The expected result is 6, but when symcrypt enabled, it returns 0.
It happens when the debain openssl upgraded from 1.1.1n-0+deb11u4 to 1.1.1n-0+deb11u5, it applied some security patches, adding a new UT, see the PR https://github.com/sonic-net/sonic-fips/pull/45.
The expected result is 6, but when symcrypt enabled, it returns 0.
It happens when the debain openssl upgraded from 1.1.1n-0+deb11u4 to 1.1.1n-0+deb11u5, it applied some security patches, adding a new UT, see the PR https://github.com/sonic-net/sonic-fips/pull/45.
UT added by the patch:
https://salsa.debian.org/debian/openssl/-/blob/7487023f21d637f6c4aa8d6f8dcd2a20a554fe33/debian/patches/Check-CMS-failure-during-BIO-setup-with-stream-is-handled.patch
Test result
See build result: https://dev.azure.com/mssonic/build/_build/results?buildId=383011&view=logs&jobId=011e1ec8-6569-5e69-4f06-baf193d1351e&j=011e1ec8-6569-5e69-4f06-baf193d1351e&t=e41ce7ed-8506-5fe7-0eaa-68d3583c0fff
Test in local machine
When symcrypt enabled, return value is 0: xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$ ../../util/shlib_wrap.sh ../../apps/openssl cms -encrypt -in ../../../test/smcont.txt -stream -recip ../../../test/smime-certs/badrsa.pem MIME-Version: 1.0 Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHA6CAMIACAQAxggFgMIIBXAIBADBEMC0xKzApBgNV9wMTIlNh bXBsZSBMQU1QUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkCE6E1eGdIritPL2T9tKE4 f/4QvAQwDQYJKoZIhvcNAQEBBQAEggEAKtSQTOdHxza21iAdErprVLbukhkNcSlr f4qD6l0KtoH8wXi56un233q8zL0LycJQShtZti1/bt6u8QxQ6gVtIIcCMn52RLLN /LsfCKqu8wsTFnl0ou7KlvpR/CnGJ/sPDk39DCQAw6EbkBX2eztaEokrELPyWC4P 0zn2IvNyXPb8AzwSFh1r/YqDtb24nVwjhFz+bdskoyE5kDoWSJAEQ2k9ifTOsDfS 2lURVArWC47L/K3Y7Lg6/nSN8a4903sgCg0pNrsKyLIPHFEjdwibJT0q+fV4AMPo KTphpCJ3mRlfOUT68LDtKgtKW4ahYNIIo194XrYIlHnlysxhDZ9bWzCABgkqhkiG 9w0BBwEwFAYIKoZIhvcNAwcECFrtdIGsnzN0oIAEUF4jmJPzJNjJmam5qqy+Gt45 /8v2FePj4PFWU+9Ionh79LgZ093v85LnXimtwyOF2gGdA/5dCBVf1Um7VU7E2lGR t0XHI/cPuYjPb4syJlgBBAjxBF/q/9saIwAAAAAAAAAAAAA=
xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$ echo $?
When symcrypt disabled, the return value is 6: xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$ ../../util/shlib_wrap.sh ../../apps/openssl cms -encrypt -in ../../../test/smcont.txt -stream -recip ../../../test/smime-certs/badrsa.pem MIME-Version: 1.0 Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding: base64
140060474406208:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:../crypto/bn/bn_gcd.c:530: 140060474406208:error:2E07D074:CMS routines:cms_EnvelopedData_init_bio:error setting recipientinfo:../crypto/cms/cms_env.c:885: 140060474406208:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:../crypto/asn1/asn_mime.c:75: xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$