From 4e99a5c0b6fa18eb76160d4cb726840aacb45404 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 20 Dec 2025 07:22:43 +0000
Subject: pkcs7: add PKCS7_NO_DUAL_CONTENT flag/behavior

What Netscape fucked up just had to be embraced by secure boot and
other nonsense. First OpenSSL wanted to be strict (which we inherited)
then Rich Salz Postel-ized this and made OpenSSL bypass this check by
default and added a flag to be strict 10 years ago.

Now sthen found that PHP 8.5 uses/exposes this flag.

Follows OpenSSL 6b2ebe43 (2016)

ok kenjiro
---
 src/lib/libcrypto/pkcs7/pk7_smime.c | 23 ++++++++++++++---------
 src/lib/libcrypto/pkcs7/pkcs7.h     |  3 ++-
 2 files changed, 16 insertions(+), 10 deletions(-)

(limited to 'src/lib/libcrypto/pkcs7')

diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 32f28f0505..9baff7f525 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.28 2025/05/10 05:54:38 tb Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.29 2025/12/20 07:22:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -277,14 +277,19 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
 		return 0;
 	}
 
-	/*
-	 * Very old Netscape illegally included empty content with
-	 * a detached signature.  Very old users should upgrade.
-	 */
-	/* Check for data and content: two sets of data */
-	if (!PKCS7_get_detached(p7) && indata) {
-		PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT);
-		return 0;
+	if ((flags & PKCS7_NO_DUAL_CONTENT) != 0) {
+		/*
+		 * This was originally "#if 0" because we thought that only old
+		 * broken Netscape did this.  It turns out that Authenticode
+		 * uses this kind of "extended" PKCS7 format, and things like
+		 * UEFI secure boot and tools like osslsigncode need it.  In
+		 * Authenticode the verification process is different, but the
+		 * existing PKCS7 verification works.
+		 */
+		if (!PKCS7_get_detached(p7) && indata != NULL) {
+			PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT);
+			return 0;
+		}
 	}
 
 	sinfos = PKCS7_get_signer_info(p7);
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index 6f0ccc0dc8..bac461d30d 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs7.h,v 1.24 2025/07/02 10:24:17 tb Exp $ */
+/* $OpenBSD: pkcs7.h,v 1.25 2025/12/20 07:22:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -241,6 +241,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_NOCRL		0x2000
 #define PKCS7_PARTIAL		0x4000
 #define PKCS7_REUSE_DIGEST	0x8000
+#define PKCS7_NO_DUAL_CONTENT	0x10000
 
 /* Flags: for compatibility with older code */
 
-- 
cgit v1.2.3-55-g6feb