From 69cb0fd0c526784841859a8eff7ee207a94384e6 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 29 Jul 2024 18:39:05 +0000 Subject: [PATCH] PKCS7_dataInit and PKCS7_dataFinal compile with some caveats --- crypto/CMakeLists.txt | 2 + crypto/err/pkcs7.errordata | 22 + crypto/pkcs7/internal.h | 17 + crypto/pkcs7/pkcs7.c | 401 +++++++++- crypto/pkcs7/pkcs7_asn1.c | 3 +- crypto/pkcs7/pkcs7_internal_bio_cipher.c | 408 ++++++++++ crypto/pkcs7/pkcs7_internal_bio_md.c | 223 ++++++ crypto/pkcs7/pkcs7_test.cc | 296 +++++++ generated-src/err_data.c | 931 ++++++++++++----------- include/openssl/pkcs7.h | 54 +- test.c | 25 + 11 files changed, 1920 insertions(+), 462 deletions(-) create mode 100644 crypto/pkcs7/pkcs7_internal_bio_cipher.c create mode 100644 crypto/pkcs7/pkcs7_internal_bio_md.c create mode 100644 test.c diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index b2314d263cf..d0cdd2cbbf3 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -462,6 +462,8 @@ add_library( pem/pem_xaux.c pkcs7/pkcs7.c pkcs7/pkcs7_asn1.c + pkcs7/pkcs7_internal_bio_md.c + pkcs7/pkcs7_internal_bio_cipher.c pkcs7/pkcs7_x509.c pkcs8/pkcs8.c pkcs8/pkcs8_x509.c diff --git a/crypto/err/pkcs7.errordata b/crypto/err/pkcs7.errordata index 7080bd948c4..600b8c66390 100644 --- a/crypto/err/pkcs7.errordata +++ b/crypto/err/pkcs7.errordata @@ -1,4 +1,26 @@ PKCS7,100,BAD_PKCS7_VERSION +PKCS7,113,CERTIFICATE_VERIFY_ERROR +PKCS7,123,CIPHER_HAS_NO_OBJECT_IDENTIFIER +PKCS7,106,CIPHER_NOT_INITIALIZED +PKCS7,111,CONTENT_AND_DATA_PRESENT +PKCS7,121,DECRYPT_ERROR +PKCS7,119,ERROR_ADDING_RECIPIENT +PKCS7,118,ERROR_SETTING_CIPHER +PKCS7,104,INVALID_NULL_POINTER PKCS7,101,NOT_PKCS7_SIGNED_DATA PKCS7,102,NO_CERTIFICATES_INCLUDED +PKCS7,105,NO_CONTENT PKCS7,103,NO_CRLS_INCLUDED +PKCS7,112,NO_SIGNATURES_ON_DATA +PKCS7,116,NO_SIGNERS +PKCS7,122,PKCS7_DATASIGN +PKCS7,120,PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE +PKCS7,115,SIGNATURE_FAILURE +PKCS7,117,SIGNER_CERTIFICATE_NOT_FOUND +PKCS7,124,SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE +PKCS7,114,SMIME_TEXT_ERROR +PKCS7,109,UNABLE_TO_FIND_MEM_BIO +PKCS7,108,UNABLE_TO_FIND_MESSAGE_DIGEST +PKCS7,125,UNKNOWN_DIGEST_TYPE +PKCS7,107,UNSUPPORTED_CONTENT_TYPE +PKCS7,110,WRONG_CONTENT_TYPE diff --git a/crypto/pkcs7/internal.h b/crypto/pkcs7/internal.h index 4cdda60d001..e77a81312ce 100644 --- a/crypto/pkcs7/internal.h +++ b/crypto/pkcs7/internal.h @@ -200,6 +200,23 @@ int pkcs7_add_signed_data(CBB *out, const void *arg); +// STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +int PKCS7_is_detached(PKCS7 *p7); +ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); +int PKCS7_type_is_other(const PKCS7 *p7); + +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_cipher(void); + +#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(mdcp)) + +#define BIO_get_cipher_ctx(bio, contents) BIO_ctrl(bio, BIO_C_GET_CIPHER_CTX, 0, \ + (char *)(contents)) + +#define BIO_get_cipher_status(bio, contents) BIO_ctrl(bio, BIO_C_GET_CIPHER_STATUS, 0, \ + (char *)(contents)) + + #if defined(__cplusplus) } // extern C #endif diff --git a/crypto/pkcs7/pkcs7.c b/crypto/pkcs7/pkcs7.c index bc53c3f4954..620c058e58e 100644 --- a/crypto/pkcs7/pkcs7.c +++ b/crypto/pkcs7/pkcs7.c @@ -20,12 +20,13 @@ #include #include #include +#include #include +#include -#include "../bytestring/internal.h" -#include "../internal.h" #include "internal.h" - +#include "../internal.h" +#include "../bytestring/internal.h" // 1.2.840.113549.1.7.1 static const uint8_t kPKCS7Data[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, @@ -461,6 +462,22 @@ ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid) { return NULL; } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) +{ + switch (OBJ_obj2nid(p7->type)) { + case NID_pkcs7_digest: + if (EVP_MD_nid(md) == NID_undef) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); + return 0; + } + p7->d.digest->md = md; + return 1; + default: + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } +} + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (p7 == NULL || p7->d.ptr == NULL) { OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER); @@ -477,6 +494,18 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { } } + +STACK_OF(PKCS7_RECIP_INFO) *PKCS7_get_recipient_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) { + return NULL; + } else if (PKCS7_type_is_enveloped(p7)) { + return p7->d.enveloped->recipientinfo; + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + return p7->d.signed_and_enveloped->recipientinfo; + } + return NULL; +} + int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { if (!p7i || !x509 || !pkey || !dgst) { @@ -608,3 +637,369 @@ void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) { *penc = ri->key_enc_algor; } } + +static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, + unsigned char *key, int keylen) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ek = NULL; + int ret = 0; + size_t eklen; + + pkey = X509_get0_pubkey(ri->cert); + if (pkey == NULL) + return 0; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) + return 0; + + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) + goto err; + + ek = OPENSSL_malloc(eklen); + if (ek == NULL) + goto err; + + if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) + goto err; + + ASN1_STRING_set0(ri->enc_key, ek, eklen); + ek = NULL; + + ret = 1; + + err: + EVP_PKEY_CTX_free(pctx); + OPENSSL_free(ek); + return ret; + +} + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) +{ + int i; + BIO *out = NULL, *btmp = NULL; + const EVP_CIPHER *evp_cipher = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + X509_ALGOR *xalg = NULL; + PKCS7_RECIP_INFO *ri = NULL; + ASN1_OCTET_STRING *os = NULL; + + if (p7 == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_NO_CONTENT); + return NULL; + } + + i = OBJ_obj2nid(p7->type); + + switch (i) { + case NID_pkcs7_signed: + os = PKCS7_get_octet_string(p7->d.sign->contents); + break; + case NID_pkcs7_signedAndEnveloped: + rsk = p7->d.signed_and_enveloped->recipientinfo; + xalg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; + if (evp_cipher == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED); + goto err; + } + break; + case NID_pkcs7_enveloped: + rsk = p7->d.enveloped->recipientinfo; + xalg = p7->d.enveloped->enc_data->algorithm; + evp_cipher = p7->d.enveloped->enc_data->cipher; + if (evp_cipher == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED); + goto err; + } + break; + case NID_pkcs7_digest: + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; + case NID_pkcs7_data: + break; + default: + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + if (evp_cipher != NULL) { + unsigned char key[EVP_MAX_KEY_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + int keylen, ivlen; + EVP_CIPHER_CTX *ctx; + + if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_BIO_LIB); + goto err; + } + BIO_get_cipher_ctx(btmp, &ctx); + keylen = EVP_CIPHER_key_length(evp_cipher); + ivlen = EVP_CIPHER_iv_length(evp_cipher); + xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_nid(evp_cipher)); + if (ivlen > 0) + RAND_bytes(iv, ivlen); + if (keylen > 0) + RAND_bytes(key, keylen); + + if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1) <= 0) + goto err; + + /* Lets do the pub key stuff :-) */ + for (size_t ii = 0; ii < sk_PKCS7_RECIP_INFO_num(rsk); ii++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, ii); + if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) + goto err; + } + OPENSSL_cleanse(key, keylen); + + if (out == NULL) + out = btmp; + else + BIO_push(out, btmp); + btmp = NULL; + } + + if (bio == NULL) { + if (os && os->length > 0) { + bio = BIO_new_mem_buf(os->data, os->length); + } else { + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; + BIO_set_mem_eof_return(bio, 0); + } + if (bio == NULL) + goto err; + } + if (out) + BIO_push(out, bio); + else + out = bio; + return out; + + err: + BIO_free_all(out); + BIO_free_all(btmp); + return NULL; +} + +static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) +{ + for (;;) { + bio = BIO_find_type(bio, BIO_TYPE_MD); + if (bio == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio, pmd); + if (*pmd == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio = BIO_next(bio); + } + return NULL; +} + +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) +{ + int ret = 0; + int i, j; + BIO *btmp; + PKCS7_SIGNER_INFO *si; + EVP_MD_CTX *mdc, *ctx_tmp; + STACK_OF(X509_ATTRIBUTE) *sk; + STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; + ASN1_OCTET_STRING *os = NULL; + + if (p7 == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_NO_CONTENT); + return 0; + } + + ctx_tmp = EVP_MD_CTX_new(); + if (ctx_tmp == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_EVP_LIB); + return 0; + } + + i = OBJ_obj2nid(p7->type); + + switch (i) { + case NID_pkcs7_data: + os = p7->d.data; + break; + case NID_pkcs7_signedAndEnveloped: + si_sk = p7->d.signed_and_enveloped->signer_info; + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (os == NULL) { + os = ASN1_OCTET_STRING_new(); + if (os == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_ASN1_LIB); + goto err; + } + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } + break; + case NID_pkcs7_enveloped: + os = p7->d.enveloped->enc_data->enc_data; + if (os == NULL) { + os = ASN1_OCTET_STRING_new(); + if (os == NULL) { + OPENSSL_PUT_ERROR(PKCS7, ERR_R_ASN1_LIB); + goto err; + } + p7->d.enveloped->enc_data->enc_data = os; + } + break; + case NID_pkcs7_signed: + si_sk = p7->d.sign->signer_info; + os = PKCS7_get_octet_string(p7->d.sign->contents); + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.sign->contents) && PKCS7_is_detached(p7)) { + ASN1_OCTET_STRING_free(os); + os = NULL; + p7->d.sign->contents->d.data = NULL; + } + break; + + case NID_pkcs7_digest: + os = PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.digest->contents) && PKCS7_is_detached(p7)) { + ASN1_OCTET_STRING_free(os); + os = NULL; + p7->d.digest->contents->d.data = NULL; + } + break; + + default: + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + if (si_sk != NULL) { + for (size_t ii = 0; ii < sk_PKCS7_SIGNER_INFO_num(si_sk); ii++) { + si = sk_PKCS7_SIGNER_INFO_value(si_sk, ii); + if (si->pkey == NULL) + continue; + + j = OBJ_obj2nid(si->digest_alg->algorithm); + + btmp = bio; + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + + /* + * We now have the EVP_MD_CTX, lets do the signing. + */ + if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) + goto err; + + sk = si->auth_attr; + + /* TODO [childw] we don't currently sign attributes like OSSL does + * https://github.com/openssl/openssl/blob/2f33265039cdbd0e4589c80970e02e208f3f94d2/crypto/pkcs7/pk7_doit.c#L687 + */ + if (sk_X509_ATTRIBUTE_num(sk) > 0) { + OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_PKCS7_DATASIGN); + goto err; + } + unsigned char *abuf = NULL; + unsigned int abuflen = EVP_PKEY_size(si->pkey); + + if (abuflen == 0 || (abuf = OPENSSL_malloc(abuflen)) == NULL) + goto err; + + if (!EVP_SignInit_ex(ctx_tmp, ctx_tmp->digest, NULL) || + !EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) { + OPENSSL_free(abuf); + OPENSSL_PUT_ERROR(PKCS7, ERR_R_EVP_LIB); + goto err; + } + ASN1_STRING_set0(si->enc_digest, abuf, abuflen); + } + } else if (i == NID_pkcs7_digest) { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + EVP_MD_nid(p7->d.digest->md))) + goto err; + if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) + goto err; + if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len)) + goto err; + } + + if (!PKCS7_is_detached(p7) && os == NULL) { + goto err; + } + ret = 1; + err: + EVP_MD_CTX_free(ctx_tmp); + return ret; +} + +int PKCS7_is_detached(PKCS7 *p7) { + if (PKCS7_type_is_signed(p7)) { + return (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL); + } + return 0; +} + +ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) +{ + if (PKCS7_type_is_data(p7)) + return p7->d.data; + if (PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; +} + +int PKCS7_type_is_other(const PKCS7 *p7) { + GUARD_PTR(p7); + switch(OBJ_obj2nid(p7->type)) { + case NID_pkcs7_data: + case NID_pkcs7_signed: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_digest: + case NID_pkcs7_encrypted: + return 0; + default: + return 1; + } +} diff --git a/crypto/pkcs7/pkcs7_asn1.c b/crypto/pkcs7/pkcs7_asn1.c index 2d75870395c..736b439407b 100644 --- a/crypto/pkcs7/pkcs7_asn1.c +++ b/crypto/pkcs7/pkcs7_asn1.c @@ -172,11 +172,10 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) ASN1_SEQUENCE(PKCS7_DIGEST) = { ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), + ASN1_SIMPLE(PKCS7_DIGEST, digest_alg, X509_ALGOR), ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)} ASN1_SEQUENCE_END(PKCS7_DIGEST) - IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) ASN1_SEQUENCE(PKCS7_ENVELOPE) = { diff --git a/crypto/pkcs7/pkcs7_internal_bio_cipher.c b/crypto/pkcs7/pkcs7_internal_bio_cipher.c new file mode 100644 index 00000000000..e99fa1518ee --- /dev/null +++ b/crypto/pkcs7/pkcs7_internal_bio_cipher.c @@ -0,0 +1,408 @@ +/* + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define OPENSSL_SUPPRESS_DEPRECATED /* for BIO_get_callback */ + +#include +#include +#include +#include +#include +#include +#include "../crypto/bio/internal.h" +#include "../internal.h" +#include "./internal.h" + +static int enc_write(BIO *h, const char *buf, int num); +static int enc_read(BIO *h, char *buf, int size); +static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int enc_new(BIO *h); +static int enc_free(BIO *data); +static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb fps); +#define ENC_BLOCK_SIZE (1024*4) +#define ENC_MIN_CHUNK (256) +#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) + +typedef struct enc_struct { + int buf_len; + int buf_off; + int cont; /* <= 0 when finished */ + int finished; + int ok; /* bad decrypt */ + EVP_CIPHER_CTX *cipher; + unsigned char *read_start, *read_end; + /* + * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return + * up to a block more data than is presented to it + */ + unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; +} BIO_ENC_CTX; + +static const BIO_METHOD methods_enc = { + BIO_TYPE_CIPHER, + "cipher", + enc_write, + enc_read, + NULL, /* enc_puts, */ + NULL, /* enc_gets, */ + enc_ctrl, + enc_new, + enc_free, + enc_callback_ctrl, +}; + +const BIO_METHOD *BIO_f_cipher(void) +{ + return &methods_enc; +} + +static int enc_new(BIO *bi) +{ + BIO_ENC_CTX *ctx; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) + return 0; + + ctx->cipher = EVP_CIPHER_CTX_new(); + if (ctx->cipher == NULL) { + OPENSSL_free(ctx); + return 0; + } + ctx->cont = 1; + ctx->ok = 1; + ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); + BIO_set_data(bi, ctx); + BIO_set_init(bi, 1); + + return 1; +} + +static int enc_free(BIO *a) +{ + BIO_ENC_CTX *b; + + if (a == NULL) + return 0; + + b = BIO_get_data(a); + if (b == NULL) + return 0; + + EVP_CIPHER_CTX_free(b->cipher); + OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; +} + +static int enc_read(BIO *b, char *out, int outl) +{ + int ret = 0, i, blocksize; + BIO_ENC_CTX *ctx; + BIO *next; + + if (out == NULL) + return 0; + ctx = BIO_get_data(b); + + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; + + /* First check if there are bytes decoded/encoded */ + if (ctx->buf_len > 0) { + i = ctx->buf_len - ctx->buf_off; + if (i > outl) + i = outl; + OPENSSL_memcpy(out, &(ctx->buf[ctx->buf_off]), i); + ret = i; + out += i; + outl -= i; + ctx->buf_off += i; + if (ctx->buf_len == ctx->buf_off) { + ctx->buf_len = 0; + ctx->buf_off = 0; + } + } + + blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); + + if (blocksize == 0) + return 0; + + if (blocksize == 1) + blocksize = 0; + + /* + * At this point, we have room of outl bytes and an empty buffer, so we + * should read in some more. + */ + + while (outl > 0) { + if (ctx->cont <= 0) + break; + + if (ctx->read_start == ctx->read_end) { /* time to read more data */ + ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); + i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); + if (i > 0) + ctx->read_end += i; + } else { + i = ctx->read_end - ctx->read_start; + } + + if (i <= 0) { + /* Should be continue next time we are called? */ + if (!BIO_should_retry(next)) { + ctx->cont = i; + i = EVP_CipherFinal_ex(ctx->cipher, + ctx->buf, &(ctx->buf_len)); + ctx->ok = i; + ctx->buf_off = 0; + } else { + ret = (ret == 0) ? i : ret; + break; + } + } else { + if (outl > ENC_MIN_CHUNK) { + /* + * Depending on flags block cipher decrypt can write + * one extra block and then back off, i.e. output buffer + * has to accommodate extra block... + */ + int j = outl - blocksize, buf_len; + + if (!EVP_CipherUpdate(ctx->cipher, + (unsigned char *)out, &buf_len, + ctx->read_start, i > j ? j : i)) { + BIO_clear_retry_flags(b); + return 0; + } + ret += buf_len; + out += buf_len; + outl -= buf_len; + + if ((i -= j) <= 0) { + ctx->read_start = ctx->read_end; + continue; + } + ctx->read_start += j; + } + if (i > ENC_MIN_CHUNK) + i = ENC_MIN_CHUNK; + if (!EVP_CipherUpdate(ctx->cipher, + ctx->buf, &ctx->buf_len, + ctx->read_start, i)) { + BIO_clear_retry_flags(b); + ctx->ok = 0; + return 0; + } + ctx->read_start += i; + ctx->cont = 1; + /* + * Note: it is possible for EVP_CipherUpdate to decrypt zero + * bytes because this is or looks like the final block: if this + * happens we should retry and either read more data or decrypt + * the final block + */ + if (ctx->buf_len == 0) + continue; + } + + if (ctx->buf_len <= outl) + i = ctx->buf_len; + else + i = outl; + if (i <= 0) + break; + OPENSSL_memcpy(out, ctx->buf, i); + ret += i; + ctx->buf_off = i; + outl -= i; + out += i; + } + + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return ((ret == 0) ? ctx->cont : ret); +} + +static int enc_write(BIO *b, const char *in, int inl) +{ + int ret = 0, n, i; + BIO_ENC_CTX *ctx; + BIO *next; + + ctx = BIO_get_data(b); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; + + ret = inl; + + BIO_clear_retry_flags(b); + n = ctx->buf_len - ctx->buf_off; + while (n > 0) { + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + return i; + } + ctx->buf_off += i; + n -= i; + } + /* at this point all pending data has been written */ + + if ((in == NULL) || (inl <= 0)) + return 0; + + ctx->buf_off = 0; + while (inl > 0) { + n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; + if (!EVP_CipherUpdate(ctx->cipher, + ctx->buf, &ctx->buf_len, + (const unsigned char *)in, n)) { + BIO_clear_retry_flags(b); + ctx->ok = 0; + return 0; + } + inl -= n; + in += n; + + ctx->buf_off = 0; + n = ctx->buf_len; + while (n > 0) { + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + return (ret == inl) ? i : ret - inl; + } + n -= i; + ctx->buf_off += i; + } + ctx->buf_len = 0; + ctx->buf_off = 0; + } + BIO_copy_next_retry(b); + return ret; +} + +static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + BIO *dbio; + BIO_ENC_CTX *ctx, *dctx; + long ret = 1; + int i; + EVP_CIPHER_CTX **c_ctx; + BIO *next; + int pend; + + ctx = BIO_get_data(b); + next = BIO_next(b); + if (ctx == NULL) + return 0; + + switch (cmd) { + case BIO_CTRL_RESET: + ctx->ok = 1; + ctx->finished = 0; + if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, + EVP_CIPHER_CTX_encrypting(ctx->cipher))) + return 0; + ret = BIO_ctrl(next, cmd, num, ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret = 1; + else + ret = BIO_ctrl(next, cmd, num, ptr); + break; + case BIO_CTRL_WPENDING: + ret = ctx->buf_len - ctx->buf_off; + if (ret <= 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + ret = ctx->buf_len - ctx->buf_off; + if (ret <= 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ + again: + while (ctx->buf_len != ctx->buf_off) { + pend = ctx->buf_len - ctx->buf_off; + i = enc_write(b, NULL, 0); + /* + * i should never be > 0 here because we didn't ask to write any + * new data. We stop if we get an error or we failed to make any + * progress writing pending data. + */ + if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend) + return i; + } + + if (!ctx->finished) { + ctx->finished = 1; + ctx->buf_off = 0; + ret = EVP_CipherFinal_ex(ctx->cipher, + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + ctx->ok = (int)ret; + if (ret <= 0) + break; + + /* push out the bytes */ + goto again; + } + + /* Finally flush the underlying BIO */ + ret = BIO_ctrl(next, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + case BIO_C_GET_CIPHER_STATUS: + ret = (long)ctx->ok; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(next, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + case BIO_C_GET_CIPHER_CTX: + c_ctx = (EVP_CIPHER_CTX **)ptr; + *c_ctx = ctx->cipher; + BIO_set_init(b, 1); + break; + case BIO_CTRL_DUP: + dbio = (BIO *)ptr; + dctx = BIO_get_data(dbio); + dctx->cipher = EVP_CIPHER_CTX_new(); + if (dctx->cipher == NULL) + return 0; + ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); + if (ret) + BIO_set_init(dbio, 1); + break; + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; + } + return ret; +} + +static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb fp) +{ + BIO *next = BIO_next(b); + + if (next == NULL) + return 0; + + return BIO_callback_ctrl(next, cmd, fp); +} diff --git a/crypto/pkcs7/pkcs7_internal_bio_md.c b/crypto/pkcs7/pkcs7_internal_bio_md.c new file mode 100644 index 00000000000..4ef226178ff --- /dev/null +++ b/crypto/pkcs7/pkcs7_internal_bio_md.c @@ -0,0 +1,223 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "../crypto/bio/internal.h" +#include "./internal.h" + +/* + * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest + */ + +static int md_write(BIO *h, char const *buf, int num); +static int md_read(BIO *h, char *buf, int size); +static int md_gets(BIO *h, char *str, int size); +static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int md_new(BIO *h); +static int md_free(BIO *data); +static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb fp); + + +static const BIO_METHOD methods_md = { + BIO_TYPE_MD, + "message digest", + md_write, + md_read, + NULL, /* md_puts, */ + md_gets, + md_ctrl, + md_new, + md_free, + md_callback_ctrl, +}; + +const BIO_METHOD *BIO_f_md(void) +{ + return &methods_md; +} + +static int md_new(BIO *bi) +{ + EVP_MD_CTX *ctx; + + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) + return 0; + + BIO_set_init(bi, 1); + BIO_set_data(bi, ctx); + + return 1; +} + +static int md_free(BIO *a) +{ + if (a == NULL) + return 0; + EVP_MD_CTX_free(BIO_get_data(a)); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; +} + +static int md_read(BIO *b, char *out, int outl) +{ + int ret = 0; + EVP_MD_CTX *ctx; + BIO *next; + + if (out == NULL) + return 0; + + ctx = BIO_get_data(b); + next = BIO_next(b); + + if ((ctx == NULL) || (next == NULL)) + return 0; + + ret = BIO_read(next, out, outl); + if (BIO_get_init(b)) { + if (ret > 0) { + if (EVP_DigestUpdate(ctx, (unsigned char *)out, + (unsigned int)ret) <= 0) + return -1; + } + } + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return ret; +} + +static int md_write(BIO *b, const char *in, int inl) +{ + int ret = 0; + EVP_MD_CTX *ctx; + BIO *next; + + if ((in == NULL) || (inl <= 0)) + return 0; + + ctx = BIO_get_data(b); + next = BIO_next(b); + if ((ctx != NULL) && (next != NULL)) + ret = BIO_write(next, in, inl); + + if (BIO_get_init(b)) { + if (ret > 0) { + if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, + (unsigned int)ret)) { + BIO_clear_retry_flags(b); + return 0; + } + } + } + if (next != NULL) { + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + } + return ret; +} + +static long md_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + EVP_MD_CTX *ctx, *dctx, **pctx; + const EVP_MD **ppmd; + EVP_MD *md; + long ret = 1; + BIO *dbio, *next; + + + ctx = BIO_get_data(b); + next = BIO_next(b); + + switch (cmd) { + case BIO_CTRL_RESET: + if (BIO_get_init(b)) + ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL); + else + ret = 0; + if (ret > 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + case BIO_C_GET_MD: + if (BIO_get_init(b)) { + ppmd = ptr; + *ppmd = EVP_MD_CTX_md(ctx); + } else + ret = 0; + break; + case BIO_C_GET_MD_CTX: + pctx = ptr; + *pctx = ctx; + BIO_set_init(b, 1); + break; + case BIO_C_SET_MD_CTX: + if (BIO_get_init(b)) + BIO_set_data(b, ptr); + else + ret = 0; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(next, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + + case BIO_C_SET_MD: + md = ptr; + ret = EVP_DigestInit_ex(ctx, md, NULL); + if (ret > 0) + BIO_set_init(b, 1); + break; + case BIO_CTRL_DUP: + dbio = ptr; + dctx = BIO_get_data(dbio); + if (!EVP_MD_CTX_copy_ex(dctx, ctx)) + return 0; + BIO_set_init(b, 1); + break; + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; + } + return ret; +} + +static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb fp) +{ + BIO *next; + + next = BIO_next(b); + + if (next == NULL) + return 0; + + return BIO_callback_ctrl(next, cmd, fp); +} + +static int md_gets(BIO *bp, char *buf, int size) +{ + EVP_MD_CTX *ctx; + unsigned int ret; + + ctx = BIO_get_data(bp); + + if (((size_t) size) < EVP_MD_CTX_size(ctx)) + return 0; + + if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) + return -1; + + return (int)ret; +} diff --git a/crypto/pkcs7/pkcs7_test.cc b/crypto/pkcs7/pkcs7_test.cc index 888497893e1..99f7e8c7792 100644 --- a/crypto/pkcs7/pkcs7_test.cc +++ b/crypto/pkcs7/pkcs7_test.cc @@ -414,6 +414,215 @@ static const uint8_t kPKCS7SignedWithSignerInfo[]{ 0x4c, 0x34, 0xbb, 0xb9, }; +static const uint8_t kEnvelopedData[] = { + 0x30, 0x82, 0x09, 0xA2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x03, 0xA0, 0x82, 0x09, 0x93, 0x30, 0x82, 0x09, 0x8F, 0x02, + 0x01, 0x00, 0x31, 0x81, 0xF8, 0x30, 0x81, 0xF5, 0x02, 0x01, 0x00, 0x30, + 0x5E, 0x30, 0x59, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x47, 0x42, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x13, 0x09, 0x42, 0x65, 0x72, 0x6B, 0x73, 0x68, 0x69, 0x72, 0x65, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, + 0x65, 0x77, 0x62, 0x75, 0x72, 0x79, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x13, 0x0E, 0x4D, 0x79, 0x20, 0x43, 0x6F, 0x6D, 0x70, + 0x61, 0x6E, 0x79, 0x20, 0x4C, 0x74, 0x64, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x58, 0x58, 0x02, 0x01, 0x00, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x04, 0x81, 0x80, 0x22, 0x91, 0xBF, 0x5C, 0x0F, 0x7F, 0x68, + 0x0D, 0x8A, 0x4C, 0x1F, 0x32, 0xEE, 0xA8, 0x0E, 0x01, 0xA2, 0x73, 0x69, + 0x3F, 0x1F, 0xA3, 0x62, 0xDA, 0xA5, 0x50, 0x86, 0x89, 0xBF, 0x7D, 0x15, + 0xD3, 0x79, 0xD4, 0xCF, 0x53, 0x0B, 0x9B, 0xB2, 0x07, 0xED, 0x31, 0x6D, + 0x66, 0x12, 0xFA, 0x05, 0x70, 0x1B, 0x74, 0x2D, 0xA2, 0xC2, 0x4E, 0xB6, + 0x29, 0x54, 0xBA, 0xE9, 0x90, 0x8B, 0x04, 0xA7, 0x6C, 0xAA, 0xD0, 0xF7, + 0xC3, 0xD3, 0x76, 0x1E, 0xDC, 0x53, 0x11, 0x6E, 0x80, 0x75, 0xA3, 0x47, + 0x28, 0xD5, 0x1B, 0xEB, 0x3F, 0x37, 0xC9, 0xAA, 0xCD, 0x40, 0x6C, 0xC1, + 0xEB, 0xB9, 0x65, 0x66, 0x37, 0x82, 0x2D, 0xE8, 0xA9, 0x3F, 0xB4, 0x56, + 0x22, 0xF0, 0x59, 0x71, 0x5D, 0x0E, 0xA2, 0xA0, 0xA0, 0x2D, 0xCA, 0x59, + 0x92, 0x96, 0x6A, 0xCE, 0xB9, 0xB3, 0xE4, 0xC8, 0xF1, 0x4C, 0x29, 0x81, + 0xFC, 0x30, 0x82, 0x08, 0x8D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x03, 0x07, 0x04, 0x08, 0x8D, 0xAF, 0x67, 0x1A, 0x1B, 0x90, + 0x13, 0x51, 0x80, 0x82, 0x08, 0x68, 0x72, 0xCC, 0x21, 0x7B, 0x93, 0x19, + 0x46, 0x8B, 0xFD, 0x66, 0x8D, 0x60, 0x9C, 0x1D, 0xB9, 0x4B, 0x43, 0xFC, + 0x33, 0x0D, 0xF8, 0xEB, 0x75, 0x5A, 0x39, 0xC6, 0xFE, 0x96, 0x35, 0xF5, + 0x99, 0x79, 0x13, 0xDD, 0xF8, 0xAF, 0x90, 0x1B, 0xF4, 0xA6, 0x52, 0xE5, + 0x99, 0x54, 0xFE, 0x9B, 0xE0, 0x91, 0x81, 0xCC, 0xEE, 0xA7, 0xDA, 0x76, + 0xD7, 0xEB, 0x75, 0x3A, 0xAB, 0x1D, 0x68, 0x84, 0xCD, 0x23, 0x2A, 0xC6, + 0x85, 0x84, 0x95, 0x11, 0x35, 0xB2, 0x14, 0x0F, 0xD8, 0x9F, 0xB7, 0x50, + 0xBA, 0x92, 0xBE, 0x71, 0xD0, 0x9A, 0x54, 0xB2, 0x82, 0xDE, 0x54, 0xFC, + 0x7F, 0x5D, 0xE2, 0x3E, 0xB5, 0x38, 0xD3, 0x09, 0xDB, 0x7A, 0x8E, 0x19, + 0x2A, 0x2D, 0xAF, 0x6E, 0xFF, 0xD7, 0xDE, 0xE5, 0x38, 0x7D, 0x13, 0x19, + 0xC1, 0x29, 0x72, 0x73, 0x31, 0x68, 0xCD, 0xCB, 0xE2, 0x51, 0x85, 0x11, + 0xB4, 0x0E, 0x4C, 0x65, 0xA4, 0xB6, 0x7B, 0xAF, 0xF6, 0xAF, 0x57, 0x8B, + 0x65, 0xC5, 0x25, 0x71, 0x9D, 0x01, 0x0D, 0xCB, 0x83, 0xF8, 0x53, 0x5D, + 0xAF, 0x21, 0x9B, 0x2B, 0x3B, 0x52, 0x59, 0xAD, 0xB2, 0x7B, 0x46, 0x26, + 0x52, 0x29, 0x6E, 0xF8, 0x60, 0x19, 0xAF, 0x90, 0x90, 0x8B, 0x72, 0x31, + 0xA5, 0x1C, 0x43, 0xAA, 0xB4, 0xBE, 0x45, 0x44, 0x19, 0x36, 0x59, 0x5C, + 0x83, 0xC9, 0xC6, 0x67, 0x65, 0x0F, 0xE5, 0x6F, 0x05, 0x8C, 0x7F, 0x99, + 0xE7, 0xAF, 0x0D, 0x27, 0xB7, 0x63, 0xA3, 0x38, 0x82, 0x5F, 0x41, 0x07, + 0xC9, 0xDE, 0x2F, 0xA7, 0xE8, 0x34, 0x2D, 0x11, 0xB6, 0x76, 0x48, 0x46, + 0x5C, 0x87, 0xDF, 0xE2, 0xE7, 0xCE, 0xD9, 0x4D, 0xD0, 0x38, 0x08, 0x02, + 0x20, 0xEB, 0x99, 0x98, 0x6E, 0x58, 0x4A, 0x94, 0x4D, 0xD9, 0x4E, 0xC5, + 0xE9, 0x3F, 0x16, 0xFC, 0x5C, 0x12, 0x84, 0x53, 0xB5, 0xBB, 0xE4, 0x07, + 0x61, 0xDB, 0x80, 0xDE, 0x90, 0x3F, 0xE4, 0xAF, 0x88, 0x0D, 0xF0, 0x9B, + 0x11, 0x90, 0xCC, 0x5B, 0x39, 0xDD, 0xD7, 0x79, 0x53, 0x11, 0x94, 0x25, + 0x2D, 0x25, 0xD5, 0xED, 0xD2, 0xCD, 0x0A, 0xAA, 0x51, 0xDF, 0x42, 0x56, + 0xA4, 0x68, 0x3D, 0xE7, 0xAA, 0xC9, 0x47, 0x49, 0x36, 0x6D, 0x3E, 0xC6, + 0x28, 0x54, 0xD7, 0x85, 0x25, 0x0A, 0xFC, 0xFB, 0x9A, 0x73, 0x9C, 0xBA, + 0x21, 0x59, 0x89, 0xC0, 0xFC, 0x6A, 0x02, 0x48, 0xC7, 0xFB, 0x18, 0xD7, + 0xA4, 0x4D, 0xF6, 0xFC, 0x07, 0x11, 0x1E, 0x2E, 0xFB, 0x2D, 0xAD, 0xE7, + 0x2A, 0x9D, 0x5A, 0x40, 0x42, 0xA8, 0xE6, 0xE1, 0xE0, 0xEC, 0x71, 0x20, + 0xC3, 0x5E, 0xB4, 0x4B, 0x52, 0xD4, 0x7A, 0x72, 0x52, 0xA9, 0xC9, 0x8E, + 0xBA, 0x4E, 0x57, 0x5A, 0xF3, 0x35, 0xC1, 0xDB, 0x14, 0x26, 0x5E, 0x50, + 0x93, 0x89, 0xBD, 0x6B, 0x45, 0x72, 0xA2, 0xF2, 0xCF, 0x9B, 0xF4, 0x6B, + 0x9E, 0xE9, 0x4C, 0xB5, 0x48, 0xD1, 0xBA, 0x0C, 0x49, 0x2D, 0xF6, 0x4A, + 0xDB, 0xB3, 0x62, 0xBC, 0xEA, 0xCB, 0x97, 0xD8, 0x7F, 0x5A, 0x6E, 0x81, + 0x5D, 0x8A, 0xB8, 0x3E, 0x88, 0x4C, 0xE5, 0xDF, 0xB9, 0xCC, 0xF6, 0x2A, + 0xBA, 0x99, 0xF9, 0x8A, 0x92, 0x87, 0xB0, 0x0E, 0xBC, 0x3E, 0xCE, 0xEB, + 0x9C, 0x31, 0x06, 0x4B, 0x75, 0x73, 0x39, 0x0D, 0xF6, 0x86, 0xAB, 0xB8, + 0x91, 0xD9, 0xBA, 0xC4, 0x8D, 0xB3, 0x2D, 0x62, 0xB4, 0xFB, 0xA9, 0x90, + 0x9E, 0xEB, 0x01, 0x3C, 0xED, 0x08, 0x03, 0x1B, 0x63, 0x6B, 0xA0, 0x4F, + 0xCF, 0xCB, 0xD3, 0x32, 0x55, 0xA3, 0x66, 0xD5, 0x99, 0x80, 0x42, 0x0C, + 0xA6, 0x94, 0x0C, 0x85, 0x02, 0x4A, 0x04, 0x44, 0x06, 0xE8, 0x74, 0xD5, + 0xCF, 0xEF, 0xE0, 0x90, 0x57, 0x6C, 0xDA, 0x91, 0x4E, 0xD2, 0xFF, 0x29, + 0x2D, 0xC3, 0x01, 0xCB, 0xDF, 0xBC, 0x9E, 0xA8, 0x73, 0xC0, 0x66, 0x9C, + 0xCA, 0x69, 0xEE, 0xA5, 0x72, 0x73, 0x07, 0xA9, 0x77, 0x82, 0x89, 0xF6, + 0xB7, 0xF7, 0xB6, 0xCC, 0x98, 0xC0, 0x3C, 0xA5, 0x12, 0x09, 0xB1, 0xC8, + 0x42, 0x10, 0xA3, 0x5B, 0x62, 0x4A, 0xF6, 0xD1, 0x8A, 0x4D, 0xB1, 0x78, + 0xD2, 0xE6, 0x0C, 0x50, 0x63, 0x08, 0x3E, 0x1C, 0x6B, 0xEE, 0x3D, 0x6E, + 0xE0, 0xB2, 0x8D, 0x12, 0x12, 0x82, 0x36, 0x19, 0x54, 0xCF, 0xCD, 0x8D, + 0x4A, 0xC7, 0x49, 0xD3, 0x46, 0x0D, 0x41, 0xDC, 0x2E, 0x0C, 0xC5, 0x8D, + 0x09, 0x30, 0x04, 0xF7, 0xF4, 0x93, 0x99, 0x11, 0x85, 0xDD, 0x91, 0xD3, + 0xF4, 0xA5, 0xA6, 0xCF, 0x93, 0x10, 0x10, 0x2A, 0x7F, 0xA4, 0x63, 0x91, + 0x0F, 0xB2, 0xED, 0x39, 0x0B, 0x25, 0x6D, 0x46, 0x22, 0x30, 0x7E, 0x68, + 0x09, 0x83, 0xF5, 0x8C, 0x3F, 0x1E, 0x33, 0xE2, 0xB1, 0x0A, 0x58, 0xEF, + 0xD6, 0x91, 0x4F, 0x7F, 0xEB, 0x19, 0x76, 0x96, 0xE8, 0x02, 0x47, 0x5A, + 0x5C, 0xA7, 0x19, 0x56, 0x72, 0xAA, 0x3A, 0xE3, 0xC1, 0x3F, 0x76, 0x35, + 0x8C, 0x19, 0x0B, 0x09, 0x9C, 0xA4, 0x82, 0x75, 0xE4, 0x55, 0xB1, 0x18, + 0x33, 0xB8, 0x12, 0x76, 0xFB, 0x02, 0x18, 0xAE, 0x76, 0x19, 0xCC, 0x47, + 0xCA, 0x2F, 0xE0, 0x3A, 0x17, 0xCE, 0x22, 0x0C, 0xB0, 0x98, 0x50, 0x77, + 0x07, 0x86, 0x24, 0xE2, 0x60, 0xED, 0x53, 0xCE, 0x16, 0xA4, 0xAE, 0x6C, + 0x56, 0x5A, 0xD9, 0xDA, 0xF6, 0x6E, 0x4D, 0xA0, 0x26, 0x38, 0x76, 0x93, + 0x22, 0x45, 0x4C, 0xBE, 0x4A, 0xB7, 0xD0, 0x5F, 0xE3, 0xA5, 0x5C, 0xB7, + 0x38, 0x5E, 0x2F, 0xF7, 0xF1, 0x1B, 0x10, 0x02, 0x46, 0xBF, 0xAA, 0xEA, + 0x1C, 0xC8, 0x4A, 0x9A, 0xE2, 0x07, 0x3F, 0x9D, 0xF4, 0x08, 0xAB, 0x56, + 0x91, 0x45, 0x1F, 0x1A, 0xFE, 0xEA, 0x42, 0x29, 0x59, 0xD5, 0x08, 0xBA, + 0x37, 0x21, 0x49, 0x25, 0x37, 0xDB, 0xD5, 0xB8, 0x72, 0x10, 0xD2, 0x6D, + 0x8F, 0xC0, 0x35, 0x41, 0x01, 0x48, 0x60, 0x70, 0xF3, 0x32, 0x89, 0x66, + 0x52, 0x84, 0x20, 0xA8, 0xE5, 0xC9, 0xFF, 0xAC, 0x5C, 0xF4, 0x0B, 0x42, + 0xBF, 0x47, 0xD4, 0xD8, 0xB8, 0xA3, 0x2D, 0x43, 0x45, 0x8C, 0x1E, 0x2B, + 0x6A, 0x92, 0x60, 0x82, 0x8E, 0x54, 0x9D, 0x91, 0x3D, 0xF3, 0xE2, 0x2A, + 0x50, 0x04, 0xFB, 0xB5, 0x66, 0xA5, 0xA5, 0xB1, 0x62, 0xB0, 0xE7, 0x57, + 0xE4, 0x3C, 0xB9, 0xF3, 0x68, 0x61, 0xBD, 0xC1, 0x67, 0xFF, 0x50, 0xC3, + 0xA4, 0x84, 0x97, 0xA4, 0x5D, 0x24, 0x80, 0x4F, 0x13, 0x57, 0xFB, 0x30, + 0x90, 0x9E, 0xF3, 0xBA, 0xEF, 0xA1, 0x3B, 0xF6, 0x23, 0xD4, 0x73, 0x5D, + 0x73, 0x01, 0xBA, 0x34, 0x2F, 0x7E, 0xC1, 0x40, 0xA3, 0x69, 0x1A, 0x80, + 0xA1, 0xB0, 0x6D, 0xBC, 0xF4, 0x32, 0x2B, 0xAE, 0xBA, 0x23, 0xC0, 0xB5, + 0xDA, 0x99, 0xD6, 0xD0, 0x07, 0xAE, 0xAA, 0xDC, 0xE7, 0x9D, 0x9B, 0xDE, + 0xD8, 0x1D, 0x3F, 0x6B, 0xCD, 0xC4, 0x09, 0x2D, 0x2D, 0x52, 0x6C, 0x42, + 0x3C, 0xEF, 0x73, 0xBF, 0xD4, 0x4D, 0xC1, 0xC6, 0xA4, 0xCA, 0x79, 0x25, + 0xAE, 0xEA, 0x70, 0xEC, 0x1E, 0x0F, 0x71, 0x71, 0x1A, 0x11, 0xBC, 0x69, + 0xBC, 0x71, 0x3E, 0xFF, 0x33, 0x4B, 0x81, 0xFA, 0xCF, 0x46, 0x08, 0x28, + 0x15, 0xDA, 0x92, 0x21, 0x11, 0x52, 0xF7, 0x14, 0x11, 0x3C, 0x4F, 0x53, + 0xB8, 0xEE, 0xE3, 0x12, 0x1F, 0xAD, 0xCA, 0x1E, 0xF4, 0x78, 0xBA, 0x9C, + 0x7B, 0x68, 0xEA, 0x2A, 0x94, 0x70, 0xC4, 0x8B, 0x59, 0xB2, 0xDD, 0xC0, + 0x05, 0x3E, 0x57, 0x6A, 0xB2, 0x7A, 0xBD, 0xF1, 0xB1, 0xC5, 0xCB, 0x39, + 0xE6, 0xC2, 0x46, 0xEF, 0x18, 0xEF, 0xE7, 0x6C, 0x6E, 0x32, 0x29, 0x18, + 0x80, 0xE6, 0xA0, 0x48, 0xAA, 0x44, 0x4D, 0x17, 0x64, 0x78, 0x4D, 0x5A, + 0x02, 0x62, 0xB0, 0xA5, 0xAF, 0xEF, 0x10, 0x5B, 0xB6, 0x27, 0x83, 0xAA, + 0xD4, 0x08, 0xAF, 0xF8, 0x3D, 0x86, 0x73, 0xB1, 0xB4, 0xE1, 0xC3, 0xAC, + 0x75, 0xCF, 0xBA, 0x3F, 0xE3, 0x7D, 0x10, 0x4B, 0xFB, 0xD2, 0xFD, 0x11, + 0xDC, 0xD0, 0x38, 0xBE, 0x0D, 0xE0, 0x4C, 0x17, 0x0E, 0xDF, 0x0C, 0x70, + 0x9C, 0x96, 0x40, 0x4B, 0xB1, 0xB0, 0x50, 0x93, 0x9C, 0xAE, 0xA0, 0xB5, + 0x70, 0x06, 0x90, 0x91, 0xCE, 0x4D, 0x47, 0x49, 0x54, 0xC7, 0x49, 0x4C, + 0xCE, 0x05, 0x96, 0x0C, 0x34, 0xB9, 0xA8, 0xA5, 0xFE, 0x63, 0x02, 0x14, + 0xEC, 0xA1, 0x10, 0x8B, 0x28, 0x6A, 0x43, 0xBE, 0x2B, 0x91, 0xFE, 0xA1, + 0xC5, 0x0C, 0x9F, 0x7A, 0xC6, 0x81, 0xC6, 0xAC, 0x42, 0x65, 0x99, 0x22, + 0x91, 0xBC, 0x01, 0x1E, 0x50, 0xD9, 0xC2, 0x83, 0xDF, 0xC2, 0x77, 0xEB, + 0x57, 0x85, 0xF8, 0xFF, 0x1C, 0xA8, 0xDD, 0xCA, 0x82, 0xA9, 0xB8, 0x5F, + 0x14, 0x59, 0x47, 0x38, 0x05, 0xE2, 0xB2, 0xCC, 0xF5, 0xE3, 0x0B, 0x13, + 0x3E, 0x1E, 0x17, 0x42, 0xE9, 0xA3, 0xE5, 0x16, 0x52, 0x9F, 0x08, 0xFC, + 0x80, 0x62, 0xB6, 0xC6, 0x8B, 0xBD, 0x1F, 0xDC, 0x0C, 0xAF, 0x0B, 0x99, + 0xD9, 0xE0, 0x13, 0xFF, 0x72, 0xF7, 0x3A, 0xD6, 0xC8, 0xAF, 0xF4, 0xB3, + 0x09, 0xBA, 0x7C, 0x63, 0xDE, 0x53, 0xCF, 0xC1, 0x60, 0x9A, 0xB2, 0x57, + 0xBF, 0x28, 0x0C, 0x54, 0xED, 0x71, 0xBF, 0xBE, 0xCF, 0x03, 0x50, 0xF3, + 0x13, 0xD4, 0x8B, 0x88, 0xBC, 0x81, 0xE9, 0x32, 0xFC, 0x96, 0xCC, 0x45, + 0x43, 0x56, 0x45, 0xD8, 0x3F, 0x09, 0x86, 0x90, 0xDE, 0x20, 0xFA, 0x63, + 0x2F, 0x49, 0x36, 0xBD, 0x3A, 0xE6, 0x0A, 0x01, 0x0D, 0x27, 0xEB, 0x42, + 0x73, 0x49, 0xE0, 0x64, 0xEE, 0x79, 0x66, 0x04, 0x5B, 0xA3, 0x57, 0xDB, + 0x07, 0xF4, 0x54, 0x7E, 0x44, 0xD1, 0x80, 0x42, 0x85, 0xF5, 0x69, 0x89, + 0x62, 0x79, 0x57, 0x51, 0x5A, 0x21, 0xEF, 0xB9, 0x19, 0xD1, 0xC7, 0x3D, + 0x63, 0xE2, 0xAC, 0xB9, 0xE1, 0x19, 0xA7, 0x5C, 0x28, 0x49, 0x3C, 0xB0, + 0x25, 0xBD, 0xED, 0x73, 0xF8, 0xD7, 0x79, 0x11, 0x92, 0x99, 0xC6, 0x96, + 0x7B, 0xAA, 0x5A, 0xD0, 0x37, 0x1F, 0x33, 0x9D, 0x1C, 0xA1, 0x5D, 0x32, + 0xE2, 0x5C, 0x35, 0x79, 0xD9, 0xC4, 0x57, 0x7C, 0xE4, 0x03, 0x5A, 0xF8, + 0xCD, 0x5B, 0x54, 0x07, 0x0F, 0x17, 0xBE, 0xBF, 0x46, 0x29, 0xC3, 0x5F, + 0x59, 0xD9, 0xAA, 0x80, 0x82, 0x4A, 0xB1, 0x0A, 0xDA, 0xAB, 0xA5, 0x82, + 0x78, 0x8C, 0x42, 0x3C, 0xF2, 0x70, 0xEF, 0x4F, 0x3E, 0xFD, 0x11, 0x11, + 0x40, 0x1A, 0x14, 0xA1, 0xB5, 0xC8, 0xE3, 0xE2, 0x5A, 0xB7, 0x0F, 0xF3, + 0x5E, 0x25, 0x7D, 0x4A, 0x3A, 0xE3, 0x2B, 0xD9, 0xC9, 0xE0, 0x7D, 0x58, + 0x2B, 0x23, 0xA3, 0xCB, 0x3D, 0xD2, 0x01, 0xB7, 0x98, 0xAE, 0x07, 0x60, + 0xAD, 0x31, 0xAF, 0x90, 0x44, 0xC2, 0x3C, 0x00, 0x0B, 0x6F, 0xEE, 0x11, + 0x83, 0x51, 0x47, 0xCA, 0x64, 0x8C, 0x7C, 0x3A, 0xAE, 0xC0, 0xEB, 0x01, + 0xEB, 0x73, 0x1D, 0x97, 0xAD, 0xC3, 0x22, 0x42, 0x69, 0x89, 0xC0, 0x3A, + 0x09, 0x8E, 0xB2, 0x93, 0xF2, 0xE0, 0x38, 0x00, 0xD0, 0xCC, 0x48, 0xA9, + 0x8D, 0xC7, 0x4A, 0xAB, 0x34, 0x0E, 0x8E, 0x56, 0xF8, 0x86, 0xC4, 0x19, + 0xC4, 0xDF, 0x37, 0x93, 0x31, 0x89, 0x89, 0x60, 0x74, 0xA9, 0x93, 0x8B, + 0x5D, 0x52, 0xEB, 0x19, 0x73, 0xF8, 0xC5, 0x16, 0x12, 0xD9, 0xB5, 0x05, + 0x07, 0x44, 0xFC, 0xA6, 0x89, 0xF4, 0x2B, 0x9A, 0xAC, 0x67, 0xDA, 0x0A, + 0x29, 0xFF, 0x87, 0x65, 0xA1, 0xCC, 0x62, 0x49, 0xE2, 0xE3, 0x71, 0x1F, + 0xF4, 0x84, 0x40, 0xD2, 0xA7, 0x83, 0x97, 0x81, 0x5F, 0x02, 0xEA, 0x40, + 0x90, 0xBD, 0x25, 0x2E, 0x70, 0x63, 0x80, 0x64, 0x47, 0x73, 0xAA, 0xCC, + 0x07, 0x2E, 0x2A, 0x2F, 0x5F, 0x31, 0x46, 0x34, 0xED, 0x47, 0xD8, 0x6C, + 0x9F, 0x86, 0x7F, 0xA5, 0x88, 0x48, 0x82, 0xA3, 0x26, 0xDD, 0x01, 0x15, + 0x90, 0xAF, 0xDA, 0x3A, 0x04, 0xCE, 0x97, 0x05, 0xC7, 0x74, 0x8C, 0x2E, + 0xF8, 0x7B, 0xF3, 0xC7, 0x46, 0x3F, 0x06, 0x03, 0x1D, 0x09, 0x94, 0xA5, + 0xAE, 0xCA, 0x4F, 0x6D, 0x00, 0x43, 0x82, 0xB9, 0x56, 0xCE, 0xBF, 0x8F, + 0x8D, 0xC8, 0xC4, 0xBC, 0x37, 0xF7, 0x2D, 0x88, 0xFD, 0xC2, 0x1B, 0x51, + 0x24, 0xFE, 0x5C, 0x5D, 0x5C, 0x62, 0x62, 0xA8, 0xBF, 0x4A, 0x90, 0xA4, + 0x1A, 0x1C, 0xB8, 0xED, 0x17, 0xCD, 0x61, 0xF9, 0x24, 0x26, 0xCF, 0xE0, + 0x6E, 0x88, 0xE5, 0x3B, 0xF9, 0x43, 0xBC, 0xCF, 0x28, 0xA3, 0xE5, 0xCF, + 0x8B, 0x6D, 0xB3, 0x00, 0xDE, 0xB2, 0x14, 0xBB, 0xB1, 0xAF, 0xAE, 0x65, + 0x25, 0x92, 0xBB, 0x40, 0x8B, 0xDA, 0x6C, 0x7B, 0xD3, 0x90, 0x42, 0x0D, + 0xC2, 0x6A, 0x67, 0x59, 0xC4, 0x47, 0xF8, 0xCC, 0x1C, 0x15, 0x93, 0xB7, + 0xC8, 0xAB, 0x7A, 0x97, 0x16, 0x3B, 0x9C, 0x95, 0xAE, 0x5B, 0x98, 0x61, + 0xF0, 0xEE, 0xE4, 0xE3, 0xFA, 0x0D, 0xD2, 0x93, 0x5D, 0x1A, 0xDB, 0xF5, + 0xFF, 0x65, 0xE0, 0x5C, 0x53, 0x82, 0x44, 0x44, 0x38, 0x09, 0xC3, 0xE7, + 0x66, 0x6F, 0xEF, 0x5D, 0x42, 0xCB, 0x08, 0x28, 0x7B, 0xA0, 0xFF, 0x91, + 0xCA, 0x49, 0x67, 0xC3, 0x27, 0x9D, 0xBD, 0xF7, 0x92, 0x7D, 0x8E, 0x25, + 0xA6, 0x57, 0x70, 0xC8, 0x70, 0x88, 0xB1, 0x8C, 0x98, 0x99, 0xF6, 0x47, + 0x33, 0x0D, 0xF6, 0xCE, 0xA1, 0xF9, 0x8C, 0x29, 0xD2, 0xC5, 0x90, 0x38, + 0x7C, 0x70, 0x6B, 0x6E, 0x5A, 0xF8, 0x32, 0x3F, 0xF9, 0x8F, 0x21, 0xCB, + 0x50, 0x5E, 0x71, 0x1A, 0xC2, 0x5D, 0x9B, 0x94, 0x6D, 0x0D, 0xFC, 0x09, + 0x59, 0xEE, 0x8D, 0x7A, 0x53, 0xBF, 0x90, 0x93, 0x2C, 0xDF, 0x95, 0x23, + 0x03, 0xA7, 0x61, 0x48, 0xE7, 0xC7, 0x12, 0x4C, 0x3B, 0xDC, 0xCE, 0x4F, + 0x8D, 0xC4, 0x68, 0xD4, 0xEB, 0x58, 0x64, 0x6B, 0xB5, 0xF7, 0x1D, 0x90, + 0x82, 0xE8, 0x48, 0x2E, 0x96, 0x71, 0xB8, 0x0B, 0xCD, 0xB4, 0xBA, 0x4E, + 0xB7, 0xCF, 0x33, 0xDC, 0xFB, 0x6C, 0xC4, 0x0E, 0x85, 0x73, 0x40, 0x46, + 0xA5, 0x05, 0xCF, 0x25, 0x36, 0x30, 0xB5, 0x78, 0x8F, 0x7F, 0x59, 0x63, + 0x7D, 0x47, 0x79, 0x28, 0x5B, 0x0F, 0xA2, 0x13, 0xC9, 0x38, 0x81, 0x09, + 0x01, 0xA1, 0x47, 0x2F, 0x71, 0x93, 0xC2, 0x65, 0x85, 0xB4, 0xAD, 0x5D, + 0x1E, 0x87, 0xCF, 0x42, 0xE9, 0x22, 0x39, 0x36, 0xFA, 0xA4, 0x2E, 0xB2, + 0x2A, 0x53, 0x3F, 0xCC, 0x65, 0x8B, 0x3B, 0x2C, 0xD3, 0x33, 0x8A, 0x8F, + 0x52, 0xFB, 0x94, 0x4B, 0x08, 0x35, 0x51, 0x8F, 0x06, 0xA6, 0x50, 0x9E, + 0xAA, 0x10, 0x89, 0x35, 0x38, 0x9E, 0x36, 0x6C, 0x98, 0xEF, 0x4B, 0xF3, + 0x1B, 0x60, 0x96, 0x72, 0x8B, 0x40, 0xC1, 0x13, 0xDE, 0x55, 0xBA, 0x5A, + 0xE0, 0xC1, 0x16, 0x45, 0x71, 0xDF, 0xF5, 0xFB, 0x78, 0x31, 0xAC, 0x1B, + 0xAA, 0x7D, 0x89, 0xE3, 0xC8, 0x96, 0xE1, 0x98, 0x21, 0xF3, 0x6B, 0xC5, + 0x1C, 0xD6, 0x1C, 0x19, 0x18, 0xCA, 0x44, 0x9A, 0x8B, 0xCE, 0x9E, 0x15, + 0x06, 0x7F, 0xEA, 0xA5, 0x16, 0x97, 0xF9, 0xA5, 0x84, 0xB1, 0xD5, 0xEA, + 0xE2, 0xC8, 0x51, 0x80, 0x53, 0x80, 0x38, 0xAC, 0x90, 0x34, 0xC7, 0xB1, + 0x19, 0x9C, 0x9D, 0xF5, 0xA9, 0xA4, 0x6E, 0x5A, 0xA3, 0x10, 0xE3, 0x84, + 0xCF, 0x3C, 0x4F, 0x51, 0xD9, 0xAD, 0xF2, 0x4F, 0x90, 0x12, 0x6F, 0x89, + 0x0B, 0xCD, 0x0D, 0x47, 0x6B, 0x2F, 0xD6, 0x6C, 0x3C, 0xD0, 0xFA, 0x94, + 0xFE, 0x18, 0xAC, 0xE7, 0x35, 0x09, 0xD4, 0x08, 0xF8, 0xB7, 0x39, 0x05, + 0x7E, 0x2E, 0x23, 0xCB, 0x69, 0xCF, 0x36, 0xF5, 0x52, 0xA6, 0x35, 0xA2, + 0x00, 0x8E, 0x9C, 0xA5, 0x9B, 0x1B, 0x76, 0x17, 0x61, 0xF6, 0x26, 0xB2, + 0x8A, 0x3E, 0x18, 0x75, 0x08, 0x37, 0x1C, 0x1D, 0xB4, 0xFB, 0x52, 0xBD, + 0x55, 0xC1, 0x67, 0x4E, 0x60, 0x6A, 0x2C, 0xA8, 0x81, 0x6C, 0x6D, 0xA8, + 0xE2, 0x85, 0xF6, 0xA0, 0xD3, 0xC4, 0xF5, 0x5A, 0xF7, 0x1F, 0xD6, 0x3C, + 0x61, 0xA5, 0x68, 0x79, 0x45, 0x3E, 0x2A, 0x2A, 0xA8, 0xE6, +}; + // kOpenSSLCRL is the Equifax CRL, converted to PKCS#7 form by: // openssl crl2pkcs7 -inform DER -in secureca.crl static const uint8_t kOpenSSLCRL[] = { @@ -1359,3 +1568,90 @@ TEST(PKCS7Test, GettersSetters) { ASSERT_TRUE(penc); EXPECT_TRUE(PKCS7_add_recipient_info(p7.get(), p7ri)); } + +TEST(PKCS7Test, BIO) { + bssl::UniquePtr p7; + bssl::UniquePtr bio; + bssl::UniquePtr certs; + bssl::UniquePtr rsa_x509; + const uint8_t *p7_der; + size_t p7_der_len; + const uint8_t *p7_ptr; + + p7_der = kPKCS7SignedWithSignerInfo; + p7_der_len = sizeof(kPKCS7SignedWithSignerInfo); + p7_ptr = p7_der; + p7.reset(d2i_PKCS7(nullptr, &p7_ptr, p7_der_len)); + ASSERT_TRUE(p7); + EXPECT_TRUE(PKCS7_type_is_signed(p7.get())); + bio.reset(PKCS7_dataInit(p7.get(), NULL)); + EXPECT_TRUE(bio); + EXPECT_TRUE(PKCS7_dataFinal(p7.get(), bio.get())); + + // parse a cert for use with recipient infos + certs.reset(sk_X509_new_null()); + bio.reset(BIO_new_mem_buf(kPEMCert, strlen(kPEMCert))); + ASSERT_TRUE(bio); + certs.reset(sk_X509_new_null()); + ASSERT_TRUE(certs); + ASSERT_TRUE(PKCS7_get_PEM_certificates(certs.get(), bio.get())); + ASSERT_EQ(1U, sk_X509_num(certs.get())); + rsa_x509.reset(sk_X509_pop(certs.get())); + + p7_der = kEnvelopedData; + p7_der_len = sizeof(kEnvelopedData); + p7_ptr = p7_der; + p7.reset(d2i_PKCS7(nullptr, &p7_ptr, p7_der_len)); + ASSERT_TRUE(p7); + EXPECT_TRUE(PKCS7_type_is_enveloped(p7.get())); + // need to initialize cipher for enveloped data + EXPECT_TRUE(PKCS7_set_cipher(p7.get(), EVP_aes_128_gcm())); + // attach a (non-serialized, unrelated) cert to the RECIP_INFO + STACK_OF(PKCS7_RECIP_INFO) *p7ri_sk = PKCS7_get_recipient_info(p7.get()); + PKCS7_RECIP_INFO *p7ri = sk_PKCS7_RECIP_INFO_value(p7ri_sk, 0); + ASSERT_TRUE(p7ri); + EXPECT_TRUE(PKCS7_RECIP_INFO_set(p7ri, rsa_x509.get())); + // how to add cert to p7? + bio.reset(PKCS7_dataInit(p7.get(), NULL)); + //EXPECT_TRUE(bio); + EXPECT_TRUE(PKCS7_dataFinal(p7.get(), bio.get())); + + p7.reset(PKCS7_new()); + ASSERT_TRUE(p7); + ASSERT_TRUE(PKCS7_set_type(p7.get(), NID_pkcs7_signedAndEnveloped)); + ASSERT_TRUE(PKCS7_set_cipher(p7.get(), EVP_aes_128_gcm())); + bio.reset(PKCS7_dataInit(p7.get(), NULL)); + EXPECT_TRUE(bio); + EXPECT_TRUE(PKCS7_dataFinal(p7.get(), bio.get())); + + p7.reset(PKCS7_new()); + ASSERT_TRUE(p7); + ASSERT_TRUE(PKCS7_set_type(p7.get(), NID_pkcs7_digest)); + ASSERT_TRUE(PKCS7_set_digest(p7.get(), EVP_sha256())); + bio.reset(PKCS7_dataInit(p7.get(), NULL)); + EXPECT_TRUE(bio); + // TODO [childw] + //EXPECT_TRUE(PKCS7_dataFinal(p7.get(), bio.get())); + EXPECT_FALSE(PKCS7_dataFinal(p7.get(), bio.get())); + + p7.reset(PKCS7_new()); + ASSERT_TRUE(p7); + ASSERT_TRUE(PKCS7_set_type(p7.get(), NID_pkcs7_data)); + bio.reset(PKCS7_dataInit(p7.get(), NULL)); + EXPECT_TRUE(bio); + EXPECT_TRUE(PKCS7_dataFinal(p7.get(), bio.get())); + + p7.reset(PKCS7_new()); + ASSERT_TRUE(p7); + ASSERT_TRUE(PKCS7_set_type(p7.get(), NID_pkcs7_enveloped)); + bio.reset(PKCS7_dataInit(p7.get(), NULL)); + //EXPECT_TRUE(bio); + EXPECT_TRUE(PKCS7_dataFinal(p7.get(), bio.get())); + + // NID_pkcs7_encrypted not supported, not needed by ruby + p7.reset(PKCS7_new()); + ASSERT_TRUE(p7); + ASSERT_TRUE(PKCS7_set_type(p7.get(), NID_pkcs7_encrypted)); + EXPECT_FALSE(PKCS7_dataInit(p7.get(), bio.get())); + EXPECT_FALSE(PKCS7_dataFinal(p7.get(), bio.get())); +} diff --git a/generated-src/err_data.c b/generated-src/err_data.c index 96bca7dba62..05b50dede70 100644 --- a/generated-src/err_data.c +++ b/generated-src/err_data.c @@ -76,54 +76,54 @@ const uint32_t kOpenSSLReasonValues[] = { 0xc3b00f7, 0xc3b8921, 0x10320892, - 0x10329a2b, - 0x10331a37, - 0x10339a50, - 0x10341a63, + 0x10329b93, + 0x10331b9f, + 0x10339bb8, + 0x10341bcb, 0x10349064, 0x10350db0, - 0x10359a76, - 0x10361aa0, - 0x10369ab3, - 0x10371ad2, - 0x10379aeb, - 0x10381b00, - 0x10389b1e, - 0x10391b2d, - 0x10399b49, - 0x103a1b64, - 0x103a9b73, - 0x103b1b8f, - 0x103b9baa, - 0x103c1bd0, + 0x10359bde, + 0x10361c08, + 0x10369c1b, + 0x10371c3a, + 0x10379c53, + 0x10381c68, + 0x10389c86, + 0x10391c95, + 0x10399cb1, + 0x103a1ccc, + 0x103a9cdb, + 0x103b1cf7, + 0x103b9d12, + 0x103c1d38, 0x103c80f7, - 0x103d1be1, - 0x103d9bf5, - 0x103e1c14, - 0x103e9c23, - 0x103f1c3a, - 0x103f9c4d, + 0x103d1d49, + 0x103d9d5d, + 0x103e1d7c, + 0x103e9d8b, + 0x103f1da2, + 0x103f9db5, 0x10400d74, - 0x10409c60, - 0x10411c7e, - 0x10419c91, - 0x10421cab, - 0x10429cbb, - 0x10431ccf, - 0x10439ce5, - 0x10441cfd, - 0x10449d12, - 0x10451d26, - 0x10459d38, + 0x10409dc8, + 0x10411de6, + 0x10419df9, + 0x10421e13, + 0x10429e23, + 0x10431e37, + 0x10439e4d, + 0x10441e65, + 0x10449e7a, + 0x10451e8e, + 0x10459ea0, 0x10460635, 0x1046899a, - 0x10471d4d, - 0x10479d64, - 0x10481d79, - 0x10489d87, + 0x10471eb5, + 0x10479ecc, + 0x10481ee1, + 0x10489eef, 0x10490fb0, - 0x10499bc1, - 0x104a1a8b, + 0x10499d29, + 0x104a1bf3, 0x107c1072, 0x14320d38, 0x14328d65, @@ -203,52 +203,52 @@ const uint32_t kOpenSSLReasonValues[] = { 0x283500f7, 0x28358d52, 0x2836099a, - 0x2c3237b6, + 0x2c32391e, 0x2c32975c, - 0x2c3337c4, - 0x2c33b7d6, - 0x2c3437ea, - 0x2c34b7fc, - 0x2c353817, - 0x2c35b829, - 0x2c363859, + 0x2c33392c, + 0x2c33b93e, + 0x2c343952, + 0x2c34b964, + 0x2c35397f, + 0x2c35b991, + 0x2c3639c1, 0x2c36833a, - 0x2c373866, - 0x2c37b892, - 0x2c3838d0, - 0x2c38b8e7, - 0x2c393905, - 0x2c39b915, - 0x2c3a3927, - 0x2c3ab93b, - 0x2c3b394c, - 0x2c3bb96b, - 0x2c3c176e, - 0x2c3c9784, - 0x2c3d39b0, - 0x2c3d979d, - 0x2c3e39da, - 0x2c3eb9e8, - 0x2c3f3a00, - 0x2c3fba18, - 0x2c403a42, + 0x2c3739ce, + 0x2c37b9fa, + 0x2c383a38, + 0x2c38ba4f, + 0x2c393a6d, + 0x2c39ba7d, + 0x2c3a3a8f, + 0x2c3abaa3, + 0x2c3b3ab4, + 0x2c3bbad3, + 0x2c3c180d, + 0x2c3c9823, + 0x2c3d3b18, + 0x2c3d9847, + 0x2c3e3b42, + 0x2c3ebb50, + 0x2c3f3b68, + 0x2c3fbb80, + 0x2c403baa, 0x2c4093fd, - 0x2c413a53, - 0x2c41ba79, + 0x2c413bbb, + 0x2c41bbe1, 0x2c421382, - 0x2c42ba8a, + 0x2c42bbf2, 0x2c43076d, - 0x2c43b95d, - 0x2c4438a5, - 0x2c44ba25, - 0x2c45383c, - 0x2c45b878, - 0x2c4638f5, - 0x2c46b97f, - 0x2c473994, - 0x2c47b9cd, - 0x2c4838b7, - 0x2c48ba66, + 0x2c43bac5, + 0x2c443a0d, + 0x2c44bb8d, + 0x2c4539a4, + 0x2c45b9e0, + 0x2c463a5d, + 0x2c46bae7, + 0x2c473afc, + 0x2c47bb35, + 0x2c483a1f, + 0x2c48bbce, 0x30320000, 0x30328015, 0x3033001f, @@ -388,269 +388,269 @@ const uint32_t kOpenSSLReasonValues[] = { 0x3c418ea4, 0x3c420fb0, 0x3c428f3a, - 0x40321e19, - 0x40329e2f, - 0x40331e5d, - 0x40339e67, - 0x40341e7e, - 0x40349e9c, - 0x40351eac, - 0x40359ebe, - 0x40361ecb, - 0x40369ed7, - 0x40371eec, - 0x40379f25, - 0x40381f30, - 0x40389f42, + 0x40321f81, + 0x40329f97, + 0x40331fc5, + 0x40339fcf, + 0x40341fe6, + 0x4034a004, + 0x40352014, + 0x4035a026, + 0x40362033, + 0x4036a03f, + 0x40372054, + 0x4037a08d, + 0x40382098, + 0x4038a0aa, 0x40391064, - 0x40399f52, - 0x403a1f65, - 0x403a9f86, - 0x403b1f97, - 0x403b9fa7, + 0x4039a0ba, + 0x403a20cd, + 0x403aa0ee, + 0x403b20ff, + 0x403ba10f, 0x403c0071, 0x403c8090, - 0x403d2008, - 0x403da01e, - 0x403e202d, - 0x403ea065, - 0x403f207f, - 0x403fa0a7, - 0x404020bc, - 0x4040a0d0, - 0x4041210b, - 0x4041a126, - 0x4042213f, - 0x4042a152, - 0x40432166, - 0x4043a194, - 0x404421ab, + 0x403d2170, + 0x403da186, + 0x403e2195, + 0x403ea1cd, + 0x403f21e7, + 0x403fa20f, + 0x40402224, + 0x4040a238, + 0x40412273, + 0x4041a28e, + 0x404222a7, + 0x4042a2ba, + 0x404322ce, + 0x4043a2fc, + 0x40442313, 0x404480b9, - 0x404521c0, - 0x4045a1d2, - 0x404621f6, - 0x4046a216, - 0x40472224, - 0x4047a24b, - 0x404822bc, - 0x4048a376, - 0x4049238d, - 0x4049a3a7, - 0x404a23be, - 0x404aa3dc, - 0x404b23f4, - 0x404ba421, - 0x404c2437, - 0x404ca449, - 0x404d246a, - 0x404da4a3, - 0x404e24b7, - 0x404ea4c4, - 0x404f2575, - 0x404fa5eb, - 0x4050265a, - 0x4050a66e, - 0x405126a1, - 0x405226b1, - 0x4052a6d5, - 0x405326ed, - 0x4053a700, - 0x40542715, - 0x4054a738, - 0x40552763, - 0x4055a7a0, - 0x405627c5, - 0x4056a7de, - 0x405727f6, - 0x4057a809, - 0x4058281e, - 0x4058a845, - 0x40592874, - 0x4059a8a1, - 0x405aa8b5, - 0x405b28cd, - 0x405ba8de, - 0x405c28f1, - 0x405ca930, - 0x405d293d, - 0x405da962, - 0x405e29a0, + 0x40452328, + 0x4045a33a, + 0x4046235e, + 0x4046a37e, + 0x4047238c, + 0x4047a3b3, + 0x40482424, + 0x4048a4de, + 0x404924f5, + 0x4049a50f, + 0x404a2526, + 0x404aa544, + 0x404b255c, + 0x404ba589, + 0x404c259f, + 0x404ca5b1, + 0x404d25d2, + 0x404da60b, + 0x404e261f, + 0x404ea62c, + 0x404f26dd, + 0x404fa753, + 0x405027c2, + 0x4050a7d6, + 0x40512809, + 0x40522819, + 0x4052a83d, + 0x40532855, + 0x4053a868, + 0x4054287d, + 0x4054a8a0, + 0x405528cb, + 0x4055a908, + 0x4056292d, + 0x4056a946, + 0x4057295e, + 0x4057a971, + 0x40582986, + 0x4058a9ad, + 0x405929dc, + 0x4059aa09, + 0x405aaa1d, + 0x405b2a35, + 0x405baa46, + 0x405c2a59, + 0x405caa98, + 0x405d2aa5, + 0x405daaca, + 0x405e2b08, 0x405e8b2d, - 0x405f29c1, - 0x405fa9ce, - 0x406029dc, - 0x4060a9fe, - 0x40612a5f, - 0x4061aa97, - 0x40622aae, - 0x4062aabf, - 0x40632b0c, - 0x4063ab21, - 0x40642b38, - 0x4064ab64, - 0x40652b7f, - 0x4065ab96, - 0x40662bae, - 0x4066abd8, - 0x40672c03, - 0x4067ad06, - 0x40682d4e, - 0x4068ad6f, - 0x40692da1, - 0x4069adcf, - 0x406a2df0, - 0x406aae10, - 0x406b2f98, - 0x406bafbb, - 0x406c2fd1, - 0x406cb2db, - 0x406d330a, - 0x406db332, - 0x406e3360, - 0x406eb3ad, - 0x406f3406, - 0x406fb43e, - 0x40703451, - 0x4070b46e, + 0x405f2b29, + 0x405fab36, + 0x40602b44, + 0x4060ab66, + 0x40612bc7, + 0x4061abff, + 0x40622c16, + 0x4062ac27, + 0x40632c74, + 0x4063ac89, + 0x40642ca0, + 0x4064accc, + 0x40652ce7, + 0x4065acfe, + 0x40662d16, + 0x4066ad40, + 0x40672d6b, + 0x4067ae6e, + 0x40682eb6, + 0x4068aed7, + 0x40692f09, + 0x4069af37, + 0x406a2f58, + 0x406aaf78, + 0x406b3100, + 0x406bb123, + 0x406c3139, + 0x406cb443, + 0x406d3472, + 0x406db49a, + 0x406e34c8, + 0x406eb515, + 0x406f356e, + 0x406fb5a6, + 0x407035b9, + 0x4070b5d6, 0x4071084d, - 0x4071b480, - 0x40723493, - 0x4072b4c9, - 0x407334e1, - 0x40739986, - 0x407434f5, - 0x4074b50f, - 0x40753520, - 0x4075b534, - 0x40763542, + 0x4071b5e8, + 0x407235fb, + 0x4072b631, + 0x40733649, + 0x40739aee, + 0x4074365d, + 0x4074b677, + 0x40753688, + 0x4075b69c, + 0x407636aa, 0x40769732, - 0x40773567, - 0x4077b5a7, - 0x407835c2, - 0x4078b5fb, - 0x40793612, - 0x4079b628, - 0x407a3654, - 0x407ab667, - 0x407b367c, - 0x407bb68e, - 0x407c36bf, - 0x407cb6c8, - 0x407d2d8a, - 0x407da613, - 0x407e35d7, - 0x407ea855, - 0x407f2238, - 0x407fa40b, - 0x40802585, - 0x4080a260, - 0x408126c3, - 0x4081a512, - 0x4082334b, - 0x40829fb3, - 0x40832830, - 0x4083ab49, - 0x40842274, - 0x4084a88d, - 0x40852902, - 0x4085aa26, - 0x40862982, - 0x4086a62d, - 0x40873391, - 0x4087aa74, - 0x40881ff1, - 0x4088ad19, - 0x40892040, - 0x40899fcd, - 0x408a3009, - 0x408a9d9e, - 0x408b36a3, - 0x408bb41b, - 0x408c2912, - 0x408c9dd6, - 0x408d235c, - 0x408da2a6, - 0x408e248c, - 0x408ea780, - 0x408f2d2d, - 0x408faa42, - 0x40902c24, - 0x4090a954, - 0x40912ff1, - 0x40919dfc, - 0x4092208d, - 0x4092b3cc, - 0x409334ac, - 0x4093a63e, - 0x40942288, - 0x4094b022, - 0x40952ad0, - 0x4095b634, - 0x40963378, - 0x4096a59e, - 0x40972689, - 0x4097a4db, - 0x409820ed, - 0x4098aae4, - 0x409933e8, - 0x4099a7ad, - 0x409a2746, - 0x409a9dba, - 0x409b22e2, - 0x409ba30d, - 0x409c3589, - 0x409ca335, - 0x409d255a, - 0x409da528, - 0x409e217e, - 0x409ea5d3, - 0x409f25bb, - 0x409fa2d5, - 0x40a025fb, - 0x40a0a4f5, - 0x40a12543, - 0x40fa2cec, - 0x40faac48, - 0x40fb2ccb, - 0x40fbac62, - 0x40fcacaa, - 0x40fd2c83, - 0x40fd9efe, - 0x40fe1f12, - 0x41f42ec3, - 0x41f92f55, - 0x41fe2e48, - 0x41feb0fe, - 0x41ff322c, - 0x42032edc, - 0x42082efe, - 0x4208af3a, - 0x42092e2c, - 0x4209af74, - 0x420a2e83, - 0x420aae63, - 0x420b2ea3, - 0x420baf1c, - 0x420c3248, - 0x420cb032, - 0x420d30e5, - 0x420db11c, - 0x4212314f, - 0x4217320f, - 0x4217b191, - 0x421c31b3, - 0x421f316e, - 0x422132c0, - 0x422631f2, - 0x422b329e, - 0x422bb0c0, - 0x422c3280, - 0x422cb073, - 0x422d304c, - 0x422db25f, - 0x422e309f, - 0x423031ce, - 0x4230b136, + 0x407736cf, + 0x4077b70f, + 0x4078372a, + 0x4078b763, + 0x4079377a, + 0x4079b790, + 0x407a37bc, + 0x407ab7cf, + 0x407b37e4, + 0x407bb7f6, + 0x407c3827, + 0x407cb830, + 0x407d2ef2, + 0x407da77b, + 0x407e373f, + 0x407ea9bd, + 0x407f23a0, + 0x407fa573, + 0x408026ed, + 0x4080a3c8, + 0x4081282b, + 0x4081a67a, + 0x408234b3, + 0x4082a11b, + 0x40832998, + 0x4083acb1, + 0x408423dc, + 0x4084a9f5, + 0x40852a6a, + 0x4085ab8e, + 0x40862aea, + 0x4086a795, + 0x408734f9, + 0x4087abdc, + 0x40882159, + 0x4088ae81, + 0x408921a8, + 0x4089a135, + 0x408a3171, + 0x408a9f06, + 0x408b380b, + 0x408bb583, + 0x408c2a7a, + 0x408c9f3e, + 0x408d24c4, + 0x408da40e, + 0x408e25f4, + 0x408ea8e8, + 0x408f2e95, + 0x408fabaa, + 0x40902d8c, + 0x4090aabc, + 0x40913159, + 0x40919f64, + 0x409221f5, + 0x4092b534, + 0x40933614, + 0x4093a7a6, + 0x409423f0, + 0x4094b18a, + 0x40952c38, + 0x4095b79c, + 0x409634e0, + 0x4096a706, + 0x409727f1, + 0x4097a643, + 0x40982255, + 0x4098ac4c, + 0x40993550, + 0x4099a915, + 0x409a28ae, + 0x409a9f22, + 0x409b244a, + 0x409ba475, + 0x409c36f1, + 0x409ca49d, + 0x409d26c2, + 0x409da690, + 0x409e22e6, + 0x409ea73b, + 0x409f2723, + 0x409fa43d, + 0x40a02763, + 0x40a0a65d, + 0x40a126ab, + 0x40fa2e54, + 0x40faadb0, + 0x40fb2e33, + 0x40fbadca, + 0x40fcae12, + 0x40fd2deb, + 0x40fda066, + 0x40fe207a, + 0x41f4302b, + 0x41f930bd, + 0x41fe2fb0, + 0x41feb266, + 0x41ff3394, + 0x42033044, + 0x42083066, + 0x4208b0a2, + 0x42092f94, + 0x4209b0dc, + 0x420a2feb, + 0x420aafcb, + 0x420b300b, + 0x420bb084, + 0x420c33b0, + 0x420cb19a, + 0x420d324d, + 0x420db284, + 0x421232b7, + 0x42173377, + 0x4217b2f9, + 0x421c331b, + 0x421f32d6, + 0x42213428, + 0x4226335a, + 0x422b3406, + 0x422bb228, + 0x422c33e8, + 0x422cb1db, + 0x422d31b4, + 0x422db3c7, + 0x422e3207, + 0x42303336, + 0x4230b29e, 0x42310b85, 0x44320778, 0x44328787, @@ -670,108 +670,130 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4439885b, 0x443a086e, 0x4832175c, - 0x4832976e, - 0x48331784, - 0x4833979d, - 0x4c3217da, - 0x4c3297ea, - 0x4c3317fd, - 0x4c33981d, + 0x4832980d, + 0x48331823, + 0x48339847, + 0x483417f8, + 0x4834983c, + 0x4835178e, + 0x4835990a, + 0x483618d8, + 0x483698c1, + 0x48371923, + 0x483797a5, + 0x48381858, + 0x48389409, + 0x483918b0, + 0x483995b5, + 0x483a186e, + 0x483a95c7, + 0x483b17e3, + 0x483b97cc, + 0x483c1526, + 0x483c97be, + 0x483d1879, + 0x483d976e, + 0x483e1888, + 0x483e98f6, + 0x4c321962, + 0x4c329972, + 0x4c33176e, + 0x4c339985, 0x4c3400b9, 0x4c3480f7, - 0x4c351829, - 0x4c359837, - 0x4c361853, - 0x4c369879, - 0x4c371888, - 0x4c379896, - 0x4c3818ab, - 0x4c3898b7, - 0x4c3918d7, - 0x4c399901, - 0x4c3a191a, - 0x4c3a9933, + 0x4c351991, + 0x4c35999f, + 0x4c3619bb, + 0x4c3699e1, + 0x4c3719f0, + 0x4c3799fe, + 0x4c381a13, + 0x4c389a1f, + 0x4c391a3f, + 0x4c399a69, + 0x4c3a1a82, + 0x4c3a9a9b, 0x4c3b0635, - 0x4c3b994c, - 0x4c3c195e, - 0x4c3c996d, - 0x4c3d1986, + 0x4c3b9ab4, + 0x4c3c1ac6, + 0x4c3c9ad5, + 0x4c3d1aee, 0x4c3d8d97, - 0x4c3e19f3, - 0x4c3e9995, - 0x4c3f1a15, + 0x4c3e1b5b, + 0x4c3e9afd, + 0x4c3f1b7d, 0x4c3f9732, - 0x4c4019ab, - 0x4c4097c6, - 0x4c4119e3, - 0x4c419866, - 0x4c4219cf, - 0x4c4297ae, - 0x50323a9c, - 0x5032baab, - 0x50333ab6, - 0x5033bac6, - 0x50343adf, - 0x5034baf9, - 0x50353b07, - 0x5035bb1d, - 0x50363b2f, - 0x5036bb45, - 0x50373b5e, - 0x5037bb71, - 0x50383b89, - 0x5038bb9a, - 0x50393baf, - 0x5039bbc3, - 0x503a3be3, - 0x503abbf9, - 0x503b3c11, - 0x503bbc23, - 0x503c3c3f, - 0x503cbc56, - 0x503d3c6f, - 0x503dbc85, - 0x503e3c92, - 0x503ebca8, - 0x503f3cba, + 0x4c401b13, + 0x4c40994e, + 0x4c411b4b, + 0x4c4199ce, + 0x4c421b37, + 0x4c429936, + 0x50323c04, + 0x5032bc13, + 0x50333c1e, + 0x5033bc2e, + 0x50343c47, + 0x5034bc61, + 0x50353c6f, + 0x5035bc85, + 0x50363c97, + 0x5036bcad, + 0x50373cc6, + 0x5037bcd9, + 0x50383cf1, + 0x5038bd02, + 0x50393d17, + 0x5039bd2b, + 0x503a3d4b, + 0x503abd61, + 0x503b3d79, + 0x503bbd8b, + 0x503c3da7, + 0x503cbdbe, + 0x503d3dd7, + 0x503dbded, + 0x503e3dfa, + 0x503ebe10, + 0x503f3e22, 0x503f83b3, - 0x50403ccd, - 0x5040bcdd, - 0x50413cf7, - 0x5041bd06, - 0x50423d20, - 0x5042bd3d, - 0x50433d4d, - 0x5043bd5d, - 0x50443d7a, + 0x50403e35, + 0x5040be45, + 0x50413e5f, + 0x5041be6e, + 0x50423e88, + 0x5042bea5, + 0x50433eb5, + 0x5043bec5, + 0x50443ee2, 0x50448469, - 0x50453d8e, - 0x5045bdac, - 0x50463dbf, - 0x5046bdd5, - 0x50473de7, - 0x5047bdfc, - 0x50483e22, - 0x5048be30, - 0x50493e43, - 0x5049be58, - 0x504a3e6e, - 0x504abe7e, - 0x504b3e9e, - 0x504bbeb1, - 0x504c3ed4, - 0x504cbf02, - 0x504d3f2f, - 0x504dbf4c, - 0x504e3f67, - 0x504ebf83, - 0x504f3f95, - 0x504fbfac, - 0x50503fbb, + 0x50453ef6, + 0x5045bf14, + 0x50463f27, + 0x5046bf3d, + 0x50473f4f, + 0x5047bf64, + 0x50483f8a, + 0x5048bf98, + 0x50493fab, + 0x5049bfc0, + 0x504a3fd6, + 0x504abfe6, + 0x504b4006, + 0x504bc019, + 0x504c403c, + 0x504cc06a, + 0x504d4097, + 0x504dc0b4, + 0x504e40cf, + 0x504ec0eb, + 0x504f40fd, + 0x504fc114, + 0x50504123, 0x50508729, - 0x50513fce, - 0x5051bd6c, - 0x50523f14, + 0x50514136, + 0x5051bed4, + 0x5052407c, 0x583210b7, 0x5c329409, 0x5c331422, @@ -853,21 +875,21 @@ const uint32_t kOpenSSLReasonValues[] = { 0x78478b85, 0x78480b42, 0x7c321398, - 0x80321879, + 0x803219e1, 0x80328090, - 0x80333785, + 0x803338ed, 0x803380b9, - 0x80343794, - 0x8034b6fc, - 0x8035371a, - 0x8035b7a8, - 0x8036375c, - 0x8036b70b, - 0x8037374e, - 0x8037b6e9, - 0x8038376f, - 0x8038b72b, - 0x80393740, + 0x803438fc, + 0x8034b864, + 0x80353882, + 0x8035b910, + 0x803638c4, + 0x8036b873, + 0x803738b6, + 0x8037b851, + 0x803838d7, + 0x8038b893, + 0x803938a8, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -1176,14 +1198,31 @@ const char kOpenSSLReasonStringData[] = "UNSUPPORTED_CIPHER\0" "UNSUPPORTED_ENCRYPTION\0" "BAD_PKCS7_VERSION\0" + "CIPHER_HAS_NO_OBJECT_IDENTIFIER\0" + "CIPHER_NOT_INITIALIZED\0" + "CONTENT_AND_DATA_PRESENT\0" + "DECRYPT_ERROR\0" + "ERROR_ADDING_RECIPIENT\0" + "ERROR_SETTING_CIPHER\0" + "INVALID_NULL_POINTER\0" "NOT_PKCS7_SIGNED_DATA\0" "NO_CERTIFICATES_INCLUDED\0" + "NO_CONTENT\0" "NO_CRLS_INCLUDED\0" + "NO_SIGNATURES_ON_DATA\0" + "NO_SIGNERS\0" + "PKCS7_DATASIGN\0" + "SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE\0" + "SMIME_TEXT_ERROR\0" + "UNABLE_TO_FIND_MEM_BIO\0" + "UNABLE_TO_FIND_MESSAGE_DIGEST\0" + "UNKNOWN_DIGEST_TYPE\0" + "UNSUPPORTED_CONTENT_TYPE\0" + "WRONG_CONTENT_TYPE\0" "AMBIGUOUS_FRIENDLY_NAME\0" "BAD_ITERATION_COUNT\0" "BAD_PKCS12_DATA\0" "BAD_PKCS12_VERSION\0" - "CIPHER_HAS_NO_OBJECT_IDENTIFIER\0" "CRYPT_ERROR\0" "ENCRYPT_ERROR\0" "ERROR_SETTING_CIPHER_PARAMS\0" diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index e3b3f3793bf..2c693fb9fd9 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -200,8 +200,8 @@ OPENSSL_EXPORT int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); // PKCS7_SIGNER_INFO_set attaches the other parameters to |p7i|, returning 1 on // success and 0 on error or if specified parameters are inapplicable to -// signing. Only EC, DH, and RSA |pkey|s are supported. |pkey| is assigned to -// |p7i| and its reference count is incremented. +// signing. Only EC, DH, and RSA |pkey|s are supported. |pkey|'s reference +// count is incremented, but neither |x509|'s nor |dgst|'s is. OPENSSL_EXPORT int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); @@ -219,6 +219,9 @@ OPENSSL_EXPORT int PKCS7_add_crl(PKCS7 *p7, X509_CRL * x509); // |p7| is of an inapplicable type: envelopedData and signedAndEnvelopedData. OPENSSL_EXPORT int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +// TODO [childw] +OPENSSL_EXPORT STACK_OF(PKCS7_RECIP_INFO) *PKCS7_get_recipient_info(PKCS7 *p7); + // PKCS7_add_signer adds |p7i| to |p7|, returning 1 on succes or 0 if // |p7| is of an inapplicable type: signedData and signedAndEnvelopedData. OPENSSL_EXPORT int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); @@ -227,14 +230,17 @@ OPENSSL_EXPORT int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); // returns 1 on success and 0 on failure. OPENSSL_EXPORT int PKCS7_content_new(PKCS7 *p7, int nid); -// PKCS7_set_cipher sets |cipher| on |p7| for applicable types of |p7|. It -// returns 1 on success and 0 on failure or if |p7| is not an applicable type: -// envelopedData and signedAndEnvelopedData. -OPENSSL_EXPORT int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); - // PKCS7_set_content sets |p7_data| as content on |p7| for applicable types of // |p7|: signedData and digestData. |p7_data| may be NULL. It frees any // existing content on |p7|, returning 1 on success and 0 on failure. +OPENSSL_EXPORT int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); + +// TODO [childw] +OPENSSL_EXPORT int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); + +// PKCS7_set_content sets |p7_data| as content on |p7| for applicaple types of +// |p7|. It frees any existing content on |p7|, returning 1 on success and 0 on +// failure. OPENSSL_EXPORT int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); // PKCS7_set_type instantiates |p7| as type |type|. It returns 1 on success and @@ -274,6 +280,10 @@ OPENSSL_EXPORT int PKCS7_type_is_signed(const PKCS7 *p7); OPENSSL_EXPORT int PKCS7_type_is_signedAndEnveloped(const PKCS7 *p7); +// TODO [childw] +OPENSSL_EXPORT BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +OPENSSL_EXPORT int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); + // PKCS7_sign [Deprecated] // // Only |PKCS7_DETACHED| and a combination of @@ -319,6 +329,10 @@ OPENSSL_EXPORT int PKCS7_type_is_signedAndEnveloped(const PKCS7 *p7); #define PKCS7_NOINTERN 0x10 #define PKCS7_NOVERIFY 0x20 + +#define PKCS7_NO_DUAL_CONTENT 0x40 +#define PKCS7_NOCRL 0x80 + // PKCS7_sign can operate in two modes to provide some backwards compatibility: // // The first mode assembles |certs| into a PKCS#7 signed data ContentInfo with @@ -357,9 +371,27 @@ BSSL_NAMESPACE_END #define PKCS7_R_NOT_PKCS7_SIGNED_DATA 101 #define PKCS7_R_NO_CERTIFICATES_INCLUDED 102 #define PKCS7_R_NO_CRLS_INCLUDED 103 -#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 104 -#define PKCS7_R_WRONG_CONTENT_TYPE 105 -#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 106 -#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 107 +#define PKCS7_R_INVALID_NULL_POINTER 104 +#define PKCS7_R_NO_CONTENT 105 +#define PKCS7_R_CIPHER_NOT_INITIALIZED 106 +#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 107 +#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 109 +#define PKCS7_R_WRONG_CONTENT_TYPE 110 +#define PKCS7_R_CONTENT_AND_DATA_PRESENT 111 +#define PKCS7_R_NO_SIGNATURES_ON_DATA 112 +#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 113 +#define PKCS7_R_SMIME_TEXT_ERROR 114 +#define PKCS7_R_SIGNATURE_FAILURE 115 +#define PKCS7_R_NO_SIGNERS 116 +#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 117 +#define PKCS7_R_ERROR_SETTING_CIPHER 118 +#define PKCS7_R_ERROR_ADDING_RECIPIENT 119 +#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define PKCS7_R_DECRYPT_ERROR 121 +#define PKCS7_R_PKCS7_DATASIGN 122 +#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 123 +#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 124 +#define PKCS7_R_UNKNOWN_DIGEST_TYPE 125 #endif // OPENSSL_HEADER_PKCS7_H diff --git a/test.c b/test.c new file mode 100644 index 00000000000..dfae13bce6b --- /dev/null +++ b/test.c @@ -0,0 +1,25 @@ +#include +#include +#include +#include +#include +#include + +// run with gcc test.c -g3 -l:libcrypto.a -L/usr/lib/x86_64-linux-gnu/ -o test && gdb ./test + +int main(int *argc, char **argv) { + PKCS7 *p7 = PKCS7_new(); + BIO *bio = BIO_new(BIO_s_mem()); + + PKCS7_set_type(p7, NID_pkcs7_digest); + PKCS7_set_digest(p7, EVP_sha256()); + + BIO_set_md(bio, EVP_sha256()); + BIO *chain = PKCS7_dataInit(p7, bio); + printf("INIT: %p\n", chain); + BIO_set_md(chain, EVP_sha256()); + int ret = PKCS7_dataFinal(p7, chain); + printf("FINAL: %d\n", ret); + + return 0; +}