On Thu, Nov 23, 2006, Dominique Blas wrote: > Hi, > > I have just read again the openssl archive back to 2001 but didn't find > exactly a clue to my pb. > > In fact, we installed a OpenSSL port on a z/OS. No problem with compilation, > the product works well. > It works well BUT ! > But we encounter a pb with signature when we try to verify a signature made > under z/Os and verified on a ASCII machine (a pSeries). > > If we tried to generate a signature on both platform with the same text, > there is tiny difference between the PEMs (the p7) generated. > This little difference seems to indicate that only one char in the original > text is the source of the difference. > We tried to generate a signature with the same source text : toto (funny > isn't it ?). > Of course the text is encoded as 0x74 0x6f 0x74 0x6f 0x0a on the ASCII > platform and > as 0xa3 0x96 0xa3 0x96 0x15 on the EBCDIC platform. That looks conform with a > standard US-ASCII / EBCDIC-1047 conversion table. > But the difference remains in the signatures. > > Why ? Could it be an internal pb to openssl on EBCDIC platform (a bad > interpretation of the 0x15 char) ? > Or could it be a pb ith libascii ? > > Could someone give us a clue ? >
The S/MIME standards require that the MIME data is converted to canonical format before computing the signature. OpenSSLs MIME parser and encoder is a minimal affair which does this by assuming (by default) that the input is all plain text and does the necessary LF->CRLF conversion. Thet LF->CRLF (ASCII 0xa->0xa,0xc) is possibly the problem here. If a more complex MIME canonicalisation is needed then the standard stuff wont handle it. In that case use the -binary option and pass the canonical form directly into OpenSSL. The EBCDIC support on OpenSSL is a bit patchy at best: literally so in that from time to time someone will send a patch in and it may get integrated. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
