From 52f4dcd7aabc36cdcbeb3043753fe818405a89a6 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 16 Feb 2024 12:12:27 -0800
Subject: [PATCH] OCSP Date Checks

When calling DecodeResponseData(), no matter the return value, if it is
not success, it is assigned to ASN_PARSE_E. This isn't the pattern for
other branch parsing. Return the value returned.

This is seen when decoding an OCSP response that is past the
next-available time.
---
 wolfcrypt/src/asn.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 49ad14e9b..807106f0b 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -35934,13 +35934,11 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
     if (ret == 0) {
         word32 dataIdx = 0;
         /* Decode the response data. */
-        if (DecodeResponseData(
+        ret = DecodeResponseData(
                 GetASNItem_Addr(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source),
                 &dataIdx, resp,
                 GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], source)
-                ) < 0) {
-            ret = ASN_PARSE_E;
-        }
+                );
     }
 #ifdef WC_RSA_PSS
     if (ret == 0 && (dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS].tag != 0)) {