changeset: 7064:085fc55029d8 user: Kevin McCarthy <ke...@8t8.us> date: Mon May 29 11:48:41 2017 -0700 link: http://dev.mutt.org/hg/mutt/rev/085fc55029d8
Convert classic s/mime to space delimit findKeys output. Unlike gpgme and classic pgp, smime used a "cert\ncert\n" pattern. Convert to use a space-delimited format, so the self-encrypt option code can be uniform across pgp, s/mime, and gpgme. changeset: 7065:ca95f3e38355 user: Kevin McCarthy <ke...@8t8.us> date: Mon May 29 11:48:42 2017 -0700 link: http://dev.mutt.org/hg/mutt/rev/ca95f3e38355 Add self-encrypt options for PGP and S/MIME. Add $pgp_self_encrypt, $pgp_self_encrypt_as, $smime_self_encrypt, $smime_self_encrypt_as. $pgp_sign_as and $smime_default_key are inappropriate to use, as they specify signing key/certs. In some cases, this is a different value than the encryption key/cert. changeset: 7066:228364e8abb7 user: Kevin McCarthy <ke...@8t8.us> date: Mon May 29 11:48:43 2017 -0700 link: http://dev.mutt.org/hg/mutt/rev/228364e8abb7 Change $postpone_encrypt to use self-encrypt variables first. The concept of postpone encryption is similar to self-encrypting on send. The problem is the $postpone_encrypt_as option doesn't take into account whether PGP or S/MIME is being used. Since we need to add the new options for self-encryption, modify $postpone_encrypt to use them by default instead, falling back to $postpone_encrypt_as if they are unset. Note $postpone_encrypt_as is deprecated in the documentation. diffs (260 lines): diff -r a636bc4a4940 -r 228364e8abb7 crypt.c --- a/crypt.c Wed May 24 15:46:41 2017 -0700 +++ b/crypt.c Mon May 29 11:48:43 2017 -0700 @@ -787,6 +787,8 @@ { ADDRESS *adrlist = NULL, *last = NULL; const char *fqdn = mutt_fqdn (1); + char *self_encrypt = NULL; + size_t keylist_size; /* Do a quick check to make sure that we can find all of the encryption * keys if the user has requested this service. @@ -819,6 +821,8 @@ return (-1); } unset_option (OPTPGPCHECKTRUST); + if (option (OPTPGPSELFENCRYPT)) + self_encrypt = PgpSelfEncryptAs; } if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) @@ -828,9 +832,18 @@ rfc822_free_address (&adrlist); return (-1); } + if (option (OPTSMIMESELFENCRYPT)) + self_encrypt = SmimeSelfEncryptAs; } } + if (!oppenc_mode && self_encrypt && *self_encrypt) + { + keylist_size = mutt_strlen (*keylist); + safe_realloc (keylist, keylist_size + mutt_strlen (self_encrypt) + 2); + sprintf (*keylist + keylist_size, " %s", self_encrypt); /* __SPRINTF_CHECKED__ */ + } + rfc822_free_address (&adrlist); return (0); diff -r a636bc4a4940 -r 228364e8abb7 globals.h --- a/globals.h Wed May 24 15:46:41 2017 -0700 +++ b/globals.h Mon May 29 11:48:43 2017 -0700 @@ -262,6 +262,7 @@ WHERE char *PgpListSecringCommand; WHERE char *PgpListPubringCommand; WHERE char *PgpGetkeysCommand; +WHERE char *PgpSelfEncryptAs; /*-- formerly in smime.h --*/ WHERE char *SmimeDefaultKey; @@ -282,6 +283,7 @@ WHERE char *SmimeGetCertCommand; WHERE char *SmimeImportCertCommand; WHERE char *SmimeGetCertEmailCommand; +WHERE char *SmimeSelfEncryptAs; diff -r a636bc4a4940 -r 228364e8abb7 init.h --- a/init.h Wed May 24 15:46:41 2017 -0700 +++ b/init.h Mon May 29 11:48:43 2017 -0700 @@ -2059,6 +2059,21 @@ ** removed, while the inner \fCmultipart/signed\fP part is retained. ** (PGP only) */ + { "pgp_self_encrypt", DT_BOOL, R_NONE, OPTPGPSELFENCRYPT, 0 }, + /* + ** .pp + ** When \fIset\fP, PGP encrypted messages will also be encrypted + ** using the key in $$pgp_self_encrypt_as. + ** (PGP only) + */ + { "pgp_self_encrypt_as", DT_STR, R_NONE, UL &PgpSelfEncryptAs, 0 }, + /* + ** .pp + ** This is an additional key used to encrypt messages when $$pgp_self_encrypt + ** is \fIset\fP. It is also used to specify the key for $$postpone_encrypt. + ** It should be in keyid or fingerprint form (e.g. 0x00112233). + ** (PGP only) + */ { "pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, 1 }, /* ** .pp @@ -2278,15 +2293,16 @@ /* ** .pp ** When \fIset\fP, postponed messages that are marked for encryption will be - ** encrypted using the key in $$postpone_encrypt_as before saving. + ** self-encrypted. Mutt will first try to encrypt using the value specified + ** in $$pgp_self_encrypt_as or $$smime_self_encrypt_as. If those are not + ** set, it will try the deprecated $$postpone_encrypt_as. ** (Crypto only) */ { "postpone_encrypt_as", DT_STR, R_NONE, UL &PostponeEncryptAs, 0 }, /* ** .pp - ** This is the key used to encrypt postponed messages. It should be in - ** keyid or fingerprint form (e.g. 0x00112233 for PGP or the - ** hash-value that OpenSSL generates for S/MIME). + ** This is a deprecated fall-back variable for $$postpone_encrypt. + ** Please use $$pgp_self_encrypt_as or $$smime_self_encrypt_as. ** (Crypto only) */ #ifdef USE_SOCKET @@ -3096,6 +3112,22 @@ ** possible \fCprintf(3)\fP-like sequences. ** (S/MIME only) */ + { "smime_self_encrypt", DT_BOOL, R_NONE, OPTSMIMESELFENCRYPT, 0 }, + /* + ** .pp + ** When \fIset\fP, S/MIME encrypted messages will also be encrypted + ** using the certificate in $$smime_self_encrypt_as. + ** (S/MIME only) + */ + { "smime_self_encrypt_as", DT_STR, R_NONE, UL &SmimeSelfEncryptAs, 0 }, + /* + ** .pp + ** This is an additional certificate used to encrypt messages when + ** $$smime_self_encrypt is \fIset\fP. It is also used to specify the + ** certficate for $$postpone_encrypt. It should be the hash-value that + ** OpenSSL generates. + ** (S/MIME only) + */ { "smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, 0}, /* ** .pp diff -r a636bc4a4940 -r 228364e8abb7 mutt.h --- a/mutt.h Wed May 24 15:46:41 2017 -0700 +++ b/mutt.h Mon May 29 11:48:43 2017 -0700 @@ -503,6 +503,7 @@ OPTCRYPTREPLYSIGNENCRYPTED, OPTCRYPTTIMESTAMP, OPTSMIMEISDEFAULT, + OPTSMIMESELFENCRYPT, OPTASKCERTLABEL, OPTSDEFAULTDECRYPTKEY, OPTPGPIGNORESUB, @@ -513,6 +514,7 @@ OPTPGPENCRYPTSELF, #endif OPTPGPRETAINABLESIG, + OPTPGPSELFENCRYPT, OPTPGPSTRICTENC, OPTFORWDECRYPT, OPTPGPSHOWUNUSABLE, diff -r a636bc4a4940 -r 228364e8abb7 send.c --- a/send.c Wed May 24 15:46:41 2017 -0700 +++ b/send.c Mon May 29 11:48:43 2017 -0700 @@ -1599,26 +1599,37 @@ if (msg->content->next) msg->content = mutt_make_multipart (msg->content); - if (WithCrypto && option (OPTPOSTPONEENCRYPT) && PostponeEncryptAs - && (msg->security & ENCRYPT)) + if (WithCrypto && option (OPTPOSTPONEENCRYPT) && (msg->security & ENCRYPT)) { - int is_signed = msg->security & SIGN; - if (is_signed) - msg->security &= ~SIGN; + char *encrypt_as = NULL; - pgpkeylist = safe_strdup (PostponeEncryptAs); - if (mutt_protect (msg, pgpkeylist) == -1) + if ((WithCrypto & APPLICATION_PGP) && (msg->security & APPLICATION_PGP)) + encrypt_as = PgpSelfEncryptAs; + else if ((WithCrypto & APPLICATION_SMIME) && (msg->security & APPLICATION_SMIME)) + encrypt_as = SmimeSelfEncryptAs; + if (!(encrypt_as && *encrypt_as)) + encrypt_as = PostponeEncryptAs; + + if (encrypt_as && *encrypt_as) { + int is_signed = msg->security & SIGN; + if (is_signed) + msg->security &= ~SIGN; + + pgpkeylist = safe_strdup (encrypt_as); + if (mutt_protect (msg, pgpkeylist) == -1) + { + if (is_signed) + msg->security |= SIGN; + FREE (&pgpkeylist); + msg->content = mutt_remove_multipart (msg->content); + goto main_loop; + } + if (is_signed) msg->security |= SIGN; FREE (&pgpkeylist); - msg->content = mutt_remove_multipart (msg->content); - goto main_loop; } - - if (is_signed) - msg->security |= SIGN; - FREE (&pgpkeylist); } /* diff -r a636bc4a4940 -r 228364e8abb7 smime.c --- a/smime.c Wed May 24 15:46:41 2017 -0700 +++ b/smime.c Mon May 29 11:48:43 2017 -0700 @@ -911,11 +911,11 @@ FREE (&keylist); return NULL; } - + keyID = key->hash; keylist_size += mutt_strlen (keyID) + 2; safe_realloc (&keylist, keylist_size); - sprintf (keylist + keylist_used, "%s\n", keyID); /* __SPRINTF_CHECKED__ */ + sprintf (keylist + keylist_used, "%s%s", keylist_used ? " " : "", keyID); /* __SPRINTF_CHECKED__ */ keylist_used = mutt_strlen (keylist); smime_free_key (&key); @@ -1374,10 +1374,10 @@ char buf[LONG_STRING], certfile[LONG_STRING]; char tempfile[_POSIX_PATH_MAX], smimeerrfile[_POSIX_PATH_MAX]; char smimeinfile[_POSIX_PATH_MAX]; - char *cert_start = certlist, *cert_end = certlist; + char *cert_start, *cert_end; FILE *smimein = NULL, *smimeerr = NULL, *fpout = NULL, *fptmp = NULL; BODY *t; - int err = 0, empty; + int err = 0, empty, off; pid_t thepid; mutt_mktemp (tempfile, sizeof (tempfile)); @@ -1408,17 +1408,18 @@ } *certfile = '\0'; - while (1) + for (cert_start = certlist; cert_start; cert_start = cert_end) { - int off = mutt_strlen (certfile); - while (*++cert_end && *cert_end != '\n'); - if (!*cert_end) break; - *cert_end = '\0'; - snprintf (certfile+off, sizeof (certfile)-off, " %s/%s", - NONULL(SmimeCertificates), cert_start); - *cert_end = '\n'; - cert_start = cert_end; - cert_start++; + if ((cert_end = strchr (cert_start, ' '))) + *cert_end = '\0'; + if (*cert_start) + { + off = mutt_strlen (certfile); + snprintf (certfile+off, sizeof (certfile)-off, "%s%s/%s", + off ? " " : "", NONULL(SmimeCertificates), cert_start); + } + if (cert_end) + *cert_end++ = ' '; } /* write a MIME entity */
