opengnsys_ipxe

Commit Graph

Author	SHA1	Message	Date
Michael Brown	42a29d5681	[crypto] Update cmsdetach to work with python-asn1 version 3.0.0 The python-asn1 documentation indicates that end of file may be detected either by obtaining a True value from .eof() or by obtaining a None value from .peek(), but does not mention any way to detect the end of a constructed tag (rather than the end of the overall file). We currently use .eof() to detect the end of a constructed tag, based on the observed behaviour of the library. The behaviour of .eof() changed between versions 2.8.0 and 3.0.0, such that .eof() no longer returns True at the end of a constructed tag. Switch to testing for a None value returned from .peek() to determine when we have reached the end of a constructed tag, since this works on both newer and older versions. Continue to treat .eof() as a necessary but not sufficient condition for reaching the overall end of file, to maintain compatibility with older versions. Signed-off-by: Michael Brown <mcb30@ipxe.org>	2025-03-17 11:48:06 +00:00
Michael Brown	748cab7745	[crypto] Add cmsdetach script for detaching encrypted data from CMS messages The openssl toolchain does not currently seem to support creating CMS envelopedData or authEnvelopedData messages with detached encrypted data. Add a standalone tool "cmsdetach" that can be used to detach the encrypted data from a CMS message. For example: openssl cms -encrypt -binary -aes-256-gcm -recip client.crt \ -in bootfile -outform DER -out bootfile.cms cmsdetach bootfile.cms --data bootfile.dat --envelope bootfile.env Signed-off-by: Michael Brown <mcb30@ipxe.org>	2024-08-28 16:17:14 +01:00

Author

SHA1

Message

Date

Michael Brown

42a29d5681

[crypto] Update cmsdetach to work with python-asn1 version 3.0.0

The python-asn1 documentation indicates that end of file may be
detected either by obtaining a True value from .eof() or by obtaining
a None value from .peek(), but does not mention any way to detect the
end of a constructed tag (rather than the end of the overall file).
We currently use .eof() to detect the end of a constructed tag, based
on the observed behaviour of the library.

The behaviour of .eof() changed between versions 2.8.0 and 3.0.0, such
that .eof() no longer returns True at the end of a constructed tag.

Switch to testing for a None value returned from .peek() to determine
when we have reached the end of a constructed tag, since this works on
both newer and older versions.

Continue to treat .eof() as a necessary but not sufficient condition
for reaching the overall end of file, to maintain compatibility with
older versions.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

2025-03-17 11:48:06 +00:00

Michael Brown

748cab7745

[crypto] Add cmsdetach script for detaching encrypted data from CMS messages

The openssl toolchain does not currently seem to support creating CMS
envelopedData or authEnvelopedData messages with detached encrypted
data.

Add a standalone tool "cmsdetach" that can be used to detach the
encrypted data from a CMS message.  For example:

  openssl cms -encrypt -binary -aes-256-gcm -recip client.crt \
              -in bootfile -outform DER -out bootfile.cms

  cmsdetach bootfile.cms --data bootfile.dat --envelope bootfile.env

Signed-off-by: Michael Brown <mcb30@ipxe.org>

2024-08-28 16:17:14 +01:00

2 Commits (42a29d56812fdf1a434f9093eaefa5634c1beb2e)