PKCS7 creation and reading

openssl-sys/build/cfgs.rs

@@ -31,6 +31,9 @@ pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&
         if libressl_version >= 0x2_09_01_00_0 {
             cfgs.push("libressl291");
         }
+        if libressl_version >= 0x3_01_00_00_0 {
+            cfgs.push("libressl310");
+        }
         if libressl_version >= 0x3_02_01_00_0 {
             cfgs.push("libressl321");
         }

openssl-sys/src/handwritten/asn1.rs

@@ -14,19 +14,49 @@ extern "C" {
 
 stack!(stack_st_ASN1_OBJECT);
 
+#[repr(C)]
+pub struct ASN1_TYPE {
+    pub type_: c_int,
+    pub value: ASN1_TYPE_value,
+}
+#[repr(C)]
+pub union ASN1_TYPE_value {
+    pub ptr: *mut c_char,
+    pub boolean: ASN1_BOOLEAN,
+    pub asn1_string: *mut ASN1_STRING,
+    pub object: *mut ASN1_OBJECT,
+    pub integer: *mut ASN1_INTEGER,
+    pub enumerated: *mut ASN1_ENUMERATED,
+    pub bit_string: *mut ASN1_BIT_STRING,
+    pub octet_string: *mut ASN1_OCTET_STRING,
+    pub printablestring: *mut ASN1_PRINTABLESTRING,
+    pub t61string: *mut ASN1_T61STRING,
+    pub ia5string: *mut ASN1_IA5STRING,
+    pub generalstring: *mut ASN1_GENERALSTRING,
+    pub bmpstring: *mut ASN1_BMPSTRING,
+    pub universalstring: *mut ASN1_UNIVERSALSTRING,
+    pub utctime: *mut ASN1_UTCTIME,
+    pub generalizedtime: *mut ASN1_GENERALIZEDTIME,
+    pub visiblestring: *mut ASN1_VISIBLESTRING,
+    pub utf8string: *mut ASN1_UTF8STRING,
+    pub set: *mut ASN1_STRING,
+    pub sequence: *mut ASN1_STRING,
+    pub asn1_value: *mut ASN1_VALUE,
+}
+
 extern "C" {
     pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
     #[cfg(any(ossl110, libressl273))]
     pub fn ASN1_STRING_get0_data(x: *const ASN1_STRING) -> *const c_uchar;
     #[cfg(any(all(ossl101, not(ossl110)), libressl))]
     pub fn ASN1_STRING_data(x: *mut ASN1_STRING) -> *mut c_uchar;
-
-    pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING);
-
+    pub fn ASN1_STRING_new() -> *mut ASN1_STRING;
     pub fn ASN1_STRING_free(x: *mut ASN1_STRING);
     pub fn ASN1_STRING_length(x: *const ASN1_STRING) -> c_int;
+    pub fn ASN1_STRING_set(x: *mut ASN1_STRING, data: *const c_void, len_in: c_int) -> c_int;
 
-    pub fn ASN1_STRING_set(x: *mut ASN1_STRING, data: *const c_void, len: c_int) -> c_int;
+    pub fn ASN1_BIT_STRING_free(x: *mut ASN1_BIT_STRING);
+    pub fn ASN1_OCTET_STRING_free(x: *mut ASN1_OCTET_STRING);
 
     pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME);
     pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int;
@@ -51,10 +81,14 @@ extern "C" {
     pub fn ASN1_TIME_set_string(s: *mut ASN1_TIME, str: *const c_char) -> c_int;
     #[cfg(ossl111)]
     pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int;
+
+    pub fn ASN1_TYPE_free(x: *mut ASN1_TYPE);
 }
 
 const_ptr_api! {
     extern "C" {
         pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: #[const_ptr_if(any(ossl110, libressl280))] ASN1_STRING) -> c_int;
+        pub fn ASN1_STRING_type(x: #[const_ptr_if(any(ossl110, libressl280))]  ASN1_STRING) -> c_int;
+        pub fn ASN1_generate_v3(str: #[const_ptr_if(any(ossl110, libressl280))] c_char, cnf: *mut X509V3_CTX) -> *mut ASN1_TYPE;
     }
 }

openssl-sys/src/handwritten/object.rs

@@ -27,4 +27,5 @@ extern "C" {
     pub fn OBJ_length(obj: *const ASN1_OBJECT) -> libc::size_t;
     #[cfg(ossl111)]
     pub fn OBJ_get0_data(obj: *const ASN1_OBJECT) -> *const c_uchar;
+    pub fn OBJ_cmp(a: *const ASN1_OBJECT, b: *const ASN1_OBJECT) -> c_int;
 }

openssl-sys/src/handwritten/pkcs7.rs

@@ -1,12 +1,149 @@
 use super::super::*;
 use libc::*;
 
-pub enum PKCS7_SIGNED {}
-pub enum PKCS7_ENVELOPE {}
-pub enum PKCS7_SIGN_ENVELOPE {}
-pub enum PKCS7_DIGEST {}
-pub enum PKCS7_ENCRYPT {}
-pub enum PKCS7 {}
+#[cfg(ossl300)]
+#[repr(C)]
+pub struct PKCS7_CTX {
+    libctx: *mut OSSL_LIB_CTX,
+    propq: *mut c_char,
+}
+
+#[repr(C)]
+pub struct PKCS7_SIGNED {
+    pub version: *mut ASN1_INTEGER,        /* version 1 */
+    pub md_algs: *mut stack_st_X509_ALGOR, /* md used */
+    pub cert: *mut stack_st_X509,          /* [ 0 ] */
+    pub crl: *mut stack_st_X509_CRL,       /* [ 1 ] */
+    pub signer_info: *mut stack_st_PKCS7_SIGNER_INFO,
+    pub contents: *mut PKCS7,
+}
+#[repr(C)]
+pub struct PKCS7_ENC_CONTENT {
+    pub content_type: *mut ASN1_OBJECT,
+    pub algorithm: *mut X509_ALGOR,
+    pub enc_data: *mut ASN1_OCTET_STRING, /* [ 0 ] */
+    pub cipher: *const EVP_CIPHER,
+    #[cfg(ossl300)]
+    pub ctx: *const PKCS7_CTX,
+}
+#[repr(C)]
+pub struct PKCS7_ENVELOPE {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub recipientinfo: *mut stack_st_PKCS7_RECIP_INFO,
+    pub enc_data: *mut PKCS7_ENC_CONTENT,
+}
+#[repr(C)]
+pub struct PKCS7_SIGN_ENVELOPE {
+    pub version: *mut ASN1_INTEGER,        /* version 1 */
+    pub md_algs: *mut stack_st_X509_ALGOR, /* md used */
+    pub cert: *mut stack_st_X509,          /* [ 0 ] */
+    pub crl: *mut stack_st_X509_CRL,       /* [ 1 ] */
+    pub signer_info: *mut stack_st_PKCS7_SIGNER_INFO,
+    pub enc_data: *mut PKCS7_ENC_CONTENT,
+    pub recipientinfo: *mut stack_st_PKCS7_RECIP_INFO,
+}
+#[repr(C)]
+pub struct PKCS7_DIGEST {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub md: *mut X509_ALGOR,        /* md used */
+    pub contents: *mut PKCS7,
+    pub digest: *mut ASN1_OCTET_STRING,
+}
+#[repr(C)]
+pub struct PKCS7_ENCRYPT {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub enc_data: *mut PKCS7_ENC_CONTENT,
+}
+
+extern "C" {
+    pub fn PKCS7_SIGNED_free(info: *mut PKCS7_SIGNED);
+    pub fn PKCS7_ENC_CONTENT_free(info: *mut PKCS7_ENC_CONTENT);
+    pub fn PKCS7_ENVELOPE_free(info: *mut PKCS7_ENVELOPE);
+    pub fn PKCS7_SIGN_ENVELOPE_free(info: *mut PKCS7_SIGN_ENVELOPE);
+    pub fn PKCS7_DIGEST_free(info: *mut PKCS7_DIGEST);
+    pub fn PKCS7_SIGNER_INFO_free(info: *mut PKCS7_SIGNER_INFO);
+    pub fn PKCS7_ENCRYPT_free(enc: *mut PKCS7_ENCRYPT);
+    pub fn PKCS7_ISSUER_AND_SERIAL_free(ias: *mut PKCS7_ISSUER_AND_SERIAL);
+    pub fn PKCS7_RECIP_INFO_free(info: *mut PKCS7_RECIP_INFO);
+}
+
+#[repr(C)]
+pub struct PKCS7 {
+    /*
+     * The following is non NULL if it contains ASN1 encoding of this
+     * structure
+     */
+    pub asn1: *mut c_uchar,
+    pub length: c_long,
+    // # define PKCS7_S_HEADER  0
+    // # define PKCS7_S_BODY    1
+    // # define PKCS7_S_TAIL    2
+    pub state: c_int, /* used during processing */
+    pub detached: c_int,
+    pub type_: *mut ASN1_OBJECT,
+    /* content as defined by the type */
+    /*
+     * all encryption/message digests are applied to the 'contents', leaving
+     * out the 'type' field.
+     */
+    pub d: PKCS7_data,
+    #[cfg(ossl300)]
+    pub ctx: PKCS7_CTX,
+}
+
+#[repr(C)]
+pub union PKCS7_data {
+    pub ptr: *mut c_char,
+    /* NID_pkcs7_data */
+    pub data: *mut ASN1_OCTET_STRING,
+    /* NID_pkcs7_signed */
+    pub sign: *mut PKCS7_SIGNED,
+    /* NID_pkcs7_enveloped */
+    pub enveloped: *mut PKCS7_ENVELOPE,
+    /* NID_pkcs7_signedAndEnveloped */
+    pub signed_and_enveloped: *mut PKCS7_SIGN_ENVELOPE,
+    /* NID_pkcs7_digest */
+    pub digest: *mut PKCS7_DIGEST,
+    /* NID_pkcs7_encrypted */
+    pub encrypted: *mut PKCS7_ENCRYPT,
+    /* Anything else */
+    pub other: *mut ASN1_TYPE,
+}
+
+#[repr(C)]
+pub struct PKCS7_ISSUER_AND_SERIAL {
+    pub issuer: *mut X509_NAME,
+    pub serial: *mut ASN1_INTEGER,
+}
+
+#[repr(C)]
+pub struct PKCS7_SIGNER_INFO {
+    pub version: *mut ASN1_INTEGER, /* version 1 */
+    pub issuer_and_serial: *mut PKCS7_ISSUER_AND_SERIAL,
+    pub digest_alg: *mut X509_ALGOR,
+    pub auth_attr: *mut stack_st_X509_ATTRIBUTE, /* [ 0 ] */
+    pub digest_enc_alg: *mut X509_ALGOR,
+    pub enc_digest: *mut ASN1_OCTET_STRING,
+    pub unauth_attr: *mut stack_st_X509_ATTRIBUTE, /* [ 1 ] */
+    pub pkey: *mut EVP_PKEY,                       /* The private key to sign with */
+    #[cfg(ossl300)]
+    pub ctx: *const PKCS7_CTX,
+}
+
+stack!(stack_st_PKCS7_SIGNER_INFO);
+
+#[repr(C)]
+pub struct PKCS7_RECIP_INFO {
+    pub version: *mut ASN1_INTEGER, /* version 0 */
+    pub issuer_and_serial: *mut PKCS7_ISSUER_AND_SERIAL,
+    pub key_enc_algor: *mut X509_ALGOR,
+    pub enc_key: *mut ASN1_OCTET_STRING,
+    pub cert: *mut X509, /* get the pub-key from this */
+    #[cfg(ossl300)]
+    pub ctx: *const PKCS7_CTX,
+}
+
+stack!(stack_st_PKCS7_RECIP_INFO);
 
 extern "C" {
     pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7;
@@ -15,6 +152,7 @@ extern "C" {
 const_ptr_api! {
     extern "C" {
         pub fn i2d_PKCS7(a: #[const_ptr_if(ossl300)] PKCS7, buf: *mut *mut u8) -> c_int;
+        pub fn i2d_PKCS7_bio(bio: *mut BIO, p7: #[const_ptr_if(ossl300)]  PKCS7) -> c_int;
     }
 }
 
@@ -67,4 +205,53 @@ extern "C" {
     ) -> c_int;
 
     pub fn SMIME_read_PKCS7(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut PKCS7;
+
+    pub fn PKCS7_new() -> *mut PKCS7;
+
+    pub fn PKCS7_set_type(p7: *mut PKCS7, nid_pkcs7: c_int) -> c_int;
+
+    pub fn PKCS7_add_certificate(p7: *mut PKCS7, x509: *mut X509) -> c_int;
+
+    pub fn PKCS7_add_signature(
+        p7: *mut PKCS7,
+        x509: *mut X509,
+        pkey: *mut EVP_PKEY,
+        digest: *const EVP_MD,
+    ) -> *mut PKCS7_SIGNER_INFO;
+
+    pub fn PKCS7_set_signed_attributes(
+        p7si: *mut PKCS7_SIGNER_INFO,
+        attributes: *mut stack_st_X509_ATTRIBUTE,
+    ) -> c_int;
+
+    pub fn PKCS7_add_signed_attribute(
+        p7si: *mut PKCS7_SIGNER_INFO,
+        nid: c_int,
+        attrtype: c_int,
+        data: *mut c_void,
+    ) -> c_int;
+
+    pub fn PKCS7_content_new(p7: *mut PKCS7, nid_pkcs7: c_int) -> c_int;
+
+    pub fn PKCS7_dataInit(p7: *mut PKCS7, bio: *mut BIO) -> *mut BIO;
+
+    pub fn PKCS7_dataFinal(p7: *mut PKCS7, bio: *mut BIO) -> c_int;
+
+    pub fn PKCS7_get_signer_info(p7: *mut PKCS7) -> *mut stack_st_PKCS7_SIGNER_INFO;
+
+    pub fn PKCS7_SIGNER_INFO_get0_algs(
+        si: *mut PKCS7_SIGNER_INFO,
+        pk: *mut *mut EVP_PKEY,
+        pdig: *mut *mut X509_ALGOR,
+        psig: *mut *mut X509_ALGOR,
+    );
+}
+
+const_ptr_api! {
+    extern "C" {
+        pub fn PKCS7_get_signed_attribute(
+            si: #[const_ptr_if(ossl300)] PKCS7_SIGNER_INFO,
+            nid: c_int
+        ) -> *mut ASN1_TYPE;
+    }
 }

openssl-sys/src/handwritten/types.rs

@@ -3,14 +3,27 @@ use libc::*;
 #[allow(unused_imports)]
 use super::super::*;
 
+pub enum ASN1_OBJECT {}
+pub enum ASN1_VALUE {}
+
+pub type ASN1_BOOLEAN = c_int;
+pub enum ASN1_ENUMERATED {}
 pub enum ASN1_INTEGER {}
 pub enum ASN1_GENERALIZEDTIME {}
 pub enum ASN1_STRING {}
 pub enum ASN1_BIT_STRING {}
 pub enum ASN1_TIME {}
-pub enum ASN1_TYPE {}
-pub enum ASN1_OBJECT {}
 pub enum ASN1_OCTET_STRING {}
+pub enum ASN1_NULL {}
+pub enum ASN1_PRINTABLESTRING {}
+pub enum ASN1_T61STRING {}
+pub enum ASN1_IA5STRING {}
+pub enum ASN1_GENERALSTRING {}
+pub enum ASN1_BMPSTRING {}
+pub enum ASN1_UNIVERSALSTRING {}
+pub enum ASN1_UTCTIME {}
+pub enum ASN1_VISIBLESTRING {}
+pub enum ASN1_UTF8STRING {}
 
 pub enum bio_st {} // FIXME remove
 cfg_if! {
@@ -325,6 +338,8 @@ cfg_if! {
     }
 }
 
+stack!(stack_st_X509_ALGOR);
+
 pub enum X509_LOOKUP_METHOD {}
 
 pub enum X509_NAME {}