Add support for verifying PKCS7 signed attributes (#2264)

I discovered this while trying to fix our PKCS7 implementation to use
indefinite encoding. The PKCS7 file that Ruby's PKCS7 tests uses signed
attributes, but `PKCS7_verify` bails out whenever it encounters files
that have signed attributes. There are still other issues with the Ruby
PKCS7 test that we'll have to fix (indefinite length ASN1), but I
believe we should fix the missing support for verifying signed
attributes first.
AWS-LC turns on `PKCS7_NOATTR` by default in `PKCS7_sign`, so our
existing `PKCS7_verify` implementation can do a successful sign/verify
round trip against itself. However, OpenSSL does not turn on
`PKCS7_NOATTR` by default and signed attributes are added automatically
to the PKCS7 file if no flags are set. This means that the current state
of AWS-LC's `PKCS7_verify` would fail against files generated by the
default of OpenSSL's `PKCS7_sign`. This PR adds support for verifying
PKCS7 signed attributes to fix the misalignment.

### Testing:
1. Test file from Ruby. The intention is to build upon the test to fix
the ASN1 indefinite length issues later on.
2. Test file generated by OpenSSL. Our `PKCS7_sign` does not support
signed attributes, so we can only test against generated files by
OpenSSL.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Author: samuel40791765

crypto/pkcs7/internal.h

@@ -31,6 +31,8 @@ DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
 
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
+
 DEFINE_STACK_OF(PKCS7)
 
 // ASN.1 defined here https://datatracker.ietf.org/doc/html/rfc2315#section-10.1

crypto/pkcs7/pkcs7.c

@@ -446,13 +446,9 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i) {
   return 1;
 }
 
-ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid) {
-  if (si == NULL) {
-    OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER);
-    return NULL;
-  }
-  for (size_t i = 0; i < sk_X509_ATTRIBUTE_num(si->auth_attr); i++) {
-    X509_ATTRIBUTE *attr = sk_X509_ATTRIBUTE_value(si->auth_attr, i);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) {
+  for (size_t i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+    X509_ATTRIBUTE *attr = sk_X509_ATTRIBUTE_value(sk, i);
     ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
     if (OBJ_obj2nid(obj) == nid) {
       return X509_ATTRIBUTE_get0_type(attr, 0);
@@ -461,6 +457,27 @@ ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid) {
   return NULL;
 }
 
+ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid) {
+  if (si == NULL) {
+    OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+  }
+  return get_attribute(si->auth_attr, nid);
+}
+
+static ASN1_OCTET_STRING *PKCS7_digest_from_attributes(
+    STACK_OF(X509_ATTRIBUTE) *sk) {
+  if (sk == NULL) {
+    OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+  }
+  ASN1_TYPE *astype = get_attribute(sk, NID_pkcs9_messageDigest);
+  if (astype == NULL) {
+    return NULL;
+  }
+  return astype->value.octet_string;
+}
+
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) {
   if (p7 == NULL || p7->d.ptr == NULL) {
     OPENSSL_PUT_ERROR(PKCS7, ERR_R_PASSED_NULL_PARAMETER);
@@ -866,9 +883,7 @@ int PKCS7_set_detached(PKCS7 *p7, int detach) {
   }
 }
 
-int PKCS7_get_detached(PKCS7 *p7) {
-  return PKCS7_is_detached(p7);
-}
+int PKCS7_get_detached(PKCS7 *p7) { return PKCS7_is_detached(p7); }
 
 
 static BIO *pkcs7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) {
@@ -1399,7 +1414,8 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) {
   return ri;
 }
 
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int _flags) {
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
+                  int _flags) {
   GUARD_PTR(p7);
   GUARD_PTR(pkey);
   GUARD_PTR(data);
@@ -1528,7 +1544,18 @@ static int pkcs7_signature_verify(BIO *in_bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
   GUARD_PTR(signer);
   int ret = 0;
 
+  // Create a new |EVP_MD_CTX| to be consumed, so that the original |EVP_MD_CTX|
+  // is still in a usable state.
+  EVP_MD_CTX *mdc_tmp = EVP_MD_CTX_new();
+  if (mdc_tmp == NULL) {
+    OPENSSL_PUT_ERROR(PKCS7, ERR_R_MALLOC_FAILURE);
+    goto out;
+  }
+
   const int md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+  if (md_type == NID_undef) {
+    goto out;
+  }
   EVP_MD_CTX *mdc = NULL;
   BIO *bio = in_bio;
   // There may be multiple MD-type BIOs in the chain, so iterate until we find
@@ -1548,26 +1575,65 @@ static int pkcs7_signature_verify(BIO *in_bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
     bio = BIO_next(bio);
   }
 
-  // We don't currently support signed attributes. See |PKCS7_NOATTR|.
-  if (si->auth_attr && sk_X509_ATTRIBUTE_num(si->auth_attr) != 0) {
-    OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+  // mdc is the digest ctx that we want, unless there are attributes, in
+  // which case the digest is the signed attributes.
+  if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) {
     goto out;
   }
 
-  EVP_PKEY *pkey;
-  if ((pkey = X509_get0_pubkey(signer)) == NULL) {
+  if (si->auth_attr != NULL && sk_X509_ATTRIBUTE_num(si->auth_attr) != 0) {
+    unsigned char md_data[EVP_MAX_MD_SIZE], *abuf = NULL;
+    unsigned int md_len;
+
+    if (!EVP_DigestFinal_ex(mdc_tmp, md_data, &md_len)) {
+      goto out;
+    }
+    ASN1_OCTET_STRING *message_digest =
+        PKCS7_digest_from_attributes(si->auth_attr);
+    if (message_digest == NULL) {
+      OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+      goto out;
+    }
+    if (message_digest->length != (int)md_len ||
+        OPENSSL_memcmp(message_digest->data, md_data, md_len) != 0) {
+      OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_DIGEST_FAILURE);
+      goto out;
+    }
+
+    const EVP_MD *md = EVP_get_digestbynid(md_type);
+    if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) {
+      goto out;
+    }
+
+    int alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+    if (alen <= 0 || abuf == NULL) {
+      OPENSSL_PUT_ERROR(PKCS7, ERR_R_ASN1_LIB);
+      ret = -1;
+      goto out;
+    }
+    if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) {
+      OPENSSL_free(abuf);
+      goto out;
+    }
+    OPENSSL_free(abuf);
+  }
+
+  EVP_PKEY *pkey = X509_get0_pubkey(signer);
+  if (pkey == NULL) {
     goto out;
   }
 
   ASN1_OCTET_STRING *data_body = si->enc_digest;
-  if (!EVP_VerifyFinal(mdc, data_body->data, data_body->length, pkey)) {
+  if (!EVP_VerifyFinal(mdc_tmp, data_body->data, data_body->length, pkey)) {
     OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_SIGNATURE_FAILURE);
     goto out;
   }
 
   ret = 1;
 
 out:
+  EVP_MD_CTX_free(mdc_tmp);
   return ret;
 }
 

crypto/pkcs7/pkcs7_asn1.c

@@ -187,6 +187,11 @@ ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = ASN1_EX_TEMPLATE_TYPE(
+    ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, V_ASN1_SET,
+    PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
+
 int PKCS7_print_ctx(BIO *bio, PKCS7 *pkcs7, int indent, const ASN1_PCTX *pctx) {
   GUARD_PTR(bio);
   GUARD_PTR(pkcs7);

crypto/pkcs7/pkcs7_test.cc

@@ -27,6 +27,8 @@
 #include "../test/test_util.h"
 #include "internal.h"
 
+std::string GetTestData(const char *path);
+
 // kPKCS7NSS contains the certificate chain of mail.google.com, as saved by NSS
 // using the Chrome UI.
 static const uint8_t kPKCS7NSS[] = {
@@ -1699,7 +1701,8 @@ TEST(PKCS7Test, TestEnveloped) {
   // NOTE: we make |buf| larger than |pt_len| in case padding gets added.
   // without the extra room, we sometimes overflow into the next variable on the
   // stack.
-  uint8_t buf[pt_len + EVP_MAX_BLOCK_LENGTH], decrypted[pt_len + EVP_MAX_BLOCK_LENGTH];
+  uint8_t buf[pt_len + EVP_MAX_BLOCK_LENGTH];
+  uint8_t decrypted[pt_len + EVP_MAX_BLOCK_LENGTH];
 
   OPENSSL_cleanse(buf, sizeof(buf));
   OPENSSL_memset(buf, 'A', pt_len);
@@ -1828,9 +1831,9 @@ TEST(PKCS7Test, TestEnveloped) {
   // expectation. Ideally we'd find a way to access the padded plaintext and
   // account for this deterministically by checking the random "padding" and
   // adusting accordingly.
-  const size_t max_decrypt =
-    pt_len + EVP_CIPHER_block_size(EVP_aes_128_cbc());
-  const size_t decrypted_len = (size_t)BIO_read(bio.get(), decrypted, sizeof(decrypted));
+  const size_t max_decrypt = pt_len + EVP_CIPHER_block_size(EVP_aes_128_cbc());
+  const size_t decrypted_len =
+      (size_t)BIO_read(bio.get(), decrypted, sizeof(decrypted));
   ASSERT_LE(decrypted_len, sizeof(decrypted));
   if (decrypted_len > pt_len) {
     EXPECT_LT(max_decrypt - 4, decrypted_len);
@@ -2068,3 +2071,158 @@ TEST(PKCS7Test, SetDetached) {
   EXPECT_TRUE(PKCS7_set_detached(p7.get(), 1));
   EXPECT_FALSE(p7.get()->d.sign->contents->d.data);
 }
+
+TEST(PKCS7Test, PKCS7SignedAttributes) {
+  // This file was generated with the following command:
+  // openssl smime -sign -in input.txt -signer crypto/ocsp/aws/ca_cert.pem
+  //        -inkey crypto/ocsp/aws/ca_key.pem -out signed.p7s -outform PEM
+  //        -nodetach -md sha512
+  //
+  // Files with signed attributes aren't generatable with AWS-LC for now, as
+  // |PKCS7_NOATTR| is always assumed with |PKCS7_sign|. See |PKCS7_sign|
+  // for more details.
+  static const char kPKCS7SignedAttributes[] = R"(
+-----BEGIN PKCS7-----
+MIII8QYJKoZIhvcNAQcCoIII4jCCCN4CAQExDzANBglghkgBZQMEAgMFADAcBgkq
+hkiG9w0BBwGgDwQNc2lnbmVkIGRhdGENCqCCBTwwggU4MIIDIKADAgECAgkAhs29
+IYxE13cwDQYJKoZIhvcNAQELBQAwKDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldB
+MQwwCgYDVQQKDANzMm4wIBcNMTcwOTA1MDUxNTA1WhgPMjExNzA4MTIwNTE1MDVa
+MCgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEMMAoGA1UECgwDczJuMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvjgKgqLJvaDndXS3qPpNA+hodYcO
+lP+jit7DwI00OL42sgEW0Xmk9u2kGTwIFW1iQPCPo0kB0wMTxSwXruZJpzI2asMY
+bNpkVGxMBBT94p9OJcnljeaCYsEe2Wdcm930ixl2w9MjG3au7iawmAL+R6cG06Vp
+kTlTH9b6+Y1MQUM99jPmyqHr2g53Ocw0eL2WcnULsfOFQONxTLQPaKFrdAcJdB+g
+y6yA86J7CASdPjyPqEMqpexGisUwTX2bi8a5r7J9E5mmXSpLVSHubrZfn1UuoZcr
+8Kzo99JAbXyEvOkxi9IxH+sjduN02bPBs6PsYQTizpsATfgtIujriKZW6RLqFrst
+4nCHy8MPbY/ZoPisMaIA3+aFdULypGvzDJesivaFSmnjaIlXLNUdYNGSrh1TfXFs
+2yP/z0USH5c5iK4ztmB4dX8h7z2evvy85+/SIIyAIWzKSkVn7y8MLbabqkauXnxV
+1jn13qMe2k21BhafUHnDEHHS6A8d3S5HIG+TzOsh/0DrRCxDnoXeKYkLp1H7hHwz
+y3zhabqwNABW+PJijL27h7istdPkgwUcaMjtV1qEDQGYgHMEt85vplRfadrRyQa9
+W7wMKub2Uk/U1ike5DdbYfCzX6swPRREmpnL8PZu20/FWBP/kqoJKmYGO+y/a6dN
+/FVtkidBAW23vSUCAwEAAaNjMGEwHQYDVR0OBBYEFBLfgXVxypLTzhssK3c7njN3
+8/dvMB8GA1UdIwQYMBaAFBLfgXVxypLTzhssK3c7njN38/dvMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCzYLV5JyGy
+1nvBRo58nj/hPZvNn5o+lv2pH2tT6ejxCmpbRM4/klE5trSakPehGtLyESKGnZQ+
+kcgjUlGrPK2rkYczqtb2yjDEmqGGnjovG0Coh4vWTY8HncT1Qhq/iR/gLV47faI7
+TSd0r9+5bGS7/3mQgLujmlBqMKSwSR4SgrHqhSnpG3YoAasQiamgQ/iqrDcY3wau
+e0LSz4V9liyuP8pMlxBAGDXyDtRjquPR1vU7FsortRK9DM9aHtzWZA8gVh9Oe+fc
+oDXitS5ZJbk0X0RvqvC5zMJaHPJ2/P3jN5Yxise4PAktu0sG/p/oI8+aVp0bwGkY
+oFven2XwXN+9RW0C2kEVw9njQd6Y07nSRTbtuU2am8sKzodwnT+aDP5tU0OSRfIH
+U9IdtWppYUnhKn+ajiWI2BAEaAN+iQL/j6GTfQQyfzBaMgtuZ2eqJRJcTCugSLWo
+1W/88n3tkE6lDHTV1x+24LEEitBICnduxuC46iIL+0CgY+xinEcd9+YcUP7ZZkOs
+FgrDOXhLuPj81G3nsN0tny12YtChbIU+OY/JEksWEiotKuWZmBPb8U045hGBn5ni
+5qgRlV1n1guPpH7Bbg0GLkr6x3X9H5HsSz2JAWpJgpdok2HSxu9U6h9fr9OoFqmZ
+xtW7c1tGdToKxzZiB1jhZ03QbQANYLSLwDGCA2gwggNkAgEBMDUwKDELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAldBMQwwCgYDVQQKDANzMm4CCQCGzb0hjETXdzANBglg
+hkgBZQMEAgMFAKCCAQQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
+9w0BCQUxDxcNMjUwMzExMjMyOTEzWjBPBgkqhkiG9w0BCQQxQgRAl16N1XX/Z/y4
+jlWkbg/ueaFtxN8mCp2+bj3k+NmIMCQLKjkqbEine7DDaGNDb4BN15Px1ymLNy5O
+5RK2D+PRGTB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQME
+ARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq
+hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
+AASCAgAE9Yb3N3wPKRn3hkA2Bc6pyv4ZnNEId1uFLi/zgZ+BGl7KBa6yoRBu8tBS
+FqfYah4c4X//bPWbEw8MrNEQqaRBUpMaDwHWf595RSYdYo3i0GxzKi7QFpB5SflP
+yvtcdspWw/M0rwY6KmNbATtsjKAMBBeTU743inBViRUuhae29FztNMlociVz1lBt
+rQ9AYswKKXbrLu7tJNGp1bYZSnmDlqzoBL/DzyQ380uTGOnRJP84Xjpsgc4IdNoW
+CuWDjK5lvLQaVUS0ew0Egci29ZYGBHGOXQRIPoqndVzDwvfY9VZqK2Ip/HV1cWfa
+QtMz8qGghzAMvovEmRL3qRXCQSU3KZuiJbQvV6dC5FSHWrRMYCN0seseIqHvRMtt
+z6QpSj86Th7VizR5AMoYsE/R8vZ2BhecrFED2thMWyL1e94819SExYmuTghplo2s
+ZxoZAOeu0qvV8JysG0DvM7qM1zG2vVTBnr+X7DoqFjRN/tdkKqNBqvtQ/ha4aDrX
+EHTfIzMfpQdJz/DR7PtljxI8ASPtPCWo6Ks5pa1oq0Kf/AGkYVaAu3J0jvb++XFo
+iWjrtmwM/HRbFEg2THS9b/vkiTsNSRCR9goaq9KPqXuJJsjJIoMA8IBHSLVvFnLf
+1IVRuFDgmKSAyCQp2MjkDmgbthvHru4rmBBhhG5APJw0uUcFwA==
+-----END PKCS7-----
+)";
+
+  // Timestamp for March 11, 2025.
+  static const int64_t kReferencePKCS7Time = 1741824000;
+
+  const bssl::UniquePtr<BIO> bio(
+      BIO_new_mem_buf(kPKCS7SignedAttributes, strlen(kPKCS7SignedAttributes)));
+  ASSERT_TRUE(bio);
+  bssl::UniquePtr<PKCS7> pkcs7(
+      PEM_read_bio_PKCS7(bio.get(), nullptr, nullptr, nullptr));
+  ASSERT_TRUE(pkcs7);
+  ASSERT_TRUE(PKCS7_type_is_signed(pkcs7.get()));
+
+  // Set up trust store for verification.
+  bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
+  bssl::UniquePtr<X509> ca_cert(CertFromPEM(
+      GetTestData(std::string("crypto/ocsp/test/aws/ca_cert.pem").c_str())
+          .c_str()));
+  ASSERT_TRUE(X509_STORE_add_cert(store.get(), ca_cert.get()));
+
+  // Set a valid time to avoid time bomb in tests.
+  X509_VERIFY_PARAM *param = X509_STORE_get0_param(store.get());
+  X509_VERIFY_PARAM_set_time_posix(param, kReferencePKCS7Time);
+
+  bssl::UniquePtr<BIO> out(BIO_new(BIO_s_mem()));
+  EXPECT_TRUE(PKCS7_verify(pkcs7.get(), nullptr, store.get(), nullptr,
+                           out.get(), /*flags*/ 0));
+
+  // Run |PKCS7_verify| again to check that we're consuming a copy of the
+  // underlying |EVP_MD_CTX|.
+  EXPECT_TRUE(PKCS7_verify(pkcs7.get(), nullptr, store.get(), nullptr,
+                         out.get(), /*flags*/ 0));
+}
+
+TEST(PKCS7Test, PKCS7SignedAttributesRuby) {
+  // The following test file was taken from ruby/openssl's pkcs7 tests.
+  static const char kPKCS7Ruby[] = R"(
+-----BEGIN PKCS7-----
+MIIHSwYJKoZIhvcNAQcCoIIHPDCCBzgCAQExCzAJBgUrDgMCGgUAMIIDiAYJKoZI
+hvcNAQcBoIIDeQSCA3UwgAYJKoZIhvcNAQcDoIAwgAIBADGCARAwggEMAgEAMHUw
+cDEQMA4GA1UECgwHZXhhbXBsZTEXMBUGA1UEAwwOVEFSTUFDIFJPT1QgQ0ExIjAg
+BgkqhkiG9w0BCQEWE3NvbWVvbmVAZXhhbXBsZS5vcmcxCzAJBgNVBAYTAlVTMRIw
+EAYDVQQHDAlUb3duIEhhbGwCAWYwDQYJKoZIhvcNAQEBBQAEgYBspXXse8ZhG1FE
+E3PVAulbvrdR52FWPkpeLvSjgEkYzTiUi0CC3poUL1Ku5mOlavWAJgoJpFICDbvc
+N4ZNDCwOhnzoI9fMGmm1gvPQy15BdhhZRo9lP7Ga/Hg2APKT0/0yhPsmJ+w+u1e7
+OoJEVeEZ27x3+u745bGEcu8of5th6TCABgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcE
+CBNs2U5mMsd/oIAEggIQU6cur8QBz02/4eMpHdlU9IkyrRMiaMZ/ky9zecOAjnvY
+d2jZqS7RhczpaNJaSli3GmDsKrF+XqE9J58s9ScGqUigzapusTsxIoRUPr7Ztb0a
+pg8VWDipAsuw7GfEkgx868sV93uC4v6Isfjbhd+JRTFp/wR1kTi7YgSXhES+RLUW
+gQbDIDgEQYxJ5U951AJtnSpjs9za2ZkTdd8RSEizJK0bQ1vqLoApwAVgZqluATqQ
+AHSDCxhweVYw6+y90B9xOrqPC0eU7Wzryq2+Raq5ND2Wlf5/N11RQ3EQdKq/l5Te
+ijp9PdWPlkUhWVoDlOFkysjk+BE+7AkzgYvz9UvBjmZsMsWqf+KsZ4S8/30ndLzu
+iucsu6eOnFLLX8DKZxV6nYffZOPzZZL8hFBcE7PPgSdBEkazMrEBXq1j5mN7exbJ
+NOA5uGWyJNBMOCe+1JbxG9UeoqvCCTHESxEeDu7xR3NnSOD47n7cXwHr81YzK2zQ
+5oWpP3C8jzI7tUjLd1S0Z3Psd17oaCn+JOfUtuB0nc3wfPF/WPo0xZQodWxp2/Cl
+EltR6qr1zf5C7GwmLzBZ6bHFAIT60/JzV0/56Pn8ztsRFtI4cwaBfTfvnwi8/sD9
+/LYOMY+/b6UDCUSR7RTN7XfrtAqDEzSdzdJkOWm1jvM8gkLmxpZdvxG3ZvDYnEQE
+5Nq+un5nAny1wf3rWierBAjE5ntiAmgs5AAAAAAAAAAAAACgggHqMIIB5jCCAU+g
+AwIBAgIBATANBgkqhkiG9w0BAQUFADAvMS0wKwYDVQQDEyQwQUM5RjAyNi1EQ0VB
+LTRDMTItOTEyNy1DMEZEN0QyQThCNUEwHhcNMTIxMDE5MDk0NTQ3WhcNMTMxMDE5
+MDk0NTQ3WjAvMS0wKwYDVQQDEyQwQUM5RjAyNi1EQ0VBLTRDMTItOTEyNy1DMEZE
+N0QyQThCNUEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALTsTNyGIsKvyw56
+WI3Gll/RmjsupkrdEtPbx7OjS9MEgyhOAf9+u6CV0LJGHpy7HUeROykF6xpbSdCm
+Mr6kNObl5N0ljOb8OmV4atKjmGg1rWawDLyDQ9Dtuby+dzfHtzAzP+J/3ZoOtSqq
+AHVTnCclU1pm/uHN0HZ5nL5iLJTvAgMBAAGjEjAQMA4GA1UdDwEB/wQEAwIFoDAN
+BgkqhkiG9w0BAQUFAAOBgQA8K+BouEV04HRTdMZd3akjTQOm6aEGW4nIRnYIf8ZV
+mvUpLirVlX/unKtJinhGisFGpuYLMpemx17cnGkBeLCQRvHQjC+ho7l8/LOGheMS
+nvu0XHhvmJtRbm8MKHhogwZqHFDnXonvjyqhnhEtK5F2Fimcce3MoF2QtEe0UWv/
+8DGCAaowggGmAgEBMDQwLzEtMCsGA1UEAxMkMEFDOUYwMjYtRENFQS00QzEyLTkx
+MjctQzBGRDdEMkE4QjVBAgEBMAkGBSsOAwIaBQCggc0wEgYKYIZIAYb4RQEJAjEE
+EwIxOTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0x
+MjEwMTkwOTQ1NDdaMCAGCmCGSAGG+EUBCQUxEgQQ2EFUJdQNwQDxclIQ8qNyYzAj
+BgkqhkiG9w0BCQQxFgQUy8GFXPpAwRJUT3rdvNC9Pn+4eoswOAYKYIZIAYb4RQEJ
+BzEqEygwRkU3QzJEQTVEMDc2NzFFOTcxNDlCNUE3MDRCMERDNkM4MDYwRDJBMA0G
+CSqGSIb3DQEBAQUABIGAWUNdzvU2iiQOtihBwF0h48Nnw/2qX8uRjg6CVTOMcGji
+BxjUMifEbT//KJwljshl4y3yBLqeVYLOd04k6aKSdjgdZnrnUPI6p5tL5PfJkTAE
+L6qflZ9YCU5erE4T5U98hCQBMh4nOYxgaTjnZzhpkKQuEiKq/755cjzTzlI/eok=
+-----END PKCS7-----
+)";
+
+  const bssl::UniquePtr<BIO> bio(
+      BIO_new_mem_buf(kPKCS7Ruby, strlen(kPKCS7Ruby)));
+  ASSERT_TRUE(bio);
+  bssl::UniquePtr<PKCS7> pkcs7(
+      PEM_read_bio_PKCS7(bio.get(), nullptr, nullptr, nullptr));
+  ASSERT_TRUE(pkcs7);
+  ASSERT_TRUE(PKCS7_type_is_signed(pkcs7.get()));
+
+  // Verify the file how Ruby's tests do it.
+  bssl::UniquePtr<X509_STORE> store(X509_STORE_new());
+  bssl::UniquePtr<BIO> out(BIO_new(BIO_s_mem()));
+  EXPECT_TRUE(PKCS7_verify(pkcs7.get(), nullptr, store.get(), nullptr,
+                           out.get(), /*flags*/ PKCS7_NOVERIFY));
+}

include/openssl/pkcs7.h

@@ -449,9 +449,6 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED PKCS7 *PKCS7_sign(X509 *sign_cert,
 // written to |out| and 1 is returned. On error or verification failure, 0 is
 // returned.
 //
-// We don't currently support authenticated attributes, so if any of |p7|'s
-// signer infos have authenticated attributes, PKCS7_verify will fail.
-//
 // Flags: If |PKCS7_NOVERIFY| is specified, trust chain validation is skipped.
 // This function also enforces the behavior of OpenSSL's |PKCS7_NO_DUAL_CONTENT|
 // meaning that |indata| may not be specified if |p7|'s signed data is attached.