mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:30:49 +02:00
Fix OCSP key-based responder ID lookup when SM2/SM3 is enabled.
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32 (WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20), completely disabling key-based OCSP responder ID matching. This caused OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against any server using a key-based responder ID (e.g. login.live.com). Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before passing to CA lookup functions that compare the full KEYID_SIZE.
This commit is contained in:
+2
-1
@@ -950,7 +950,8 @@ static int OcspRespIdMatches(OcspResponse* resp, const byte* NameHash,
|
||||
SIGNER_DIGEST_SIZE) == 0;
|
||||
}
|
||||
else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) {
|
||||
return XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
|
||||
return XMEMCMP(keyHash, resp->responderId.keyHash,
|
||||
OCSP_RESPONDER_ID_KEY_SZ) == 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
+17
-6
@@ -39573,8 +39573,9 @@ static int OcspRespIdMatch(OcspResponse *resp, const byte *NameHash,
|
||||
return XMEMCMP(NameHash, resp->responderId.nameHash,
|
||||
SIGNER_DIGEST_SIZE) == 0;
|
||||
/* OCSP_RESPONDER_ID_KEY */
|
||||
return ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) &&
|
||||
XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0;
|
||||
return (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) &&
|
||||
XMEMCMP(keyHash, resp->responderId.keyHash,
|
||||
OCSP_RESPONDER_ID_KEY_SZ) == 0;
|
||||
}
|
||||
|
||||
#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK
|
||||
@@ -39613,8 +39614,15 @@ static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm)
|
||||
if (s)
|
||||
return s;
|
||||
}
|
||||
else if ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) {
|
||||
s = GetCAByKeyHash(cm, resp->responderId.keyHash);
|
||||
else if (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) {
|
||||
/* Responder key hash is OCSP_RESPONDER_ID_KEY_SZ bytes (SHA-1 per
|
||||
* RFC 6960) but lookup functions compare KEYID_SIZE bytes. Zero-pad
|
||||
* to avoid buffer over-read when KEYID_SIZE > OCSP_RESPONDER_ID_KEY_SZ
|
||||
* (e.g. when SM2/SM3 is enabled). */
|
||||
byte keyHash[KEYID_SIZE];
|
||||
XMEMSET(keyHash, 0, KEYID_SIZE);
|
||||
XMEMCPY(keyHash, resp->responderId.keyHash, OCSP_RESPONDER_ID_KEY_SZ);
|
||||
s = GetCAByKeyHash(cm, keyHash);
|
||||
if (s)
|
||||
return s;
|
||||
}
|
||||
@@ -39627,8 +39635,11 @@ static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm)
|
||||
if (s)
|
||||
return s;
|
||||
}
|
||||
else {
|
||||
s = findSignerByKeyHash(resp->pendingCAs, resp->responderId.keyHash);
|
||||
else if (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) {
|
||||
byte keyHash[KEYID_SIZE];
|
||||
XMEMSET(keyHash, 0, KEYID_SIZE);
|
||||
XMEMCPY(keyHash, resp->responderId.keyHash, OCSP_RESPONDER_ID_KEY_SZ);
|
||||
s = findSignerByKeyHash(resp->pendingCAs, keyHash);
|
||||
if (s)
|
||||
return s;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user