From e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 1 May 2018 09:32:30 +0100
Subject: [PATCH] Add a CMS API test

Previous tests only invoked CMS via the command line app. This test uses
the CMS API directly to do and encrypt and decrypt operation. This test
would have caught the memory leak fixed by the previous commit (when
building with enable-crypto-mdebug).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6142)
---
 test/build.info               |  6 ++-
 test/cmsapitest.c             | 93 +++++++++++++++++++++++++++++++++++
 test/recipes/80-test_cmsapi.t | 21 ++++++++
 3 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 test/cmsapitest.c
 create mode 100644 test/recipes/80-test_cmsapi.t

diff --git a/test/build.info b/test/build.info
index 1708e9430b..535c5aae80 100644
--- a/test/build.info
+++ b/test/build.info
@@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           recordlentest drbgtest drbg_cavs_test sslbuffertest \
           time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
           servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
-          sysdefaulttest
+          sysdefaulttest cmsapitest
 
   SOURCE[versions]=versions.c
   INCLUDE[versions]=../include
@@ -373,6 +373,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[servername_test]=../include
   DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
 
+  SOURCE[cmsapitest]=cmsapitest.c
+  INCLUDE[cmsapitest]=../include
+  DEPEND[cmsapitest]=../libcrypto libtestutil.a
+
   IF[{- !$disabled{psk} -}]
     PROGRAMS_NO_INST=dtls_mtu_test
     SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
diff --git a/test/cmsapitest.c b/test/cmsapitest.c
new file mode 100644
index 0000000000..a79ae8c043
--- /dev/null
+++ b/test/cmsapitest.c
@@ -0,0 +1,93 @@
+#include <string.h>
+
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#include "testutil.h"
+
+static X509 *cert = NULL;
+static EVP_PKEY *privkey = NULL;
+
+static int test_encrypt_decrypt(void)
+{
+    int testresult = 0;
+    STACK_OF(X509) *certstack = sk_X509_new_null();
+    const char *msg = "Hello world";
+    BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg));
+    BIO *outmsgbio = BIO_new(BIO_s_mem());
+    CMS_ContentInfo* content = NULL;
+    char buf[80];
+
+    if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio))
+        goto end;
+
+    if (!TEST_int_gt(sk_X509_push(certstack, cert), 0))
+        goto end;
+
+    content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT);
+    if (!TEST_ptr(content))
+        goto end;
+
+    if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio,
+                               CMS_TEXT)))
+        goto end;
+
+    /* Check we got the message we first started with */
+    if (!TEST_int_eq(BIO_gets(outmsgbio, buf, sizeof(buf)), strlen(msg))
+            || !TEST_int_eq(strcmp(buf, msg), 0))
+        goto end;
+
+    testresult = 1;
+ end:
+    sk_X509_free(certstack);
+    BIO_free(msgbio);
+    BIO_free(outmsgbio);
+    CMS_ContentInfo_free(content);
+
+    return testresult;
+}
+
+int setup_tests(void)
+{
+    char *certin = NULL, *privkeyin = NULL;
+    BIO *certbio = NULL, *privkeybio = NULL;
+
+    if (!TEST_ptr(certin = test_get_argument(0))
+            || !TEST_ptr(privkeyin = test_get_argument(1)))
+        return 0;
+
+    certbio = BIO_new_file(certin, "r");
+    if (!TEST_ptr(certbio))
+        return 0;
+    if (!TEST_true(PEM_read_bio_X509(certbio, &cert, NULL, NULL))) {
+        BIO_free(certbio);
+        return 0;
+    }
+    BIO_free(certbio);
+
+    privkeybio = BIO_new_file(privkeyin, "r");
+    if (!TEST_ptr(privkeybio)) {
+        X509_free(cert);
+        cert = NULL;
+        return 0;
+    }
+    if (!TEST_true(PEM_read_bio_PrivateKey(privkeybio, &privkey, NULL, NULL))) {
+        BIO_free(privkeybio);
+        X509_free(cert);
+        cert = NULL;
+        return 0;
+    }
+    BIO_free(privkeybio);
+
+    ADD_TEST(test_encrypt_decrypt);
+
+    return 1;
+}
+
+void cleanup_tests(void)
+{
+    X509_free(cert);
+    EVP_PKEY_free(privkey);
+}
diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t
new file mode 100644
index 0000000000..990f8a72bb
--- /dev/null
+++ b/test/recipes/80-test_cmsapi.t
@@ -0,0 +1,21 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_cmsapi");
+
+plan skip_all => "CMS is disabled in this build" if disabled("cms");
+
+plan tests => 1;
+
+ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
+             srctop_file("test", "certs", "serverkey.pem")])),
+             "running cmsapitest");
-- 
2.25.1