From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Sat, 25 Jan 2020 16:19:56 +0000 (+0200)
Subject: [CMS] Test decryption of a ciphertext encrypted from 1.1.1
X-Git-Tag: openssl-3.0.0-alpha1~421
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cf6404b14198b96a882affe917bb337e2626136c;p=oweals%2Fopenssl.git

[CMS] Test decryption of a ciphertext encrypted from 1.1.1

Current CMS en/decryption tests only validate that our current decyption
and encryption algorithms are compatible, but they say nothing about
correctness of the output for the given set of parameters.

As a partial fix in absence of proper KAT tests, we decrypt ciphertexts
generated with OpenSSL 1.1.1.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10631)
---

diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index ee227f3cdb..fd66557616 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -27,7 +27,7 @@ my $smcont   = srctop_file("test", "smcont.txt");
 my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
     = disabled qw/des dh dsa ec ec2m rc2 zlib/;
 
-plan tests => 6;
+plan tests => 7;
 
 my @smime_pkcs7_tests = (
 
@@ -631,6 +631,24 @@ subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
     }
 };
 
+subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub {
+    plan tests => 1;
+
+    SKIP: {
+        skip "EC isn't supported in this build", 1
+            if disabled("ec");
+
+        my $out = "smtst.txt";
+
+        ok(run(app(["openssl", "cms", "-decrypt",
+                    "-inkey", catfile($smdir, "smec3.pem"),
+                    "-in", catfile($datadir, "ciphertext_from_1_1_1.cms"),
+                    "-out", $out ]))
+           && compare_text($smcont, $out) == 0,
+           "Decrypt message from OpenSSL 1.1.1");
+    }
+};
+
 sub check_availability {
     my $tnam = shift;
 
diff --git a/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms b/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms
new file mode 100644
index 0000000000..1f291931ec
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms
@@ -0,0 +1,20 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIAGCSqGSIb3DQEHA6CAMIACAQIxggHwoYH1AgEDoFGhTzAJBgcqhkjOPQIBA0IA
+BAePxHUnwKL0d8UFDKE1Ey90FGDkwsy1iTttSmKeUB2ZJoM1TwbPUI9YVsSttJNV
+x+25aQ1Qnw3FnY03rcUcy94wHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAw
+fzB9MFEwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAb
+BgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290AgkA9oQ6WVaz+mMEKFSg1EdBE4qA
+rh2DJVuTJfopaDXM4ih25kIGcxz+zRTo0+8Z7XgjE1KhgfUCAQOgUaFPMAkGByqG
+SM49AgEDQgAErpcZ+4D3r+tERXL9c8pvtyRmNlYeMa7iCaVJ+YdLFtohdfrQ017/
+8CR+Q/q5ibL+eqDeg6KOxytDs2GpD+WoUTAcBgkrgQUQhkg/AAIwDwYLKoZIhvcN
+AQkQAwYFADB/MH0wUTBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBH
+cm91cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QCCQDZOZbupksgRgQo
+6OoZPATNvHJTypifw4rBfVlmDvUYcE6S7VmeEFDW9ALPw1XDa58lnTCABgkqhkiG
+9w0BBwEwFAYIKoZIhvcNAwcECKGDGhF9W/7SoIAEUJW5dEUWWwA6vIO1Db9aLJry
+Wx1zNmkFzJnkCUdsgrZxEIdT4kG5E+gLtGmA0+OO8RcoULhAWLf+s2yNN3vLTshN
+YJpevytIYpXQQgzJ8x+5BAjSDDgrrWnBugAAAAAAAAAAAAA=
+