From 498dadad97af4d85b50d5136e70d3fd660a92c33 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 14 Aug 2024 11:29:02 -0400
Subject: [PATCH] Ensure correct issuer is copied into PKCS7 struct during
 verification

---
 wolfcrypt/src/pkcs7.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 84bea8613..9b04166c5 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -4187,14 +4187,18 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
         } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
     #endif
 
-        FreeDecodedCert(dCert);
-        wc_ecc_free(key);
-
         if (ret == 0 && res == 1) {
             /* found signer that successfully verified signature */
             verified = 1;
+            XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE);
             pkcs7->verifyCert   = pkcs7->cert[i];
             pkcs7->verifyCertSz = pkcs7->certSz[i];
+        }
+
+        wc_ecc_free(key);
+        FreeDecodedCert(dCert);
+
+        if (ret == 0 && res == 1) {
             break;
         }
     }