diff --git a/tests/api.c b/tests/api.c index 79dc795c3..b884500e2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -47692,6 +47692,14 @@ static void test_wolfSSL_PKCS7_sign(void) AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, devId)); AssertIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); + + /* compare the signer found to expected signer */ + AssertIntNE(p7Ver->verifyCertSz, 0); + tmpPtr = NULL; + AssertIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); + AssertIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); + free(tmpPtr); + wc_PKCS7_Free(p7Ver); AssertNotNull(out); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index dcd32a2ac..504fe990e 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -3425,6 +3425,8 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (XMEMCMP(digest, hash, hashSz) == 0) { /* found signer that successfully verified signature */ verified = 1; + pkcs7->verifyCert = pkcs7->cert[i]; + pkcs7->verifyCertSz = pkcs7->certSz[i]; break; } } @@ -3548,6 +3550,8 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (ret == 0 && res == 1) { /* found signer that successfully verified signature */ verified = 1; + pkcs7->verifyCert = pkcs7->cert[i]; + pkcs7->verifyCertSz = pkcs7->certSz[i]; break; } } diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 430ae2831..7dba5c946 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -241,7 +241,9 @@ struct PKCS7 { byte* der; /* DER encoded version of message */ word32 derSz; #endif - byte* cert[MAX_PKCS7_CERTS]; + byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */ + byte* verifyCert; /* cert from array used for verify */ + word32 verifyCertSz; /* Encrypted-data Content Type */ byte* encryptionKey; /* block cipher encryption key */