From: Richard Levitte <levitte@openssl.org>
Date: Wed, 16 Jul 2025 13:08:48 +0000 (+0200)
Subject: Add a test of 'openssl storeutl' with a BER-encoded PKCS#12 file
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=86f8fc5f1b0b90a3484483aa363dc813b7ead6cd;p=thirdparty%2Fopenssl.git

Add a test of 'openssl storeutl' with a BER-encoded PKCS#12 file

The test file (test-BER.p12) was given to us by David von Oheimb

Co-Authored-By: David von Oheimb <david.von.oheimb@siemens.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28016)

(cherry picked from commit 49f8db53274191987b57d8e5542218690a983e35)
---

diff --git a/test/recipes/90-test_store_cases.t b/test/recipes/90-test_store_cases.t
index 05b00e6b4eb..02f989be413 100644
--- a/test/recipes/90-test_store_cases.t
+++ b/test/recipes/90-test_store_cases.t
@@ -18,9 +18,10 @@ use OpenSSL::Test::Utils;
 my $test_name = "test_store_cases";
 setup($test_name);
 
-plan tests => 2;
+plan tests => 3;
 
 my $stderr;
+my @stdout;
 
 # The case of the garbage PKCS#12 DER file where a passphrase was
 # prompted for.  That should not have happened.
@@ -34,3 +35,24 @@ open DATA, $stderr;
 close DATA;
 ok(scalar @match > 0 ? 0 : 1,
    "checking that storeutl didn't ask for a passphrase");
+
+ SKIP: {
+     skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1
+         if disabled("ec");
+     skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1
+         if disabled("des");
+
+     # The case with a BER-encoded PKCS#12 file, using infinite + EOC
+     # constructs.  There was a bug with those in OpenSSL 3.0 and newer,
+     # where OSSL_STORE_load() (and by consequence, 'openssl storeutl')
+     # only extracted the first available object from that file and
+     # ignored the rest.
+     # Our test file has a total of four objects, and this should be
+     # reflected in the total that 'openssl storeutl' outputs
+     @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345',
+                        data_file('test-BER.p12')]),
+                   capture => 1);
+     @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp
+     ok((grep { $_ eq 'Total found: 4' } @stdout),
+        "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects");
+}
diff --git a/test/recipes/90-test_store_cases_data/test-BER.p12 b/test/recipes/90-test_store_cases_data/test-BER.p12
new file mode 100644
index 00000000000..256e697bac1
Binary files /dev/null and b/test/recipes/90-test_store_cases_data/test-BER.p12 differ