wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for possible use of NULL is the OCSP response nonce. This is optional and may not be provided in the OCSP response and should be skipped if not set in the response. ZD 10475.

Browse Source
This commit is contained in:
David Garske
2020-06-17 11:00:05 -07:00
parent b1aa903c1b
commit 0a38ab8ac2
1 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
wolfcrypt/src/asn.c
View File

@ -16995,64 +16995,56 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
WOLFSSL_ENTER("CompareOcspReqResp");
if (req == NULL)
{
if (req == NULL) {
WOLFSSL_MSG("\tReq missing");
return -1;
}
if (resp == NULL)
{
if (resp == NULL || resp->issuerHash == NULL ||
resp->issuerKeyHash == NULL || resp->status == NULL) {
WOLFSSL_MSG("\tResp missing");
return 1;
}
/* Nonces are not critical. The responder may not necessarily add
* the nonce to the response. */
if (req->nonceSz
if (req->nonceSz && resp->nonce != NULL
#ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK
&& resp->nonceSz != 0
#endif
) {
cmp = req->nonceSz - resp->nonceSz;
if (cmp != 0)
{
if (cmp != 0) {
WOLFSSL_MSG("\tnonceSz mismatch");
return cmp;
}
cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz);
if (cmp != 0)
{
if (cmp != 0) {
WOLFSSL_MSG("\tnonce mismatch");
return cmp;
}
}
cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
if (cmp != 0)
{
if (cmp != 0) {
WOLFSSL_MSG("\tissuerHash mismatch");
return cmp;
}
cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
if (cmp != 0)
{
if (cmp != 0) {
WOLFSSL_MSG("\tissuerKeyHash mismatch");
return cmp;
}
cmp = req->serialSz - resp->status->serialSz;
if (cmp != 0)
{
if (cmp != 0) {
WOLFSSL_MSG("\tserialSz mismatch");
return cmp;
}
cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz);
if (cmp != 0)
{
if (cmp != 0) {
WOLFSSL_MSG("\tserial mismatch");
return cmp;
}