LDFLAGS`
+
+ STDCFLAGS= -DLNX -DSYSTYPE=\"LNX\" -DMOUSE
+ CFLAGS= $(OPTIMIZE) $(PROFILE) $(DEBUG) $(EXTRACFLAGS) $(LDAPCFLAGS) \
++ $(SSLCFLAGS) \
+ $(STDCFLAGS)
+
+ OFILES= addrbook.o adrbkcmd.o adrbklib.o args.o bldaddr.o context.o filter.o \
+ folder.o help.o helptext.o imap.o init.o mailcap.o mailcmd.o \
+ mailindx.o mailpart.o mailview.o newmail.o other.o pine.o \
+ reply.o screen.o send.o signals.o status.o strings.o takeaddr.o \
+! os.o bss_so.o smime.o smkeys.o
+
+ HFILES= headers.h os.h pine.h context.h helptext.h \
+ $(PICODIR)/headers.h $(PICODIR)/estruct.h \
+***************
+*** 135,137 ****
+--- 148,154 ----
+ osdep/sendmail osdep/execview \
+ osdep/postreap.wtp osdep/os-lnx.ic
+ cd osdep; $(MAKE) includer os-lnx.c; cd ..
++
++ jon.o: jon.c
++ $(CC) $(CFLAGS) -Wall -Wstrict-prototypes -c $< -o $@
++
+diff -Ncr pine4.53/pine/makefile.so5 pine4.53-smime/pine/makefile.so5
+*** pine4.53/pine/makefile.so5 Tue Oct 23 15:24:51 2001
+--- pine4.53-smime/pine/makefile.so5 Wed Jan 15 12:48:15 2003
+***************
+*** 62,67 ****
+--- 62,78 ----
+ LDAPOFILES= addrbook.o adrbkcmd.o args.o bldaddr.o init.o \
+ mailview.o other.o pine.o strings.o takeaddr.o
+
++ SSLDIR= $(HOME)/local/ssl
++ SSLCERTS= $(SSLDIR)/certs
++ SSLINCLUDE= $(SSLDIR)/include
++ SSLLIB= $(SSLDIR)/lib
++
++ SSLCFLAGS= -I$(SSLINCLUDE) \
++ -DSSL_CERT_DIRECTORY=\"$(SSLCERTS)\" \
++ -DSMIME
++ SSLLDFLAGS= -L$(SSLLIB) -lcrypto
++
++
+ # LDCC= /usr/bin/cc
+ # If you don't have /usr/bin/cc (our Solaris 2.2 doesn't seem to have it,
+ # it only has /usr/ucb/cc) then change LDCC to the following line and
+***************
+*** 72,88 ****
+ STDLIBS= -ltermlib
+ LOCLIBS= $(PICODIR)/libpico.a $(CCLIENTDIR)/c-client.a
+ LIBS= $(LOCLIBS) $(LDAPLIBS) $(STDLIBS) \
+ `cat $(CCLIENTDIR)/LDFLAGS`
+
+ STDCFLAGS= -Dconst= -DSV4 -DSYSTYPE=\"SOL\" -DMOUSE
+ CFLAGS= $(OPTIMIZE) $(PROFILE) $(DEBUG) $(EXTRACFLAGS) $(LDAPCFLAGS) \
+ $(STDCFLAGS)
+
+ OFILES= addrbook.o adrbkcmd.o adrbklib.o args.o bldaddr.o context.o filter.o \
+ folder.o help.o helptext.o imap.o init.o mailcap.o mailcmd.o \
+ mailindx.o mailpart.o mailview.o newmail.o other.o pine.o \
+ reply.o screen.o send.o signals.o status.o strings.o takeaddr.o \
+! os.o
+
+ HFILES= headers.h os.h pine.h context.h helptext.h \
+ $(PICODIR)/headers.h $(PICODIR)/estruct.h \
+--- 83,101 ----
+ STDLIBS= -ltermlib
+ LOCLIBS= $(PICODIR)/libpico.a $(CCLIENTDIR)/c-client.a
+ LIBS= $(LOCLIBS) $(LDAPLIBS) $(STDLIBS) \
++ $(SSLLDFLAGS) \
+ `cat $(CCLIENTDIR)/LDFLAGS`
+
+ STDCFLAGS= -Dconst= -DSV4 -DSYSTYPE=\"SOL\" -DMOUSE
+ CFLAGS= $(OPTIMIZE) $(PROFILE) $(DEBUG) $(EXTRACFLAGS) $(LDAPCFLAGS) \
++ $(SSLCFLAGS) \
+ $(STDCFLAGS)
+
+ OFILES= addrbook.o adrbkcmd.o adrbklib.o args.o bldaddr.o context.o filter.o \
+ folder.o help.o helptext.o imap.o init.o mailcap.o mailcmd.o \
+ mailindx.o mailpart.o mailview.o newmail.o other.o pine.o \
+ reply.o screen.o send.o signals.o status.o strings.o takeaddr.o \
+! os.o bss_so.o smime.o smkeys.o
+
+ HFILES= headers.h os.h pine.h context.h helptext.h \
+ $(PICODIR)/headers.h $(PICODIR)/estruct.h \
+diff -Ncr pine4.53/pine/pine.h pine4.53-smime/pine/pine.h
+*** pine4.53/pine/pine.h Fri Jan 10 15:25:55 2003
+--- pine4.53-smime/pine/pine.h Wed Jan 15 12:48:15 2003
+***************
+*** 1134,1139 ****
+--- 1134,1144 ----
+ F_DISABLE_SHARED_NAMESPACES,
+ F_EXPOSE_HIDDEN_CONFIG,
+ F_ALT_COMPOSE_MENU,
++ #ifdef SMIME
++ F_SIGN_DEFAULT_ON,
++ F_ENCRYPT_DEFAULT_ON,
++ F_REMEMBER_SMIME_PASSPHRASE,
++ #endif
+ F_ALWAYS_SPELL_CHECK,
+ F_QUELL_TIMEZONE,
+ F_COLOR_LINE_IMPORTANT,
+***************
+*** 2031,2036 ****
+--- 2036,2043 ----
+ } cmdline_val; /* user typed as cmdline arg */
+ };
+
++ #define MC_DECRYPT 800
++ #define MC_SECURITY 801
+
+
+ /*
+***************
+*** 4368,4373 ****
+--- 4375,4383 ----
+ char *pine_send_status PROTO((int, char *, char *, int *));
+ void phone_home PROTO((char *));
+ void pine_free_body PROTO((BODY **));
++ int pine_write_body_header PROTO((BODY *, soutr_t, TCPSTREAM *));
++ long pine_rfc822_output_body PROTO((BODY *,soutr_t,TCPSTREAM *));
++ void pine_encode_body PROTO((BODY *));
+ void simple_header_parse PROTO((char *, char **, char **));
+ int valid_subject PROTO((char *, char **, char **,BUILDER_ARG *,int *));
+ long new_mail_for_pico PROTO((int, int));
+diff -Ncr pine4.53/pine/pine.hlp pine4.53-smime/pine/pine.hlp
+*** pine4.53/pine/pine.hlp Wed Jan 15 11:55:09 2003
+--- pine4.53-smime/pine/pine.hlp Wed Jan 15 12:48:15 2003
+***************
+*** 24338,24340 ****
+--- 24338,24347 ----
+ ========== h_select_by_smaller_size ==========
+ Enter a number or ^C to cancel. All messages less than this many characters
+ in size will be selected. Examples: 2176, 1.53K (1530), or 3M (3000000).
++ ========== h_config_sign_default_on ==========
++ If enabled, the 'Sign' option will default to on when sending messages.
++ ========== h_config_encrypt_default_on ==========
++ If enabled, the 'Encrypt' option will default to on when sending messages.
++ ========== h_config_remember_smime_passphrase ==========
++ If enabled, you will only have to enter your passphrase for your private key
++ once during a pine session.
+diff -Ncr pine4.53/pine/send.c pine4.53-smime/pine/send.c
+*** pine4.53/pine/send.c Tue Jan 14 13:22:59 2003
+--- pine4.53-smime/pine/send.c Wed Jan 15 12:48:15 2003
+***************
+*** 50,55 ****
+--- 50,56 ----
+ #include "../c-client/smtp.h"
+ #include "../c-client/nntp.h"
+
++ #include "smime.h"
+
+ #ifndef TCPSTREAM
+ #define TCPSTREAM void
+***************
+*** 5490,5495 ****
+--- 5491,5513 ----
+ opts[i++].label = "";
+ }
+
++ #ifdef SMIME
++ {
++ opts[i].ch = 'e';
++ opts[i].rval = 'e';
++ opts[i].name = "E";
++ opts[i++].label = "Encrypt";
++
++ opts[i].ch = 'g';
++ opts[i].rval = 'g';
++ opts[i].name = "G";
++ opts[i++].label = "Sign";
++
++ g_do_encrypt = F_ON(F_ENCRYPT_DEFAULT_ON,ps_global);
++ g_do_sign = F_ON(F_SIGN_DEFAULT_ON,ps_global);
++ }
++ #endif
++
+ opts[i].ch = -1;
+ no_help = (i >= 12);
+
+***************
+*** 5574,5579 ****
+--- 5592,5627 ----
+ sstrcpy(&optp, dsn_string);
+ }
+
++ #ifdef SMIME
++ if (g_do_encrypt) {
++ if(!lparen){
++ *optp++ = ' ';
++ *optp++ = '(';
++ lparen++;
++ }
++ else{
++ *optp++ = ',';
++ *optp++ = ' ';
++ }
++
++ sstrcpy(&optp, "Encrypted");
++ }
++
++ if (g_do_sign) {
++ if(!lparen){
++ *optp++ = ' ';
++ *optp++ = '(';
++ lparen++;
++ }
++ else{
++ *optp++ = ',';
++ *optp++ = ' ';
++ }
++
++ sstrcpy(&optp, "Signed");
++ }
++ #endif
++
+ if(lparen)
+ *optp++ = ')';
+
+***************
+*** 5675,5680 ****
+--- 5723,5734 ----
+ * body on failure.
+ */
+ dsn_requested = (DSN_SHOW | DSN_SUCCESS | DSN_DELAY | DSN_FULL);
++ #ifdef SMIME
++ } else if (rv=='e') {
++ g_do_encrypt = !g_do_encrypt;
++ } else if (rv=='g') {
++ g_do_sign = !g_do_sign;
++ #endif
+ }
+
+ sprintf(dsn_string, "DSN requested[%s%s%s%s]",
+***************
+*** 6418,6423 ****
+--- 6472,6478 ----
+ char *verbose_file = NULL;
+ BODY *bp = NULL;
+ PINEFIELD *pf;
++ BODY *origBody = body;
+
+ #define MAX_ADDR_ERROR 2 /* Only display 2 address errors */
+
+***************
+*** 6434,6439 ****
+--- 6489,6518 ----
+ return(0);
+ }
+
++
++ #ifdef SMIME
++ if (g_do_encrypt || g_do_sign) {
++ int result;
++
++ STORE_S *so = lmc.so;
++ lmc.so = NULL;
++
++ result = 1;
++
++ if (g_do_encrypt)
++ result = encrypt_outgoing_message(header,&body);
++
++ /* need to free new body from encrypt if sign fails? */
++ if (result && g_do_sign)
++ result = sign_outgoing_message(header,&body,g_do_encrypt);
++
++ lmc.so = so;
++
++ if (!result)
++ return 0;
++ }
++ #endif
++
+ /* set up counts and such to keep track sent percentage */
+ send_bytes_sent = 0;
+ gf_filter_init(); /* zero piped byte count, 'n */
+***************
+*** 6742,6747 ****
+--- 6821,6844 ----
+ mail_free_envelope(&fake_env);
+
+ done:
++
++ #ifdef SMIME
++ /* Free replacement encrypted body */
++ if (body != origBody) {
++
++ if (body->type==TYPEMULTIPART) {
++ /* Just get rid of first part, it's actually origBody */
++ void *x = body->nested.part;
++
++ body->nested.part = body->nested.part->next;
++
++ fs_give(&x);
++ }
++
++ pine_free_body(&body);
++ }
++ #endif
++
+ if(we_cancel)
+ cancel_busy_alarm(0);
+
+***************
+*** 8721,8733 ****
+ dprint(4, (debugfile, "-- pine_encode_body: %d\n", body ? body->type : 0));
+ if (body) switch (body->type) {
+ case TYPEMULTIPART: /* multi-part */
+! if (!body->parameter) { /* cookie not set up yet? */
+ char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/
+ sprintf (tmp,"%ld-%ld-%ld=:%ld",gethostid (),random (),time (0),
+ getpid ());
+! body->parameter = mail_newbody_parameter ();
+! body->parameter->attribute = cpystr ("BOUNDARY");
+! body->parameter->value = cpystr (tmp);
+ }
+ part = body->nested.part; /* encode body parts */
+ do pine_encode_body (&part->body);
+--- 8818,8834 ----
+ dprint(4, (debugfile, "-- pine_encode_body: %d\n", body ? body->type : 0));
+ if (body) switch (body->type) {
+ case TYPEMULTIPART: /* multi-part */
+! if (!body->parameter || strucmp(body->parameter->attribute,"BOUNDARY")!=0) { /* cookie not set up yet? */
+ char tmp[MAILTMPLEN]; /* make cookie not in BASE64 or QUOTEPRINT*/
++ PARAMETER *param;
++
+ sprintf (tmp,"%ld-%ld-%ld=:%ld",gethostid (),random (),time (0),
+ getpid ());
+! param = mail_newbody_parameter ();
+! param->next = body->parameter;
+! param->attribute = cpystr ("BOUNDARY");
+! param->value = cpystr (tmp);
+! body->parameter = param;
+ }
+ part = body->nested.part; /* encode body parts */
+ do pine_encode_body (&part->body);
+diff -Ncr pine4.53/pine/smime.c pine4.53-smime/pine/smime.c
+*** pine4.53/pine/smime.c Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/smime.c Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,1776 ----
++ /*
++ File: smime.c
++ Author: paisleyj@dcs.gla.ac.uk
++ Date: 01/2001
++
++ Description:
++ This file contains all the low-level functions
++ required for dealing with S/MIME objects.
++
++ References are made to the functions in this file
++ from the following locations:
++
++ mailview.c:part_desc() -> is_pkcs7_body()
++ send.c:call_mailer() -> encrypt_outgoing_message()
++ send.c:call_mailer() -> sign_outgoing_message()
++ mailcmd.c:process_cmd() -> get_passphrase()
++ mailcmd.c:process_cmd() -> smime_info_screen()
++ */
++
++ #ifdef SMIME
++
++ #include "headers.h"
++
++ #include <stdio.h>
++ #include <stdlib.h>
++ #include <string.h>
++ #include <time.h>
++
++ #include <openssl/err.h>
++ #include <openssl/objects.h>
++ #include <openssl/evp.h>
++
++ #include <openssl/x509.h>
++ #include <openssl/pkcs7.h>
++ #include <openssl/pem.h>
++ #include <openssl/rand.h>
++
++ #include "bss_so.h"
++ #include "smkeys.h"
++ #include "smime.h"
++
++ #define PINE_SMIME_DIRNAME ".pine-smime"
++
++ /* Set true if loading a key failed due to lack of passphrase.
++ Queried in mailcmd.c:process_cmd() before calling get_passphrase()
++ */
++ int g_need_passphrase = 0;
++ /* User has entered a passphrase */
++ static int s_entered_passphrase = 0;
++ /* Storage for the entered passphrase */
++ static char s_passphrase[80];
++ static char *s_passphrase_emailaddr;
++
++ /* Set true if encrypting/signing (respectively)
++ Referenced from send.c:call_mailer() and send.c:send_exit_for_pico
++ */
++ int g_do_encrypt;
++ int g_do_sign;
++
++ /* Full pathname to ~/.pine-smime */
++ static char *g_pine_smime_dir;
++
++ static BIO *bio_err;
++
++ /* Linked list of PERSONAL_CERT objects */
++ static PERSONAL_CERT *s_personal_certs;
++
++ static X509_STORE *s_cert_store;
++
++ /* State management for randomness functions below */
++ static int seeded = 0;
++ static int egdsocket = 0;
++
++ /* Forget any cached private keys */
++ static void forget_private_keys()
++ {
++ PERSONAL_CERT *pcert;
++
++ for (pcert=s_personal_certs; pcert; pcert=pcert->next) {
++
++ if (pcert->key) {
++ EVP_PKEY_free(pcert->key);
++ pcert->key = NULL;
++ }
++ }
++ }
++
++ /* taken from openssl/apps/app_rand.c */
++ static int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
++ {
++ int consider_randfile = (file == NULL);
++ char buffer[200];
++
++ if (file == NULL)
++ file = RAND_file_name(buffer, sizeof buffer);
++ else if (RAND_egd(file) > 0)
++ {
++ /* we try if the given filename is an EGD socket.
++ if it is, we don't write anything back to the file. */
++ egdsocket = 1;
++ return 1;
++ }
++ if (file == NULL || !RAND_load_file(file, -1))
++ {
++ if (RAND_status() == 0 && !dont_warn)
++ {
++ BIO_printf(bio_e,"unable to load 'random state'\n");
++ BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
++ BIO_printf(bio_e,"with much random data.\n");
++ if (consider_randfile) /* explanation does not apply when a file is explicitly named */
++ {
++ BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
++ BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
++ }
++ }
++ return 0;
++ }
++ seeded = 1;
++ return 1;
++ }
++
++ /* copied and fiddled from pine/imap/src/osdep/unix/auth_ssl.c */
++ static void openssl_extra_randomness(void)
++ {
++ #if !defined(WIN32)
++ int fd;
++ unsigned long i;
++ char tmp[MAXPATH];
++ struct stat sbuf;
++ /* if system doesn't have /dev/urandom */
++ if (stat ("/dev/urandom",&sbuf)) {
++ if ((fd = open (tmpnam (tmp),O_WRONLY|O_CREAT,0600)) < 0)
++ i = (unsigned long) tmp;
++ else {
++ unlink (tmp); /* don't need the file */
++ fstat (fd,&sbuf); /* get information about the file */
++ i = sbuf.st_ino; /* remember its inode */
++ close (fd); /* or its descriptor */
++ }
++ /* not great but it'll have to do */
++ sprintf (tmp + strlen (tmp),"%.80s%lx%lx%lx",
++ tcp_serverhost (),i,
++ (unsigned long) (time (0) ^ gethostid ()),
++ (unsigned long) getpid ());
++ RAND_seed (tmp,strlen (tmp));
++ }
++ #endif
++ }
++
++ /* taken from openssl/apps/app_rand.c */
++ static int app_RAND_write_file(const char *file, BIO *bio_e)
++ {
++ char buffer[200];
++
++ if (egdsocket || !seeded)
++ /* If we did not manage to read the seed file,
++ * we should not write a low-entropy seed file back --
++ * it would suppress a crucial warning the next time
++ * we want to use it. */
++ return 0;
++
++ if (file == NULL)
++ file = RAND_file_name(buffer, sizeof buffer);
++ if (file == NULL || !RAND_write_file(file))
++ {
++ BIO_printf(bio_e,"unable to write 'random state'\n");
++ return 0;
++ }
++ return 1;
++ }
++
++ /* Installed as an atexit() handler to save the random data */
++ static void openssl_deinit(void)
++ {
++ app_RAND_write_file(NULL, bio_err);
++ }
++
++ /* Initialise openssl stuff if needed */
++ static void openssl_init(void)
++ {
++ static int inited = 0;
++
++ if (!inited) {
++
++ char *p;
++ char buf[MAXPATH];
++
++ /* Find where that .pine-smime thing is */
++ /* Perhaps we should just use the user's home directory as a start? */
++ p = last_cmpnt(ps_global->pinerc);
++ buf[0] = '\0';
++ if(p != NULL) {
++ strncpy(buf, ps_global->pinerc, min(p - ps_global->pinerc, sizeof(buf)-1));
++ buf[min(p - ps_global->pinerc, sizeof(buf)-1)] = '\0';
++ }
++
++ strncat(buf, PINE_SMIME_DIRNAME, sizeof(buf)-1-strlen(buf));
++ buf[sizeof(buf)-1] = 0;
++
++ if (can_access(buf, ACCESS_EXISTS)==0) {
++
++ g_pine_smime_dir = cpystr(buf);
++ s_cert_store = get_ca_store(g_pine_smime_dir);
++ s_personal_certs = get_personal_certs(g_pine_smime_dir);
++
++ } else g_pine_smime_dir = ""; /* prevent null dereference later */
++
++ SSLeay_add_all_algorithms();
++ ERR_load_crypto_strings();
++
++ /* this won't make any sense (since the terminal's in a funny mode) */
++ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
++ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
++
++ app_RAND_load_file(NULL, bio_err, 1);
++
++ openssl_extra_randomness();
++
++ /* save the rand file when we're done */
++ atexit(openssl_deinit);
++
++ inited = 1;
++ }
++
++ ERR_clear_error();
++ }
++
++ /* Get a pointer to a string describing the most recent OpenSSL error.
++ It's statically allocated, so don't change or attempt to free it.
++ */
++ static const char *openssl_error_string(void)
++ {
++ char *errs;
++ const char *data = NULL;
++ long errn;
++
++ errn = ERR_peek_error_line_data(NULL, NULL, &data, NULL);
++ errs = (char*)ERR_reason_error_string(ERR_GET_REASON(errn));
++
++ if (errs)
++ return errs;
++ else if (data)
++ return data;
++
++ return "unknown error";
++ }
++
++ /* Return true if the body looks like a PKCS7 object */
++ int is_pkcs7_body(BODY *body)
++ {
++ int result;
++
++ result = body->type==TYPEAPPLICATION &&
++ body->subtype &&
++ (strucmp(body->subtype,"pkcs7-mime")==0 ||
++ strucmp(body->subtype,"x-pkcs7-mime")==0 ||
++ strucmp(body->subtype,"pkcs7-signature")==0 ||
++ strucmp(body->subtype,"x-pkcs7-signature")==0);
++
++ return result;
++ }
++
++ /* debug utility to dump the contents of a BIO to a file */
++ static void dump_bio_to_file(BIO *in,char *filename)
++ {
++ char iobuf[4096];
++ int len;
++ BIO *out;
++
++ out = BIO_new_file(filename,"w");
++
++ if (out) {
++ BIO_reset(in);
++
++ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
++ BIO_write(out, iobuf, len);
++ BIO_free(out);
++ }
++ }
++
++ /* prompt the user for their passphrase
++ (possibly prompting with the email address in s_passphrase_emailaddr)
++ */
++ int get_passphrase(void)
++ {
++ int rc;
++ int flags;
++ char prompt[50];
++ HelpType help = NO_HELP;
++
++ sprintf(prompt,
++ "Enter passphrase for <%s>: ",s_passphrase_emailaddr ? s_passphrase_emailaddr : "unknown");
++
++ do {
++ flags = OE_PASSWD | OE_DISALLOW_HELP;
++ rc = optionally_enter(s_passphrase, -FOOTER_ROWS(ps_global), 0, sizeof(s_passphrase),
++ prompt, NULL, help, &flags);
++ } while (rc!=0 && rc!=1 && rc>0);
++
++ if (rc==0)
++ s_entered_passphrase = 1;
++
++ return rc==0;
++ }
++
++ /* Recursively stash a pointer to the decrypted data in our
++ manufactured body.
++ */
++ static void create_local_cache(char *base,BODY *b)
++ {
++ if (b->type==TYPEMULTIPART) {
++ PART *p;
++
++ #if 0
++ cpytxt(&b->contents.text, base + b->contents.offset, b->size.bytes);
++ #else
++ /* don't really want to copy the real body contents. It shouldn't be
++ used, and in the case of a message with attachments, we'll be
++ duplicating the files multiple times
++ */
++ cpytxt(&b->contents.text, "BODY UNAVAILABLE", 16);
++ #endif
++
++ for (p=b->nested.part;p;p=p->next) {
++ create_local_cache(base,(BODY*) p);
++ }
++ } else {
++ cpytxt(&b->contents.text, base + b->contents.offset, b->size.bytes);
++ }
++ }
++
++ static long rfc822_output_func(void *stream,char *string)
++ {
++ STORE_S *so = (STORE_S*) stream;
++
++ return so_puts(so,string)!=0;
++ }
++
++ /* Load a private key from the given file */
++ static EVP_PKEY *load_key(char *file, char *pass)
++ {
++ BIO *in;
++ EVP_PKEY *key;
++ if(!(in = BIO_new_file(file, "r"))) return NULL;
++ key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
++ BIO_free(in);
++ return key;
++ }
++
++ /* Attempt to load the private key for the given PERSONAL_CERT.
++ This sets the appropriate passphrase globals in order to
++ interact with the user correctly.
++ */
++ static int load_private_key(PERSONAL_CERT *pcert)
++ {
++ if (!pcert->key) {
++
++ /* Try empty password by default */
++ char *password = "";
++
++ if (g_need_passphrase) {
++ /* We've already been in here and discovered we need a different password */
++
++ if (s_entered_passphrase)
++ password = s_passphrase; /* Use the passphrase if it's been entered */
++ else return 0;
++ }
++
++ ERR_clear_error();
++
++ if(!(pcert->key = load_key(pcert->file, password))) {
++ long err = ERR_get_error();
++
++ /* Couldn't load key... */
++
++ if (s_entered_passphrase) {
++
++ /* The user got the password wrong maybe? */
++
++ if ((ERR_GET_LIB(err)==ERR_LIB_EVP && ERR_GET_REASON(err)==EVP_R_BAD_DECRYPT) ||
++ (ERR_GET_LIB(err)==ERR_LIB_PEM && ERR_GET_REASON(err)==PEM_R_BAD_DECRYPT))
++ q_status_message(SM_ORDER | SM_DING,1,1,"Wrong password");
++ else q_status_message1(SM_ORDER,1,1,"Couldn't read key: %s",(char*)openssl_error_string());
++
++ /* This passphrase is no good; forget it */
++ s_entered_passphrase = 0;
++ }
++
++ /* Indicate to the UI that we need re-entry (see mailcmd.c:process_cmd())*/
++ g_need_passphrase = 1;
++
++ fs_give((void**) &s_passphrase_emailaddr);
++ s_passphrase_emailaddr = get_x509_subject_email(pcert->cert);
++ return 0;
++ } else {
++ /* This key will be cached, so we won't be called again */
++ s_entered_passphrase = 0;
++ g_need_passphrase = 0;
++ }
++
++ return 1;
++ }
++
++ return 0;
++ }
++
++ static void setup_pkcs7_body_for_signature(BODY *b,char *description,char *type,char *filename)
++ {
++ b->type = TYPEAPPLICATION;
++ b->subtype = cpystr(type);
++ b->encoding = ENCBINARY;
++
++ b->description = cpystr(description);
++
++ b->disposition.type = cpystr("attachment");
++ b->disposition.parameter = mail_newbody_parameter();
++ b->disposition.parameter->attribute = cpystr("filename");
++ b->disposition.parameter->value = cpystr(filename);
++
++ b->parameter = mail_newbody_parameter();
++ b->parameter->attribute = cpystr("name");
++ b->parameter->value = cpystr(filename);
++ }
++
++ /*
++ Look for a personal certificate matching the
++ given address
++ */
++ PERSONAL_CERT *match_personal_cert_to_email(ADDRESS *a)
++ {
++ PERSONAL_CERT *pcert;
++ char buf[MAXPATH];
++ char *email;
++
++ if (!a || !a->mailbox || !a->host)
++ return NULL;
++
++ snprintf(buf,sizeof(buf),"%s@%s",a->mailbox,a->host);
++
++ for (pcert=s_personal_certs;pcert;pcert=pcert->next) {
++
++ if (!pcert->cert)
++ continue;
++
++ email = get_x509_subject_email(pcert->cert);
++
++ if (email && strucmp(email,buf)==0) {
++ fs_give((void**) &email);
++ break;
++ }
++
++ fs_give((void**) &email);
++ }
++
++ return pcert;
++ }
++
++ /*
++ Look for a personal certificate matching the from
++ (or reply_to? in the given envelope)
++ */
++ PERSONAL_CERT *match_personal_cert(ENVELOPE *env)
++ {
++ PERSONAL_CERT *pcert;
++
++ pcert = match_personal_cert_to_email(env->reply_to);
++ if (!pcert)
++ pcert = match_personal_cert_to_email(env->from);
++
++ return pcert;
++ }
++
++ /*
++ Flatten the given body into its MIME representation.
++ Return the result in a CharStar STORE_S.
++ */
++ static STORE_S *body_to_store(BODY *body)
++ {
++ STORE_S *store;
++ store = so_get(CharStar, NULL, EDIT_ACCESS);
++ if (!store)
++ return NULL;
++
++ pine_encode_body(body); /* this attaches random boundary strings to multiparts */
++ pine_write_body_header (body, rfc822_output_func,store);
++ pine_rfc822_output_body(body, rfc822_output_func,store);
++
++ /* now need to truncate by two characters since the above
++ appends CRLF to the stream
++ */
++
++ /** Eek! No way of telling size of a STORE_S. We depend on knowing it's
++ a CharStar */
++ so_truncate(store,((char*)store->eod-(char*)store->txt)-2);
++
++ so_seek(store,0,SEEK_SET);
++
++ return store;
++ }
++
++
++
++ /*
++ Sign a message. Called from call_mailer in send.c.
++
++ This takes the header for the outgoing message as well as a pointer
++ to the current body (which may be reallocated).
++ */
++ int sign_outgoing_message(METAENV *header,BODY **bodyP,int dont_detach)
++ {
++ STORE_S *store = NULL;
++ STORE_S *outs = NULL;
++ BODY *body = *bodyP;
++ BODY *newBody = NULL;
++ PART *p1 = NULL;
++ PART *p2 = NULL;
++ PERSONAL_CERT *pcert;
++ BIO *in = NULL;
++ BIO *out = NULL;
++ PKCS7 *p7 = NULL;
++ int result = 0;
++ PARAMETER *param;
++
++ int flags = dont_detach ? 0 : PKCS7_DETACHED;
++
++ openssl_init();
++
++ store = body_to_store(body);
++
++ /* Look for a private key matching the sender address... */
++
++ pcert = match_personal_cert(header->env);
++
++ if (!pcert) {
++ q_status_message(SM_ORDER,1,1,"Couldn't find the certificate needed to sign.");
++ goto end;
++ }
++
++ if (!load_private_key(pcert) && g_need_passphrase) {
++ /* Couldn't load key with blank password, try again */
++ get_passphrase();
++ load_private_key(pcert);
++ }
++
++ if (!pcert->key)
++ goto end;
++
++ in = BIO_new_so(store);
++
++ #if 0
++ dump_bio_to_file(in,"/tmp/signed-data");
++ #endif
++
++ BIO_reset(in);
++
++ p7 = PKCS7_sign(pcert->cert, pcert->key, NULL, in, flags);
++ if (!p7) {
++ q_status_message(SM_ORDER,1,1,"Error creating PKCS7 object.");
++ goto end;
++ }
++
++ outs = so_get(CharStar,NULL,EDIT_ACCESS);
++ out = BIO_new_so(outs);
++
++ i2d_PKCS7_bio(out, p7);
++ BIO_flush(out);
++
++ so_seek(outs,0,SEEK_SET);
++
++ if ((flags&PKCS7_DETACHED)==0) {
++
++ /* the simple case: the signed data is in the pkcs7 object */
++
++ newBody = mail_newbody();
++
++ setup_pkcs7_body_for_signature(newBody,"S/MIME Cryptographically Signed Message","x-pkcs7-mime","smime.p7m");
++
++ newBody->contents.text.data = (char*) outs;
++ *bodyP = newBody;
++
++ result = 1;
++ } else {
++
++ /* OK.
++ We have to create a new body as follows:
++
++ multipart/signed; blah blah blah
++ reference to existing body
++
++ pkcs7 object
++ */
++
++ newBody = mail_newbody();
++
++ newBody->type = TYPEMULTIPART;
++ newBody->subtype = cpystr("signed");
++ newBody->encoding = ENC7BIT;
++
++ newBody->parameter = param = mail_newbody_parameter();
++ param->attribute = cpystr("protocol");
++ param->value = cpystr("application/x-pkcs7-signature");
++
++ newBody->parameter->next = param = mail_newbody_parameter();
++ param->attribute = cpystr("micalg");
++ param->value = cpystr("sha1");
++
++ p1 = mail_newbody_part();
++ p2 = mail_newbody_part();
++
++ /* this is nasty. We're just copying the body in here,
++ but since our newBody is freed at the end of call_mailer,
++ we mustn't let this body (the original one) be freed twice.
++ */
++ p1->body = *body; /* ARRGH. This is special cased at the end of call_mailer */
++
++ p1->next = p2;
++
++ setup_pkcs7_body_for_signature(&p2->body,"S/MIME Cryptographic Signature","x-pkcs7-signature","smime.p7s");
++ p2->body.contents.text.data = (char*) outs;
++
++ newBody->nested.part = p1;
++
++ *bodyP = newBody;
++
++ result = 1;
++ }
++
++ end:
++
++ PKCS7_free(p7);
++ BIO_free(in);
++ BIO_free(out);
++ if (store)
++ so_give(&store);
++
++ return result;
++ }
++
++ /*
++ Encrypt a message on the way out. Called from call_mailer in send.c
++ The body may be reallocated.
++ */
++ int encrypt_outgoing_message(METAENV *header,BODY **bodyP)
++ {
++ PKCS7 *p7 = NULL;
++ BIO *in = NULL;
++ BIO *out = NULL;
++ EVP_CIPHER *cipher = NULL;
++ STACK_OF(X509) *encerts = NULL;
++ STORE_S *store = NULL;
++ STORE_S *outs = NULL;
++ PINEFIELD *pf;
++ ADDRESS *a;
++ BODY *body = *bodyP;
++ BODY *newBody = NULL;
++ int result = 0;
++
++ openssl_init();
++
++ cipher = EVP_des_cbc();
++
++ encerts = sk_X509_new_null();
++
++ /* Look for a certificate for each of the recipients */
++ for(pf = header->local; pf && pf->name; pf = pf->next)
++ if(pf->type == Address && pf->rcptto && pf->addr && *pf->addr) {
++
++ for (a=*pf->addr;a;a=a->next) {
++ X509 *cert;
++ char buf[MAXPATH];
++
++ snprintf(buf,sizeof(buf),"%s@%s",a->mailbox,a->host);
++
++ cert = get_cert_for(g_pine_smime_dir,buf);
++ if (cert)
++ sk_X509_push(encerts,cert);
++ else {
++ q_status_message2(SM_ORDER,1,1,
++ "Unable to find certificate for <%s@%s>",a->mailbox,a->host);
++ goto end;
++ }
++ }
++ }
++
++
++ store = body_to_store(body);
++
++ in = BIO_new_so(store);
++
++ p7 = PKCS7_encrypt(encerts, in, cipher, 0);
++
++ outs = so_get(CharStar,NULL,EDIT_ACCESS);
++ out = BIO_new_so(outs);
++
++ i2d_PKCS7_bio(out, p7);
++ BIO_flush(out);
++ so_seek(outs,0,SEEK_SET);
++
++ newBody = mail_newbody();
++
++ newBody->type = TYPEAPPLICATION;
++ newBody->subtype = cpystr("x-pkcs7-mime");
++ newBody->encoding = ENCBINARY;
++
++ newBody->description = cpystr("S/MIME Encrypted Message");
++
++ newBody->contents.text.data = (char*) outs;
++
++ *bodyP = newBody;
++
++ result = 1;
++
++ end:
++
++ BIO_free(in);
++ BIO_free(out);
++ PKCS7_free(p7);
++ sk_X509_pop_free(encerts, X509_free);
++ if (store)
++ so_give(&store);
++
++ return result;
++ }
++
++ /*
++ Plonk the contents (mime headers and body) of the given
++ section of a message to a CharStar STORE_S object.
++ */
++ static STORE_S *get_raw_part(int msgno,const char *section)
++ {
++ long len;
++ STORE_S *store = NULL;
++ char *text;
++
++ store = so_get(CharStar, NULL, EDIT_ACCESS);
++ if (store) {
++
++ /* First grab headers of the chap */
++ text = mail_fetch_mime(ps_global->mail_stream, msgno, (char*) section, &len, 0);
++
++ if (text) {
++ so_nputs(store,text,len);
++
++ /** Now grab actual body */
++ text = mail_fetch_body (ps_global->mail_stream, msgno, (char*) section, &len, 0);
++ if (text) {
++ so_nputs(store,text,len);
++
++ so_seek(store,0,SEEK_SET);
++
++ } else so_give(&store);
++
++ } else so_give(&store);
++
++ }
++ return store;
++ }
++
++ /*
++ Get (and decode) the body of the given section of msg
++ */
++ static STORE_S *get_part_contents(int msgno,const char *section)
++ {
++ long len;
++ gf_io_t pc;
++ STORE_S *store = NULL;
++ char *err;
++
++ store = so_get(CharStar, NULL, EDIT_ACCESS);
++ if (store) {
++ gf_set_so_writec(&pc,store);
++
++ err = detach(ps_global->mail_stream, msgno, (char*) section,&len, pc, NULL);
++
++ gf_clear_so_writec(store);
++
++ so_seek(store,0,SEEK_SET);
++
++ if (err)
++ so_give(&store);
++ }
++ return store;
++ }
++
++ static PKCS7 *get_pkcs7_from_part(int msgno,const char *section)
++ {
++ STORE_S *store = NULL;
++ PKCS7 *p7 = NULL;
++ BIO *in = NULL;
++
++ store = get_part_contents(msgno,section);
++
++ if (store) {
++ in = BIO_new_so(store);
++ if (in) {
++ p7=d2i_PKCS7_bio(in,NULL);
++ }
++ }
++
++ if (store)
++ so_give(&store);
++
++ BIO_free(in);
++
++ return p7;
++ }
++
++ /*
++ Try to verify a signature.
++
++ p7 - the pkcs7 object to verify
++ in - the plain data to verify (NULL if not detached)
++ out - BIO to which to write the opaque data
++ */
++ static int do_signature_verify(PKCS7 *p7,BIO *in,BIO *out)
++ {
++ STACK_OF(X509) *otherCerts = NULL;
++ int result;
++ const char *data;
++ long err;
++
++ #if 0
++ dump_bio_to_file(in,"/tmp/verified-data");
++ #endif
++
++ BIO_reset(in);
++
++ #if 0
++ /* testing verification stuff */
++ {
++ X509 *c;
++
++ c = get_cert_for(g_pine_smime_dir,"xx");
++ if (c) {
++ X509_add1_reject_object(c, OBJ_nid2obj(NID_email_protect));
++
++ X509_STORE_add_cert(s_cert_store,c);
++
++ save_cert_for(g_pine_smime_dir,cpystr("yy"),c);
++ }
++
++
++ ERR_clear_error();
++
++ }
++ #endif
++
++ result = PKCS7_verify(p7, otherCerts, s_cert_store,
++ in, out, 0);
++
++ if (result) {
++ q_status_message(SM_ORDER,1,1,"S/MIME signature verified ok");
++ } else {
++ err = ERR_peek_error_line_data(NULL, NULL, &data, NULL);
++
++ if (out && err==ERR_PACK(ERR_LIB_PKCS7,PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR)) {
++
++ /* Retry verification so we can get the plain text */
++ /* Might be better to reimplement PKCS7_verify here? */
++
++ PKCS7_verify(p7, otherCerts, s_cert_store,
++ in, out, PKCS7_NOVERIFY);
++
++ }
++
++ q_status_message1(SM_ORDER | SM_DING,1,1,"Couldn't verify S/MIME signature: %s",(char*) openssl_error_string());
++
++ return result;
++ }
++
++ /* now try to extract the certificates of any signers */
++ {
++ STACK_OF(X509) *signers;
++ int i;
++
++ signers = PKCS7_get0_signers(p7, NULL, 0);
++
++ if (signers)
++ for (i=0;i<sk_X509_num(signers);i++) {
++ char *email;
++ X509 *x = sk_X509_value(signers,i);
++ X509 *cert;
++
++ if (!x)
++ continue;
++
++ email = get_x509_subject_email(x);
++
++ if (email) {
++ cert = get_cert_for(g_pine_smime_dir,email);
++ if (cert) {
++ X509_free(cert);
++ } else {
++ save_cert_for(g_pine_smime_dir,email,x);
++ }
++ fs_give((void**) &email);
++ }
++ }
++
++ sk_X509_free(signers);
++ }
++
++ return result;
++ }
++
++ /* Hook inside BODY structure for cleaning up S/MIME message bodies */
++ static void smime_body_cleanup(BODY *b)
++ {
++ #if 0
++ q_status_message(SM_ORDER,1,1,"smime_body_cleanup called");
++ #endif
++
++ if (b->sparep) {
++ PKCS7_free((PKCS7*) b->sparep);
++ b->sparep = NULL;
++ }
++ }
++
++ /*
++ Given a multipart body of type multipart/signed, attempt to verify
++ it
++ */
++ static int do_detached_signature_verify(BODY *b,int msgno,char *section)
++ {
++ STORE_S *toVerify = NULL;
++ PKCS7 *p7 = NULL;
++ BIO *in = NULL;
++ PART *p;
++ int result = 0;
++ char seq[100];
++ char *what_we_did;
++
++ openssl_init();
++
++ snprintf(seq,sizeof(seq),"%s1",section);
++ toVerify = get_raw_part(msgno,seq);
++
++ if (toVerify) {
++
++ in = BIO_new_so(toVerify);
++ if (!in)
++ goto end;
++
++ snprintf(seq,sizeof(seq),"%s2",section);
++ p7 = get_pkcs7_from_part(msgno,seq);
++
++ if (!p7)
++ goto end;
++
++ result = do_signature_verify(p7,in,NULL);
++
++ if (b->subtype) fs_give((void**) &b->subtype);
++ b->subtype = cpystr("x-pkcs7-enclosure");
++ b->encoding = ENC8BIT;
++
++ if (b->description) fs_give ((void**) &b->description);
++
++ what_we_did = result ? "This message was cryptographically signed." :
++ "This message was cryptographically signed but the signature could not be verified.";
++
++ b->description = cpystr(what_we_did);
++
++ b->sparep = p7;
++ p7 = NULL;
++ b->cleanup = smime_body_cleanup;
++
++ p = b->nested.part;
++
++ /* p is signed plaintext */
++ if (p && p->next)
++ mail_free_body_part(&p->next); /* hide the pkcs7 from the viewer */
++
++ result = 0;
++ }
++ end:
++ BIO_free(in);
++
++ PKCS7_free(p7);
++
++ if (toVerify)
++ so_give(&toVerify);
++
++ return result;
++ }
++
++ static PERSONAL_CERT *find_certificate_matching_recip_info(PKCS7_RECIP_INFO *ri)
++ {
++ PERSONAL_CERT *x;
++
++ for (x=s_personal_certs;x;x=x->next) {
++ X509 *mine;
++
++ mine = x->cert;
++
++ if (!X509_NAME_cmp(ri->issuer_and_serial->issuer,mine->cert_info->issuer) &&
++ !ASN1_INTEGER_cmp(ri->issuer_and_serial->serial,mine->cert_info->serialNumber)) {
++ break;
++ }
++ }
++
++ return x;
++ }
++
++ static PERSONAL_CERT *find_certificate_matching_pkcs7(PKCS7 *p7)
++ {
++ int i;
++ STACK_OF(PKCS7_RECIP_INFO) *recips;
++ PERSONAL_CERT *x = NULL;
++
++ recips = p7->d.enveloped->recipientinfo;
++
++ for (i=0; i<sk_PKCS7_RECIP_INFO_num(recips); i++) {
++ PKCS7_RECIP_INFO *ri;
++
++ ri=sk_PKCS7_RECIP_INFO_value(recips,i);
++
++ if ((x=find_certificate_matching_recip_info(ri))!=0) {
++ break;
++ }
++ }
++
++ return x;
++ }
++
++ /*
++ Try to decode (decrypt or verify a signature) a PKCS7 body
++ */
++ static int do_decoding(BODY *b,int msgno,const char *section)
++ {
++ STORE_S *outs = NULL;
++ int result = 0;
++
++ BIO *out = NULL;
++ PKCS7 *p7 = NULL;
++ X509 *recip = NULL;
++ EVP_PKEY *key = NULL;
++ PERSONAL_CERT *pcert = NULL;
++
++ char *what_we_did = "";
++
++ openssl_init();
++
++ /*
++ Extract binary data from part to an in-memory store
++ */
++
++ if (b->sparep) {
++
++ p7 = (PKCS7*) b->sparep;
++
++ } else {
++
++ p7 = get_pkcs7_from_part(msgno,section);
++ if (p7 == NULL) {
++ q_status_message1(SM_ORDER,1,1,"Couldn't load PKCS7 object: %s",(char*)openssl_error_string());
++ goto end;
++ }
++
++ /* Save the PKCS7 object for later dealings by the user interface.
++ It will be cleaned up when the body is garbage collected
++ */
++ b->sparep = p7;
++ b->cleanup = smime_body_cleanup;
++ }
++
++ if (PKCS7_type_is_signed(p7)) {
++ int sigok;
++
++ outs = so_get(CharStar, NULL, EDIT_ACCESS);
++ so_puts(outs,"MIME-Version: 1.0\r\n"); /* needed so rfc822_parse_msg_full believes it's MIME */
++ out = BIO_new_so(outs);
++
++ sigok = do_signature_verify(p7,NULL,out);
++
++ /* shouldn't really duplicate these messages */
++ what_we_did = sigok ? "This message was cryptographically signed." :
++ "This message was cryptographically signed but the signature could not be verified.";
++
++ } else if (!PKCS7_type_is_enveloped(p7)) {
++ q_status_message(SM_ORDER,1,1,"PKCS7 object not recognised.");
++ goto end;
++ } else { /* It *is* enveloped */
++
++ what_we_did = "This message was encrypted.";
++
++ /*
++ Now need to find a cert that can decrypt this boy
++ */
++ pcert = find_certificate_matching_pkcs7(p7);
++
++ if (!pcert) {
++ q_status_message(SM_ORDER,1,1,"Couldn't find the certificate needed to decrypt.");
++ goto end;
++ }
++
++ recip = pcert->cert;
++
++ load_private_key(pcert);
++
++ key = pcert->key;
++ if (!key)
++ goto end;
++
++ outs = so_get(CharStar, NULL, EDIT_ACCESS);
++ so_puts(outs,"MIME-Version: 1.0\r\n");
++
++ out = BIO_new_so(outs);
++
++ if(!PKCS7_decrypt(p7, key, recip, out, 0)) {
++ q_status_message1(SM_ORDER,1,1,"Error decrypting PKCS7: %s",(char*) openssl_error_string());
++ goto end;
++ }
++
++ }
++
++ /* We've now produced a flattened MIME object in store outs.
++ It needs to be turned back into a BODY
++ */
++
++ {
++ BODY *body;
++ ENVELOPE *env;
++ char *h;
++ char *bstart;
++ STRING s;
++
++ h = so_text(outs);
++
++ /* look for start of body */
++ bstart = strstr(h,"\r\n\r\n");
++
++ if (!bstart) {
++ q_status_message(SM_ORDER,1,1,"Encrypted data couldn't be parsed.");
++ } else {
++ bstart += 4; /* skip over CRLF*2 */
++
++ INIT(&s,mail_string,bstart,strlen(bstart));
++ rfc822_parse_msg_full(&env,&body,h,bstart-h-2,&s,BADHOST,0,0);
++ mail_free_envelope(&env); /* Don't care about this */
++
++ /*
++ Now convert original body (application/pkcs7-mime)
++ to a multipart body with one sub-part (the decrypted body)
++ Note that the sub-part may also be multipart!
++ */
++
++ b->type = TYPEMULTIPART;
++ if (b->subtype) fs_give((void**) &b->subtype);
++
++ /* This subtype is used in mailview.c to annotate the display of
++ encrypted or signed messages. We know for sure then that it's a PKCS7
++ part because the sparep field is set to the PKCS7 object (see above)
++ */
++ b->subtype = cpystr("x-pkcs7-enclosure");
++ b->encoding = ENC8BIT;
++
++ if (b->description) fs_give ((void**) &b->description);
++ b->description = cpystr(what_we_did);
++
++ if (b->disposition.type) fs_give ((void **) &b->disposition.type);
++
++ if (b->contents.text.data) fs_give ((void **) &b->contents.text.data);
++
++ if (b->parameter) mail_free_body_parameter(&b->parameter);
++
++ /* Allocate mem for the sub-part, and copy over the contents of our parsed body */
++ b->nested.part = fs_get(sizeof (PART));
++ b->nested.part->body = *body;
++ b->nested.part->next = NULL;
++
++ fs_give((void**) &body);
++
++ /* IMPORTANT BIT: set the body->contents.text.data elements to contain the decrypted
++ data. Otherwise, it'll try to load it from the original data. Eek.
++ */
++ create_local_cache(bstart,&b->nested.part->body);
++
++ result = 1;
++ }
++ }
++
++ end:
++
++ BIO_free(out);
++
++ if (outs)
++ so_give(&outs);
++
++ return result;
++ }
++
++ /*
++ Recursively handle PKCS7 bodies in our message.
++
++ Returns non-zero if some fiddling was done.
++ */
++ static int do_fiddle_smime_message(BODY *b,int msgno,char *section)
++ {
++ int result = 0;
++
++ if (is_pkcs7_body(b)) {
++
++ if (do_decoding(b,msgno,*section ? section : "1")) {
++ /*
++ b should now be a multipart message: fiddle it too in case it's been multiply-encrypted!
++ */
++
++ /* fallthru */
++ result = 1;
++ }
++ }
++
++ if (b->type==TYPEMULTIPART) {
++
++ PART *p;
++ int partNum;
++ char newSec[100];
++
++ if (b->subtype && strucmp(b->subtype,"signed")==0) {
++
++ /* Ahah. We have a multipart signed entity. */
++
++ /* part 1 (signed thing)
++ part 2 (the pkcs7 object)
++ */
++
++ do_detached_signature_verify(b,msgno,section);
++
++ } else {
++
++ for (p=b->nested.part,partNum=1;p;p=p->next,partNum++) {
++
++ /* Append part number to the section string */
++
++ snprintf(newSec,sizeof(newSec),"%s%s%d",section,*section ? "." : "",partNum);
++
++ result |= do_fiddle_smime_message(&p->body,msgno,newSec);
++ }
++
++ }
++
++ }
++
++ return result;
++ }
++
++ /*
++ Fiddle a message in-place by decrypting/verifying S/MIME entities.
++ Returns non-zero if something was changed.
++ */
++
++ int fiddle_smime_message(BODY *b,int msgno,int is_new_message)
++ {
++ if (F_OFF(F_REMEMBER_SMIME_PASSPHRASE,ps_global))
++ forget_private_keys();
++ return do_fiddle_smime_message(b,msgno,"");
++ }
++
++
++ /********************************************************************************/
++
++ static struct key smime_info_keys[] =
++ {HELP_MENU,
++ OTHER_MENU,
++ {"<","Back",{MC_VIEW_TEXT,2,{'<',','}},KS_EXITMODE},
++ NULL_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ PREVPAGE_MENU,
++ NEXTPAGE_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ NULL_MENU,
++
++ HELP_MENU,
++ OTHER_MENU,
++ MAIN_MENU,
++ QUIT_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ INDEX_MENU,
++ NULL_MENU,
++ NULL_MENU,
++ };
++ INST_KEY_MENU(smime_info_keymenu, smime_info_keys);
++
++ #define SMIME_PARENT_KEY 2
++
++ static void get_fingerprint(X509 *cert,const EVP_MD *type,char *buf,int maxLen)
++ {
++ unsigned char md[128];
++ char *b;
++ int len,i;
++
++ len = sizeof(md);
++
++ X509_digest(cert,type,md,&len);
++
++ b = buf;
++ *b = 0;
++ for (i=0; i<len; i++)
++ {
++ if (b-buf+3>=maxLen)
++ break;
++
++ if (i != 0)
++ *b++ = ':';
++ sprintf(b,"%02x",md[i]);
++ b+=2;
++ }
++ }
++
++ static void output_X509_NAME(X509_NAME *name,gf_io_t pc)
++ {
++ int i,c;
++ int nid;
++ char buf[256];
++
++ c = X509_NAME_entry_count(name);
++
++ for (i=c-1;i>=0;i--) {
++ X509_NAME_ENTRY *e;
++
++ e = X509_NAME_get_entry(name,i);
++ if (!e) continue;
++
++ X509_NAME_get_text_by_OBJ(name, e->object,buf,sizeof(buf));
++
++ gf_puts(buf,pc);
++ gf_puts(NEWLINE,pc);
++ }
++
++ }
++
++ /*
++ Output a string in a distinctive style
++ */
++ static void gf_puts_uline(const char *txt,gf_io_t pc)
++ {
++ #if 0
++ pc(TAG_EMBED); pc(TAG_ULINEON);
++ gf_puts(txt,pc);
++ pc(TAG_EMBED); pc(TAG_ULINEOFF);
++ #else
++ pc(TAG_EMBED); pc(TAG_BOLDON);
++ gf_puts(txt,pc);
++ pc(TAG_EMBED); pc(TAG_BOLDOFF);
++ #endif
++ }
++
++ /*
++ Get a line from the given store (including \n)
++ */
++ static int so_gets(STORE_S *store,char *buf,int len)
++ {
++ unsigned char c;
++ char *bend = buf + len - 1;
++ char *b = buf;
++
++ do {
++ if (!store->readc(&c,store)) {
++ *b = 0;
++ return b!=buf;
++ }
++ *b++ = c;
++ } while (c!='\n' && b<bend);
++
++ *b = 0;
++
++ return 1;
++ }
++
++ /*
++ Wrap the text in the given store to the given width.
++ A new store is created for the result.
++ */
++ static STORE_S *wrap_store(STORE_S *in,int width)
++ {
++ STORE_S *result;
++ void *ws;
++ gf_io_t ipc,opc;
++
++ if (width<10)
++ width = 10;
++
++ result = so_get(CharStar,NULL,EDIT_ACCESS);
++ ws = gf_wrap_filter_opt(width,width,0,0);
++
++ gf_filter_init();
++ gf_link_filter(gf_wrap,ws);
++
++ gf_set_so_writec(&opc,result);
++ gf_set_so_readc(&ipc,in);
++
++ gf_pipe(ipc,opc);
++
++ gf_clear_so_readc(in);
++ gf_clear_so_writec(result);
++
++ return result;
++ }
++
++ /*
++ Output the contents of the given stores (left and right)
++ to the given gf_io_t.
++ The width of the terminal is inspected and two columns
++ are created to fit the stores into. They are then wrapped
++ and merged.
++ */
++ static void side_by_side(STORE_S *left,STORE_S *right,gf_io_t pc)
++ {
++ STORE_S *left_wrapped;
++ STORE_S *right_wrapped;
++
++ char buf_l[256];
++ char buf_r[256];
++ char *b;
++ int i;
++ int w = ps_global->ttyo->screen_cols/2 - 1;
++
++ so_seek(left,0,0);
++ so_seek(right,0,0);
++
++ left_wrapped = wrap_store(left,w);
++ right_wrapped = wrap_store(right,w);
++
++ so_seek(left_wrapped,0,0);
++ so_seek(right_wrapped,0,0);
++
++ for (;;) {
++
++ i = so_gets(left_wrapped,buf_l,sizeof(buf_l));
++ i += so_gets(right_wrapped,buf_r,sizeof(buf_r));
++
++ if (i==0)
++ break;
++
++ for (i=0, b=buf_l;i<w && *b && *b!='\r' && *b!='\n';i++,b++) {
++ pc(*b);
++ /* reduce accumulated width if an embed tag is discovered */
++ if (*b==TAG_EMBED)
++ i-=2;
++ }
++
++ if (buf_r[0]) {
++
++ while (i<w) {
++ pc(' ');
++ i++;
++ }
++
++ for (i=0, b=buf_r;i<w && *b && *b!='\r' && *b!='\n';i++,b++) {
++ pc(*b);
++ }
++ }
++
++ gf_puts(NEWLINE,pc);
++ }
++
++ so_give(&left_wrapped);
++ so_give(&right_wrapped);
++ }
++
++ static void print_separator_line(int percent,int ch,gf_io_t pc)
++ {
++ int i;
++ int start,len;
++
++ len = ps_global->ttyo->screen_cols * percent / 100;
++ start = (ps_global->ttyo->screen_cols - len)/2;
++
++ for (i=0;i<start;i++)
++ pc(' ');
++ for (i=start;i<start+len;i++)
++ pc(ch);
++ gf_puts(NEWLINE,pc);
++ }
++
++ static void output_cert_info(X509 *cert,gf_io_t pc)
++ {
++ char buf[256];
++ STORE_S *left,*right;
++ gf_io_t spc;
++ int i;
++
++ left = so_get(CharStar,NULL,EDIT_ACCESS);
++ right = so_get(CharStar,NULL,EDIT_ACCESS);
++
++ gf_set_so_writec(&spc,left);
++
++ if (!cert->cert_info) {
++ gf_puts("Couldn't find certificate info.",spc);
++ gf_puts(NEWLINE,spc);
++ } else {
++
++ gf_puts_uline("Subject (whose certificate it is)",spc);
++ gf_puts(NEWLINE, spc);
++
++ output_X509_NAME(cert->cert_info->subject,spc);
++ gf_puts(NEWLINE,spc);
++
++ gf_puts_uline("Serial Number",spc);
++ gf_puts(NEWLINE,spc);
++
++ sprintf(buf,"%d",ASN1_INTEGER_get(cert->cert_info->serialNumber));
++ gf_puts(buf,spc);
++ gf_puts(NEWLINE,spc);
++ gf_puts(NEWLINE,spc);
++
++ gf_puts_uline("Validity",spc);
++ gf_puts(NEWLINE,spc);
++ {
++ BIO *mb = BIO_new_so(left);
++
++ gf_puts("Not Before: ",spc);
++ ASN1_UTCTIME_print(mb,cert->cert_info->validity->notBefore);
++ BIO_flush(mb);
++ gf_puts(NEWLINE,spc);
++
++ gf_puts("Not After: ",spc);
++ ASN1_UTCTIME_print(mb,cert->cert_info->validity->notAfter);
++ BIO_flush(mb);
++
++ gf_puts(NEWLINE,spc);
++ gf_puts(NEWLINE,spc);
++
++ BIO_free(mb);
++ }
++
++ }
++
++ gf_clear_so_writec(left);
++
++ gf_set_so_writec(&spc,right);
++
++ if (!cert->cert_info) {
++ gf_puts("Couldn't find certificate info.",spc);
++ gf_puts(NEWLINE,spc);
++ } else {
++ gf_puts_uline("Issuer",spc);
++ gf_puts(NEWLINE, spc);
++
++ output_X509_NAME(cert->cert_info->issuer,spc);
++ gf_puts(NEWLINE,spc);
++ }
++
++ gf_clear_so_writec(right);
++
++ side_by_side(left,right,pc);
++
++ gf_puts_uline("SHA1 Fingerprint",pc);
++ gf_puts(NEWLINE,pc);
++ get_fingerprint(cert,EVP_sha1(),buf,sizeof(buf));
++ gf_puts(buf,pc);
++ gf_puts(NEWLINE,pc);
++
++ gf_puts_uline("MD5 Fingerprint",pc);
++ gf_puts(NEWLINE,pc);
++ get_fingerprint(cert,EVP_md5(),buf,sizeof(buf));
++ gf_puts(buf,pc);
++ gf_puts(NEWLINE,pc);
++
++ so_give(&left);
++ so_give(&right);
++ }
++
++ void format_smime_info(int pass,BODY *body,int msgno,gf_io_t pc)
++ {
++ PKCS7 *p7;
++ int i;
++
++ if (body->type==TYPEMULTIPART) {
++ PART *p;
++
++ for (p=body->nested.part;p;p=p->next) {
++ format_smime_info(pass,&p->body,msgno,pc);
++ }
++ }
++
++ p7 = body->sparep;
++ if (p7) {
++
++ if (PKCS7_type_is_signed(p7)) {
++ STACK_OF(X509) *signers;
++
++ switch (pass) {
++ case 1:
++ gf_puts("This message was cryptographically signed." NEWLINE,pc);
++ break;
++ case 2:
++
++ signers = PKCS7_get0_signers(p7, NULL, 0);
++
++ if (signers) {
++
++ sprintf(tmp_20k_buf,"Certificate%s used for signing",plural(sk_X509_num(signers)));
++ gf_puts_uline(tmp_20k_buf,pc);
++ gf_puts(NEWLINE,pc);
++ print_separator_line(100,'-',pc);
++
++ for (i=0;i<sk_X509_num(signers);i++) {
++ X509 *x = sk_X509_value(signers,i);
++
++ if (x) {
++ output_cert_info(x,pc);
++ gf_puts(NEWLINE,pc);
++ }
++
++ }
++ }
++
++ sk_X509_free(signers);
++ break;
++ }
++
++ } else if (PKCS7_type_is_enveloped(p7)) {
++
++ switch (pass) {
++ case 1:
++ gf_puts("This message was encrypted." NEWLINE,pc);
++ break;
++ case 2:
++
++ if (p7->d.enveloped && p7->d.enveloped->enc_data) {
++ X509_ALGOR *alg = p7->d.enveloped->enc_data->algorithm;
++ STACK_OF(PKCS7_RECIP_INFO) *ris = p7->d.enveloped->recipientinfo;
++ int found = 0;
++
++ gf_puts("The algorithm used to encrypt was ",pc);
++
++
++ if (alg) {
++ char *n = OBJ_nid2sn( OBJ_obj2nid(alg->algorithm ));
++
++ gf_puts(n ? n : "<unknown>",pc);
++
++ } else gf_puts("<unknown>",pc);
++
++ gf_puts("." NEWLINE NEWLINE,pc);
++
++ sprintf(tmp_20k_buf,"Certificate%s for decrypting",plural(sk_PKCS7_RECIP_INFO_num(ris)));
++ gf_puts_uline(tmp_20k_buf,pc);
++ gf_puts(NEWLINE,pc);
++ print_separator_line(100,'-',pc);
++
++ for (i=0;i<sk_PKCS7_RECIP_INFO_num(ris);i++) {
++ PKCS7_RECIP_INFO *ri;
++ PERSONAL_CERT *pcert;
++
++ ri = sk_PKCS7_RECIP_INFO_value(ris,i);
++ if (!ri) continue;
++
++ pcert = find_certificate_matching_recip_info(ri);
++
++ if (pcert) {
++
++ if (found) {
++ print_separator_line(25,'*',pc);
++ gf_puts(NEWLINE,pc);
++ }
++ found = 1;
++
++ output_cert_info(pcert->cert,pc);
++ gf_puts(NEWLINE,pc);
++
++ }
++ }
++
++ if (!found) {
++ gf_puts("No certificate capable of decrypting could not be found.",pc);
++ }
++ }
++ break;
++ }
++
++ }
++ }
++ }
++
++ void view_writec();
++
++ void smime_info_screen(struct pine *ps)
++ {
++ int msgno;
++ OtherMenu what;
++ int cmd;
++ char backtag[64];
++ BODY *body;
++ ENVELOPE *env;
++ HANDLE_S *handles = NULL;
++ SCROLL_S scrollargs;
++ STORE_S *store = NULL;
++ int offset = 0;
++
++ ps->prev_screen = smime_info_screen;
++ ps->next_screen = SCREEN_FUN_NULL;
++
++ if(mn_total_cur(ps->msgmap) > 1L){
++ q_status_message(SM_ORDER | SM_DING, 0, 3,
++ "Can only view one message's information at a time.");
++ return;
++ }
++ /* else check for existence of smime bits */
++
++ msgno = mn_m2raw(ps->msgmap, mn_get_cur(ps->msgmap));
++
++ env = mail_fetch_structure (ps->mail_stream,msgno,
++ &body,0);
++ if (!env || !body) {
++ q_status_message(SM_ORDER, 0, 3,
++ "Can't fetch body of message.");
++ return;
++ }
++
++ what = FirstMenu;
++
++ store = so_get(CharStar, NULL, EDIT_ACCESS);
++
++ while(ps->next_screen == SCREEN_FUN_NULL){
++
++ ClearLine(1);
++
++ so_truncate(store,0);
++
++ view_writec_init(store, &handles, HEADER_ROWS(ps),
++ HEADER_ROWS(ps) +
++ ps->ttyo->screen_rows - (HEADER_ROWS(ps)
++ + HEADER_ROWS(ps)));
++
++ gf_puts_uline("Overview",view_writec);
++ gf_puts(NEWLINE,view_writec);
++
++ format_smime_info(1,body,msgno,view_writec);
++ gf_puts(NEWLINE,view_writec);
++ format_smime_info(2,body,msgno,view_writec);
++
++ view_writec_destroy();
++
++
++ ps->next_screen = SCREEN_FUN_NULL;
++
++ memset(&scrollargs, 0, sizeof(SCROLL_S));
++ scrollargs.text.text = so_text(store);
++ scrollargs.text.src = CharStar;
++ scrollargs.text.desc = "S/MIME information";
++ scrollargs.body_valid = 1;
++
++ if(offset){ /* resize? preserve paging! */
++ scrollargs.start.on = Offset;
++ scrollargs.start.loc.offset = offset;
++ offset = 0L;
++ }
++
++ scrollargs.bar.title = "S/MIME INFORMATION";
++ /* scrollargs.end_scroll = view_end_scroll; */
++ scrollargs.resize_exit = 1;
++ scrollargs.help.text = NULL;
++ scrollargs.help.title = "HELP FOR S/MIME INFORMATION VIEW";
++ scrollargs.keys.menu = &smime_info_keymenu;
++ scrollargs.keys.what = what;
++ setbitmap(scrollargs.keys.bitmap);
++
++ if(scrolltool(&scrollargs) == MC_RESIZE)
++ offset = scrollargs.start.loc.offset;
++ }
++
++ so_give(&store);
++
++ }
++
++
++ #endif /* SMIME */
+diff -Ncr pine4.53/pine/smime.h pine4.53-smime/pine/smime.h
+*** pine4.53/pine/smime.h Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/smime.h Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,17 ----
++ #ifdef SMIME
++
++ int is_pkcs7_body(BODY *b);
++
++ int fiddle_smime_message(BODY *b,int msgno,int is_new_message);
++
++ int encrypt_outgoing_message(METAENV *header,BODY **bodyP);
++ int sign_outgoing_message(METAENV *header,BODY **bodyP,int dont_detach);
++ int get_passphrase(void);
++ void smime_info_screen(struct pine *ps);
++
++ extern int g_need_passphrase;
++
++ extern int g_do_encrypt;
++ extern int g_do_sign;
++
++ #endif /* SMIME */
+diff -Ncr pine4.53/pine/smkeys.c pine4.53-smime/pine/smkeys.c
+*** pine4.53/pine/smkeys.c Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/smkeys.c Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,343 ----
++ #ifdef SMIME
++
++ #include "headers.h"
++
++ #include <openssl/err.h>
++ #include <openssl/objects.h>
++ #include <openssl/evp.h>
++ #include <openssl/x509.h>
++ #include <openssl/pkcs7.h>
++ #include <openssl/pem.h>
++
++ #include "smkeys.h"
++
++ /*---------------------------------------------------
++ Remove leading whitespace, trailing whitespace and convert
++ to lowercase. Also remove slash characters
++
++ Args: s, -- The string to clean
++
++ Result: the cleaned string
++ ----*/
++ static char *
++ emailstrclean(string)
++ char *string;
++ {
++ char *s = string, *sc = NULL, *p = NULL;
++
++ for(; *s; s++){ /* single pass */
++ if(!isspace((unsigned char)*s)){
++ p = NULL; /* not start of blanks */
++ if(!sc) /* first non-blank? */
++ sc = string; /* start copying */
++ }
++ else if(!p) /* it's OK if sc == NULL */
++ p = sc; /* start of blanks? */
++
++ if(sc && *s!='/' && *s!='\\') /* if copying, copy */
++ *sc++ = isupper((unsigned char)(*s))
++ ? (unsigned char)tolower((unsigned char)(*s))
++ : (unsigned char)(*s);
++ }
++
++ if(p) /* if ending blanks */
++ *p = '\0'; /* tie off beginning */
++ else if(!sc) /* never saw a non-blank */
++ *string = '\0'; /* so tie whole thing off */
++
++ return(string);
++ }
++
++ /*
++ Add a lookup for each "*.crt" file in the given directory.
++ */
++ static void add_certs_in_dir(X509_LOOKUP *lookup,const char *path)
++ {
++ char buf[MAXPATH];
++ struct direct *d;
++ DIR *dirp;
++ PERSONAL_CERT *result;
++
++ result = NULL;
++
++ dirp = opendir(path);
++ if (dirp) {
++
++ while (d=readdir(dirp)) {
++ BIO *in;
++ X509 *cert;
++
++ if (srchrstr(d->d_name,".crt")) {
++
++ build_path(buf,(char*) path,d->d_name,sizeof(buf));
++
++ X509_LOOKUP_load_file(lookup,buf,X509_FILETYPE_PEM);
++ }
++
++ }
++
++ closedir(dirp);
++ }
++ }
++
++ /* Get an X509_STORE. This consists of the system
++ certs directory and any certificates in the user's
++ ~/.pine-smime/ca directory.
++ */
++ X509_STORE *get_ca_store(const char *path)
++ {
++ X509_LOOKUP *lookup;
++ char buf[MAXPATH];
++
++ X509_STORE *store;
++
++ store=X509_STORE_new();
++
++ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
++
++ build_path(buf,(char*) path,"ca",sizeof(buf));
++
++ add_certs_in_dir(lookup,buf);
++
++ /* X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); */
++
++ lookup = X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
++
++ X509_LOOKUP_add_dir(lookup,SSL_CERT_DIRECTORY,X509_FILETYPE_PEM);
++
++ /* X509_STORE_set_default_paths(cert_store);
++ X509_STORE_load_locations(cert_store,NULL,"../../certs");
++ X509_STORE_set_verify_cb_func(cert_store,verify_callback);
++ */
++
++ return store;
++ }
++
++ static EVP_PKEY *load_key(char *file, char *pass)
++ {
++ BIO *in;
++ EVP_PKEY *key;
++ if(!(in = BIO_new_file(file, "r"))) return NULL;
++ key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
++ BIO_free(in);
++ return key;
++ }
++
++ char *get_x509_name_entry(const char *key,X509_NAME *name)
++ {
++ int i,c,n;
++ char buf[256];
++ char *id;
++
++ if (!name)
++ return NULL;
++
++ c = X509_NAME_entry_count(name);
++
++ for (i=0;i<c;i++) {
++ X509_NAME_ENTRY *e;
++
++ e = X509_NAME_get_entry(name,i);
++ if (!e) continue;
++
++ buf[0] = 0;
++ id = buf;
++
++ n = OBJ_obj2nid(e->object);
++ if ((n == NID_undef) || ((id=(char*) OBJ_nid2sn(n)) == NULL)) {
++ i2t_ASN1_OBJECT(buf,sizeof(buf),e->object);
++ id = buf;
++ }
++
++ if ((strucmp(id,"email")==0) || (strucmp(id,"emailAddress")==0)) {
++ X509_NAME_get_text_by_OBJ(name, e->object,(char*) buf,sizeof(buf)-1);
++ return cpystr(buf);
++ }
++ }
++ return NULL;
++ }
++
++ char *get_x509_subject_email(X509 *x)
++ {
++ char* result;
++ result = get_x509_name_entry("email",X509_get_subject_name(x));
++ if ( !result ) {
++ result = get_x509_name_entry("emailAddress",X509_get_subject_name(x));
++ }
++
++ return result;
++ }
++
++ /* Save the certificate for the given email address in
++ ~/.pine-smime/public.
++
++ Should consider the security hazards in making a file with
++ the email address that has come from the certificate.
++
++ The argument email is destroyed.
++ */
++
++ void save_cert_for(const char *path,char *email,X509 *cert)
++ {
++ char sf[MAXPATH];
++ char sf2[MAXPATH];
++ BIO *tmp;
++
++ build_path(sf,(char*) path,"public",sizeof(sf));
++
++ build_path(sf2,sf,emailstrclean(email),sizeof(sf2));
++ strncat(sf2,".crt",sizeof(sf2)-1-strlen(sf2));
++ sf2[sizeof(sf2)-1] = 0;
++
++ tmp = BIO_new_file(sf2, "w");
++ if (tmp) {
++ X509_print(tmp,cert);
++ PEM_write_bio_X509_AUX(tmp, cert);
++ BIO_free(tmp);
++ q_status_message1(SM_ORDER,1,1,"Saved certificate for <%s>",(char*)email);
++ } else {
++ q_status_message1(SM_ORDER,1,1,"Couldn't save certificate for <%s>",(char*)email);
++ }
++ }
++
++ /*
++ Try to retrieve the certificate for the given email address.
++ */
++ X509 *get_cert_for(const char *path,const char *email)
++ {
++ char buf[MAXPATH];
++ char buf2[MAXPATH];
++ char buf3[MAXPATH];
++ char *p;
++ X509 *cert = NULL;
++ BIO *in;
++
++ strncpy(buf3,email,sizeof(buf3)-1);
++ buf3[sizeof(buf3)-1] = 0;
++
++ /* clean it up (lowercase, space removal) */
++ emailstrclean(buf3);
++
++ build_path(buf,(char*)path,"public",sizeof(buf));
++ build_path(buf2,buf,buf3,sizeof(buf2));
++ strncat(buf2,".crt",sizeof(buf2)-1-strlen(buf2));
++ buf2[sizeof(buf2)-1] = 0;
++
++ if((in = BIO_new_file(buf2, "r"))!=0) {
++
++ cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
++
++ if (cert) {
++ /* could check email addr in cert matches */
++ }
++ }
++ BIO_free(in);
++
++ return cert;
++ }
++
++ EVP_PKEY *get_key_for(const char *path,const char *email,const char *pass)
++ {
++ char buf[MAXPATH];
++ char buf2[MAXPATH];
++ char buf3[MAXPATH];
++ char *p;
++ EVP_PKEY *key = NULL;
++ BIO *in;
++
++ strncpy(buf3,email,sizeof(buf3)-1);
++ buf3[sizeof(buf3)-1] = 0;
++
++ /* clean it up (lowercase, space removal) */
++ emailstrclean(buf3);
++
++ build_path(buf,(char*)path,"private",sizeof(buf));
++ build_path(buf2,buf,buf3,sizeof(buf2));
++ strncat(buf2,".key",sizeof(buf2)-1-strlen(buf2));
++ buf2[sizeof(buf2)-1] = 0;
++
++ key = load_key(buf2,pass);
++
++ return key;
++ }
++
++ /*
++ Load the user's personal certificates from
++ ~/.pine-smime/private
++ */
++ PERSONAL_CERT *get_personal_certs(const char *path)
++ {
++ char buf[MAXPATH];
++ char buf2[MAXPATH];
++ struct direct *d;
++ DIR *dirp;
++ PERSONAL_CERT *result;
++
++ result = NULL;
++
++ build_path(buf,(char*) path,"private",sizeof(buf));
++
++ dirp = opendir(buf);
++ if (dirp) {
++
++ while (d=readdir(dirp)) {
++ BIO *in;
++ X509 *cert;
++
++ if (srchrstr(d->d_name,".key")) {
++
++ /* copy file name to temp buffer */
++ strcpy(buf2,d->d_name);
++ /* chop off ".key" trailier */
++ buf2[strlen(buf2)-4] = 0;
++ /* Look for certificate */
++ cert = get_cert_for(path,buf2);
++
++ if (cert) {
++ PERSONAL_CERT *pc;
++
++ /* create a new PERSONAL_CERT, fill it in */
++
++ pc = fs_get(sizeof(PERSONAL_CERT));
++ pc->cert = cert;
++ build_path(buf2,buf,d->d_name,sizeof(buf2));
++ pc->file = cpystr(buf2);
++
++ strcpy(pc->file + strlen(pc->file) - 4, ".key");
++
++ /* Try to load the key with an empty password */
++ pc->key = load_key(pc->file,"");
++
++ pc->next = result;
++ result = pc;
++ }
++ }
++
++ }
++
++ closedir(dirp);
++ }
++
++ return result;
++ }
++
++ void personal_cert_free(PERSONAL_CERT **pcp)
++ {
++ if (pcp && *pcp) {
++
++ PERSONAL_CERT *pc = *pcp;
++
++ fs_give((void**) &pc->file);
++
++ X509_free(pc->cert);
++
++ if (pc->key)
++ EVP_PKEY_free(pc->key);
++
++ personal_cert_free(&pc->next);
++
++ fs_give((void**) pcp);
++ }
++ }
++
++ #endif /* SMIME */
+diff -Ncr pine4.53/pine/smkeys.h pine4.53-smime/pine/smkeys.h
+*** pine4.53/pine/smkeys.h Wed Dec 31 16:00:00 1969
+--- pine4.53-smime/pine/smkeys.h Wed Jan 15 12:48:15 2003
+***************
+*** 0 ****
+--- 1,20 ----
++
++ #define PERSONAL_CERT struct personal_cert
++
++ PERSONAL_CERT {
++ X509 *cert;
++ EVP_PKEY *key;
++ char *file;
++ PERSONAL_CERT *next;
++ };
++
++ X509_STORE *get_ca_store(const char *d);
++
++ PERSONAL_CERT *get_personal_certs(const char *d);
++
++ X509 *get_cert_for(const char *path,const char *email);
++ void save_cert_for(const char *path,char *email,X509 *cert);
++
++ void personal_cert_free(PERSONAL_CERT **pc);
++
++ char *get_x509_subject_email(X509 *x);