Add suppot for ASCII with CRLF canonicalisation.

2 files changed, 9 insertions, 0 deletions

diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
index 4b36a69c4f..0d1649ab21 100644
--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -117,6 +117,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 #define CMS_USE_KEYID			0x10000
 #define CMS_DEBUG_DECRYPT		0x20000
 #define CMS_KEY_PARAM			0x40000
+#define CMS_ASCIICRLF			0x80000
 
 const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
 
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8f1aa38ccc..e907b279ea 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -334,6 +334,12 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 
 	if (!dcont && !check_content(cms))
 		return 0;
+	if (dcont && !(flags & CMS_BINARY))
+		{
+		const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
+		if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
+			flags |= CMS_ASCIICRLF;
+		}
 
 	/* Attempt to find all signer certificates */
 
@@ -519,6 +525,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 	cms = CMS_ContentInfo_new();
 	if (!cms || !CMS_SignedData_init(cms))
 		goto merr;
+	if (flags & CMS_ASCIICRLF && !CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+		goto err;
 
 	if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
 		{