Allow alternate eContentType oids to be set in cms utility.

Add id-ct-asciiTextWithCRLF OID.

Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.

3 files changed, 8 insertions, 0 deletions

diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
index 4f74cd14bf..1a316d7fd8 100644
--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -352,6 +352,7 @@ void ERR_load_CMS_strings(void);
 
 /* Reason codes. */
 #define CMS_R_ADD_SIGNER_ERROR				 99
+#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
 #define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
 #define CMS_R_CIPHER_INITIALISATION_ERROR		 101
 #define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
index 494544d836..51a3ade0cc 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -135,6 +135,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 static ERR_STRING_DATA CMS_str_reasons[]=
 	{
 {ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
+{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
 {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
 {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
 {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 302b93f805..6f31f6309f 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -226,6 +226,12 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
 		break;
 
 		case CMS_SIGNERINFO_KEYIDENTIFIER:
+		if (!cert->skid)
+			{
+			CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+					CMS_R_CERTIFICATE_HAS_NO_KEYID);
+			return 0;
+			}
 		sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
 		if (!sid->d.subjectKeyIdentifier)
 			goto merr;