This bug was fixed in the package openssl - 3.0.2-0ubuntu1.13
---------------
openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium
* Fix (upstream): crash when using an engine for ciphers used by DRBG
(LP: #2023545)
- lp2023545/0001-Release-the-drbg-in-the-global-default-context-befor.patch
* Fix (upstream): do not ignore return values for S/MIME signature
(LP: #1994165)
- lp1994165/0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch
* Perf (upstream): don't empty method stores and provider synchronization
records when flushing the query cache (LP: #2033422)
- lp2033422/0001-Drop-ossl_provider_clear_all_operation_bits-and-all-.patch
- lp2033422/0002-Refactor-method-construction-pre-and-post-condition.patch
- lp2033422/0003-Don-t-empty-the-method-store-when-flushing-the-query.patch
- lp2033422/0004-Make-it-possible-to-remove-methods-by-the-provider-t.patch
- lp2033422/0005-Complete-the-cleanup-of-an-algorithm-in-OSSL_METHOD_.patch
- lp2033422/0006-For-child-libctx-provider-don-t-count-self-reference.patch
- lp2033422/0007-Add-method-store-cache-flush-and-method-removal-to-n.patch
-- Adrien Nader <[email protected]> Tue, 09 Jan 2024 11:42:50
+0100
** Changed in: openssl (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Jammy:
Fix Released
Status in openssl source package in Kinetic:
Won't Fix
Status in openssl source package in Lunar:
Fix Released
Bug description:
=== SRU information ===
[Meta]
This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
This issue is not very simple to reproduce because "openssl cms" cannot be
used to do so. This has to be done with the openssl API instead.
At least the bug reportere here and the one on openssl's bug tracker have
confirmed the patch solves the issue. Additionally, the bug reporter here has
tested the PPA that contains the patche and validated it. Finally, I read
through the patch attentively.
[Where problems could occur]
At this point it is unlikely an error would appear. The openssl bug tracker
mentions nothing related to this patch which landed more than a year ago. The
patch is simple and doesn't change the code logic.
[Patches]
The patches come directly from upstream and apply cleanly.
https://github.com/openssl/openssl/pull/18876
*
https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-sru-0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0
*
https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-sru-0002-Handle-SMIME_crlf_copy-return-code.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0
=== Original description ===
https://github.com/openssl/openssl/pull/18876
The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning success from CMS_final.
Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)"
Thanks
Upstream commit:
```
commit 67c0460b89cc1b0644a1a59af78284dfd8d720af
Author: Alon Bar-Lev <[email protected]>
Date: Tue Jul 26 15:17:06 2022 +0300
Handle SMIME_crlf_copy return code
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.
This patch handles the SMIME_crlf_copy return code in all
occurrences.
Signed-off-by: Alon Bar-Lev <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Hugo Landau <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/18876)
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1994165/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
