From 8cea6ad1488406d3a0d4427736fb8d0992036cd4 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 16 Nov 2016 13:35:57 -0700
Subject: [PATCH] fix wc_PKCS7_EncodeSignedData when used with empty or no
 signed attributes

---
 wolfcrypt/src/pkcs7.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 0f8b7083d..67a6151d2 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -503,8 +503,12 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
             }
             wc_ShaUpdate(&esd->sha, attribSet, attribSetSz);
             wc_ShaUpdate(&esd->sha, flatSignedAttribs, flatSignedAttribsSz);
+            wc_ShaFinal(&esd->sha, esd->contentAttribsDigest);
+        } else {
+            /* when no attrs, digest is contentDigest without tag and length */
+            XMEMCPY(esd->contentAttribsDigest, esd->contentDigest + 2,
+                    SHA_DIGEST_SIZE);
         }
-        wc_ShaFinal(&esd->sha, esd->contentAttribsDigest);
 
         digestStrSz = SetOctetString(SHA_DIGEST_SIZE, digestStr);
         digestInfoSeqSz = SetSequence(esd->signerDigAlgoIdSz +