[Mono-bugs] [Bug 79483][Nor] Changed - SignedXml: Wrong digest value for XML containing CRLF

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Sep 25 18:31:20 EDT 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by gert.driesen at pandora.be.


--- shadow/79483	2006-09-25 10:07:41.000000000 -0400
+++ shadow/79483.tmp.7096	2006-09-25 18:31:20.000000000 -0400
@@ -112,6 +112,30 @@
 document and we fail then a test case can be made. 
 In this case if Mono sign and IAIK fails to verify then MS should fail
 the verification too. Just make a test case with the XML signed by
 Mono, assert the signature is invalid (because it works on MS) and
 mark the test as NotWorking (because it doesn't work on Mono).
+------- Additional Comments From gert.driesen at pandora.be  2006-09-25 18:31 -------
+I've commit a few unit tests for this issue in SignedXmlTest.
+The MS (and IAIK) signature for an XML with CRLF matches that of one 
+with LF. See SignedXML_CRLF_Valid and SignedXML_LF_Valid for tests 
+that demonstrate this. The SignedXML_LF_Valid test pass on Mono 
+while the SignedXML_CRLF_Valid test does not.
+The SignedXML_CRLF_Invalid test verifies a Mono signed XML (with 
+CRLF). The signature is considered valid by Mono, but invalid by 
+both MS.NET and IAIK.
+Finally, I've added DigestValue_CRLF and DigestValue_LF tests. These 
+tests clearly show that:
+- Mono's XML canonicalization works fine (#1 passes)
+- the SHA1 hash of the canonicalized XML matches that of MS (#2 
+- The digest value in the signature is calculated after replacing 
\n with \n
+This last "claim" is backed by the fact that the MS/IAIK digest for 
+the CRLF XML matches the digest value of the LF XML.

More information about the mono-bugs mailing list