REGRESSION: CMS_final: do not ignore CMS_dataFinal result

The CMS_dataFinal result is important as signature may fail, however, it is ignored while returning success from CMS_final. The SMIME_crlf_copy result is returned while it is ignored in the rest of the openssl code. Prefer the CMS_dataFinal result. This is regression from openssl-1. Blame finds c1669f41ei as root cause of regression. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #18876)
openssl · Jul 28, 2022 · b037561 · b037561
1 parent 38b051a
commit b037561
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
@@ -882,14 +882,17 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
         return 0;
     }
 
-    ret = SMIME_crlf_copy(data, cmsbio, flags);
+    SMIME_crlf_copy(data, cmsbio, flags);
 
     (void)BIO_flush(cmsbio);
 
     if (!CMS_dataFinal(cms, cmsbio)) {
         ERR_raise(ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR);
         goto err;
     }
+
+    ret = 1;
+
 err:
     do_free_upto(cmsbio, dcont);