File openssl-CVE-2025-15467-test.patch of Package openssl-3.42398
From 0df9528c923841c5aa48b7dee8f14f0111c2834b Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Sun, 11 Jan 2026 12:11:37 +0100
Subject: [PATCH] Test for handling of AEAD-encrypted CMS with inadmissibly
long IV
---
test/cmsapitest.c | 39 ++++++++++++++++++-
test/recipes/80-test_cmsapi.t | 3 +-
.../encDataWithTooLongIV.pem | 11 ++++++
3 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
Index: openssl-3.0.8/test/cmsapitest.c
===================================================================
--- openssl-3.0.8.orig/test/cmsapitest.c
+++ openssl-3.0.8/test/cmsapitest.c
@@ -9,16 +9,17 @@
#include <string.h>
+#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
-#include <openssl/pem.h>
#include "testutil.h"
static X509 *cert = NULL;
static EVP_PKEY *privkey = NULL;
static char *derin = NULL;
+static char *too_long_iv_cms_in = NULL;
static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
{
@@ -356,6 +357,38 @@ end:
return ret;
}
+static int test_cms_aesgcm_iv_too_long(void)
+{
+ int ret = 0;
+ BIO *cmsbio = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ unsigned long err = 0;
+
+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r")))
+ goto end;
+
+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL)))
+ goto end;
+
+ /* Must fail cleanly (no crash) */
+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0)))
+ goto end;
+ err = ERR_peek_last_error();
+ if (!TEST_ulong_ne(err, 0))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR))
+ goto end;
+
+ ret = 1;
+end:
+ CMS_ContentInfo_free(cms);
+ BIO_free(cmsbio);
+ BIO_free(out);
+ return ret;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
int setup_tests(void)
@@ -370,7 +403,8 @@ int setup_tests(void)
if (!TEST_ptr(certin = test_get_argument(0))
|| !TEST_ptr(privkeyin = test_get_argument(1))
- || !TEST_ptr(derin = test_get_argument(2)))
+ || !TEST_ptr(derin = test_get_argument(2))
+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3)))
return 0;
certbio = BIO_new_file(certin, "r");
@@ -402,6 +436,7 @@ int setup_tests(void)
ADD_TEST(test_encrypt_decrypt_aes_256_gcm);
ADD_TEST(test_d2i_CMS_bio_NULL);
ADD_ALL_TESTS(test_d2i_CMS_decode, 2);
+ ADD_TEST(test_cms_aesgcm_iv_too_long);
return 1;
}
Index: openssl-3.0.8/test/recipes/80-test_cmsapi.t
===================================================================
--- openssl-3.0.8.orig/test/recipes/80-test_cmsapi.t
+++ openssl-3.0.8/test/recipes/80-test_cmsapi.t
@@ -18,5 +18,6 @@ plan tests => 1;
ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
srctop_file("test", "certs", "serverkey.pem"),
- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])),
"running cmsapitest");
Index: openssl-3.0.8/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
===================================================================
--- /dev/null
+++ openssl-3.0.8/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
@@ -0,0 +1,11 @@
+-----BEGIN CMS-----
+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G
+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V
+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV
+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd
+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2
+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu
+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P
+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl
+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO
+-----END CMS-----
