summaryrefslogtreecommitdiffstats
path: root/crypto/cpt_err.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2018-03-29 10:17:11 +0200
committerMatt Caswell <matt@openssl.org>2018-04-03 16:52:31 +0200
commitbcc6371443ebc0f104379b0a1068cfca0191b909 (patch)
tree067443ed62df176ae9561ca9e984c1d8872ac80d /crypto/cpt_err.c
parentChange the "offset too large" message to more generic wording (diff)
downloadopenssl-bcc6371443ebc0f104379b0a1068cfca0191b909.tar.xz
openssl-bcc6371443ebc0f104379b0a1068cfca0191b909.zip
Fix a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes through a canonicalisation process first prior to signing or verifying a signature. This process strips trailing space at the end of lines, converts line terminators to CRLF and removes additional trailing line terminators at the end of a file. A bug in the canonicalisation process meant that some characters, such as form-feed, were incorrectly treated as whitespace and removed. This is contrary to the specification (RFC5485). This fix could mean that detached text data signed with an earlier version of OpenSSL 1.1.0 may fail to verify using the fixed version, or text data signed with a fixed OpenSSL may fail to verify with an earlier version of OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data and use the "-binary" flag (for the "cms" command line application) or set the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5790)
Diffstat (limited to 'crypto/cpt_err.c')
0 files changed, 0 insertions, 0 deletions