From 4016120f37909a46b293843aab884f839add501f Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Tue, 25 Feb 2025 09:38:11 +0000
Subject: [PATCH] ocsp: populate digest type in cert_to_id

- Added validation for digest type in `wolfSSL_OCSP_cert_to_id` function.
- Defined `OCSP_DIGEST` based on available hash types.
- Set `hashAlgoOID` in `certId` based on `OCSP_DIGEST`.
- Updated `asn.h` to define `OCSP_DIGEST` and `OCSP_DIGEST_SIZE` based on
  available hash types.
---
 src/ocsp.c              | 13 ++++++++++++-
 wolfssl/wolfcrypt/asn.h |  8 ++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 45780ecbd..61f68bd44 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -727,13 +727,23 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
     WOLFSSL_CERT_MANAGER* cm = NULL;
     int ret = -1;
     DerBuffer* derCert = NULL;
+    int dgstType;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert *cert = NULL;
 #else
     DecodedCert cert[1];
 #endif
 
-    (void)dgst;
+    if (dgst == NULL) {
+        dgstType = WC_HASH_TYPE_SHA;
+    }
+    else if (wolfSSL_EVP_get_hashinfo(dgst, &dgstType, NULL) !=
+             WOLFSSL_SUCCESS) {
+        return NULL;
+    }
+
+    if (dgstType != OCSP_DIGEST)
+        return NULL;
 
     cm = wolfSSL_CertManagerNew();
     if (cm == NULL
@@ -785,6 +795,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
         goto out;
     }
     else {
+        certId->hashAlgoOID = wc_HashGetOID(OCSP_DIGEST);
         XMEMCPY(certId->issuerHash, cert->issuerHash, OCSP_DIGEST_SIZE);
         XMEMCPY(certId->issuerKeyHash, cert->issuerKeyHash, OCSP_DIGEST_SIZE);
         XMEMCPY(certId->status->serial, cert->serial, (size_t)cert->serialSz);
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index abe037334..798d013f4 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -2707,6 +2707,14 @@ struct CertStatus {
 
 typedef struct OcspEntry OcspEntry;
 
+#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+#define OCSP_DIGEST WC_HASH_TYPE_SM3
+#elif defined(NO_SHA)
+#define OCSP_DIGEST WC_HASH_TYPE_SHA256
+#else
+#define OCSP_DIGEST WC_HASH_TYPE_SHA
+#endif
+
 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
 #define OCSP_DIGEST_SIZE WC_SM3_DIGEST_SIZE
 #elif defined(NO_SHA)