search

sonic-net / sonic-fips

SONiC FIPS module
Other
0 stars 9 forks source link

UT failure 80-test_cms.t when symcrypt enabled #46

Closed xumia closed 11 months ago

xumia commented 11 months ago

The expected result is 6, but when symcrypt enabled, it returns 0.

It happens when the debain openssl upgraded from 1.1.1n-0+deb11u4 to 1.1.1n-0+deb11u5, it applied some security patches, adding a new UT, see the PR https://github.com/sonic-net/sonic-fips/pull/45.

UT added by the patch:

https://salsa.debian.org/debian/openssl/-/blob/7487023f21d637f6c4aa8d6f8dcd2a20a554fe33/debian/patches/Check-CMS-failure-during-BIO-setup-with-stream-is-handled.patch

Test result

See build result: https://dev.azure.com/mssonic/build/_build/results?buildId=383011&view=logs&jobId=011e1ec8-6569-5e69-4f06-baf193d1351e&j=011e1ec8-6569-5e69-4f06-baf193d1351e&t=e41ce7ed-8506-5fe7-0eaa-68d3583c0fff

../../util/shlib_wrap.sh ../../apps/openssl cms -encrypt -in ../../../test/smcont.txt -stream -recip ../../../test/smime-certs/badrsa.pem => 0
not ok 7 - Check failure during BIO setup with -stream is handled correctly

Test Summary Report
-------------------
../../test/recipes/80-test_cms.t                    (Wstat: 256 Tests: 7 Failed: 1)
  Failed test:  7
  Non-zero exit status: 1

Test in local machine

When symcrypt enabled, return value is 0: xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$ ../../util/shlib_wrap.sh ../../apps/openssl cms -encrypt -in ../../../test/smcont.txt -stream -recip ../../../test/smime-certs/badrsa.pem MIME-Version: 1.0 Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHA6CAMIACAQAxggFgMIIBXAIBADBEMC0xKzApBgNV9wMTIlNh bXBsZSBMQU1QUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkCE6E1eGdIritPL2T9tKE4 f/4QvAQwDQYJKoZIhvcNAQEBBQAEggEAKtSQTOdHxza21iAdErprVLbukhkNcSlr f4qD6l0KtoH8wXi56un233q8zL0LycJQShtZti1/bt6u8QxQ6gVtIIcCMn52RLLN /LsfCKqu8wsTFnl0ou7KlvpR/CnGJ/sPDk39DCQAw6EbkBX2eztaEokrELPyWC4P 0zn2IvNyXPb8AzwSFh1r/YqDtb24nVwjhFz+bdskoyE5kDoWSJAEQ2k9ifTOsDfS 2lURVArWC47L/K3Y7Lg6/nSN8a4903sgCg0pNrsKyLIPHFEjdwibJT0q+fV4AMPo KTphpCJ3mRlfOUT68LDtKgtKW4ahYNIIo194XrYIlHnlysxhDZ9bWzCABgkqhkiG 9w0BBwEwFAYIKoZIhvcNAwcECFrtdIGsnzN0oIAEUF4jmJPzJNjJmam5qqy+Gt45 /8v2FePj4PFWU+9Ionh79LgZ093v85LnXimtwyOF2gGdA/5dCBVf1Um7VU7E2lGR t0XHI/cPuYjPb4syJlgBBAjxBF/q/9saIwAAAAAAAAAAAAA=

xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$ echo $?

When symcrypt disabled, the return value is 6: xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$ ../../util/shlib_wrap.sh ../../apps/openssl cms -encrypt -in ../../../test/smcont.txt -stream -recip ../../../test/smime-certs/badrsa.pem MIME-Version: 1.0 Content-Disposition: attachment; filename="smime.p7m" Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Transfer-Encoding: base64

140060474406208:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:../crypto/bn/bn_gcd.c:530: 140060474406208:error:2E07D074:CMS routines:cms_EnvelopedData_init_bio:error setting recipientinfo:../crypto/cms/cms_env.c:885: 140060474406208:error:0D0D3041:asn1 encoding routines:i2d_ASN1_bio_stream:malloc failure:../crypto/asn1/asn_mime.c:75: xumia@9536115ace06:~/sonic-fips-dev/src/openssl/build_shared/test/testutil$