Skip to content

Add CMS_verify() method. #1393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add CMS_verify() method. #1393

wants to merge 1 commit into from

Conversation

sladecek
Copy link
Contributor

Hi,

I need CMS verification for my project.

I found the method in PR #1034 from Jan 2019 by ur0. The PR contained several other methods and waited for tests to be finished. I submit only the CMS_verify() method. A test for both signing and verification was added.

Regards

Ladislav

sfackler
sfackler reviewed Dec 18, 2020
View reviewed changes
openssl/src/cms.rs Outdated
/// [`CMS_verify`]: https://www.openssl.org/docs/manmaster/man3/CMS_verify.html
pub fn verify(
&mut self,
certs: Option<&Stack<X509>>,
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should take a &StackRef, not &Stack.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to &StackRef.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did a commit not get pushed? I still see &Stack<X509> here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry. Editing error.

sfackler
sfackler reviewed Dec 18, 2020
View reviewed changes
sfackler
sfackler reviewed Dec 18, 2020
View reviewed changes
sfackler
sfackler reviewed Dec 18, 2020
View reviewed changes
sfackler
sfackler reviewed Dec 18, 2020
View reviewed changes
@sladecek
Copy link
Contributor Author

A test fails on one of the architectures. I am working on it.

#0 X509_STORE_get_by_subject (vs=vs@entry=0x7fa5071f6ed0, type=type@entry=1, name=name@entry=0x7fa4a0002220, ret=ret@entry=0x7fa5071f6de0) at x509_lu.c:293
#1 0x0000555b1917440c in X509_STORE_CTX_get1_issuer (issuer=0x7fa5071f6e78, ctx=0x7fa5071f6ed0, x=0x7fa4a0002120) at x509_lu.c:604
#2 0x0000555b191705d9 in X509_verify_cert (ctx=ctx@entry=0x7fa5071f6ed0) at x509_vfy.c:263
#3 0x0000555b1919196f in cms_signerinfo_verify_cert (si=, store=store@entry=0x0, certs=certs@entry=0x7fa4a0004400, crls=crls@entry=0x0, flags=0) at cms_smime.c:282
#4 0x0000555b19192093 in CMS_verify (cms=0x7fa4a0001420, certs=, store=0x0, dcont=0x7fa4a0001cb0, out=0x7fa4a0001dc0, flags=0) at cms_smime.c:344
#5 0x0000555b19072489 in openssl::cms::CmsContentInfo::verify (self=0x7fa5071f7568, certs=..., store=..., indata=..., output_data=..., flags=...) at openssl/src/cms.rs:250
#6 0x0000555b1909811a in openssl::cms::test::cms_sign_verify_error () at openssl/src/cms.rs:420
#7 0x0000555b18fb287a in openssl::cms::test::cms_sign_verify_error::{{closure}} () at openssl/src/cms.rs:394
#8 0x0000555b19035a2e in core::ops::function::FnOnce::call_once<closure,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libcore/ops/function.rs:231
#9 0x0000555b190b68bf in {{closure}} () at src/libtest/lib.rs:1497
#10 call_once<closure,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libcore/ops/function.rs:231
#11 call_box<(),closure> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/liballoc/boxed.rs:749
#12 0x0000555b1922287a in __rust_maybe_catch_panic () at src/libpanic_unwind/lib.rs:87
#13 0x0000555b190d39c8 in try<(),std::panic::AssertUnwindSafe<alloc::boxed::Box<FnBox<()>>>> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/panicking.rs:276
#14 catch_unwind<std::panic::AssertUnwindSafe<alloc::boxed::Box<FnBox<()>>>,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/panic.rs:388
#15 {{closure}} () at src/libtest/lib.rs:1452
#16 0x0000555b190af105 in std::sys_common::backtrace::__rust_begin_short_backtrace () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/sys_common/backtrace.rs:135
#17 0x0000555b190af8a5 in {{closure}}<closure,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/thread/mod.rs:469
#18 call_once<(),closure> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/panic.rs:309
#19 do_call<std::panic::AssertUnwindSafe,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/panicking.rs:297
#20 0x0000555b1922287a in __rust_maybe_catch_panic () at src/libpanic_unwind/lib.rs:87
#21 0x0000555b190b69ed in try<(),std::panic::AssertUnwindSafe> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/panicking.rs:276
#22 catch_unwind<std::panic::AssertUnwindSafe,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/panic.rs:388
#23 {{closure}}<closure,()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/libstd/thread/mod.rs:468
#24 call_box<(),closure> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/liballoc/boxed.rs:749
#25 0x0000555b19221f2e in call_once<(),()> () at /rustc/91856ed52c58aa5ba66a015354d1cc69e9779bdf/src/liballoc/boxed.rs:759
#26 start_thread () at src/libstd/sys_common/thread.rs:14
#27 thread_start () at src/libstd/sys/unix/thread.rs:81
#28 0x00007fa51d5014a4 in ?? ()
#29 0x0000000000000000 in ?? ()

sfackler
sfackler reviewed Dec 25, 2020
View reviewed changes
openssl/src/cms.rs Outdated
/// OpenSSL documentation at [`CMS_verify`]
///
/// [`CMS_verify`]: https://www.openssl.org/docs/manmaster/man3/CMS_verify.html
#[allow(clippy::redundant_clone)]
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is being redundantly cloned?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*out_data = out_bio.get_buf().to_vec().clone();

I believe that the clone is not redundant, because the source object is not released by rust code but by OpenSSL (see the next comment].

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Vec owns its memory. There is no difference between the one created by to_vec and the one created by clone.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. I got confused by slice::into_vec(] documentation.

sfackler
sfackler reviewed Dec 25, 2020
View reviewed changes
openssl/src/cms.rs Outdated
) -> Result<(), ErrorStack> {
unsafe {
let certs_ptr = certs.map_or(ptr::null_mut(), |p| p.as_ptr());
if store.is_none() && !flags.contains(CMSOptions::NO_SIGNER_CERT_VERIFY) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does OpenSSL crash if this condition isn't met?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it does, but not always. Only one of the tests on CI failed (see #1393 (comment) ) probably because input checks are not sufficient in older versions of OpenSSL.

sfackler
sfackler reviewed Dec 25, 2020
View reviewed changes
openssl/src/cms.rs Outdated
))?;

if let Some(out_data) = output_data {
*out_data = out_bio.get_buf().to_vec().clone();
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This clone appears to be unnecessary.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think than out_bio.get_buf() returns an address in the memory managed by OpenSSL which is released when out_bio is dropped. to_vec() creates a new vector from the existing memory (no copy or clone). Therefore the vector needs to be cloned.

sfackler
sfackler reviewed Jan 1, 2021
View reviewed changes
openssl/src/cms.rs
/// [`CMS_verify`]: https://www.openssl.org/docs/manmaster/man3/CMS_verify.html
pub fn verify(
&mut self,
certs: Option<&StackRef<X509>>,
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The man page for CMS_verify doesn't talk about certs and store being allowed to be null at all - maybe they should just be required?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The man page (https://www.openssl.org/docs/manmaster/man3/CMS_verify.html) mentions a null certs parameter in this sentence:

...An attempt is made to locate all the signing certificate(s), first looking in the certs parameter (if it is not NULL) ...

and there is the option CMS_NO_SIGNER_CERT_VERIFY which disables certificate verification altogether.

Therefore, I think the optional parameters make sense. Nevertheless, the distinction is just a formal one, because the caller can always create an empty vector or an empty store. If you insist, I can change them to required, just let me know.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah good find. Keeping certs nullable seems fine, but I'd lean towards requiring store since its nullability isn't mentioned in the docs and at least in 1.0.1 they assume it's present (I'd also hope people aren't using NO_SIGNER_CERT_VERIFY too often!).

@sladecek
Copy link
Contributor Author

Hi,
is there something else for me to correct? I think that all the issues were resolved.

@sfackler
Copy link
Owner

Sorry - github doesn't notify for force pushes :(

It looks like some random commits got somehow pulled into the PR. You may need to do some branch surgery.

@sladecek sladecek closed this Jan 19, 2021
@sladecek sladecek reopened this Jan 19, 2021
@sladecek
Copy link
Contributor Author

Hi,
I deleted the branch and created it anew. Is it OK now?

@sladecek sladecek closed this Feb 28, 2021
@FelixSchwarz
Copy link

@sladecek What happened to this PR? CMS_verify would be really nice to have.

Actually I just saw the diff in this PR + status "closed" so I assumed the PR was merged already and was then wondering why I was unable to call the method... 🤔

@sladecek
Copy link
Contributor Author

I deleted the PR because the maintainer didn't answer for a long time and the branch was outdated.

@FelixSchwarz
Copy link

Not sure how much I time I have over the next weeks but would having CMS_verify would be really helpful. Would you mind resubmitting the code? I could also take your comit and try to get the code included into rust-openssl if you don't have time to do that.

@sladecek
Copy link
Contributor Author

sladecek commented Sep 19, 2021 via email

@puru1761
Copy link

puru1761 commented Jan 4, 2022

Hi @sladecek It would be really useful to have this functionality and the APIs included in https://github.com/sfackler/rust-openssl/pull/1034/files for implementing singing of Linux Kernel Modules in rust. Do you know if this is still being worked on?

@sladecek
Copy link
Contributor Author

sladecek commented Jan 5, 2022

Here is my PR

#1589

Ladislav

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfackler sfackler sfackler left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sladecek @sfackler @FelixSchwarz @puru1761