From 5c5666eaa10557e2d502e1a41160ca0e0f76333b Mon Sep 17 00:00:00 2001
From: "M. Thiercelin" <marin.thiercelin@proton.ch>
Date: Wed, 16 Mar 2022 19:07:23 +0100
Subject: [PATCH] Canonicalize PGP/MIME content before verifying signatures

Before verifying signatures of PGP/MIME messages we need to canonicalize
the content
---
 crypto/signature_collector.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/signature_collector.go b/crypto/signature_collector.go
index 5b96a0a..b5aefa6 100644
--- a/crypto/signature_collector.go
+++ b/crypto/signature_collector.go
@@ -8,6 +8,7 @@ import (
 	"net/textproto"
 
 	pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
+	"github.com/ProtonMail/gopenpgp/v2/internal"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
@@ -98,7 +99,8 @@ func (sc *SignatureCollector) Accept(
 	}
 	sc.signature = string(buffer)
 	str, _ := ioutil.ReadAll(rawBody)
-	rawBody = bytes.NewReader(str)
+	canonicalizedBody := internal.CanonicalizeAndTrim(string(str))
+	rawBody = bytes.NewReader([]byte(canonicalizedBody))
 	if sc.keyring != nil {
 		_, err = openpgp.CheckArmoredDetachedSignature(sc.keyring, rawBody, bytes.NewReader(buffer), sc.config)