[openssl-users] MIME-canonicalization

etc at coderhacks.com etc at coderhacks.com
Wed Mar 14 08:33:12 UTC 2018

I think I found the reason for the problem.

SMIME_read_CMS does convert any single LF to a CRLF.

If I compare the input to the CMS I get out of SMIME_read_CMS then there 
are all LFs replaced with CRLFs.

Thats the problem with the verify. If I manually replace the added CRs 
in the CMS and then give it to CMS_verify all is fine.

So... can I disable this canonicalization in SMIME_read_CMS??

Thanks for help!

On 2018-03-14 07:43, etc at coderhacks.com wrote:
> Hi!
> I am facing some problems with a SMIME where the content is binary 
> encoded AND a linefeed (LF) (0x0a) is used for line-separator.
> The CMS_verify failes (CMS 
> routines:CMS_SignerInfo_verify_content:verification failure).
> It works fine if CRLF (0x0d 0x0a) is line-separator or even if only CR 
> is used - but not with LF only.
> It is also ok if the content is not in binary but base64 encoded.
> I tried with and without CMS_BINARY flag set.
> I think it is about the canonicalization of MIME if the content is not 
> base64.
> Is OpenSSL doing this canonicalization (where?).
> I think CMS_BINARY should disable it - I tried to change any LF to 
> CRLF before the verify but that did not help.
> Any ideas?
> Thanks!
> Chris

More information about the openssl-users mailing list