On 3/15/16, 15:29 , "openssl-dev on behalf of Viktor Dukhovni" <openssl-dev-boun...@openssl.org on behalf of openssl-us...@dukhovni.org> wrote:
>These days, most people recommend encrypt then sign. CMS and S/MIME >natively support sign-then-encrypt, but encapsulating encrypted >content as signed content as above also works. Please excuse my ignorance - how do you invoke “openssl cms” to accomplish native “sign-then-encrypt” (which in some cases is still OK)? >>The only problem - now I have one test failing: >> >> ../test/recipes/80-test_ca.t .............. ok >> ../test/recipes/80-test_cms.t ............. 2/4 > >The CMS tests pass when I run them: > >$ HARNESS_VERBOSE=yes make TESTS=test_cms test >( cd test; SRCTOP=../. BLDTOP=../. EXE_EXT= /usr/pkg/bin/perl >.././test/run_tests.pl test_cms ) >../test/recipes/80-test_cms.t .. Alas, for some reason does not work here: ../test/recipes/80-test_ca.t .............. ok ../test/recipes/80-test_cms.t ............. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients' # at ../test/recipes/80-test_cms.t line 376. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, 3rd used' # at ../test/recipes/80-test_cms.t line 376. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, key only used' # at ../test/recipes/80-test_cms.t line 376. # Failed test 'enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients' # at ../test/recipes/80-test_cms.t line 376. # Looks like you failed 4 tests of 15. ../test/recipes/80-test_cms.t ............. 1/4 # Failed test 'CMS => PKCS\#7 compatibility tests # ' # at ../test/recipes/80-test_cms.t line 381. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients' # at ../test/recipes/80-test_cms.t line 391. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, 3rd used' # at ../test/recipes/80-test_cms.t line 391. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, key only used' # at ../test/recipes/80-test_cms.t line 391. # Failed test 'enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients' # at ../test/recipes/80-test_cms.t line 391. # Looks like you failed 4 tests of 15. ../test/recipes/80-test_cms.t ............. 2/4 # Failed test 'CMS <= PKCS\#7 compatibility tests # ' # at ../test/recipes/80-test_cms.t line 396. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients' # at ../test/recipes/80-test_cms.t line 407. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, 3rd used' # at ../test/recipes/80-test_cms.t line 407. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, key only used' # at ../test/recipes/80-test_cms.t line 407. # Failed test 'enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients' # at ../test/recipes/80-test_cms.t line 407. # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, keyid' # at ../test/recipes/80-test_cms.t line 418. # Failed test 'enveloped content test streaming PEM format, KEK' # at ../test/recipes/80-test_cms.t line 418. # Failed test 'enveloped content test streaming PEM format, KEK, key only' # at ../test/recipes/80-test_cms.t line 418. # Failed test 'encrypted content test streaming PEM format, 128 bit RC2 key' # at ../test/recipes/80-test_cms.t line 418. # Failed test 'encrypted content test streaming PEM format, 40 bit RC2 key' # at ../test/recipes/80-test_cms.t line 418. # Failed test 'encrypted content test streaming PEM format, triple DES key' # at ../test/recipes/80-test_cms.t line 418. # Failed test 'encrypted content test streaming PEM format, 128 bit AES key' # at ../test/recipes/80-test_cms.t line 418. # Looks like you failed 11 tests of 27. ../test/recipes/80-test_cms.t ............. 3/4 # Failed test 'CMS <=> CMS consistency tests # ' # at ../test/recipes/80-test_cms.t line 423. # Failed test 'enveloped content test streaming S/MIME format, OAEP default parameters' # at ../test/recipes/80-test_cms.t line 435. # Failed test 'enveloped content test streaming S/MIME format, OAEP SHA256' # at ../test/recipes/80-test_cms.t line 435. # Failed test 'enveloped content test streaming S/MIME format, ECDH' # at ../test/recipes/80-test_cms.t line 435. # Failed test 'enveloped content test streaming S/MIME format, ECDH, key identifier' # at ../test/recipes/80-test_cms.t line 435. # Failed test 'enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF' # at ../test/recipes/80-test_cms.t line 435. # Failed test 'enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH' # at ../test/recipes/80-test_cms.t line 435. # Failed test 'enveloped content test streaming S/MIME format, X9.42 DH' # at ../test/recipes/80-test_cms.t line 435. # Looks like you failed 7 tests of 11. # Failed test 'CMS <=> CMS consistency tests, modified key parameters # ' # at ../test/recipes/80-test_cms.t line 458. # Looks like you failed 4 tests of 4. ../test/recipes/80-test_cms.t ............. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/4 subtests ../test/recipes/80-test_ct.t .............. ok ../test/recipes/80-test_dane.t ............ ok ../test/recipes/80-test_dtlsv1listen.t .... ok ../test/recipes/80-test_ocsp.t ............ ok ../test/recipes/80-test_ssl.t ............. ok ../test/recipes/80-test_tsa.t ............. ok ../test/recipes/90-test_async.t ........... ok ../test/recipes/90-test_constant_time.t ... ok ../test/recipes/90-test_gmdiff.t .......... ok ../test/recipes/90-test_heartbeat.t ....... skipped: heartbeats is not supported by this OpenSSL build ../test/recipes/90-test_ige.t ............. ok ../test/recipes/90-test_memleak.t ......... ok ../test/recipes/90-test_networking.t ...... ok ../test/recipes/90-test_np.t .............. ok ../test/recipes/90-test_p5_crpt2.t ........ ok ../test/recipes/90-test_secmem.t .......... ok ../test/recipes/90-test_srp.t ............. ok ../test/recipes/90-test_threads.t ......... ok ../test/recipes/90-test_v3name.t .......... ok Test Summary Report ------------------- ../test/recipes/80-test_cms.t (Wstat: 1024 Tests: 4 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 Files=71, Tests=394, 51 wallclock secs ( 0.50 usr 0.16 sys + 32.64 cusr 14.65 csys = 47.95 CPU) Result: FAIL Failed 1/71 test programs. 4/394 subtests failed. make: *** [test] Error 255 And here’s the detailed output: $ HARNESS_VERBOSE=yes make TESTS=test_cms test ( cd test; \ SRCTOP=../. \ BLDTOP=../. \ EXE_EXT= \ /opt/local/bin/perl5 .././test/run_tests.pl test_cms ) ../test/recipes/80-test_cms.t .. 1..4 # Subtest: CMS => PKCS#7 compatibility tests 1..15 Verification successful ok 1 - signed content DER format, RSA key Verification successful ok 2 - signed detached content DER format, RSA key Verification successful ok 3 - signed content test streaming BER format, RSA Verification successful ok 4 - signed content DER format, DSA key Verification successful ok 5 - signed detached content DER format, DSA key Verification successful ok 6 - signed detached content DER format, add RSA signer Verification successful ok 7 - signed content test streaming BER format, DSA key Verification successful ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys Verification successful ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes Verification successful ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA keys Verification successful ok 11 - signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 12 - enveloped content test streaming S/MIME format, 3 recipients # Failed test 'enveloped content test streaming S/MIME format, 3 recipients' # at ../test/recipes/80-test_cms.t line 376. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 13 - enveloped content test streaming S/MIME format, 3 recipients, 3rd used # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, 3rd used' # at ../test/recipes/80-test_cms.t line 376. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 14 - enveloped content test streaming S/MIME format, 3 recipients, key only used # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, key only used' # at ../test/recipes/80-test_cms.t line 376. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 15 - enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients # Failed test 'enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients' # at ../test/recipes/80-test_cms.t line 376. # Looks like you failed 4 tests of 15. not ok 1 - CMS => PKCS\#7 compatibility tests # # Failed test 'CMS => PKCS\#7 compatibility tests # ' # at ../test/recipes/80-test_cms.t line 381. # Subtest: CMS <= PKCS#7 compatibility tests 1..15 Verification successful ok 1 - signed content DER format, RSA key Verification successful ok 2 - signed detached content DER format, RSA key Verification successful ok 3 - signed content test streaming BER format, RSA Verification successful ok 4 - signed content DER format, DSA key Verification successful ok 5 - signed detached content DER format, DSA key Verification successful ok 6 - signed detached content DER format, add RSA signer Verification successful ok 7 - signed content test streaming BER format, DSA key Verification successful ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys Verification successful ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes Verification successful ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA keys Verification successful ok 11 - signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys Error writing output 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 12 - enveloped content test streaming S/MIME format, 3 recipients # Failed test 'enveloped content test streaming S/MIME format, 3 recipients' # at ../test/recipes/80-test_cms.t line 391. Error writing output 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 13 - enveloped content test streaming S/MIME format, 3 recipients, 3rd used # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, 3rd used' # at ../test/recipes/80-test_cms.t line 391. Error writing output 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 14 - enveloped content test streaming S/MIME format, 3 recipients, key only used # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, key only used' # at ../test/recipes/80-test_cms.t line 391. Error writing output 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 15 - enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients # Failed test 'enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients' # at ../test/recipes/80-test_cms.t line 391. # Looks like you failed 4 tests of 15. not ok 2 - CMS <= PKCS\#7 compatibility tests # # Failed test 'CMS <= PKCS\#7 compatibility tests # ' # at ../test/recipes/80-test_cms.t line 396. # Subtest: CMS <=> CMS consistency tests 1..27 Verification successful ok 1 - signed content DER format, RSA key Verification successful ok 2 - signed detached content DER format, RSA key Verification successful ok 3 - signed content test streaming BER format, RSA Verification successful ok 4 - signed content DER format, DSA key Verification successful ok 5 - signed detached content DER format, DSA key Verification successful ok 6 - signed detached content DER format, add RSA signer Verification successful ok 7 - signed content test streaming BER format, DSA key Verification successful ok 8 - signed content test streaming BER format, 2 DSA and 2 RSA keys Verification successful ok 9 - signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes Verification successful ok 10 - signed content test streaming S/MIME format, 2 DSA and 2 RSA keys Verification successful ok 11 - signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 12 - enveloped content test streaming S/MIME format, 3 recipients # Failed test 'enveloped content test streaming S/MIME format, 3 recipients' # at ../test/recipes/80-test_cms.t line 407. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 13 - enveloped content test streaming S/MIME format, 3 recipients, 3rd used # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, 3rd used' # at ../test/recipes/80-test_cms.t line 407. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 14 - enveloped content test streaming S/MIME format, 3 recipients, key only used # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, key only used' # at ../test/recipes/80-test_cms.t line 407. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 15 - enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients # Failed test 'enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients' # at ../test/recipes/80-test_cms.t line 407. Verification successful ok 16 - signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid Verification successful ok 17 - signed content test streaming PEM format, 2 DSA and 2 RSA keys Verification successful ok 18 - signed content MIME format, RSA key, signed receipt request Verification successful ok 19 - signed receipt MIME format, RSA key 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 20 - enveloped content test streaming S/MIME format, 3 recipients, keyid # Failed test 'enveloped content test streaming S/MIME format, 3 recipients, keyid' # at ../test/recipes/80-test_cms.t line 418. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 21 - enveloped content test streaming PEM format, KEK # Failed test 'enveloped content test streaming PEM format, KEK' # at ../test/recipes/80-test_cms.t line 418. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 22 - enveloped content test streaming PEM format, KEK, key only # Failed test 'enveloped content test streaming PEM format, KEK, key only' # at ../test/recipes/80-test_cms.t line 418. ok 23 - data content test streaming PEM format 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 24 - encrypted content test streaming PEM format, 128 bit RC2 key # Failed test 'encrypted content test streaming PEM format, 128 bit RC2 key' # at ../test/recipes/80-test_cms.t line 418. 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 25 - encrypted content test streaming PEM format, 40 bit RC2 key # Failed test 'encrypted content test streaming PEM format, 40 bit RC2 key' # at ../test/recipes/80-test_cms.t line 418. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 26 - encrypted content test streaming PEM format, triple DES key # Failed test 'encrypted content test streaming PEM format, triple DES key' # at ../test/recipes/80-test_cms.t line 418. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 27 - encrypted content test streaming PEM format, 128 bit AES key # Failed test 'encrypted content test streaming PEM format, 128 bit AES key' # at ../test/recipes/80-test_cms.t line 418. # Looks like you failed 11 tests of 27. not ok 3 - CMS <=> CMS consistency tests # # Failed test 'CMS <=> CMS consistency tests # ' # at ../test/recipes/80-test_cms.t line 423. # Subtest: CMS <=> CMS consistency tests, modified key parameters 1..11 Verification successful ok 1 - signed content test streaming PEM format, RSA keys, PSS signature Verification successful ok 2 - signed content test streaming PEM format, RSA keys, PSS signature, no attributes Verification successful ok 3 - signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 4 - enveloped content test streaming S/MIME format, OAEP default parameters # Failed test 'enveloped content test streaming S/MIME format, OAEP default parameters' # at ../test/recipes/80-test_cms.t line 435. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 5 - enveloped content test streaming S/MIME format, OAEP SHA256 # Failed test 'enveloped content test streaming S/MIME format, OAEP SHA256' # at ../test/recipes/80-test_cms.t line 435. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 6 - enveloped content test streaming S/MIME format, ECDH # Failed test 'enveloped content test streaming S/MIME format, ECDH' # at ../test/recipes/80-test_cms.t line 435. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 7 - enveloped content test streaming S/MIME format, ECDH, key identifier # Failed test 'enveloped content test streaming S/MIME format, ECDH, key identifier' # at ../test/recipes/80-test_cms.t line 435. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 8 - enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF # Failed test 'enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF' # at ../test/recipes/80-test_cms.t line 435. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 9 - enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH # Failed test 'enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH' # at ../test/recipes/80-test_cms.t line 435. 140735094448896:error:0D08706D:asn1 encoding routines:ASN1_TYPE_get_octetstring:data is wrong:crypto/asn1/evp_asn1.c:84: 140735094448896:error:2E078066:CMS routines:cms_EncryptedContent_init_bio:cipher parameter initialisation error:crypto/cms/cms_enc.c:187: 140735094448896:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:crypto/asn1/asn_mime.c:119: not ok 10 - enveloped content test streaming S/MIME format, X9.42 DH # Failed test 'enveloped content test streaming S/MIME format, X9.42 DH' # at ../test/recipes/80-test_cms.t line 435. ok 11 - compressed content test streaming PEM format # Looks like you failed 7 tests of 11. not ok 4 - CMS <=> CMS consistency tests, modified key parameters # # Failed test 'CMS <=> CMS consistency tests, modified key parameters # ' # at ../test/recipes/80-test_cms.t line 458. # Looks like you failed 4 tests of 4. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/4 subtests Test Summary Report ------------------- ../test/recipes/80-test_cms.t (Wstat: 1024 Tests: 4 Failed: 4) Failed tests: 1-4 Non-zero exit status: 4 Files=1, Tests=4, 3 wallclock secs ( 0.04 usr 0.01 sys + 1.02 cusr 1.07 csys = 2.14 CPU) Result: FAIL Failed 1/1 test programs. 4/4 subtests failed. make: *** [test] Error 4 In case it matters, the configuration: ./Configure darwin64-x86_64-cc threads shared zlib enable-ec_nistp_64_gcc_128 enable-rfc3779 --prefix=/Users/ur20980/src/openssl-1.1 --openssldir=/Users/ur20980/src/openssl-1.1/etc >>I wonder how difficult would it be to add AEAD support, considering that >> they (usually) can take 96-bit nonce (treated as IV), and the >> authentication tag often is just appended to the ciphertext (and >>expected >> at the end of the ciphertext during decryption). > >Take a look at the RFC and the code... :-) Did you mean https://tools.ietf.org/html/rfc5652, or https://tools.ietf.org/html/rfc5116, or both? P.S. You might like to know that (a) I retrofitted that patch to 1.0.2h-dev, and (b) it works fine with the private key on the token: $ pkcs15-tool -r 03 -o token.cert.pem Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID $ openssl cms -rc4 -encrypt -binary -in data.txt -out data3.txt.cms -outform DER rsa-token.cert.pem $ openssl cms -engine pkcs11 -decrypt -in data3.txt.cms -inform DER -out data3.txt -keyform engine -inkey id_03 -recip rsa-token.cert.pem engine "pkcs11" set. PKCS#11 token PIN: $ diff -u data.txt data3.txt $
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev