From 4e99a5c0b6fa18eb76160d4cb726840aacb45404 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 20 Dec 2025 07:22:43 +0000 Subject: pkcs7: add PKCS7_NO_DUAL_CONTENT flag/behavior What Netscape fucked up just had to be embraced by secure boot and other nonsense. First OpenSSL wanted to be strict (which we inherited) then Rich Salz Postel-ized this and made OpenSSL bypass this check by default and added a flag to be strict 10 years ago. Now sthen found that PHP 8.5 uses/exposes this flag. Follows OpenSSL 6b2ebe43 (2016) ok kenjiro --- src/lib/libcrypto/man/PKCS7_verify.3 | 13 +++++++++++-- src/lib/libcrypto/pkcs7/pk7_smime.c | 23 ++++++++++++++--------- src/lib/libcrypto/pkcs7/pkcs7.h | 3 ++- 3 files changed, 27 insertions(+), 12 deletions(-) (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3 index 6bf932b54b..53b32f738a 100644 --- a/src/lib/libcrypto/man/PKCS7_verify.3 +++ b/src/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS7_verify.3,v 1.12 2025/06/08 22:40:30 schwarze Exp $ +.\" $OpenBSD: PKCS7_verify.3,v 1.13 2025/12/20 07:22:43 tb Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 8 2025 $ +.Dd $Mdocdate: December 20 2025 $ .Dt PKCS7_VERIFY 3 .Os .Sh NAME @@ -125,6 +125,15 @@ is detached, .Fa indata cannot be .Dv NULL . +If the content is not detached and +.Fa indata +is not +.Fa NULL , +then the structure has both embedded and external content. +To treat this as an error, use the flag +.Dv PKCS7_NO_DUAL_CONTENT . +The default behavior allows this, for compatibility with other +implementations. .Pp An attempt is made to locate all the signer's certificates, first looking in the diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index 32f28f0505..9baff7f525 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.28 2025/05/10 05:54:38 tb Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.29 2025/12/20 07:22:43 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -277,14 +277,19 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, return 0; } - /* - * Very old Netscape illegally included empty content with - * a detached signature. Very old users should upgrade. - */ - /* Check for data and content: two sets of data */ - if (!PKCS7_get_detached(p7) && indata) { - PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT); - return 0; + if ((flags & PKCS7_NO_DUAL_CONTENT) != 0) { + /* + * This was originally "#if 0" because we thought that only old + * broken Netscape did this. It turns out that Authenticode + * uses this kind of "extended" PKCS7 format, and things like + * UEFI secure boot and tools like osslsigncode need it. In + * Authenticode the verification process is different, but the + * existing PKCS7 verification works. + */ + if (!PKCS7_get_detached(p7) && indata != NULL) { + PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT); + return 0; + } } sinfos = PKCS7_get_signer_info(p7); diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h index 6f0ccc0dc8..bac461d30d 100644 --- a/src/lib/libcrypto/pkcs7/pkcs7.h +++ b/src/lib/libcrypto/pkcs7/pkcs7.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs7.h,v 1.24 2025/07/02 10:24:17 tb Exp $ */ +/* $OpenBSD: pkcs7.h,v 1.25 2025/12/20 07:22:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -241,6 +241,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_NOCRL 0x2000 #define PKCS7_PARTIAL 0x4000 #define PKCS7_REUSE_DIGEST 0x8000 +#define PKCS7_NO_DUAL_CONTENT 0x10000 /* Flags: for compatibility with older code */ -- cgit v1.2.3-55-g6feb