Source: wolfssl Version: 5.8.2-1 Severity: important Tags: upstream swupdate implements PKCS#7 verification. Building with wolfSSL > 5.7.2 leads to it not being able to verify certain certs built via openssl cms.
RFC 8017 hardcodes DER serialization samples of DigestInfo, where the parameter part is always NULL (05 00) for any hash algorithm. This value does therefore *not* depend on SignerInfo.digestAlgorithm.parameters. WolfSSL wrongly assumed and implemented such a dependency: https://github.com/wolfSSL/wolfssl/commit/75c3030554db798f4536d370842dd16e9b2e6866
