Open Bug 59801 Opened 20 years ago Updated 15 years ago

S/MIME toolkit fails when attempting to create signed-enveloped-message


(NSS :: Libraries, defect, P3)



(Not tracked)



(Reporter: bugz, Unassigned)


(Blocks 1 open bug)


nss_cms_before_data is called twice for enveloped-data, which causes an
assertion as memory which has already been written to is attempted to be
rewritten.  It appears that the encoder layering is not proceeding correctly, as
the function should probably not be called twice for the same content type.
Target Milestone: --- → 3.2
Priority: P3 → P1
have to move to 3.3.
Target Milestone: 3.2 → 3.3
Target Milestone: 3.3 → 3.4

you've been working with the S/MIME library.  Have you seen this problem?
I'm only using enveloped messages, not enveloped and signed, so I can't comment
on this report.

Is PSM not using nested content types yet?  I suspect you are, in which case
this bug must be invalid and signed-enveloped messages work.  Or have you not
tried signing an enveloped message?

The way S/MIME works for signing and encrypting is a 2 step process; step 1 is 
to create signature content info and encoder, feed the encoder a hash of the 
message body and append the output to the message as a separate part. step 2 is 
to create an encryption content info and encoder and feed in all the data from 
step 1 (i.e. message body and signature part). No use is made of nested content 
lowering priority since there is no immediate need for this.  This bug may even
be invalid.
Priority: P1 → P3
Blocks: 74157
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Set target milestone to NSS 3.5.
Target Milestone: 3.4 → 3.5
Ian, should this bug be resolved INVALID or be fixed?
I'm setting it to future.

The bug definitely exists and is easy to reproduce, but until there is demand
for nested content types, this bug has no priority.

If at any point there is such demand, we need to fix this bug.
Target Milestone: 3.5 → Future
redistributing Ian's bugs
Assignee: bugz → wtchang
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
You need to log in before you can comment on or make changes to this bug.