feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3055 from dgarske/ocsp_resp

Browse Source 
Fix for possible use of NULL in the OCSP response nonce
This commit is contained in:
toddouska
2020-06-17 16:45:53 -07:00
committed by GitHub
parent 3acc31400c 0a38ab8ac2
commit f20a2de284
1 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
wolfcrypt/src/asn.c
View File

@@ -16995,64 +16995,56 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
WOLFSSL_ENTER("CompareOcspReqResp"); WOLFSSL_ENTER("CompareOcspReqResp");
if (req == NULL) if (req == NULL) {
{
WOLFSSL_MSG("\tReq missing"); WOLFSSL_MSG("\tReq missing");
return -1; return -1;
} }
if (resp == NULL || resp->issuerHash == NULL ||
if (resp == NULL) resp->issuerKeyHash == NULL || resp->status == NULL) {
{
WOLFSSL_MSG("\tResp missing"); WOLFSSL_MSG("\tResp missing");
return 1; return 1;
} }
/* Nonces are not critical. The responder may not necessarily add /* Nonces are not critical. The responder may not necessarily add
* the nonce to the response. */ * the nonce to the response. */
if (req->nonceSz if (req->nonceSz && resp->nonce != NULL
#ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK #ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK
&& resp->nonceSz != 0 && resp->nonceSz != 0
#endif #endif
) { ) {
cmp = req->nonceSz - resp->nonceSz; cmp = req->nonceSz - resp->nonceSz;
if (cmp != 0) if (cmp != 0) {
{
WOLFSSL_MSG("\tnonceSz mismatch"); WOLFSSL_MSG("\tnonceSz mismatch");
return cmp; return cmp;
} }
cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz); cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz);
if (cmp != 0) if (cmp != 0) {
{
WOLFSSL_MSG("\tnonce mismatch"); WOLFSSL_MSG("\tnonce mismatch");
return cmp; return cmp;
} }
} }
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE); cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
if (cmp != 0) if (cmp != 0) {
{
WOLFSSL_MSG("\tissuerHash mismatch"); WOLFSSL_MSG("\tissuerHash mismatch");
return cmp; return cmp;
} }
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE); cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
if (cmp != 0) if (cmp != 0) {
{
WOLFSSL_MSG("\tissuerKeyHash mismatch"); WOLFSSL_MSG("\tissuerKeyHash mismatch");
return cmp; return cmp;
} }
cmp = req->serialSz - resp->status->serialSz; cmp = req->serialSz - resp->status->serialSz;
if (cmp != 0) if (cmp != 0) {
{
WOLFSSL_MSG("\tserialSz mismatch"); WOLFSSL_MSG("\tserialSz mismatch");
return cmp; return cmp;
} }
cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz); cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz);
if (cmp != 0) if (cmp != 0) {
{
WOLFSSL_MSG("\tserial mismatch"); WOLFSSL_MSG("\tserial mismatch");
return cmp; return cmp;
} }