From 454d7781eba4b112c0358f66a2eab684816c60fe Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 16 Jul 2025 15:08:48 +0200
Subject: [PATCH] Add a test of 'openssl storeutl' with a BER-encoded PKCS#12
 file

The test file (test-BER.p12) was given to us by David von Oheimb

Co-Authored-By: David von Oheimb <david.von.oheimb@siemens.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28016)

(cherry picked from commit 49f8db53274191987b57d8e5542218690a983e35)
---
 test/recipes/90-test_store_cases.t            |  24 +++++++++++++++++-
 .../90-test_store_cases_data/test-BER.p12     | Bin 0 -> 2126 bytes
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 test/recipes/90-test_store_cases_data/test-BER.p12

diff --git a/test/recipes/90-test_store_cases.t b/test/recipes/90-test_store_cases.t
index 05b00e6b4eb..02f989be413 100644
--- a/test/recipes/90-test_store_cases.t
+++ b/test/recipes/90-test_store_cases.t
@@ -18,9 +18,10 @@ use OpenSSL::Test::Utils;
 my $test_name = "test_store_cases";
 setup($test_name);
 
-plan tests => 2;
+plan tests => 3;
 
 my $stderr;
+my @stdout;
 
 # The case of the garbage PKCS#12 DER file where a passphrase was
 # prompted for.  That should not have happened.
@@ -34,3 +35,24 @@ open DATA, $stderr;
 close DATA;
 ok(scalar @match > 0 ? 0 : 1,
    "checking that storeutl didn't ask for a passphrase");
+
+ SKIP: {
+     skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1
+         if disabled("ec");
+     skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1
+         if disabled("des");
+
+     # The case with a BER-encoded PKCS#12 file, using infinite + EOC
+     # constructs.  There was a bug with those in OpenSSL 3.0 and newer,
+     # where OSSL_STORE_load() (and by consequence, 'openssl storeutl')
+     # only extracted the first available object from that file and
+     # ignored the rest.
+     # Our test file has a total of four objects, and this should be
+     # reflected in the total that 'openssl storeutl' outputs
+     @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345',
+                        data_file('test-BER.p12')]),
+                   capture => 1);
+     @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp
+     ok((grep { $_ eq 'Total found: 4' } @stdout),
+        "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects");
+}
diff --git a/test/recipes/90-test_store_cases_data/test-BER.p12 b/test/recipes/90-test_store_cases_data/test-BER.p12
new file mode 100644
index 0000000000000000000000000000000000000000..256e697bac1a028d3e95c8ad3a37e82f753982eb
GIT binary patch
literal 2126
zc-m!>c{tPy7sr3ISQC-#bgdcd*w^e!q%skisL2w;XsEG<VQN%EBBI1aWUC=#Eqh#<
zOD1E#$V{5oWMU+Q!t1@yyWj8goIlR@oaa2x`J4k!27@5*WL^P{)Dx-S4}$nW#mOqk
zPy&PvPyRm}N&wlz2_WnJu;4xL&w`L32wa>(g{SnvVZ4I>GWSQyLdE@U?t|0po#{j9
zcp4WSdObX5b`cB#`T=OlBl-7P><4$8u#r-YnsO6i*9|s|i|`W$1=fK(Lz@8ePJ`P8
zi_M_7MZ!VlvOYUDQP?usz>sJ*0XFxfDznq&#T=$DoDQBz^fOwD4^tWEPcafmD(Lc8
za*2E-sGU@$;2E#)$<gr0n93$oGLHkR6kR)5vvTxq2T1LG;bEfK43t${bR*Hx>>d~5
zNZu8XZ@r@(H14>dhk`5rduxFsdJ<4^s=4p|KlCe~NnO|5G3KjVc^{c}4{r9KCUHG2
z1r5Lfzybk47!U+p11<sX00y`W!~wzk85W2Ft^$Gkt|#CIcmVtQZ?e3_`=G&~|M5V7
zg^656J2?T{whOe8P=qEFqqU5Q{1ayJpV#s;k_*Fojx^@5hpjjjct-{;#qJ^EgZk9E
zV1H7c3AdcCyW2@~II+uDk={hY&iPKE#t_Tyih{)T@V&q|<q_eosX{M@UF5jpmyPe#
zPYuH%hig!DvCR5J?|JHy3P`fa0z*9L)#)9PSCWC_@p2xmEbvx|pRDkzzL?%#E~nsr
zXuf+Msgt-89)88I{nWuc^YhiL1B9%U`@$<U8=r)8T<UMIY240dtWlBHsmVYgbGLMF
zD(von?+o+OTZYIEnZdaYjgsnEa`Ju{!L+UH1y{!=NmMsLX%yJVt*5SR<QUfuVzYCt
zd{aHcFsBXsb45Gf$B=ILp0GiWntHvBmZ-Drr=UOSMw;ASOPBXfkcqq9<^kQ~xJY|E
zNw{f{IhQ>+`|WMbG$+AOgf~V&)c$_(2ayKT{-i#8Q=92sy+92HPTk&>T}=8u3%ZY0
z6szC>C6|vPUTO;~L7H7~Iu<f@OG;IFTOYf(H+_@aO<Q%koEotzW}^qhL<#bFVW@^7
zo47`w?xKhVY*&O93bKuId{wymtGE!j)zmV-t?!e_8INj~hJP8w=Y?;J<9A4~ve~+g
z=Gw()Q~3)sN#`Oej^5%CQfQ=(`ma~x6sn=20EvV@wuoZ~1eXy>wV3*rD^V#qkJT`I
z8JYoJvdtM*#~l;%nP2(I*ZN~5@oRfuXN%4VCL(hgos!W0=d0JgEPU=j$~xr^NkiSV
z>q3KqMn2N{mBVn0%aWv+ZChW|KfWjK=JD;wk_{VcgAgjgw5i_8*<|f8ANtD~SXI<(
zO4D;W2}%`3$Pl^Rxf5kfsCbUI5I$2TJ=rXn3z>yY@2Uv>euZM4nI1c2Hyo$40l15q
zP?sGLqh9vTgL^=X>RIH;vro)>HrJmcS)h>Mk@77~$?E7NW@&aSIU27uqk))jZ|HGH
zTv9X#-1Xe_{Bt(n?3N4`Y}8Chr$sAVecfuNE%ck(&MO?NJQuS*n%g8F-Em8zwW948
zrNx9Wj|J_Zspg13z`dzizyL%_w>N<22ZW`xWVDbwb9zlal~C864gZPRi`M~}k8ZSF
zEm5?lt5=>Ey%k)dji!TJS{lvCEqf)s+@8ycl+nZ?7B5uSRXAtz2GfDq1ds8yIF@y>
zeZs;znm=AAd5dTm5N<h{f8<ejSv2}>i!<WHFXQhcJ*=J`8e_h!|H0AE5>0?P{qP!I
z&fsY2dc;vojm>Tx`Eg3_&~e`RX+iZkizqN56fO2R0)2Jlt!k01bAkEbT`4;*QZTJy
z;hWVxn!c21x5WofdL**hn^8A!3x6XulpS)j*27-y+iL1GlmNE5ULMC(?CH2xc=C<Q
zWjx82=sIUKWr>%zxM4eVvV-r+ivQeD{8PG*uV9TfhU8qIOQP-ezqz9}!5Z@fBf{Kk
zGFdGC4uIbwjX+KW#)BMb%hCbr$)l+<17Iv5SxZB^H7T$6X&e7~#OiP4hjUTost0n_
zzB<4}TP~q_o?J9R<bADAEIb&{{gGCCXsTl;<8wLw_u-2(0R`ZqC{%Mp$r!Pe`j{bn
zVPar!QY~$Vo8F6*Tvfj3Qtyf?G=F-SOyw_j(Mgl57U3YI{bs$}ji9P)x759EvyGq$
zC)yW7nW;AuVwJ5~A-zlenqvgF44XZMz=b`TjJEEljGi2Zn683+{7msr&v!lIz-Ovm
zThiKtaw7f5N3`Q6WcJLBgPjK^L)uR-x)_sh!&OsX+73pK^p<Y93_C;NZTjIcS*N6I
zn`5P%LyJP#S_<v4bW^WMlO2)4Qq{W#FKCMG^RafEH%c3%%df=GbCu32WLH|spZ;R~
zv6koON&MPkI=5`;wW}jk0f!PMt6@ZhB-JBOY58o!#*u6X=S%UNcTNVH%EVcdFmd#>
zbn}bJsbi*_<LmFX?$EQ-r9bzT_HE$@Vpja>fB_=TJG*|2R@tSSLP#7hK9P>c%fsw9
zJeavwmK+R&!cBkKp@cRVw5uF7tcv~)YK|pgd&0N<Z~-#GByWSmb=gL9>{bJopA@6;
zr=6skoW{{Fp%Gn?Euzf3VTU7D9~T5+t0ZnJ8)QKx7S6|o*L;(3YSaP#BDfV?5iY>X
zqbUpl%kThD@lVGrfzoO8%b7#^5)UW951i}^?m@-B86}-t3Q>u_f|~Age<+#qC`DQq
K3;|{CPxw3J_0aAB

literal 0
Hc-jL100001

-- 
2.47.2