From 5771017d06be0ba9d82203de0e5ff45b0c616d66 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Wed, 19 May 2021 19:44:22 +0200
Subject: [PATCH] apps/cms.c: Correct -sign output and -verify input with
 -binary

Also add related warnings on irrelevant use of -nodetach and -content options.

Fixes #15347

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15358)
---
 apps/cms.c                  |  25 ++++++++++++++++++++-----
 doc/man1/openssl-cms.pod.in |   4 ++--
 smcont.signed_              | Bin 0 -> 10486 bytes
 test/recipes/80-test_cms.t  |  21 +++++++++++----------
 test/smcont.bin             | Bin 8000 -> 8000 bytes
 5 files changed, 33 insertions(+), 17 deletions(-)
 create mode 100644 smcont.signed_

diff --git a/apps/cms.c b/apps/cms.c
index e9fe29ab8e..da00ece93b 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -287,10 +287,11 @@ static void warn_binary(const char *file)
                 BIO_printf(bio_err, "Warning: input file '%s' contains %s"
                            " character; better use -binary option\n",
                            file, *cur == '\0' ? "NUL" : "8-bit");
-                break;
+                goto end;
             }
         }
     }
+ end:
     BIO_free(bio);
 }
 
@@ -320,7 +321,8 @@ int cms_main(int argc, char **argv)
     char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL;
     char *to = NULL, *from = NULL, *subject = NULL, *prog;
     cms_key_param *key_first = NULL, *key_param = NULL;
-    int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
+    int flags = CMS_DETACHED, binary_files = 0;
+    int noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
     int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
     int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
     int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF;
@@ -811,14 +813,26 @@ int cms_main(int argc, char **argv)
 
     ret = 2;
 
-    if (!(operation & SMIME_SIGNERS))
+    if ((operation & SMIME_SIGNERS) == 0) {
+        if ((flags & CMS_DETACHED) == 0)
+            BIO_printf(bio_err,
+                       "Warning: -nodetach option is ignored for non-signing operation\n");
+
         flags &= ~CMS_DETACHED;
+    }
+    if ((operation & SMIME_IP) == 0 && contfile != NULL)
+        BIO_printf(bio_err,
+                   "Warning: -contfile option is ignored for the given operation\n");
 
     if ((flags & CMS_BINARY) != 0) {
         if (!(operation & SMIME_OP))
             outformat = FORMAT_BINARY;
         if (!(operation & SMIME_IP))
             informat = FORMAT_BINARY;
+        if ((operation & SMIME_SIGNERS) != 0 && (flags & CMS_DETACHED) != 0)
+            binary_files = 1;
+        if ((operation & SMIME_IP) != 0 && contfile == NULL)
+            binary_files = 1;
     }
 
     if (operation == SMIME_ENCRYPT) {
@@ -902,7 +916,7 @@ int cms_main(int argc, char **argv)
     if ((flags & CMS_BINARY) == 0)
         warn_binary(infile);
     in = bio_open_default(infile, 'r',
-                          (flags & CMS_BINARY) != 0 ? FORMAT_BINARY : informat);
+                          binary_files ? FORMAT_BINARY : informat);
     if (in == NULL)
         goto end;
 
@@ -945,7 +959,8 @@ int cms_main(int argc, char **argv)
             goto end;
     }
 
-    out = bio_open_default(outfile, 'w', outformat);
+    out = bio_open_default(outfile, 'w',
+                           binary_files ? FORMAT_BINARY : outformat);
     if (out == NULL)
         goto end;
 
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 6e0f86804a..c63a7f330b 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -507,8 +507,8 @@ will be written to this file if the verification was successful.
 
 =item B<-content> I<filename>
 
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the CMS
+This specifies a file containing the detached content for operations taking
+S/MIME input, such as the B<-verify> command. This is only usable if the CMS
 structure is using the detached signature form where the content is
 not included. This option will override any content if the input format
 is S/MIME and it uses the multipart/signed MIME content type.
diff --git a/smcont.signed_ b/smcont.signed_
new file mode 100644
index 0000000000000000000000000000000000000000..59701f31d472e29dbd2cdb47f70a1c888a345b96
GIT binary patch
literal 10486
zcmeHNXH-+|mPS+*Faj1(Y!rLIBqXE=s3$!@8tGAibP`fXBO!_vu^@I7D@ajM1QZ1Y
z1;tMh0lOa}RutqD1W`c*{hWC3ow;-GtaWGB%%Az;S^06Y-@SMCdERF~IcvR}N}&=0
zxiW)Msnag>fh~Z7TyQ$ANv1UgvXc^I3w<<ZwMm&EGMFGnr9vx{hWI2HbS9ldrw;QI
zB_ybo5|POs3rUEV7*T;geMBa+LFO0Yqp>fk6=8nHI8k6wFw$-j>&#lI$dDA~7ihmQ
z0FH=+2B8Q50H9z*A`XW`!O+AYBnpKJMq}}QAQzAeJ5Fizv42Eb9~OjaFV^R;W%y`h
zMx#g}`|0yD*?*r7<Ra5b10@Ev90vO9y;=@(arkxpLg0Uaz~9*vWM|X=BEheaUkLm{
z;1>eF5coeKV4k0HFxK+zH3m1~9VpXCZ#^|I=((-4Zw2f|KjS&De%UTJ;-luA<(KMC
zSNNXt4Ou(=e4jS`{4G(jem&#**6sTn=20IHEA{ij4I3XlqctbG0llw1&!Mu}f7_&%
z1J9n%4IK`>_a&f1yvTid>1y~gXBu4oRR6hS?LvgV)v#ej!mg-;m6+&VquPlZGLJ7P
z07=oE%Qd6^jGA?M$!L7&@l~Mmy1m;E8=j<iM+OgF#`S)&o%OynZo%~;uWzm|CyP#R
zYt6Qy<%NqH+%=C?-7&SMbjRh2qe<06d0ddol!CQwQ+8i;9oey~@_V7zjn;$9UhG(Z
z+pl+d{$|Qao4#(3mC$)U`bR@!gx5I}!Vz;mf999(`T9;2IP^@eH)Pf2@D7jj?dR8{
z1k}{zNu7xodF$Sf?YY~;ytwo5Dko6t)|RZ_E1ABzFYX7V4R;O>nsgT~+dVVTvrWhI
z@mBUXJryzk{IZ3$;Nz8yv>@?*din<cEi1w#b@|;vg###BOa_si8UhZV$~`;hO4LoA
zZKz?#aP*h0w6sN*-wRK|^sg5`syho$5V!RW9V!c+H8L?aWn0nh$*zclUP;q056uU;
zNN2Kc^vRAWF2!!y$lfjq=<^<Vsc+~F@qy<i9BXg{^?J_kOvdeP?&;<mjHUe94O1NB
z^L<DM9HG&Oaqmj&uHPsO^M94UPq@ETaG^W97Fe(9`NCecB={rr-PPeg?k6#Q>%>y}
zkUGEV#E{t4=MLe}CnRqm=KjU_+NpPZOFqv&5q>SFIxGDis<(l<EeXEc`G6X4xz*%g
z`rMQiSzPECbgQIuBz{bPv6R-*vaXoEGq#PTu$3J*oGVLjoFZ5Ge0HpHKN?`*?>oRc
z+%(1@o4?@Up5x5@j8}&i^VC=CeOAs*EyQ8hy5*4{3yOiKA8Ni;?$`<2(e=bONQSVG
zIiKo<XW3m3PK`Qn^Vr*3RD5ljwXx*^x;r;9qBMZbx#)PbCoR(LP|L9Ha>ejV`uPFS
zcn{6n0H^S;RpISZJYV{A;zCB<O+B?~R^Ue4*$kL*Xy@RK#0lF!<QUiW`l1~})Y_88
zZ?Ug}1mzBYis)~Sji(J2)EAG;czJcrKu^dybLjCW_XQsF^j9*xx*cc_9yw%YG@u+a
zw>kw^Ov%(@6@IzfWoJi295!`r+P}&lyeZ(xu^*!8S-*`x2y$6_!p7SPa{0XdZeVSC
zdd!^i6{*9v-_Clv;nuo=u!^h&4+`_BmmK%IoniWZKXgs%=?<Meg_g8<+_bmVG0!F~
zc{oHPt=k*ao5R}C*q-O#ntP1mmttJ{XN~Kp+UrZdO@Z!tkz0a3@OIyax$NoFKrW%L
zt)MmUoN{bqClfLrvH6~&VIJZ0#9H6>%wZ>U)4SZFk7}M*5Z6C4Y4g^BToR-ku7r>)
zHebHMew@_FXqlmT?^?7%S-S6D<aqe#t}l%}VR+MVZ*}FXUR1Xu^8j2q{mG9JCskdq
zBS6V-EmoBJck_{zy*aiy!9O&#og-HxR@XyGA1`lUq-H9c^H=X#bOq${Y8&s-jGai`
zq>91nlN1M#%Y?u*O6{kKP0v4Nmj4Dr@`pcX4HCTHn1ktSljkqra=9$JWTv7y;9$Tw
zD_Q*J!@#Gkuerw>bLRCNEuBPPn^u4~)dhKs$$9wkOLpPYBVb9VKXUBL`JRz?f|4)N
zCU1^jx9+KO#mMe4!B0%(UrX=o?RW%PP{liuy?5x;ZS2hFA2A{4q6SSmXHIr)`^;ea
zjtfTGowOEq-52vnFU&ca!;+Oz6E_$0m2)OWehoNL9=4w1pR(|H!ux^PDW$H5Gk_lr
zAbM3aYI!N5U*vq+hC4aX_#H;LsyNxj2=};r^^dI5={x-+cNGV>A16O88nHX|>YT=k
znc477i@zo_8fGu3Z?Sq#PDmLaKlV1r<@}P0w=;nH-`{E4Ut)B?&6Pz9^M7P7V?OWA
zM1Athe=#t<%55!h$kDWFvLS2YVe;gRMJeh-W4CQ<?b`@UzVB>th^s#eC>SHRCEw+&
z@UKKrlkc=%?0xo$GO%H|rxlKS9(PNYgI!caEI|Z{cg+j}_^-*!SNIHj;df1((!Q>Y
zrfL<G|EP<uZ-e>GiR-#_wQ<<c!|EKawjrmstMNtRn3S+5t)<;N<<s`1jx2Kj5xT9<
z_)>U|amMrdQ7^aoH8nZ9=CpbruMDqG%aU;`%FvFahUK|eluI((rj;jVmE|A16+1RP
zU`_pg2e>!poGnPNUetJeaiH_SlC@FAurafXo~_xnYhYQ#U2xAVyj#J5X2~&FhVlB+
z5v>DNIGbB{K~LdW$eNYjUr*=t+&T1o8hkY0_fplPt=;DWcaP7FG31Ziw)ch&vE$A9
zE8BKG4d=$DFTAv9%hTtbze_usPSTqncojL-hc&*qvNxg-9WQ^qW_#ituLEC4W(iCE
zlR%#xr?tgAzHwgQ8KG4>56!F@ebB?`F?jvygwdHDO{<-ZZwE8lFqXX{pBMg-3t~1#
z9T_~k|1oa3vk%f?%jt%O3(b#tm039@nxii&n_H{#$Fr+`^eZCM(!$SO!;_5b`&*w;
zs(K}b4{hZ=v4VD|(*2w#Q_8_(Dy8wz4NEw)#EtGBIGjUkY@r&kM@WmNvMeG|^>Ea{
zA9){7b#+2-&mG`OgF@TO_s+P$?~w^h(mU7eeDTKc=>POq@GJNi0>2RWg}^Taej)G+
zf&Ui>ygyv$b+y_(G}Ij*<Mrjvn29?|YhRA<m_M><-$gCz$ijAA2~gs@<-0)iNVV`=
z_W3QkZvpGl{IUb$*Gw9f@;K|vBzcLlB|$Va)sdHY_|fRHZ_DP6ES;IDuNm?C=XYZ+
zKk$8f$=9nN-ZNpEV5eG#?#T5X>^S!N7;!4$j!(;K(1~rntFqfS#0nPHY~2+4><>NL
zRib+bMrV92(NFv$bG1!QZkKQ5d|W#nCyxknj4cxeXyC5LA7hue^<xp6oCdLzGKFKr
zWo+}JX$6KGWmivR4>si=upd;o9$eP9Wb(mDHDe;foGZ?>iwCM}H>I8KqfCzGIrlw$
zTi?z*aqEd<;)*fT22GgTL$iOQl`q&kO7BbQGjxv*UQxDk;;1^0j)8K+wDI3wpFbu?
zCZ~Kma--taz3lS-ZgoPFVCw0|U8~<c#3az27p|;&Jj?g<<m8@%<??*@SgENdHMzff
z$wk@}+YzNF?5RhpTl=)0JLr}xtDw$jrv8Y&yVfz}zQVh0GiWyo2x~rdVv0(BVy1UT
z^y=POPl#(eQq%hS{|J7xW7yTq6K#EgPLyWOAIXn5&Pn&^#CSD_mEQVNh`X9~YB0+T
z<y1mqPb9#GgSfW11ye5(n%~w`nktbqx+gE-^N;V1!fVNC*(d4eD^_j#?e-dC`I+p^
z8=Wi^pO}rWFPrb_Ef+r2RFq9F8FYmYeEkX;{HmD8$I8}B%Xr_GMR(mp>_13(wtrk@
z$?bQ96^wbp8K9<XFLzBz#|`_u*@-9V=mcJUyb)c|v!@r$**)$8xawF{&#Z#|rw+}z
zJ%97%RjcsN)n#c#k9QB{HSN5!?^x-dN2fL{G`=&ft!Z4^)=UK3q6@#`<To1(A&lfB
zS0*b%USF^Aj<2GJ=8n19F%h-N>G?s-{wvvg*5%UN->)n|l{Dc8G7WdX-|Tzx>_8Z5
zeSgf&`{-J#x31&P#y#U!=R4GmJ-cdc?Npr4<x$oNkZ<4HI!2vU<o<Sal4Hh7<$ZM7
zrXOPvmWwmyG&k4p5FE+=czIr__tA;Gokv3dyd>S+7~-HT-f}w3f7s}br^!|OK4$v$
zbxWhR4<o!g-P5#n(bmDjs_w%z_@nc4GWX4&_PE44VhJU0=4)_V_oCVnfj2s9@@`BE
zBhP3nDpI<h@k^Sw#`%@x!MLP(TR|?RQFG^sS5ImCGVjA|IrJ^arLlP6HF4LPo8!p4
zXjfK0?Sy7cTI;;%0jTTV(yl%J7{8l!n0*Tue0Z_xJak#*_!`o+vzl{kkc(5|Dt+#i
z9vo!d#n@u4&a&uxMDO|^MVd(mQ%1fYT7tc{F0L-|e(*yeR~;72O^p~<VlHO*u-(^{
zF7f7X$5%$SWw(u&v%NpeCk%_CEdLCDU$ZaQZLE{+LBHO#bx!5OuUzZvE9p72Yf296
zE+O2{FjC)aZ-S8L=;7`$RkJn@;$8}4w<e%uP5KE^r-Bj1125}$XD*eTY=rCT!Y1r4
z=mLqx&J9fdynCU91g#!R`xw*f0dnzF?|ldFz5V)h2z%y=r4<(>tGJm1PBrj4oG08N
z)pO40jW)@#<_(0kH+07oaj_ADGyU5!#G~Il$yR@QN0~<^51@uFK8v<&m=|<y0Qs(q
z9I_ZZu-VX&vbCvVkE6suTFQ;>8dPq;9<^MM9Gv%FI<w!u*}*o(agaOro!R}psVFPA
z^}@u9K~E+Oo0ELr^ynl}*yna92Ri^e!f<E}Ts>jdnc?$OC-&Wx%)Cv1Q0;xxN1^#l
z)tyNHbVfhrV$u1+jt0lJ;Ylyj^BWd(`ceuSUiD7wd9&QDpo}tZ-`bFS&Ky6|(-59;
z?lOhrv{Of?FQ+%<EV*?7QBYELI5sCGN6(f1mWyk~qw2Zk%HJsYHT;FWtZT)6IR!(=
ze8P7BfZ>n(2OK60Eq+AO4EE+#x!!Aazce6<$U5ShKKY}edO7zjZI}Cn8N!%1)rU%b
z;RWAP&>KcPL--6{b858ecgV31@;~{GznXO`6{>UtukPk2ocOTv>)f!z1>u)3+~>RI
z<&Q0zeR##91RAF`Boxu#)9N&dMtf8;%i+?Vsew`-LEHPL>!?G1g->_ysUCg9A#H^7
z)nyg_p;nN~AHFG@qYKh!$<l&js!!$}O9od+wyECSi}ZkPxaQSMoiTsH(1+`86P$l9
zX2on=*i+Os_s<FGyLOh@3aq{OtELz9((f;pj%q(FjhI-MbZ-<Rw4Z(_Zy@RF1F7W=
zZ$`kQdHWl2pZjvR2elYZmuXc#V?FwRr+ypTb9e{JwOOCtn?E4!Yk)m;^-tYCcNO0;
zR8sSYGQ-QVy0VsHtnK{PB)H&~`Z<5+W>3kN<rP*e<aR|W=TfI1c74k^2r=X1NnrVi
zih24;Wh`>v)cP4!?Q=QPdz{prkE4?0)y%8XgEb#N`{gZumPlVdzkxSRU(xXdzos%4
z?|U}nozJ=lcz5Tg<IW9&ZWZtAxf{>T*aNMuQZzQM>)*LTtCN&7=l0)r_JCEM#;y`Y
z_TL*lzXcLa?W&tNChqh~+2HPiilzgO=UUc7HlM}K{bMXRBF5Mo@a*mzWMe1nK>6Kk
znfsBJMT6C&=GMoSUhFu)E?!d8d(U{n>uvpli1)=)zlIL$%sYZed6233_8>XLU-;Ye
zk02My#F2W}=NU)DC#XNXAEJ(@B#J+cp4_suVf_F6@ckdB3jW39K!}f4q><Uj1~f{I
zY(WCbXrBZ4k6?pHYn00jfds8YCsk?{3w^{QqYR1oy9-`vOwbvXKW7pa`iM*>kt9xI
zpJoX0kt@}*|C$-(LZwiMI;J2zLMNoeB}!-jQ-agkZSg7`4l6+504BkTX9JN~g<268
zufPhKR05zNSa6oV#(-S@7KOD(;lu4wKoZ5GP*5Ut0M#B%!4U}%xj-HiVIlJY1Pu;n
zq0L;9&LSr#%4JjlO0pNv(vw&eF&xh%U~v`>K*h#ei8g?XRnWLtfJ(({xavqgO)Vw~
zOp+kAR;=O1+jH~rY>I`7mn4B)=y(E@$`)AYM4bR{qgbgbz(TVDb{o@5QvnE`3J_AG
zBo-o5fafxqcsvlS7P4SAA<wF@XHEdQ2!revyuErB#e)9_JP24U6TmAJ1P1VPovFjw
z@3BCH3Zmr3#l?wGvY;dj1LOkZGf)VFOh<wzzy!ENj+||^New(RJb{`hPhv5}l6VP*
zqC?n(V5J>LUJ{CFGzT-(L@NY>mk9A77l?`g1>;l#sZ66XBa}E4l9q%})09{amxjQT
z_$Z`aN}z=c@InMhtBOF8EO9(OkHcUDiRc!UNC9#o$RPla&Bw5!Y*I3TV#8{cW-MNz
z3YJM>LJXZ_;OY~YSg?^7g@@s(#CQY8K(MN~Y-6xcuZT0+&s>xkl28w3$;81dJv2eA
z=0eQWcpfW)fn)NlCW<go7p@@KOiCji3MPvg5nx`ToGMl$wecphC_-XK(rUv*Ae0oX
zi4JB8F!DqwIXs-9Hk-^*iJXWaFiAv%b0yXY1QV^5FqvSb4k~0QgJhIA022q%#@k15
z$WVPa870917W;6Fh^C+t5f<{#or{9fu~-3tNSBEbO1(*`u^^M+!l+;Yf~>(s@DY5v
zl8Qy!83n*NQi_EspkhV9zw`#sq@TV73jqtUFo{$<_W(KCV&|mgFTcmY0!%!hkO4oL
z`p-NC5ET0|R$(PU%|aYA0)c?yStgpED&SB-E=CNWXF;1xa065#RI3whVj+u304P{I
z5s4Qu_y|1(g9DQzEod_>0z!w$5}{(ERIAgWNl|1p){dkI0CZX~3Jjq#2zZ^0h)^er
zutq*1oXp0NNGuDCo5&=wElJ@xGds%0hmy1kDpN1AL~4V=q3lQu$b|;xMntmE76nHX
zjEytJCq>ffVyH+CPS9YvVxbAohcM&BC^MOBg%A_t5}0gNlnKkED7cAA34(yMbCR8)
zN5hdyjuk+{Q78z4turJN?ITK2GLb-K5h>&7V7)amm<S{25I~SLF-dIVBarrgU?l^K
z#@OGYC=dxl%!y)9=van`#3yiJ7#p4)6o(et1OgI41s6$-)Nra2hsG$d=x_xUA*I8~
zVtYsw8_m$#>>4GY;FxTC@2Q|a^~geH|Lbo4OD_Wy4jW@<l)wPkkJ%)61zawTObX_R
zR9LhOgF*a7!2}c`1>kY;So^l<DCBr5R`H*AIUKMN?8+Cfx2s&dl7z89u~-YiLI(b`
zUd9utO!QAJvQqJ!B&uCnsCb2i#?@IO|E7^Y71GX0W;}t)q7Wz~aim;;MvD~yl5FP&
z31U`~qL2m?3JuUX94wb(B*)_+2>{(1PbJ6yM?D}HyFP~FZA2s0E}uX3_wUsc^i;q|
z!trn<7C=-37ABUc`X|k1Qhu^pA+QVc-;~}WvEcvVI|T<QaDQbw?%x&JuCofF-6kPn
zSw_13DJ&H7UwYvmJP5jf?hk;;0k9N%e~_ahDGUq|fkQIz;RZXSs2qzBr?aZ1Vg-c_
zHPK8e5t4xb=uje047FicA`>PY8zfgH;vz{rD^exaVpKe_6ar=0SXM^7(XO=dK_V~<
z#$|v>P<b3*k2V7|U7QZf6DCm^ibzTXCX&P9E5sx^&K57Dq0r%S6qF0qQ4t(91O>J~
zg&@erwD2Ih1OXo}73mY`N;OFaK*G&r1ew8%xA57PATlmdEJ+AvaI{h&Nvlv81vWKG
z1&h=&s3MRH7_PxvkY>4trw*oaHGHhm7$g(Yz(klq!BSvllDK#dEj-BtW2)t3p&3fl
zh%Gv^MvH{85J-qXY)2Aoi=<N`pm1?;q{@us(uqh2feVEO%TU2$6HX_jAqj#gMUpu<
pf)s_N2p9x&q!}V7O2ScqmQ51c&-c_ShDpZ^`=3t%1_u80{Wp74<s<+A

literal 0
HcmV?d00001

diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 7896bc9b12..193c738a5d 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -818,7 +818,6 @@ subtest "CMS binary input tests\n" => sub {
     my $cert = srctop_file("test", "certs", "ee-self-signed.pem");
     my $key = srctop_file("test", "certs", "ee-key.pem");
 
-    plan skip_all => "Binary input tests currently disabled on Windows" if $^O =~ /^MSWin32$/;
     plan tests => 11;
 
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
@@ -829,29 +828,31 @@ subtest "CMS binary input tests\n" => sub {
                 "-binary", "-in", $signed, "-out", $verified])),
        "verify binary input with -binary");
     is(compare($input, $verified), 0, "binary input retained with -binary");
+
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256",
                 "-signer", $cert, "-inkey", $key,
-                "-in", $input, "-out", $signed])),
+                "-in", $input, "-out", $signed.".nobin"])),
        "sign binary input without -binary");
     ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
-                "-in", $signed, "-out", $verified])),
+                "-in", $signed.".nobin", "-out", $verified.".nobin"])),
        "verify binary input without -binary");
-    is(compare($input, $verified), 1, "binary input not retained without -binary");
+    is(compare($input, $verified.".nobin"), 1, "binary input not retained without -binary");
     ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
-                "-binary", "-in", $signed, "-out", $verified])),
+                "-binary", "-in", $signed, "-out", $verified.".crlfeol"])),
        "verify binary input wrong crlfeol");
 
     ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-crlfeol",
                 "-signer", $cert, "-inkey", $key,
                 "-binary", "-in", $input, "-out", $signed.".crlf"])),
-       "sign binary input crlfeol");
+       "sign binary input with -binary -crlfeol");
     ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol",
                 "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
-       "verify binary input crlfeol");
-    is(compare($input, $verified.".crlf"), 0);
+       "verify binary input with -binary -crlfeol");
+    is(compare($input, $verified.".crlf"), 0,
+       "binary input retained with -binary -crlfeol");
     ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert,
-                "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])),
-       "verify binary input missing crlfeol");
+                "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf2"])),
+       "verify binary input with -binary missing -crlfeol");
 };
 
 sub check_availability {
diff --git a/test/smcont.bin b/test/smcont.bin
index 2a5ce10224ce2b98b481273ef8a04cc4557a9e26..96e5c574857b8230987d0a82affbb14d7450af80 100644
GIT binary patch
delta 49
wcmX?Lcfd|4H7`XsxhN;ike3U@%t_<g$Y{aD1LlCljd+0qRjivYuos8}0E_|;IsgCw

delta 14
WcmX?LcffA*0{#o^n=h~zhywsL83soH

-- 
2.34.1