[openssl-dev] [openssl.org #4429] Cannot decrypt RC4-encrypted CMS object

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Tue Mar 15 19:56:12 UTC 2016


On 3/15/16, 15:29 , "openssl-dev on behalf of Viktor Dukhovni"
<openssl-dev-bounces at openssl.org on behalf of openssl-users at dukhovni.org>
wrote:

>These days, most people recommend encrypt then sign.  CMS and S/MIME
>natively support sign-then-encrypt, but encapsulating encrypted
>content as signed content as above also works.

Please excuse my ignorance - how do you invoke “openssl cms” to accomplish
native “sign-then-encrypt” (which in some cases is still OK)?


>>The only problem - now I have one test failing:
>> 
>> ../test/recipes/80-test_ca.t .............. ok
>> ../test/recipes/80-test_cms.t ............. 2/4
>
>The CMS tests pass when I run them:
>
>$ HARNESS_VERBOSE=yes make TESTS=test_cms test
>( cd test;  SRCTOP=../.  BLDTOP=../.  EXE_EXT=  /usr/pkg/bin/perl
>.././test/run_tests.pl test_cms )
>../test/recipes/80-test_cms.t ..

Alas, for some reason does not work here:

../test/recipes/80-test_ca.t .............. ok
../test/recipes/80-test_cms.t .............
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients'
    #   at ../test/recipes/80-test_cms.t line 376.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, 3rd used'
    #   at ../test/recipes/80-test_cms.t line 376.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, key only used'
    #   at ../test/recipes/80-test_cms.t line 376.
    
    #   Failed test 'enveloped content test streaming S/MIME format,
AES-256 cipher, 3 recipients'
    #   at ../test/recipes/80-test_cms.t line 376.
    # Looks like you failed 4 tests of 15.
../test/recipes/80-test_cms.t ............. 1/4
#   Failed test 'CMS => PKCS\#7 compatibility tests
# '
#   at ../test/recipes/80-test_cms.t line 381.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients'
    #   at ../test/recipes/80-test_cms.t line 391.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, 3rd used'
    #   at ../test/recipes/80-test_cms.t line 391.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, key only used'
    #   at ../test/recipes/80-test_cms.t line 391.
    
    #   Failed test 'enveloped content test streaming S/MIME format,
AES-256 cipher, 3 recipients'
    #   at ../test/recipes/80-test_cms.t line 391.
    # Looks like you failed 4 tests of 15.
../test/recipes/80-test_cms.t ............. 2/4
#   Failed test 'CMS <= PKCS\#7 compatibility tests
# '
#   at ../test/recipes/80-test_cms.t line 396.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients'
    #   at ../test/recipes/80-test_cms.t line 407.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, 3rd used'
    #   at ../test/recipes/80-test_cms.t line 407.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, key only used'
    #   at ../test/recipes/80-test_cms.t line 407.
    
    #   Failed test 'enveloped content test streaming S/MIME format,
AES-256 cipher, 3 recipients'
    #   at ../test/recipes/80-test_cms.t line 407.
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, keyid'
    #   at ../test/recipes/80-test_cms.t line 418.
    
    #   Failed test 'enveloped content test streaming PEM format, KEK'
    #   at ../test/recipes/80-test_cms.t line 418.
    
    #   Failed test 'enveloped content test streaming PEM format, KEK, key
only'
    #   at ../test/recipes/80-test_cms.t line 418.
    
    #   Failed test 'encrypted content test streaming PEM format, 128 bit
RC2 key'
    #   at ../test/recipes/80-test_cms.t line 418.
    
    #   Failed test 'encrypted content test streaming PEM format, 40 bit
RC2 key'
    #   at ../test/recipes/80-test_cms.t line 418.
    
    #   Failed test 'encrypted content test streaming PEM format, triple
DES key'
    #   at ../test/recipes/80-test_cms.t line 418.
    
    #   Failed test 'encrypted content test streaming PEM format, 128 bit
AES key'
    #   at ../test/recipes/80-test_cms.t line 418.
    # Looks like you failed 11 tests of 27.
../test/recipes/80-test_cms.t ............. 3/4
#   Failed test 'CMS <=> CMS consistency tests
# '
#   at ../test/recipes/80-test_cms.t line 423.
    
    #   Failed test 'enveloped content test streaming S/MIME format, OAEP
default parameters'
    #   at ../test/recipes/80-test_cms.t line 435.
    
    #   Failed test 'enveloped content test streaming S/MIME format, OAEP
SHA256'
    #   at ../test/recipes/80-test_cms.t line 435.
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH'
    #   at ../test/recipes/80-test_cms.t line 435.
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH,
key identifier'
    #   at ../test/recipes/80-test_cms.t line 435.
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH,
AES128, SHA256 KDF'
    #   at ../test/recipes/80-test_cms.t line 435.
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH,
K-283, cofactor DH'
    #   at ../test/recipes/80-test_cms.t line 435.
    
    #   Failed test 'enveloped content test streaming S/MIME format, X9.42
DH'
    #   at ../test/recipes/80-test_cms.t line 435.
    # Looks like you failed 7 tests of 11.


#   Failed test 'CMS <=> CMS consistency tests, modified key parameters
# '
#   at ../test/recipes/80-test_cms.t line 458.
# Looks like you failed 4 tests of 4.
../test/recipes/80-test_cms.t ............. Dubious, test returned 4
(wstat 1024, 0x400)
Failed 4/4 subtests
../test/recipes/80-test_ct.t .............. ok
../test/recipes/80-test_dane.t ............ ok
../test/recipes/80-test_dtlsv1listen.t .... ok
../test/recipes/80-test_ocsp.t ............ ok
../test/recipes/80-test_ssl.t ............. ok
../test/recipes/80-test_tsa.t ............. ok
../test/recipes/90-test_async.t ........... ok
../test/recipes/90-test_constant_time.t ... ok
../test/recipes/90-test_gmdiff.t .......... ok
../test/recipes/90-test_heartbeat.t ....... skipped: heartbeats is not
supported by this OpenSSL build
../test/recipes/90-test_ige.t ............. ok
../test/recipes/90-test_memleak.t ......... ok
../test/recipes/90-test_networking.t ...... ok
../test/recipes/90-test_np.t .............. ok
../test/recipes/90-test_p5_crpt2.t ........ ok
../test/recipes/90-test_secmem.t .......... ok
../test/recipes/90-test_srp.t ............. ok
../test/recipes/90-test_threads.t ......... ok
../test/recipes/90-test_v3name.t .......... ok


Test Summary Report
-------------------
../test/recipes/80-test_cms.t           (Wstat: 1024 Tests: 4 Failed: 4)
  Failed tests:  1-4
  Non-zero exit status: 4
Files=71, Tests=394, 51 wallclock secs ( 0.50 usr  0.16 sys + 32.64 cusr
14.65 csys = 47.95 CPU)
Result: FAIL
Failed 1/71 test programs. 4/394 subtests failed.
make: *** [test] Error 255



And here’s the detailed output:

$ HARNESS_VERBOSE=yes make TESTS=test_cms test
( cd test; \
	  SRCTOP=../. \
	  BLDTOP=../. \
	  EXE_EXT= \
	    /opt/local/bin/perl5 .././test/run_tests.pl test_cms )
../test/recipes/80-test_cms.t ..
1..4
    # Subtest: CMS => PKCS#7 compatibility tests
    1..15
Verification successful
    ok 1 - signed content DER format, RSA key
Verification successful
    ok 2 - signed detached content DER format, RSA key
Verification successful
    ok 3 - signed content test streaming BER format, RSA
Verification successful
    ok 4 - signed content DER format, DSA key
Verification successful
    ok 5 - signed detached content DER format, DSA key
Verification successful
    ok 6 - signed detached content DER format, add RSA signer
Verification successful
    ok 7 - signed content test streaming BER format, DSA key
Verification successful
    ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys
Verification successful
    ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys,
no attributes
Verification successful
    ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA
keys
Verification successful
    ok 11 - signed content test streaming multipart S/MIME format, 2 DSA
and 2 RSA keys
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 12 - enveloped content test streaming S/MIME format, 3
recipients
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients'
    #   at ../test/recipes/80-test_cms.t line 376.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 13 - enveloped content test streaming S/MIME format, 3
recipients, 3rd used
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, 3rd used'
    #   at ../test/recipes/80-test_cms.t line 376.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 14 - enveloped content test streaming S/MIME format, 3
recipients, key only used
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, key only used'
    #   at ../test/recipes/80-test_cms.t line 376.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 15 - enveloped content test streaming S/MIME format, AES-256
cipher, 3 recipients
    
    #   Failed test 'enveloped content test streaming S/MIME format,
AES-256 cipher, 3 recipients'
    #   at ../test/recipes/80-test_cms.t line 376.
    # Looks like you failed 4 tests of 15.
not ok 1 - CMS => PKCS\#7 compatibility tests
# 


#   Failed test 'CMS => PKCS\#7 compatibility tests
# '
#   at ../test/recipes/80-test_cms.t line 381.
    # Subtest: CMS <= PKCS#7 compatibility tests
    1..15
Verification successful
    ok 1 - signed content DER format, RSA key
Verification successful
    ok 2 - signed detached content DER format, RSA key
Verification successful
    ok 3 - signed content test streaming BER format, RSA
Verification successful
    ok 4 - signed content DER format, DSA key
Verification successful
    ok 5 - signed detached content DER format, DSA key
Verification successful
    ok 6 - signed detached content DER format, add RSA signer
Verification successful
    ok 7 - signed content test streaming BER format, DSA key
Verification successful
    ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys
Verification successful
    ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys,
no attributes
Verification successful
    ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA
keys
Verification successful
    ok 11 - signed content test streaming multipart S/MIME format, 2 DSA
and 2 RSA keys
Error writing output
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 12 - enveloped content test streaming S/MIME format, 3
recipients
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients'
    #   at ../test/recipes/80-test_cms.t line 391.
Error writing output
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 13 - enveloped content test streaming S/MIME format, 3
recipients, 3rd used
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, 3rd used'
    #   at ../test/recipes/80-test_cms.t line 391.
Error writing output
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 14 - enveloped content test streaming S/MIME format, 3
recipients, key only used
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, key only used'
    #   at ../test/recipes/80-test_cms.t line 391.
Error writing output
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 15 - enveloped content test streaming S/MIME format, AES-256
cipher, 3 recipients
    
    #   Failed test 'enveloped content test streaming S/MIME format,
AES-256 cipher, 3 recipients'
    #   at ../test/recipes/80-test_cms.t line 391.
    # Looks like you failed 4 tests of 15.
not ok 2 - CMS <= PKCS\#7 compatibility tests
# 


#   Failed test 'CMS <= PKCS\#7 compatibility tests
# '
#   at ../test/recipes/80-test_cms.t line 396.
    # Subtest: CMS <=> CMS consistency tests
    1..27
Verification successful
    ok 1 - signed content DER format, RSA key
Verification successful
    ok 2 - signed detached content DER format, RSA key
Verification successful
    ok 3 - signed content test streaming BER format, RSA
Verification successful
    ok 4 - signed content DER format, DSA key
Verification successful
    ok 5 - signed detached content DER format, DSA key
Verification successful
    ok 6 - signed detached content DER format, add RSA signer
Verification successful
    ok 7 - signed content test streaming BER format, DSA key
Verification successful
    ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys
Verification successful
    ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys,
no attributes
Verification successful
    ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA
keys
Verification successful
    ok 11 - signed content test streaming multipart S/MIME format, 2 DSA
and 2 RSA keys
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 12 - enveloped content test streaming S/MIME format, 3
recipients
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients'
    #   at ../test/recipes/80-test_cms.t line 407.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 13 - enveloped content test streaming S/MIME format, 3
recipients, 3rd used
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, 3rd used'
    #   at ../test/recipes/80-test_cms.t line 407.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 14 - enveloped content test streaming S/MIME format, 3
recipients, key only used
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, key only used'
    #   at ../test/recipes/80-test_cms.t line 407.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 15 - enveloped content test streaming S/MIME format, AES-256
cipher, 3 recipients
    
    #   Failed test 'enveloped content test streaming S/MIME format,
AES-256 cipher, 3 recipients'
    #   at ../test/recipes/80-test_cms.t line 407.
Verification successful
    ok 16 - signed content test streaming BER format, 2 DSA and 2 RSA
keys, keyid
Verification successful
    ok 17 - signed content test streaming PEM format, 2 DSA and 2 RSA keys
Verification successful
    ok 18 - signed content MIME format, RSA key, signed receipt request
Verification successful
    ok 19 - signed receipt MIME format, RSA key
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 20 - enveloped content test streaming S/MIME format, 3
recipients, keyid
    
    #   Failed test 'enveloped content test streaming S/MIME format, 3
recipients, keyid'
    #   at ../test/recipes/80-test_cms.t line 418.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 21 - enveloped content test streaming PEM format, KEK
    
    #   Failed test 'enveloped content test streaming PEM format, KEK'
    #   at ../test/recipes/80-test_cms.t line 418.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 22 - enveloped content test streaming PEM format, KEK, key only
    
    #   Failed test 'enveloped content test streaming PEM format, KEK, key
only'
    #   at ../test/recipes/80-test_cms.t line 418.
    ok 23 - data content test streaming PEM format
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 24 - encrypted content test streaming PEM format, 128 bit RC2
key
    
    #   Failed test 'encrypted content test streaming PEM format, 128 bit
RC2 key'
    #   at ../test/recipes/80-test_cms.t line 418.
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 25 - encrypted content test streaming PEM format, 40 bit RC2 key
    
    #   Failed test 'encrypted content test streaming PEM format, 40 bit
RC2 key'
    #   at ../test/recipes/80-test_cms.t line 418.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 26 - encrypted content test streaming PEM format, triple DES key
    
    #   Failed test 'encrypted content test streaming PEM format, triple
DES key'
    #   at ../test/recipes/80-test_cms.t line 418.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 27 - encrypted content test streaming PEM format, 128 bit AES
key
    
    #   Failed test 'encrypted content test streaming PEM format, 128 bit
AES key'
    #   at ../test/recipes/80-test_cms.t line 418.
    # Looks like you failed 11 tests of 27.
not ok 3 - CMS <=> CMS consistency tests
# 


#   Failed test 'CMS <=> CMS consistency tests
# '
#   at ../test/recipes/80-test_cms.t line 423.
    # Subtest: CMS <=> CMS consistency tests, modified key parameters
    1..11
Verification successful
    ok 1 - signed content test streaming PEM format, RSA keys, PSS
signature
Verification successful
    ok 2 - signed content test streaming PEM format, RSA keys, PSS
signature, no attributes
Verification successful
    ok 3 - signed content test streaming PEM format, RSA keys, PSS
signature, SHA384 MGF1
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 4 - enveloped content test streaming S/MIME format, OAEP
default parameters
    
    #   Failed test 'enveloped content test streaming S/MIME format, OAEP
default parameters'
    #   at ../test/recipes/80-test_cms.t line 435.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 5 - enveloped content test streaming S/MIME format, OAEP SHA256
    
    #   Failed test 'enveloped content test streaming S/MIME format, OAEP
SHA256'
    #   at ../test/recipes/80-test_cms.t line 435.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 6 - enveloped content test streaming S/MIME format, ECDH
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH'
    #   at ../test/recipes/80-test_cms.t line 435.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 7 - enveloped content test streaming S/MIME format, ECDH, key
identifier
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH,
key identifier'
    #   at ../test/recipes/80-test_cms.t line 435.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 8 - enveloped content test streaming S/MIME format, ECDH,
AES128, SHA256 KDF
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH,
AES128, SHA256 KDF'
    #   at ../test/recipes/80-test_cms.t line 435.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 9 - enveloped content test streaming S/MIME format, ECDH,
K-283, cofactor DH
    
    #   Failed test 'enveloped content test streaming S/MIME format, ECDH,
K-283, cofactor DH'
    #   at ../test/recipes/80-test_cms.t line 435.
140735094448896:error:0D08706D:asn1 encoding
routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84:
140735094448896:error:2E078066:CMS
routines:cms_EncryptedContent_init_bio:cipher parameter initialisation
error:crypto/cms/cms_enc.c:187:
140735094448896:error:0D0D3041:asn1 encoding
routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119:
    not ok 10 - enveloped content test streaming S/MIME format, X9.42 DH
    
    #   Failed test 'enveloped content test streaming S/MIME format, X9.42
DH'
    #   at ../test/recipes/80-test_cms.t line 435.
    ok 11 - compressed content test streaming PEM format
    # Looks like you failed 7 tests of 11.
not ok 4 - CMS <=> CMS consistency tests, modified key parameters
# 


#   Failed test 'CMS <=> CMS consistency tests, modified key parameters
# '
#   at ../test/recipes/80-test_cms.t line 458.
# Looks like you failed 4 tests of 4.
Dubious, test returned 4 (wstat 1024, 0x400)
Failed 4/4 subtests


Test Summary Report
-------------------
../test/recipes/80-test_cms.t (Wstat: 1024 Tests: 4 Failed: 4)
  Failed tests:  1-4
  Non-zero exit status: 4
Files=1, Tests=4,  3 wallclock secs ( 0.04 usr  0.01 sys +  1.02 cusr
1.07 csys =  2.14 CPU)
Result: FAIL
Failed 1/1 test programs. 4/4 subtests failed.
make: *** [test] Error 4



In case it matters, the configuration:

./Configure darwin64-x86_64-cc threads shared zlib
enable-ec_nistp_64_gcc_128 enable-rfc3779
--prefix=/Users/ur20980/src/openssl-1.1
--openssldir=/Users/ur20980/src/openssl-1.1/etc




>>I wonder how difficult would it be to add AEAD support, considering that
>> they (usually) can take 96-bit nonce (treated as IV), and the
>> authentication tag often is just appended to the ciphertext (and
>>expected
>> at the end of the ciphertext during decryption).
>
>Take a look at the RFC and the code...

:-)  Did you mean https://tools.ietf.org/html/rfc5652, or
https://tools.ietf.org/html/rfc5116, or both?

P.S. You might like to know that (a) I retrofitted that patch to
1.0.2h-dev, and (b) it works fine with the private key on the token:

$ pkcs15-tool -r 03 -o token.cert.pem
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID
$ openssl cms -rc4 -encrypt -binary -in data.txt -out data3.txt.cms
-outform DER rsa-token.cert.pem
$ openssl cms -engine pkcs11 -decrypt -in data3.txt.cms -inform DER -out
data3.txt -keyform engine -inkey id_03 -recip rsa-token.cert.pem
engine "pkcs11" set.
PKCS#11 token PIN: 
$ diff -u data.txt data3.txt
$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160315/da36219b/attachment-0001.bin>


More information about the openssl-dev mailing list