-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REGRESSION] CMS_Final() fails when modifying CMS #21026
Comments
@DDvO might have an idea what is wrong here. If I remember correctly he was touching this code. |
Root cause: #19919 |
@mattcaswell: can you please look into this issue? |
I do not see how #19919 could cause this. Is this no longer reproducible if this PR is reverted? |
Hmm, I went back in the commit history as far as commit 0195cdd of #16466 Even there the issue surfaces when cherry-picking commit 9e5bd89. |
BTW, a hint for others using the reproduction project:
After doing any experimental changes to the local OpenSSL branch, call
|
@DDvO : Thanks for checking this out, I will be glad to understand what's wrong with API usage, it works since openssl-1.1 up to now. The mission is adding recepient to existing CMS, in openssl-1.1 without the call to BTW: You can just override the |
I've just tested this with
Good hint - so one can simply use
|
@DDvO : I would like to bring into your attention that when adding a new signer to existing CMS there is no need to call |
I meanwhile found that Actually independent of that, there is the following mem leak on the content encryption key in the cms structure:
where I found that the following would be a workaround that could be done just before
|
Hi, Thanks great! I can confirm that removing the Look at this branch: https://github.com/alonbl/openssl-regression-cms/tree/no-final Alon |
Actually this works also with |
Root cause: #19919 "Fix SMIME_crlf_copy() to properly report an error"
master
9e5bd89>=openssl-3.0.8
6259cf3Previous behavior required
CMS_final()
to be called when CMS is modified (for example add recepient).Currently, the
CMS_final()
fails with:Interestingly, if the
CMS_final()
is removed, the CMS is created correctly, however, it leaks memory.Reproduction project is available here[1].
[1] https://github.com/alonbl/openssl-regression-cms
The text was updated successfully, but these errors were encountered: