[CMS] Test decryption of a ciphertext encrypted from 1.1.1

Current CMS en/decryption tests only validate that our current decyption and encryption algorithms are compatible, but they say nothing about correctness of the output for the given set of parameters. As a partial fix in absence of proper KAT tests, we decrypt ciphertexts generated with OpenSSL 1.1.1. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10631)
2025-01-30 14:01:55 +08:00 · 2020-01-25 18:19:56 +02:00 · 2020-01-25 18:19:56 +02:00 · cf6404b141
commit cf6404b141
parent cd701de96a
2 changed files with 39 additions and 1 deletions
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@ -27,7 +27,7 @@ my $smcont   = srctop_file("test", "smcont.txt");
 my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
    = disabled qw/des dh dsa ec ec2m rc2 zlib/;

-plan tests => 6;
+plan tests => 7;

 my @smime_pkcs7_tests = (

@ -631,6 +631,24 @@ subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
    }
 };

+subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub {
+    plan tests => 1;
+
+    SKIP: {
+        skip "EC isn't supported in this build", 1
+            if disabled("ec");
+
+        my $out = "smtst.txt";
+
+        ok(run(app(["openssl", "cms", "-decrypt",
+                    "-inkey", catfile($smdir, "smec3.pem"),
+                    "-in", catfile($datadir, "ciphertext_from_1_1_1.cms"),
+                    "-out", $out ]))
+           && compare_text($smcont, $out) == 0,
+           "Decrypt message from OpenSSL 1.1.1");
+    }
+};
+
 sub check_availability {
    my $tnam = shift;

--- a/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms
+++ b/test/recipes/80-test_cms_data/ciphertext_from_1_1_1.cms
@ -0,0 +1,20 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIAGCSqGSIb3DQEHA6CAMIACAQIxggHwoYH1AgEDoFGhTzAJBgcqhkjOPQIBA0IA
+BAePxHUnwKL0d8UFDKE1Ey90FGDkwsy1iTttSmKeUB2ZJoM1TwbPUI9YVsSttJNV
+x+25aQ1Qnw3FnY03rcUcy94wHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAw
+fzB9MFEwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAb
+BgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290AgkA9oQ6WVaz+mMEKFSg1EdBE4qA
+rh2DJVuTJfopaDXM4ih25kIGcxz+zRTo0+8Z7XgjE1KhgfUCAQOgUaFPMAkGByqG
+SM49AgEDQgAErpcZ+4D3r+tERXL9c8pvtyRmNlYeMa7iCaVJ+YdLFtohdfrQ017/
+8CR+Q/q5ibL+eqDeg6KOxytDs2GpD+WoUTAcBgkrgQUQhkg/AAIwDwYLKoZIhvcN
+AQkQAwYFADB/MH0wUTBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBH
+cm91cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QCCQDZOZbupksgRgQo
+6OoZPATNvHJTypifw4rBfVlmDvUYcE6S7VmeEFDW9ALPw1XDa58lnTCABgkqhkiG
+9w0BBwEwFAYIKoZIhvcNAwcECKGDGhF9W/7SoIAEUJW5dEUWWwA6vIO1Db9aLJry
+Wx1zNmkFzJnkCUdsgrZxEIdT4kG5E+gLtGmA0+OO8RcoULhAWLf+s2yNN3vLTshN
+YJpevytIYpXQQgzJ8x+5BAjSDDgrrWnBugAAAAAAAAAAAAA=
+