Cisco Bug: CSCvh84754 - DKIM fails signing and verification messages with an empty body on 'relaxed' canonicalization
Mar 26, 2019
- Cisco Email Security Appliance
Known Affected Releases
Symptom: The implemented method for 'relaxed' body canonicalization algorithm wrongly process an empty body. An empty body returned for the 'relaxed' mode gives the same hash as the empty body for a 'simple' mode. Because of the issue in canonicalization method and 'relaxed' mode for an empty body the body hash is wrongly calculated. This can results with "body hash did not verify [final]" error for RFC compliant verifier. As the same method is used to canonicalized a message for signing and verification this cause two issue. - properly signed message by a third-party signer will fail body hashverification on ESA - wrongly signed message on ESA will not be properly verify by a third-party verifier Conditions: An empty body message canonicalized in 'relaxed' mode. The body hash calculated for an empty body and 'relaxed' mode gives the same value as in 'simple' mode. The value is 'frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY='
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases