Hello OpenSSL dev team,
attached you'll find a patch, that allows to correctly verify files,
that have been created by the command:
openssl smime -sign -binary ...
Other change concerns signatures, that are not encrypted as base64 but
are attached binary.
Following changes have been made:
apps/smime.c
Calling SMIME_read_PKCS7 with the additional argument that holds
the option flags.
crypto/pkcs7/pk7_mime.c
Function SMIME_read_PKCS7 needs an additional argument flags,
that should hold the options given to the smime command.
Calls multi_split_binary when the option -binary was used.
Reads the signature as is, when the mime parameter
Content-Transfer-Encoding is not set to base64.
Added a function starts_with_linebreak, find_boundary_start and
multi_split_binary
crypto/pkcs7/pkcs7.h and
include/openssl/pkcs7.h
Changed declaration of the function SMIME_read_PKCS7.
It will split a S/MIME envelope in parts - like the old function did -
with the only difference, that the resulting parts are not in canonical
form and can also be binary files.
I made tests on different files from some bytes up to 14 MB and it
seems, that the verification of binary contents works faster than the
verification of canonical contents.
Could you please add this change or a similar one, that would allow the
verification of signed binary files as this seems to be used quite often
by other S/MIME implementations (even if we know, that it is not
correct).
Thanks in advance.
Keep up your great work.
Best Regards
Robert Reitenbach
--
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...)
jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++
--
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...)
jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
