From 2ac75669974ceb6abe1fac3df80ccbe6b4ba7f5b Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Tue, 17 May 2011 07:43:42 -0700
Subject: [PATCH] Fix logic for adding digestAlgorithm, original patch from
 Douglas E Engert.

---
 lib/hx509/cms.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index 2c6226398..179fa46ae 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -1528,6 +1528,10 @@ hx509_cms_create_signed(hx509_context context,
     }
 
     if (sigctx.sd.signerInfos.len) {
+
+	/*
+	 * For each signerInfo, collect all different digest types.
+	 */
 	for (i = 0; i < sigctx.sd.signerInfos.len; i++) {
 	    AlgorithmIdentifier *di =
 		&sigctx.sd.signerInfos.val[i].digestAlgorithm;
@@ -1535,7 +1539,7 @@ hx509_cms_create_signed(hx509_context context,
 	    for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++)
 		if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0)
 		    break;
-	    if (j < sigctx.sd.digestAlgorithms.len) {
+	    if (j == sigctx.sd.digestAlgorithms.len) {
 		ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di);
 		if (ret) {
 		    hx509_clear_error_string(context);
@@ -1545,6 +1549,9 @@ hx509_cms_create_signed(hx509_context context,
 	}
     }
 
+    /*
+     * Add certs we think are needed, build as part of sig_process
+     */
     if (sigctx.certs) {
 	ALLOC(sigctx.sd.certificates, 1);
 	if (sigctx.sd.certificates == NULL) {
-- 
2.11.4.GIT