From 43591e1092f09cf9eb42fe620d4e257156bdcd16 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Mon, 30 Jul 2001 21:34:16 +0000 Subject: [PATCH] 2001-07-30 Simon Josefsson * smime.el (smime-call-openssl-region): Revert previous change, just pass on buf to `call-process-region'. (smime-verify-region): Doc fix. Don't message stuff. Use `smime-new-details-buffer'. Inserts error messages into buffer. (smime-noverify-region): Ditto. (smime-decrypt-region): Ditto. Handles stderr separately. (smime-verify-buffer, smime-noverify-buffer) (smime-decrypt-buffer): Doc fix. (smime-new-details-buffer): New function. (smime-pkcs7-region, smime-pkcs7-certificates-region) (smime-pkcs7-email-region): Use `smime-new-details-buffer'. (smime-sign-region, smime-encrypt-region): Don't use `insert-buffer'. * mml-smime.el (mml-smime-verify): Fix security button strings. --- lisp/ChangeLog | 18 +++++ lisp/mml-smime.el | 8 +-- lisp/smime.el | 167 +++++++++++++++++++++++++++------------------- 3 files changed, 120 insertions(+), 73 deletions(-) diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 475e71c5e..53b7e7c6b 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,21 @@ +2001-07-30 Simon Josefsson + + * smime.el (smime-call-openssl-region): Revert previous change, + just pass on buf to `call-process-region'. + (smime-verify-region): Doc fix. Don't message stuff. Use + `smime-new-details-buffer'. Inserts error messages into buffer. + (smime-noverify-region): Ditto. + (smime-decrypt-region): Ditto. Handles stderr separately. + (smime-verify-buffer, smime-noverify-buffer) + (smime-decrypt-buffer): Doc fix. + (smime-new-details-buffer): New function. + (smime-pkcs7-region, smime-pkcs7-certificates-region) + (smime-pkcs7-email-region): Use `smime-new-details-buffer'. + (smime-sign-region, smime-encrypt-region): Don't use + `insert-buffer'. + + * mml-smime.el (mml-smime-verify): Fix security button strings. + 2001-07-30 12:00:00 ShengHuo ZHU * gnus-art.el (gnus-mime-save-part-and-strip): Save diff --git a/lisp/mml-smime.el b/lisp/mml-smime.el index 46db90672..8c4c709ed 100644 --- a/lisp/mml-smime.el +++ b/lisp/mml-smime.el @@ -146,8 +146,8 @@ mm-security-handle 'gnus-info "Failed") (mm-set-handle-multipart-parameter mm-security-handle 'gnus-details - (concat "OpenSSL failed to verify message:\n" - "---------------------------------\n" + (concat "OpenSSL failed to verify message integrity:\n" + "-------------------------------------------\n" openssl-output))) ;; verify mail addresses in mail against those in certificate (when (and (smime-pkcs7-region (point-min) (point-max)) @@ -168,10 +168,10 @@ (mm-set-handle-multipart-parameter mm-security-handle 'gnus-info "Ok (sender authenticated)") (mm-set-handle-multipart-parameter - mm-security-handle 'gnus-info "Integrity OK (sender unknown)"))) + mm-security-handle 'gnus-info "Ok (sender not trusted)"))) (mm-set-handle-multipart-parameter mm-security-handle 'gnus-details - (concat "Sender clamed to be: " (mm-handle-multipart-from ctl) "\n" + (concat "Sender claimed to be: " (mm-handle-multipart-from ctl) "\n" (if addresses (concat "Addresses in certificate: " (mapconcat 'identity addresses ", ")) diff --git a/lisp/smime.el b/lisp/smime.el index f9db87a20..2d47307fe 100644 --- a/lisp/smime.el +++ b/lisp/smime.el @@ -209,7 +209,7 @@ to set this to e.g. `(\"-rand\" \"/etc/entropy\")'." (defun smime-call-openssl-region (b e buf &rest args) (case (apply 'call-process-region b e smime-openssl-program nil - (list buf nil) nil (append smime-extra-arguments args)) + buf nil (append smime-extra-arguments args)) (0 t) (1 (message "OpenSSL: An error occurred parsing the command options.") nil) (2 (message "OpenSSL: One of the input files could not be read.") nil) @@ -244,7 +244,7 @@ to include in its caar." (if passphrase (list "-passin" "env:GNUS_SMIME_PASSPHRASE")))) (delete-region b e) - (insert-buffer buffer) + (insert-buffer-substring buffer) (when (looking-at "^MIME-Version: 1.0$") (delete-region (point) (progn (forward-line 1) (point)))) t) @@ -252,7 +252,7 @@ to include in its caar." (setenv "GNUS_SMIME_PASSPHRASE" "" t)) (with-current-buffer (get-buffer-create smime-details-buffer) (goto-char (point-max)) - (insert-buffer buffer)) + (insert-buffer-substring buffer)) (kill-buffer buffer)))) (defun smime-encrypt-region (b e certfiles) @@ -265,23 +265,15 @@ is expected to contain of a PEM encoded certificate." (when (apply 'smime-call-openssl-region b e buffer "smime" "-encrypt" smime-encrypt-cipher (mapcar 'expand-file-name certfiles)) (delete-region b e) - (insert-buffer buffer) + (insert-buffer-substring buffer) (when (looking-at "^MIME-Version: 1.0$") (delete-region (point) (progn (forward-line 1) (point)))) t) (with-current-buffer (get-buffer-create smime-details-buffer) (goto-char (point-max)) - (insert-buffer buffer)) + (insert-buffer-substring buffer)) (kill-buffer buffer)))) -(defun smime-get-certfiles (keyfile keys) - (if keys - (let ((curkey (car keys)) - (otherkeys (cdr keys))) - (if (string= keyfile (cadr curkey)) - (caddr curkey) - (smime-get-certfiles keyfile otherkeys))))) - ;; Sign+encrypt buffer (defun smime-sign-buffer (&optional keyfile buffer) @@ -314,71 +306,98 @@ nil." ;; Verify+decrypt region (defun smime-verify-region (b e) - (let ((buffer (get-buffer-create smime-details-buffer)) - (CAs (append (if smime-CA-file + "Verify S/MIME message in region between B and E. +Returns non-nil on success. +Any details (stdout and stderr) are left in the buffer specified by +`smime-details-buffer'." + (smime-new-details-buffer) + (let ((CAs (append (if smime-CA-file (list "-CAfile" (expand-file-name smime-CA-file))) (if smime-CA-directory (list "-CApath" (expand-file-name smime-CA-directory)))))) - (unless CAs (error "No CA configured")) - (with-current-buffer buffer - (erase-buffer)) - (if (apply 'smime-call-openssl-region b e buffer "smime" "-verify" - "-out" "/dev/null" CAs) - (message "S/MIME message verified succesfully.") - (message "S/MIME message NOT verified successfully.") + (unless CAs + (error "No CA configured")) + (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t) + "smime" "-verify" "-out" "/dev/null" CAs) + t + (insert-buffer-substring smime-details-buffer) nil))) (defun smime-noverify-region (b e) - (let ((buffer (get-buffer-create smime-details-buffer))) - (with-current-buffer buffer - (erase-buffer)) - (if (apply 'smime-call-openssl-region b e buffer "smime" "-verify" - "-noverify" "-out" '("/dev/null")) - (message "S/MIME message verified succesfully.") - (message "S/MIME message NOT verified successfully.") - nil))) + "Verify integrity of S/MIME message in region between B and E. +Returns non-nil on success. +Any details (stdout and stderr) are left in the buffer specified by +`smime-details-buffer'." + (smime-new-details-buffer) + (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t) + "smime" "-verify" "-noverify" "-out" '("/dev/null")) + t + (insert-buffer-substring smime-details-buffer) + nil)) (defun smime-decrypt-region (b e keyfile) - (let ((buffer (generate-new-buffer (generate-new-buffer-name "*smime*"))) - CAs (passphrase (smime-ask-passphrase))) + "Decrypt S/MIME message in region between B and E with key in KEYFILE. +On success, replaces region with decrypted data and return non-nil. +Any details (stderr on success, stdout and stderr on error) are left +in the buffer specified by `smime-details-buffer'." + (smime-new-details-buffer) + (let ((buffer (generate-new-buffer (generate-new-buffer-name " *smime*"))) + CAs (passphrase (smime-ask-passphrase)) + (tmpfile (make-temp-file "smime"))) (if passphrase (setenv "GNUS_SMIME_PASSPHRASE" passphrase)) - (when (apply 'smime-call-openssl-region - b e buffer "smime" "-decrypt" - "-recip" (expand-file-name keyfile) - (if passphrase - (list "-passin" "env:GNUS_SMIME_PASSPHRASE" ))) + (if (prog1 + (apply 'smime-call-openssl-region b e + (list buffer tmpfile) + "smime" "-decrypt" "-recip" (expand-file-name keyfile) + (if passphrase + (list "-passin" "env:GNUS_SMIME_PASSPHRASE"))) + (if passphrase + (setenv "GNUS_SMIME_PASSPHRASE" "" t)) + (with-current-buffer smime-details-buffer + (insert-file-contents tmpfile) + (delete-file tmpfile))) + (progn + (delete-region b e) + (insert-buffer-substring buffer) + (kill-buffer buffer) + t) + (with-current-buffer smime-details-buffer + (insert-buffer-substring buffer)) + (kill-buffer buffer) (delete-region b e) - (insert-buffer buffer)) - (if passphrase - (setenv "GNUS_SMIME_PASSPHRASE" "" t)) - (with-current-buffer (get-buffer-create smime-details-buffer) - (goto-char (point-max)) - (insert-buffer buffer)) - (kill-buffer buffer))) + (insert-buffer-substring smime-details-buffer) + nil))) ;; Verify+Decrypt buffer (defun smime-verify-buffer (&optional buffer) "Verify integrity of S/MIME message in BUFFER. -Uses current buffer if BUFFER is nil." +Uses current buffer if BUFFER is nil. Returns non-nil on success. +Any details (stdout and stderr) are left in the buffer specified by +`smime-details-buffer'." (interactive) (with-current-buffer (or buffer (current-buffer)) (smime-verify-region (point-min) (point-max)))) (defun smime-noverify-buffer (&optional buffer) "Verify integrity of S/MIME message in BUFFER. -Uses current buffer if BUFFER is nil. -Does NOT verify validity of certificate." +Does NOT verify validity of certificate (only message integrity). +Uses current buffer if BUFFER is nil. Returns non-nil on success. +Any details (stdout and stderr) are left in the buffer specified by +`smime-details-buffer'." (interactive) (with-current-buffer (or buffer (current-buffer)) (smime-noverify-region (point-min) (point-max)))) (defun smime-decrypt-buffer (&optional buffer keyfile) "Decrypt S/MIME message in BUFFER using KEYFILE. -Uses current buffer if BUFFER is nil, queries user of KEYFILE is nil." +Uses current buffer if BUFFER is nil, and query user of KEYFILE if it's nil. +On success, replaces data in buffer and return non-nil. +Any details (stderr on success, stdout and stderr on error) are left +in the buffer specified by `smime-details-buffer'." (interactive) (with-current-buffer (or buffer (current-buffer)) (smime-decrypt-region @@ -392,36 +411,46 @@ Uses current buffer if BUFFER is nil, queries user of KEYFILE is nil." ;; Various operations +(defun smime-new-details-buffer () + (with-current-buffer (get-buffer-create smime-details-buffer) + (erase-buffer))) + (defun smime-pkcs7-region (b e) "Convert S/MIME message between points B and E into a PKCS7 message." - (let ((buffer (get-buffer-create smime-details-buffer))) - (with-current-buffer buffer - (erase-buffer)) - (when (smime-call-openssl-region b e buffer "smime" "-pk7out") - (delete-region b e) - (insert-buffer-substring buffer) - t))) + (smime-new-details-buffer) + (when (smime-call-openssl-region b e smime-details-buffer "smime" "-pk7out") + (delete-region b e) + (insert-buffer-substring smime-details-buffer) + t)) (defun smime-pkcs7-certificates-region (b e) "Extract any certificates enclosed in PKCS7 message between points B and E." - (let ((buffer (get-buffer-create smime-details-buffer))) - (with-current-buffer buffer - (erase-buffer)) - (when (smime-call-openssl-region b e buffer "pkcs7" "-print_certs" "-text") - (delete-region b e) - (insert-buffer-substring buffer) - t))) + (smime-new-details-buffer) + (when (smime-call-openssl-region + b e smime-details-buffer "pkcs7" "-print_certs" "-text") + (delete-region b e) + (insert-buffer-substring smime-details-buffer) + t)) (defun smime-pkcs7-email-region (b e) "Get email addresses contained in certificate between points B and E. A string or a list of strings is returned." - (let ((buffer (get-buffer-create smime-details-buffer))) - (with-current-buffer buffer - (erase-buffer)) - (when (smime-call-openssl-region b e buffer "x509" "-email" "-noout") - (delete-region b e) - (insert-buffer-substring buffer) - t))) + (smime-new-details-buffer) + (when (smime-call-openssl-region + b e smime-details-buffer "x509" "-email" "-noout") + (delete-region b e) + (insert-buffer-substring smime-details-buffer) + t)) + +;; Utility functions + +(defun smime-get-certfiles (keyfile keys) + (if keys + (let ((curkey (car keys)) + (otherkeys (cdr keys))) + (if (string= keyfile (cadr curkey)) + (caddr curkey) + (smime-get-certfiles keyfile otherkeys))))) (defalias 'smime-point-at-eol (if (fboundp 'point-at-eol) -- 2.34.1