From: Nicola Tuveri Date: Sat, 25 Jan 2020 16:19:56 +0000 (+0200) Subject: [CMS] Test decryption of a ciphertext encrypted from 1.1.1 X-Git-Tag: openssl-3.0.0-alpha1~421 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cf6404b14198b96a882affe917bb337e2626136c;p=oweals%2Fopenssl.git [CMS] Test decryption of a ciphertext encrypted from 1.1.1 Current CMS en/decryption tests only validate that our current decyption and encryption algorithms are compatible, but they say nothing about correctness of the output for the given set of parameters. As a partial fix in absence of proper KAT tests, we decrypt ciphertexts generated with OpenSSL 1.1.1. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10631) --- diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index ee227f3cdb..fd66557616 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -27,7 +27,7 @@ my $smcont = srctop_file("test", "smcont.txt"); my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) = disabled qw/des dh dsa ec ec2m rc2 zlib/; -plan tests => 6; +plan tests => 7; my @smime_pkcs7_tests = ( @@ -631,6 +631,24 @@ subtest "CMS Check that bad attributes fail when verifying signers\n" => sub { } }; +subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub { + plan tests => 1; + + SKIP: { + skip "EC isn't supported in this build", 1 + if disabled("ec"); + + my $out = "smtst.txt"; + + ok(run(app(["openssl", "cms", "-decrypt", + "-inkey", catfile($smdir, "smec3.pem"), + "-in", catfile($datadir, "ciphertext_from_1_1_1.cms"), + "-out", $out ])) + && compare_text($smcont, $out) == 0, + "Decrypt message from OpenSSL 1.1.1"); + } +}; + sub check_availability { my $tnam = shift; diff --git a/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms b/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms new file mode 100644 index 0000000000..1f291931ec --- /dev/null +++ b/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms @@ -0,0 +1,20 @@ +MIME-Version: 1.0 +Content-Disposition: attachment; filename="smime.p7m" +Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" +Content-Transfer-Encoding: base64 + +MIAGCSqGSIb3DQEHA6CAMIACAQIxggHwoYH1AgEDoFGhTzAJBgcqhkjOPQIBA0IA +BAePxHUnwKL0d8UFDKE1Ey90FGDkwsy1iTttSmKeUB2ZJoM1TwbPUI9YVsSttJNV +x+25aQ1Qnw3FnY03rcUcy94wHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAw +fzB9MFEwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAb +BgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290AgkA9oQ6WVaz+mMEKFSg1EdBE4qA +rh2DJVuTJfopaDXM4ih25kIGcxz+zRTo0+8Z7XgjE1KhgfUCAQOgUaFPMAkGByqG +SM49AgEDQgAErpcZ+4D3r+tERXL9c8pvtyRmNlYeMa7iCaVJ+YdLFtohdfrQ017/ +8CR+Q/q5ibL+eqDeg6KOxytDs2GpD+WoUTAcBgkrgQUQhkg/AAIwDwYLKoZIhvcN +AQkQAwYFADB/MH0wUTBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QCCQDZOZbupksgRgQo +6OoZPATNvHJTypifw4rBfVlmDvUYcE6S7VmeEFDW9ALPw1XDa58lnTCABgkqhkiG +9w0BBwEwFAYIKoZIhvcNAwcECKGDGhF9W/7SoIAEUJW5dEUWWwA6vIO1Db9aLJry +Wx1zNmkFzJnkCUdsgrZxEIdT4kG5E+gLtGmA0+OO8RcoULhAWLf+s2yNN3vLTshN +YJpevytIYpXQQgzJ8x+5BAjSDDgrrWnBugAAAAAAAAAAAAA= +