From fb6aaf2ae28de7477f658614039163db75d17567 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 11 Feb 2019 14:48:37 -0700
Subject: [PATCH] rearrange order of default CMS SignedData signed attributes
 for better interop compatibility

---
 wolfcrypt/src/pkcs7.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 6e02c9349..5a741896c 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1458,6 +1458,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
     int timeSz;
     PKCS7Attrib cannedAttribs[3];
 #endif
+    word32 idx = 0;
     word32 cannedAttribsCount;
 
     if (pkcs7 == NULL || esd == NULL || contentType == NULL ||
@@ -1483,20 +1484,22 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd,
 
         cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);
 
-        cannedAttribs[0].oid     = contentTypeOid;
-        cannedAttribs[0].oidSz   = contentTypeOidSz;
-        cannedAttribs[0].value   = contentType;
-        cannedAttribs[0].valueSz = contentTypeSz;
-        cannedAttribs[1].oid     = messageDigestOid;
-        cannedAttribs[1].oidSz   = messageDigestOidSz;
-        cannedAttribs[1].value   = esd->contentDigest;
-        cannedAttribs[1].valueSz = hashSz + 2;  /* ASN.1 heading */
+        cannedAttribs[idx].oid     = contentTypeOid;
+        cannedAttribs[idx].oidSz   = contentTypeOidSz;
+        cannedAttribs[idx].value   = contentType;
+        cannedAttribs[idx].valueSz = contentTypeSz;
+        idx++;
     #ifndef NO_ASN_TIME
-        cannedAttribs[2].oid     = signingTimeOid;
-        cannedAttribs[2].oidSz   = signingTimeOidSz;
-        cannedAttribs[2].value   = signingTime;
-        cannedAttribs[2].valueSz = timeSz;
+        cannedAttribs[idx].oid     = signingTimeOid;
+        cannedAttribs[idx].oidSz   = signingTimeOidSz;
+        cannedAttribs[idx].value   = signingTime;
+        cannedAttribs[idx].valueSz = timeSz;
+        idx++;
     #endif
+        cannedAttribs[idx].oid     = messageDigestOid;
+        cannedAttribs[idx].oidSz   = messageDigestOidSz;
+        cannedAttribs[idx].value   = esd->contentDigest;
+        cannedAttribs[idx].valueSz = hashSz + 2;  /* ASN.1 heading */
 
         esd->signedAttribsCount += cannedAttribsCount;
         esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[0], 3,