#! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
use POSIX;
use File::Spec::Functions qw/catfile/;
use File::Compare qw/compare_text compare/;
-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with data_file/;
use OpenSSL::Test::Utils;
$no_rc2 = 1 if disabled("legacy");
-plan tests => 14;
+plan tests => 23;
ok(run(test(["pkcs7_test"])), "test pkcs7");
@config,
"-provider", $provname);
+my $smrsa1024 = catfile($smdir, "smrsa1024.pem");
my $smrsa1 = catfile($smdir, "smrsa1.pem");
my $smroot = catfile($smdir, "smroot.pem");
\&final_compare
],
- [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
+ [ "enveloped content test streaming S/MIME format, DES, 3 recipients, cert and key files used",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
$smrsa1,
catfile($smdir, "smrsa2.pem"),
- catfile($smdir, "smrsa3.pem") ],
- [ "{cmd2}", @defaultprov, "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
+ catfile($smdir, "smrsa3-cert.pem") ],
+ [ "{cmd2}", @defaultprov, "-decrypt",
+ "-recip", catfile($smdir, "smrsa3-cert.pem"),
+ "-inkey", catfile($smdir, "smrsa3-key.pem"),
"-in", "{output}.cms", "-out", "{output}.txt" ],
\&final_compare
],
"-out", "{output}.txt" ],
\&final_compare
],
+
+ [ "encrypted content test streaming PEM format -noout, 128 bit AES key",
+ [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
+ "-stream", "-noout" ],
+ [ "{cmd2}", @prov, "-help" ]
+ ],
);
my @smime_cms_cades_tests = (
my @smime_cms_cades_ko_tests = (
[ "sign content DER format, RSA key, not CAdES-BES compatible",
[ @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
+ "-certfile", $smroot, "-signer", $smrsa1, "-out", "cades-ko.cms" ],
"fail to verify token since requiring CAdES-BES compatibility",
- [ @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER",
- "-CAfile", $smroot, "-out", "{output}.txt" ],
+ [ @prov, "-verify", "-cades", "-in", "cades-ko.cms", "-inform", "DER",
+ "-CAfile", $smroot, "-out", "cades-ko.txt" ],
\&final_compare
]
);
"-signer", $smrsa1,
"-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max",
"-out", "{output}.cms" ],
+ sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 222; },
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
\&final_compare
],
+ [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=16",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", $smrsa1, "-md", "sha256",
+ "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:16",
+ "-out", "{output}.cms" ],
+ sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 16; },
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
+ \&final_compare
+ ],
+
+ [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=digest",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", $smrsa1, "-md", "sha256",
+ "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:digest",
+ "-out", "{output}.cms" ],
+ # digest is SHA-256, which produces 32 bytes of output
+ sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 32; },
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
+ \&final_compare
+ ],
+
[ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
[ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
"-stream", "-out", "{output}.cms",
]
);
+my @smime_cms_param_tests_autodigestmax = (
+ [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize < maximum salt length",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", $smrsa1, "-md", "sha256",
+ "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:auto-digestmax",
+ "-out", "{output}.cms" ],
+ # digest is SHA-256, which produces 32, bytes of output
+ sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 32; },
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
+ \&final_compare
+ ],
+
+ [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=auto-digestmax, digestsize > maximum salt length",
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", $smrsa1024, "-md", "sha512",
+ "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:auto-digestmax",
+ "-out", "{output}.cms" ],
+ # digest is SHA-512, which produces 64, bytes of output, but an RSA-PSS
+ # signature with a 1024 bit RSA key can only accommodate 62
+ sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 62; },
+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms", "-inform", "PEM",
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
+ \&final_compare
+ ]
+);
+
+
my @contenttype_cms_test = (
[ "signed content test - check that content type is added to additional signerinfo, RSA keys",
[ "{cmd1}", @prov, "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont,
subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
plan tests =>
- (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
+ (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests) +
+ (scalar @smime_cms_param_tests_autodigestmax) + 1;
+
+ ok(run(app(["openssl", "cms", @prov,
+ "-sign", "-in", $smcont,
+ "-outform", "PEM",
+ "-nodetach",
+ "-signer", $smrsa1,
+ "-keyopt", "rsa_padding_mode:pss",
+ "-keyopt", "rsa_pss_saltlen:auto-digestmax",
+ "-out", "digestmaxtest.cms"])));
+ # Providers that do not support rsa_pss_saltlen:auto-digestmax will parse
+ # it as 0
+ my $no_autodigestmax = rsapssSaltlen("digestmaxtest.cms") == 0;
+ 1 while unlink "digestmaxtest.cms";
runner_loop(prefix => 'cms2cms-mod', cmd1 => 'cms', cmd2 => 'cms',
tests => [ @smime_cms_param_tests ]);
runner_loop(prefix => 'cms2cms-comp', cmd1 => 'cms', cmd2 => 'cms',
tests => [ @smime_cms_comp_tests ]);
}
+
+ SKIP: {
+ skip("rsa_pss_saltlen:auto-digestmax not supported",
+ scalar @smime_cms_param_tests_autodigestmax)
+ if $no_autodigestmax;
+
+ runner_loop(prefix => 'cms2cms-comp', 'cmd1' => 'cms', cmd2 => 'cms',
+ tests => [ @smime_cms_param_tests_autodigestmax ]);
+ }
};
# Returns the number of matches of a Content Type Attribute in a binary file.
return scalar(@c);
}
+sub rsapssSaltlen {
+ my ($in) = @_;
+ my $exit = 0;
+
+ my @asn1parse = run(app(["openssl", "asn1parse", "-in", $in, "-dump"]),
+ capture => 1,
+ statusvar => $exit);
+ return -1 if $exit != 0;
+
+ my $pssparam_offset = -1;
+ while ($_ = shift @asn1parse) {
+ chomp;
+ next unless /:rsassaPss/;
+ # This line contains :rsassaPss, the next line contains a raw dump of the
+ # RSA_PSS_PARAMS sequence; obtain its offset
+ $_ = shift @asn1parse;
+ if (/^\s*(\d+):/) {
+ $pssparam_offset = int($1);
+ }
+ }
+
+ if ($pssparam_offset == -1) {
+ note "Failed to determine RSA_PSS_PARAM offset in CMS. " +
+ "Was the file correctly signed with RSASSA-PSS?";
+ return -1;
+ }
+
+ my @pssparam = run(app(["openssl", "asn1parse", "-in", $in,
+ "-strparse", $pssparam_offset]),
+ capture => 1,
+ statusvar => $exit);
+ return -1 if $exit != 0;
+
+ my $saltlen = -1;
+ # Can't use asn1parse -item RSA_PSS_PARAMS here, because that's deprecated.
+ # This assumes the salt length is the last field, which may possibly be
+ # incorrect if there is a non-standard trailer field, but there almost never
+ # is in PSS.
+ if ($pssparam[-1] =~ /prim:\s+INTEGER\s+:([A-Fa-f0-9]+)/) {
+ $saltlen = hex($1);
+ }
+
+ if ($saltlen == -1) {
+ note "Failed to determine salt length from RSA_PSS_PARAM struct. " +
+ "Was the file correctly signed with RSASSA-PSS?";
+ return -1;
+ }
+
+ return $saltlen;
+}
+
subtest "CMS Check the content type attribute is added for additional signers\n" => sub {
plan tests => (scalar @contenttype_cms_test);
}
};
+subtest "CMS Check that bad encryption algorithm fails\n" => sub {
+ plan tests => 1;
+
+ SKIP: {
+ skip "DES or Legacy isn't supported in this build", 1
+ if disabled("des") || disabled("legacy");
+
+ my $out = "smtst.txt";
+
+ ok(!run(app(["openssl", "cms", @legacyprov, "-encrypt",
+ "-in", $smcont,
+ "-stream", "-recip", $smrsa1,
+ "-des-ede3",
+ "-out", $out ])),
+ "Decrypt message from OpenSSL 1.1.1");
+ }
+};
+
subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub {
plan tests => 1;
SKIP: {
my $skip_reason = check_availability($$_[0]);
skip $skip_reason, 1 if $skip_reason;
+ 1 while unlink "cades-ko.txt";
ok(run(app(["openssl", "cms", @{$$_[1]}])), $$_[0]);
ok(!run(app(["openssl", "cms", @{$$_[3]}])), $$_[2]);
"Verify CMS signed digest, S/MIME format");
};
+subtest "CMS code signing test" => sub {
+ plan tests => 7;
+ my $sig_file = "signature.p7s";
+ ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont,
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "smrsa1.pem"),
+ "-out", $sig_file])),
+ "accept perform CMS signature with smime certificate");
+
+ ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-content", $smcont])),
+ "accept verify CMS signature with smime certificate");
+
+ ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-purpose", "codesign",
+ "-content", $smcont])),
+ "fail verify CMS signature with smime certificate for purpose code signing");
+
+ ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-purpose", "football",
+ "-content", $smcont])),
+ "fail verify CMS signature with invalid purpose argument");
+
+ ok(run(app(["openssl", "cms", @prov, "-sign", "-in", $smcont,
+ "-certfile", catfile($smdir, "smroot.pem"),
+ "-signer", catfile($smdir, "csrsa1.pem"),
+ "-out", $sig_file])),
+ "accept perform CMS signature with code signing certificate");
+
+ ok(run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-purpose", "codesign",
+ "-content", $smcont])),
+ "accept verify CMS signature with code signing certificate for purpose code signing");
+
+ ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", $sig_file,
+ "-CAfile", catfile($smdir, "smroot.pem"),
+ "-content", $smcont])),
+ "fail verify CMS signature with code signing certificate for purpose smime_sign");
+};
+
+# Test case for missing MD algorithm (must not segfault)
+
+with({ exit_checker => sub { return shift == 4; } },
+ sub {
+ ok(run(app(['openssl', 'smime', '-verify', '-noverify',
+ '-inform', 'PEM',
+ '-in', data_file("pkcs7-md4.pem"),
+ ])),
+ "Check failure of EVP_DigestInit in PKCS7 signed is handled");
+
+ ok(run(app(['openssl', 'smime', '-decrypt',
+ '-inform', 'PEM',
+ '-in', data_file("pkcs7-md4-encrypted.pem"),
+ '-recip', srctop_file("test", "certs", "ee-cert.pem"),
+ '-inkey', srctop_file("test", "certs", "ee-key.pem")
+ ])),
+ "Check failure of EVP_DigestInit in PKCS7 signedAndEnveloped is handled");
+ });
+
sub check_availability {
my $tnam = shift;
return "";
}
+
+# Test case for the locking problem reported in #19643.
+# This will fail if the fix is in and deadlock on Windows (and possibly
+# other platforms) if not.
+ok(!run(app(['openssl', 'cms', '-verify',
+ '-CAfile', srctop_file("test/certs", "pkitsta.pem"),
+ '-policy', 'anyPolicy',
+ '-in', srctop_file("test/smime-eml",
+ "SignedInvalidMappingFromanyPolicyTest7.eml")
+ ])),
+ "issue#19643");
+
+# Check that we get the expected failure return code
+with({ exit_checker => sub { return shift == 6; } },
+ sub {
+ ok(run(app(['openssl', 'cms', '-encrypt',
+ '-in', srctop_file("test", "smcont.txt"),
+ '-aes128', '-stream', '-recip',
+ srctop_file("test/smime-certs", "badrsa.pem"),
+ ])),
+ "Check failure during BIO setup with -stream is handled correctly");
+ });
+
+# Test case for return value mis-check reported in #21986
+with({ exit_checker => sub { return shift == 3; } },
+ sub {
+ SKIP: {
+ skip "DSA is not supported in this build", 1 if $no_dsa;
+
+ ok(run(app(['openssl', 'cms', '-sign',
+ '-in', srctop_file("test", "smcont.txt"),
+ '-signer', srctop_file("test/smime-certs", "smdsa1.pem"),
+ '-md', 'SHAKE256'])),
+ "issue#21986");
+ }
+ });
+
+# Test for problem reported in #22225
+with({ exit_checker => sub { return shift == 3; } },
+ sub {
+ ok(run(app(['openssl', 'cms', '-encrypt',
+ '-in', srctop_file("test", "smcont.txt"),
+ '-aes-256-ctr', '-recip',
+ catfile($smdir, "smec1.pem"),
+ ])),
+ "Check for failure when cipher does not have an assigned OID (issue#22225)");
+ });
+
+# Test encrypt to three recipients, and decrypt using key-only;
+# i.e. do not follow the recommended practice of providing the
+# recipient cert in the decrypt op.
+#
+# Use RSAES-OAEP for key-transport, not RSAES-PKCS-v1_5.
+#
+# Because the cert is not provided during decrypt, all RSA ciphertexts
+# are decrypted in turn, and when/if there is a valid decryption, it
+# is assumed the correct content-key has been recovered.
+#
+# That process may fail with RSAES-PKCS-v1_5 b/c there is a
+# non-negligible chance that decrypting a random input using
+# RSAES-PKCS-v1_5 can result in a valid plaintext (so two content-keys
+# could be recovered and the wrong one might be used).
+#
+# See https://github.com/openssl/project/issues/380
+subtest "encrypt to three recipients with RSA-OAEP, key only decrypt" => sub {
+ plan tests => 3;
+
+ my $pt = srctop_file("test", "smcont.txt");
+ my $ct = "smtst.cms";
+ my $ptpt = "smtst.txt";
+
+ ok(run(app(['openssl', 'cms',
+ @defaultprov,
+ '-encrypt', '-aes128',
+ '-in', $pt,
+ '-out', $ct,
+ '-stream',
+ '-recip', catfile($smdir, "smrsa1.pem"),
+ '-keyopt', 'rsa_padding_mode:oaep',
+ '-recip', catfile($smdir, "smrsa2.pem"),
+ '-keyopt', 'rsa_padding_mode:oaep',
+ '-recip', catfile($smdir, "smrsa3-cert.pem"),
+ '-keyopt', 'rsa_padding_mode:oaep',
+ ])),
+ "encrypt to three recipients with RSA-OAEP (avoid openssl/project issue#380)");
+ ok(run(app(['openssl', 'cms',
+ @defaultprov,
+ '-decrypt', '-aes128',
+ '-in', $ct,
+ '-out', $ptpt,
+ '-inkey', catfile($smdir, "smrsa3-key.pem"),
+ ])),
+ "decrypt with key only");
+ is(compare($pt, $ptpt), 0, "compare original message with decrypted ciphertext");
+};
projects / openssl.git / blobdiff