Comment 23 for bug 1994165

As expected, it wasn't very easy to create a reproducer since the openssl tool couldn't be used and it required introducing errors in lower layers. Moreover the CMS_dataFinal symbol cannot be overriden in a meaningful way, probably either due to LTO or symbol visibility. Fortunately it was still possible to do it through GDB even though it couldn't locate the symbol at first (hence the message "Function "CMS_dataFinal" not defined.")

# apt-get install -y gdb

# cat > gdb_commands << EOF
> set breakpoint pending on
break CMS_dataFinal
r
return (int) 0
c
q
EOF

# echo foo > mail.txt

# openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 30
# echo use "1234" as password and press enter for each subsequent question

# gdb --return-child-result --batch-silent --command=gdb_commands --args openssl cms -sign -in mail.txt -out mail.msg -signer cert.pem -inkey key.pem -noindef -nodetach -passin pass:1234; echo $?
Function "CMS_dataFinal" not defined.
0

# echo edit sources.list and apt install -t jammy-proposed libssl3

# # gdb --return-child-result --batch-silent --command=gdb_commands --args openssl cms -sign -in mail.txt -out mail.msg -signer cert.pem -inkey key.pem -noindef -nodetach -passin pass:1234; echo $?
Function "CMS_dataFinal" not defined.
80FBF0F7FF7F0000:error:17000067:CMS routines:CMS_final:cms datafinal error:../crypto/cms/cms_smime.c:890:
3

As can be seen, after the update, the return code is non-0, indicating the error was properly bubbled up.