CMS_final: do not ignore CMS_dataFinal result
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Medium
|
Adrien Nader | ||
Jammy |
Fix Released
|
Medium
|
Adrien Nader | ||
Kinetic |
Won't Fix
|
Medium
|
Adrien Nader | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
=== SRU information ===
[Meta]
This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is http://
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather than ignore it.
[Test plan]
This issue is not very simple to reproduce because "openssl cms" cannot be used to do so. This has to be done with the openssl API instead.
At least the bug reportere here and the one on openssl's bug tracker have confirmed the patch solves the issue. Additionally, the bug reporter here has tested the PPA that contains the patche and validated it. Finally, I read through the patch attentively.
[Where problems could occur]
At this point it is unlikely an error would appear. The openssl bug tracker mentions nothing related to this patch which landed more than a year ago. The patch is simple and doesn't change the code logic.
[Patches]
The patches come directly from upstream and apply cleanly.
https:/
* https:/
* https:/
=== Original description ===
https:/
The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.
Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)"
Thanks
Upstream commit:
```
commit 67c0460b89cc1b0
Author: Alon Bar-Lev <email address hidden>
Date: Tue Jul 26 15:17:06 2022 +0300
Handle SMIME_crlf_copy return code
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.
This patch handles the SMIME_crlf_copy return code in all occurrences.
Signed-off-by: Alon Bar-Lev <email address hidden>
Reviewed-by: Tomas Mraz <email address hidden>
Reviewed-by: Paul Dale <email address hidden>
Reviewed-by: Hugo Landau <email address hidden>
(Merged from https:/
```
tags: | added: foundations-triage-discuss |
Changed in openssl (Ubuntu Jammy): | |
assignee: | nobody → Adrien Nader (adrien-n) |
Changed in openssl (Ubuntu Kinetic): | |
assignee: | nobody → Adrien Nader (adrien-n) |
Changed in openssl (Ubuntu): | |
assignee: | nobody → Adrien Nader (adrien-n) |
Changed in openssl (Ubuntu Jammy): | |
status: | Triaged → Incomplete |
Changed in openssl (Ubuntu Kinetic): | |
status: | Triaged → Incomplete |
Changed in openssl (Ubuntu): | |
status: | Triaged → Incomplete |
Changed in openssl (Ubuntu Jammy): | |
status: | Triaged → In Progress |
milestone: | none → jammy-updates |
Changed in openssl (Ubuntu): | |
status: | Triaged → In Progress |
Changed in openssl (Ubuntu Lunar): | |
status: | New → Fix Released |
Changed in openssl (Ubuntu): | |
status: | In Progress → Fix Released |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
tags: |
added: verification-done verification-done-jammy removed: verification-needed verification-needed-jammy |
tags: | removed: foundations-triage-discuss |
"git tag --contains 67c0460b89cc1b0 644a1a59af78284 dfd8d720af" shows that no release contains the upstream commit yet.