Implement PKCS7_encrypt and PKC7_decrypt (#1996)

This PR adds 2 new functions to encrypt/decrypt BIO contents into/out of
"enveloped"-type PKCS7 objects.

Like OpenSSL, this implementation of `PKCS7_decrypt` contains
mitigations against the "Million Message Attack" (MMA) as prescribed in
[RFC 3218](https://www.rfc-editor.org/rfc/rfc3218). A more detailed
description is given in source comments.

crypto/pkcs7/bio/bio_cipher_test.cc

@@ -13,9 +13,6 @@
 // NOTE: need to keep this in sync with sizeof(ctx->buf) cipher.c
 #define ENC_BLOCK_SIZE 1024 * 4
 
-#define BIO_get_cipher_status(bio) \
-  BIO_ctrl(bio, BIO_C_GET_CIPHER_STATUS, 0, NULL)
-
 struct CipherParams {
   const char name[40];
   const EVP_CIPHER *(*cipher)(void);

crypto/pkcs7/bio/cipher.c

@@ -193,7 +193,6 @@ static int enc_write(BIO *b, const char *in, int inl) {
 static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) {
   GUARD_PTR(b);
   long ret = 1;
-
   BIO_ENC_CTX *ctx = BIO_get_data(b);
   EVP_CIPHER_CTX **cipher_ctx;
   BIO *next = BIO_next(b);
@@ -326,3 +325,7 @@ const BIO_METHOD *BIO_f_cipher(void) { return &methods_enc; }
 int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **ctx) {
   return BIO_ctrl(b, BIO_C_GET_CIPHER_CTX, 0, ctx);
 }
+
+int BIO_get_cipher_status(BIO *b) {
+  return BIO_ctrl(b, BIO_C_GET_CIPHER_STATUS, 0, NULL);
+}

crypto/pkcs7/internal.h

@@ -223,6 +223,12 @@ OPENSSL_EXPORT int BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
                                   const unsigned char *key,
                                   const unsigned char *iv, int enc);
 
+// BIO_get_cipher_status returns 1 if the cipher is in a healthy state or 0
+// otherwise. Unhealthy state could indicate decryption failure or other
+// abnormalities. Data read from an unhealthy cipher should not be considered
+// authentic.
+OPENSSL_EXPORT int BIO_get_cipher_status(BIO *b);
+
 #if defined(__cplusplus)
 }  // extern C
 #endif