From a196fac0c2c23794559c70f17f6bf4b8472f636e Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 5 Feb 2018 10:52:54 -0700
Subject: [PATCH] itterate through certificates with PKCS7

---
 wolfcrypt/src/pkcs7.c     | 29 +++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/pkcs7.h |  7 +++++++
 2 files changed, 36 insertions(+)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index d3a991310..0ad100948 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -970,6 +970,11 @@ static int wc_PKCS7_SetHashType(PKCS7* pkcs7, enum wc_HashType* type)
 
     switch (pkcs7->hashOID) {
 
+#ifndef NO_MD5
+        case MD5h:
+            *type = WC_HASH_TYPE_MD5;
+            break;
+#endif
 #ifndef NO_SHA
         case SHAh:
             *type = WC_HASH_TYPE_SHA;
@@ -1956,6 +1961,30 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
 
             /* This will reset PKCS7 structure and then set the certificate */
             wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
+
+            /* iterate through any additional certificates */
+            if (MAX_PKCS7_CERTS > 0) {
+                word32 localIdx;
+                int sz = 0;
+                int i;
+
+                pkcs7->cert[0]   = cert;
+                pkcs7->certSz[0] = certSz;
+                certIdx = idx + certSz;
+
+                for (i = 1; i < MAX_PKCS7_CERTS && certIdx + 1 < pkiMsgSz; i++) {
+                    localIdx = certIdx;
+
+                    if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) {
+                        if (GetLength(pkiMsg, &certIdx, &sz, pkiMsgSz) < 0)
+                            return ASN_PARSE_E;
+
+                        pkcs7->cert[i]   = &pkiMsg[localIdx];
+                        pkcs7->certSz[i] = sz + (certIdx - localIdx);
+                        certIdx += sz;
+                    }
+                }
+            }
         }
         idx += length;
     }
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index bc7e111a3..1cb37cc84 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -43,6 +43,11 @@
     extern "C" {
 #endif
 
+/* Max number of certificates that PKCS7 structure can parse */
+#ifndef MAX_PKCS7_CERTS
+#define MAX_PKCS7_CERTS 4
+#endif
+
 /* PKCS#7 content types, ref RFC 2315 (Section 14) */
 enum PKCS7_TYPES {
     PKCS7_MSG                 = 650,   /* 1.2.840.113549.1.7   */
@@ -100,6 +105,8 @@ typedef struct PKCS7 {
     int keyAgreeOID;              /* key agreement algorithm OID          */
 
     void*  heap;                  /* heap hint for dynamic memory         */
+    byte*  cert[MAX_PKCS7_CERTS];
+    word32 certSz[MAX_PKCS7_CERTS];
     byte*  singleCert;            /* recipient cert, DER, not owner       */
     word32 singleCertSz;          /* size of recipient cert buffer, bytes */
     byte issuerHash[KEYID_SIZE];  /* hash of all alt Names                */