1#! /usr/bin/env perl 2# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use POSIX; 14use File::Spec::Functions qw/catfile/; 15use File::Compare qw/compare_text/; 16use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/; 17use OpenSSL::Test::Utils; 18 19setup("test_cms"); 20 21plan skip_all => "CMS is not supported by this OpenSSL build" 22 if disabled("cms"); 23 24my $datadir = srctop_dir("test", "recipes", "80-test_cms_data"); 25my $smdir = srctop_dir("test", "smime-certs"); 26my $smcont = srctop_file("test", "smcont.txt"); 27my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) 28 = disabled qw/des dh dsa ec ec2m rc2 zlib/; 29 30plan tests => 7; 31 32my @smime_pkcs7_tests = ( 33 34 [ "signed content DER format, RSA key", 35 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 36 "-certfile", catfile($smdir, "smroot.pem"), 37 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 38 [ "-verify", "-in", "test.cms", "-inform", "DER", 39 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 40 ], 41 42 [ "signed detached content DER format, RSA key", 43 [ "-sign", "-in", $smcont, "-outform", "DER", 44 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 45 [ "-verify", "-in", "test.cms", "-inform", "DER", 46 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", 47 "-content", $smcont ] 48 ], 49 50 [ "signed content test streaming BER format, RSA", 51 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 52 "-stream", 53 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 54 [ "-verify", "-in", "test.cms", "-inform", "DER", 55 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 56 ], 57 58 [ "signed content DER format, DSA key", 59 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 60 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], 61 [ "-verify", "-in", "test.cms", "-inform", "DER", 62 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 63 ], 64 65 [ "signed detached content DER format, DSA key", 66 [ "-sign", "-in", $smcont, "-outform", "DER", 67 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], 68 [ "-verify", "-in", "test.cms", "-inform", "DER", 69 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", 70 "-content", $smcont ] 71 ], 72 73 [ "signed detached content DER format, add RSA signer (with DSA existing)", 74 [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER", 75 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ], 76 [ "-verify", "-in", "test2.cms", "-inform", "DER", 77 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", 78 "-content", $smcont ] 79 ], 80 81 [ "signed content test streaming BER format, DSA key", 82 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 83 "-stream", 84 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], 85 [ "-verify", "-in", "test.cms", "-inform", "DER", 86 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 87 ], 88 89 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", 90 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 91 "-signer", catfile($smdir, "smrsa1.pem"), 92 "-signer", catfile($smdir, "smrsa2.pem"), 93 "-signer", catfile($smdir, "smdsa1.pem"), 94 "-signer", catfile($smdir, "smdsa2.pem"), 95 "-stream", "-out", "test.cms" ], 96 [ "-verify", "-in", "test.cms", "-inform", "DER", 97 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 98 ], 99 100 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", 101 [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", 102 "-signer", catfile($smdir, "smrsa1.pem"), 103 "-signer", catfile($smdir, "smrsa2.pem"), 104 "-signer", catfile($smdir, "smdsa1.pem"), 105 "-signer", catfile($smdir, "smdsa2.pem"), 106 "-stream", "-out", "test.cms" ], 107 [ "-verify", "-in", "test.cms", "-inform", "DER", 108 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 109 ], 110 111 [ "signed content S/MIME format, RSA key SHA1", 112 [ "-sign", "-in", $smcont, "-md", "sha1", 113 "-certfile", catfile($smdir, "smroot.pem"), 114 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 115 [ "-verify", "-in", "test.cms", 116 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 117 ], 118 119 [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", 120 [ "-sign", "-in", $smcont, "-nodetach", 121 "-signer", catfile($smdir, "smrsa1.pem"), 122 "-signer", catfile($smdir, "smrsa2.pem"), 123 "-signer", catfile($smdir, "smdsa1.pem"), 124 "-signer", catfile($smdir, "smdsa2.pem"), 125 "-stream", "-out", "test.cms" ], 126 [ "-verify", "-in", "test.cms", 127 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 128 ], 129 130 [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", 131 [ "-sign", "-in", $smcont, 132 "-signer", catfile($smdir, "smrsa1.pem"), 133 "-signer", catfile($smdir, "smrsa2.pem"), 134 "-signer", catfile($smdir, "smdsa1.pem"), 135 "-signer", catfile($smdir, "smdsa2.pem"), 136 "-stream", "-out", "test.cms" ], 137 [ "-verify", "-in", "test.cms", 138 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 139 ], 140 141 [ "enveloped content test streaming S/MIME format, DES, 3 recipients", 142 [ "-encrypt", "-in", $smcont, 143 "-stream", "-out", "test.cms", 144 catfile($smdir, "smrsa1.pem"), 145 catfile($smdir, "smrsa2.pem"), 146 catfile($smdir, "smrsa3.pem") ], 147 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 148 "-in", "test.cms", "-out", "smtst.txt" ] 149 ], 150 151 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", 152 [ "-encrypt", "-in", $smcont, 153 "-stream", "-out", "test.cms", 154 catfile($smdir, "smrsa1.pem"), 155 catfile($smdir, "smrsa2.pem"), 156 catfile($smdir, "smrsa3.pem") ], 157 [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), 158 "-in", "test.cms", "-out", "smtst.txt" ] 159 ], 160 161 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", 162 [ "-encrypt", "-in", $smcont, 163 "-stream", "-out", "test.cms", 164 catfile($smdir, "smrsa1.pem"), 165 catfile($smdir, "smrsa2.pem"), 166 catfile($smdir, "smrsa3.pem") ], 167 [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), 168 "-in", "test.cms", "-out", "smtst.txt" ] 169 ], 170 171 [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", 172 [ "-encrypt", "-in", $smcont, 173 "-aes256", "-stream", "-out", "test.cms", 174 catfile($smdir, "smrsa1.pem"), 175 catfile($smdir, "smrsa2.pem"), 176 catfile($smdir, "smrsa3.pem") ], 177 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 178 "-in", "test.cms", "-out", "smtst.txt" ] 179 ], 180 181); 182 183my @smime_cms_tests = ( 184 185 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", 186 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", 187 "-signer", catfile($smdir, "smrsa1.pem"), 188 "-signer", catfile($smdir, "smrsa2.pem"), 189 "-signer", catfile($smdir, "smdsa1.pem"), 190 "-signer", catfile($smdir, "smdsa2.pem"), 191 "-stream", "-out", "test.cms" ], 192 [ "-verify", "-in", "test.cms", "-inform", "DER", 193 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 194 ], 195 196 [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", 197 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 198 "-signer", catfile($smdir, "smrsa1.pem"), 199 "-signer", catfile($smdir, "smrsa2.pem"), 200 "-signer", catfile($smdir, "smdsa1.pem"), 201 "-signer", catfile($smdir, "smdsa2.pem"), 202 "-stream", "-out", "test.cms" ], 203 [ "-verify", "-in", "test.cms", "-inform", "PEM", 204 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 205 ], 206 207 [ "signed content MIME format, RSA key, signed receipt request", 208 [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach", 209 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", 210 "-out", "test.cms" ], 211 [ "-verify", "-in", "test.cms", 212 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 213 ], 214 215 [ "signed receipt MIME format, RSA key", 216 [ "-sign_receipt", "-in", "test.cms", 217 "-signer", catfile($smdir, "smrsa2.pem"), 218 "-out", "test2.cms" ], 219 [ "-verify_receipt", "test2.cms", "-in", "test.cms", 220 "-CAfile", catfile($smdir, "smroot.pem") ] 221 ], 222 223 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", 224 [ "-encrypt", "-in", $smcont, 225 "-stream", "-out", "test.cms", "-keyid", 226 catfile($smdir, "smrsa1.pem"), 227 catfile($smdir, "smrsa2.pem"), 228 catfile($smdir, "smrsa3.pem") ], 229 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 230 "-in", "test.cms", "-out", "smtst.txt" ] 231 ], 232 233 [ "enveloped content test streaming PEM format, KEK", 234 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", 235 "-stream", "-out", "test.cms", 236 "-secretkey", "000102030405060708090A0B0C0D0E0F", 237 "-secretkeyid", "C0FEE0" ], 238 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", 239 "-secretkey", "000102030405060708090A0B0C0D0E0F", 240 "-secretkeyid", "C0FEE0" ] 241 ], 242 243 [ "enveloped content test streaming PEM format, KEK, key only", 244 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", 245 "-stream", "-out", "test.cms", 246 "-secretkey", "000102030405060708090A0B0C0D0E0F", 247 "-secretkeyid", "C0FEE0" ], 248 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", 249 "-secretkey", "000102030405060708090A0B0C0D0E0F" ] 250 ], 251 252 [ "data content test streaming PEM format", 253 [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", 254 "-stream", "-out", "test.cms" ], 255 [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] 256 ], 257 258 [ "encrypted content test streaming PEM format, 128 bit RC2 key", 259 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 260 "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", 261 "-stream", "-out", "test.cms" ], 262 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 263 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] 264 ], 265 266 [ "encrypted content test streaming PEM format, 40 bit RC2 key", 267 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 268 "-rc2", "-secretkey", "0001020304", 269 "-stream", "-out", "test.cms" ], 270 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 271 "-secretkey", "0001020304", "-out", "smtst.txt" ] 272 ], 273 274 [ "encrypted content test streaming PEM format, triple DES key", 275 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 276 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", 277 "-stream", "-out", "test.cms" ], 278 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 279 "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", 280 "-out", "smtst.txt" ] 281 ], 282 283 [ "encrypted content test streaming PEM format, 128 bit AES key", 284 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 285 "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", 286 "-stream", "-out", "test.cms" ], 287 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 288 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] 289 ], 290 291); 292 293my @smime_cms_comp_tests = ( 294 295 [ "compressed content test streaming PEM format", 296 [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", 297 "-stream", "-out", "test.cms" ], 298 [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] 299 ] 300 301); 302 303my @smime_cms_param_tests = ( 304 [ "signed content test streaming PEM format, RSA keys, PSS signature", 305 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 306 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 307 "-out", "test.cms" ], 308 [ "-verify", "-in", "test.cms", "-inform", "PEM", 309 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 310 ], 311 312 [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max", 313 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 314 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 315 "-keyopt", "rsa_pss_saltlen:max", "-out", "test.cms" ], 316 [ "-verify", "-in", "test.cms", "-inform", "PEM", 317 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 318 ], 319 320 [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", 321 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", 322 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 323 "-out", "test.cms" ], 324 [ "-verify", "-in", "test.cms", "-inform", "PEM", 325 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 326 ], 327 328 [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", 329 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 330 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 331 "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ], 332 [ "-verify", "-in", "test.cms", "-inform", "PEM", 333 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 334 ], 335 336 [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", 337 [ "-encrypt", "-in", $smcont, 338 "-stream", "-out", "test.cms", 339 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ], 340 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 341 "-in", "test.cms", "-out", "smtst.txt" ] 342 ], 343 344 [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", 345 [ "-encrypt", "-in", $smcont, 346 "-stream", "-out", "test.cms", 347 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep", 348 "-keyopt", "rsa_oaep_md:sha256" ], 349 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 350 "-in", "test.cms", "-out", "smtst.txt" ] 351 ], 352 353 [ "enveloped content test streaming S/MIME format, DES, ECDH", 354 [ "-encrypt", "-in", $smcont, 355 "-stream", "-out", "test.cms", 356 "-recip", catfile($smdir, "smec1.pem") ], 357 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), 358 "-in", "test.cms", "-out", "smtst.txt" ] 359 ], 360 361 [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used", 362 [ "-encrypt", "-in", $smcont, 363 "-stream", "-out", "test.cms", 364 catfile($smdir, "smec1.pem"), 365 catfile($smdir, "smec3.pem") ], 366 [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), 367 "-in", "test.cms", "-out", "smtst.txt" ] 368 ], 369 370 [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", 371 [ "-encrypt", "-keyid", "-in", $smcont, 372 "-stream", "-out", "test.cms", 373 "-recip", catfile($smdir, "smec1.pem") ], 374 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), 375 "-in", "test.cms", "-out", "smtst.txt" ] 376 ], 377 378 [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", 379 [ "-encrypt", "-in", $smcont, 380 "-stream", "-out", "test.cms", 381 "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], 382 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), 383 "-in", "test.cms", "-out", "smtst.txt" ] 384 ], 385 386 [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", 387 [ "-encrypt", "-in", $smcont, 388 "-stream", "-out", "test.cms", 389 "-recip", catfile($smdir, "smec2.pem"), "-aes128", 390 "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], 391 [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"), 392 "-in", "test.cms", "-out", "smtst.txt" ] 393 ], 394 395 [ "enveloped content test streaming S/MIME format, X9.42 DH", 396 [ "-encrypt", "-in", $smcont, 397 "-stream", "-out", "test.cms", 398 "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], 399 [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"), 400 "-in", "test.cms", "-out", "smtst.txt" ] 401 ] 402 ); 403 404my @contenttype_cms_test = ( 405 [ "signed content test - check that content type is added to additional signerinfo, RSA keys", 406 [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER", 407 "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256", 408 "-out", "test.cms" ], 409 [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER", 410 "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256", 411 "-out", "test2.cms" ], 412 [ "-verify", "-in", "test2.cms", "-inform", "DER", 413 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 414 ], 415); 416 417my @incorrect_attribute_cms_test = ( 418 "bad_signtime_attr.cms", 419 "no_ct_attr.cms", 420 "no_md_attr.cms", 421 "ct_multiple_attr.cms" 422); 423 424subtest "CMS => PKCS#7 compatibility tests\n" => sub { 425 plan tests => scalar @smime_pkcs7_tests; 426 427 foreach (@smime_pkcs7_tests) { 428 SKIP: { 429 my $skip_reason = check_availability($$_[0]); 430 skip $skip_reason, 1 if $skip_reason; 431 432 ok(run(app(["openssl", "cms", @{$$_[1]}])) 433 && run(app(["openssl", "smime", @{$$_[2]}])) 434 && compare_text($smcont, "smtst.txt") == 0, 435 $$_[0]); 436 } 437 } 438}; 439subtest "CMS <= PKCS#7 compatibility tests\n" => sub { 440 plan tests => scalar @smime_pkcs7_tests; 441 442 foreach (@smime_pkcs7_tests) { 443 SKIP: { 444 my $skip_reason = check_availability($$_[0]); 445 skip $skip_reason, 1 if $skip_reason; 446 447 ok(run(app(["openssl", "smime", @{$$_[1]}])) 448 && run(app(["openssl", "cms", @{$$_[2]}])) 449 && compare_text($smcont, "smtst.txt") == 0, 450 $$_[0]); 451 } 452 } 453}; 454 455subtest "CMS <=> CMS consistency tests\n" => sub { 456 plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests); 457 458 foreach (@smime_pkcs7_tests) { 459 SKIP: { 460 my $skip_reason = check_availability($$_[0]); 461 skip $skip_reason, 1 if $skip_reason; 462 463 ok(run(app(["openssl", "cms", @{$$_[1]}])) 464 && run(app(["openssl", "cms", @{$$_[2]}])) 465 && compare_text($smcont, "smtst.txt") == 0, 466 $$_[0]); 467 } 468 } 469 foreach (@smime_cms_tests) { 470 SKIP: { 471 my $skip_reason = check_availability($$_[0]); 472 skip $skip_reason, 1 if $skip_reason; 473 474 ok(run(app(["openssl", "cms", @{$$_[1]}])) 475 && run(app(["openssl", "cms", @{$$_[2]}])) 476 && compare_text($smcont, "smtst.txt") == 0, 477 $$_[0]); 478 } 479 } 480}; 481 482subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { 483 plan tests => 484 (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); 485 486 foreach (@smime_cms_param_tests) { 487 SKIP: { 488 my $skip_reason = check_availability($$_[0]); 489 skip $skip_reason, 1 if $skip_reason; 490 491 ok(run(app(["openssl", "cms", @{$$_[1]}])) 492 && run(app(["openssl", "cms", @{$$_[2]}])) 493 && compare_text($smcont, "smtst.txt") == 0, 494 $$_[0]); 495 } 496 } 497 498 SKIP: { 499 skip("Zlib not supported: compression tests skipped", 500 scalar @smime_cms_comp_tests) 501 if $no_zlib; 502 503 foreach (@smime_cms_comp_tests) { 504 SKIP: { 505 my $skip_reason = check_availability($$_[0]); 506 skip $skip_reason, 1 if $skip_reason; 507 508 ok(run(app(["openssl", "cms", @{$$_[1]}])) 509 && run(app(["openssl", "cms", @{$$_[2]}])) 510 && compare_text($smcont, "smtst.txt") == 0, 511 $$_[0]); 512 } 513 } 514 } 515}; 516 517# Returns the number of matches of a Content Type Attribute in a binary file. 518sub contentType_matches { 519 # Read in a binary file 520 my ($in) = @_; 521 open (HEX_IN, "$in") or die("open failed for $in : $!"); 522 binmode(HEX_IN); 523 local $/; 524 my $str = <HEX_IN>; 525 526 # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data) 527 my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs; 528 529 close(HEX_IN); 530 return scalar(@c); 531} 532 533subtest "CMS Check the content type attribute is added for additional signers\n" => sub { 534 plan tests => 535 (scalar @contenttype_cms_test); 536 537 foreach (@contenttype_cms_test) { 538 SKIP: { 539 my $skip_reason = check_availability($$_[0]); 540 skip $skip_reason, 1 if $skip_reason; 541 542 ok(run(app(["openssl", "cms", @{$$_[1]}])) 543 && run(app(["openssl", "cms", @{$$_[2]}])) 544 && contentType_matches("test2.cms") == 2 545 && run(app(["openssl", "cms", @{$$_[3]}])), 546 $$_[0]); 547 } 548 } 549}; 550 551subtest "CMS Check that bad attributes fail when verifying signers\n" => sub { 552 plan tests => 553 (scalar @incorrect_attribute_cms_test); 554 555 foreach my $name (@incorrect_attribute_cms_test) { 556 ok(!run(app(["openssl", "cms", "-verify", "-in", 557 catfile($datadir, $name), "-inform", "DER", "-CAfile", 558 catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])), 559 $name); 560 } 561}; 562 563unlink "test.cms"; 564unlink "test2.cms"; 565unlink "smtst.txt"; 566 567sub check_availability { 568 my $tnam = shift; 569 570 return "$tnam: skipped, EC disabled\n" 571 if ($no_ec && $tnam =~ /ECDH/); 572 return "$tnam: skipped, ECDH disabled\n" 573 if ($no_ec && $tnam =~ /ECDH/); 574 return "$tnam: skipped, EC2M disabled\n" 575 if ($no_ec2m && $tnam =~ /K-283/); 576 return "$tnam: skipped, DH disabled\n" 577 if ($no_dh && $tnam =~ /X9\.42/); 578 return "$tnam: skipped, RC2 disabled\n" 579 if ($no_rc2 && $tnam =~ /RC2/); 580 return "$tnam: skipped, DES disabled\n" 581 if ($no_des && $tnam =~ /DES/); 582 return "$tnam: skipped, DSA disabled\n" 583 if ($no_dsa && $tnam =~ / DSA/); 584 585 return ""; 586} 587 588# Check that we get the expected failure return code 589with({ exit_checker => sub { return shift == 6; } }, 590 sub { 591 ok(run(app(['openssl', 'cms', '-encrypt', 592 '-in', srctop_file("test", "smcont.txt"), 593 '-stream', '-recip', 594 srctop_file("test/smime-certs", "badrsa.pem"), 595 ])), 596 "Check failure during BIO setup with -stream is handled correctly"); 597 }); 598