save next status with OCSP response verify

2025-07-30 18:57:27 +02:00 · 2022-11-03 22:39:47 -07:00
parent cbbe6fec94
commit 8225d3642b
2 changed files with 22 additions and 3 deletions
--- a/src/ocsp.c
+++ b/src/ocsp.c
@ -362,7 +362,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
        }

        /* Replace existing certificate entry with updated */
-        newSingle->status->next = status->next;
+        ocspResponse->single->status->next = status->next;
        XMEMCPY(status, ocspResponse->single->status, sizeof(CertStatus));
    }
    else {
--- a/tests/api.c
+++ b/tests/api.c
@ -1726,9 +1726,10 @@ static int test_wolfSSL_CheckOCSPResponse(void)
    {
        WOLFSSL_CERT_MANAGER* cm = NULL;
        OcspEntry *entry;
-        CertStatus status[1];
+        CertStatus* status;
        OcspRequest* request;

+        byte serial1[] = {0x01};
        byte serial[] = {0x02};

        byte issuerHash[] = {
@ -1746,6 +1747,10 @@ static int test_wolfSSL_CheckOCSPResponse(void)
             DYNAMIC_TYPE_OPENSSL);
        AssertNotNull(entry);

+        status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+             DYNAMIC_TYPE_OPENSSL);
+        AssertNotNull(status);
+
        XMEMSET(entry, 0, sizeof(OcspEntry));
        XMEMSET(status, 0, sizeof(CertStatus));

@ -1774,9 +1779,23 @@ static int test_wolfSSL_CheckOCSPResponse(void)
            dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
        AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
            dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
+        AssertNotNull(entry->status);
+
+        XMEMCPY(request->serial, serial1, sizeof(serial1));
+        AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
+            dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
+
+        /* store both status's in the entry to check that "next" is not
+         * overwritten */
+        status->next  = entry->status;
+        entry->status = status;
+
+        XMEMCPY(request->serial, serial, sizeof(serial));
+        AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
+            dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
+        AssertNotNull(entry->status->next);

        /* compare the status found */
-        AssertNotNull(entry->status);
        AssertIntEQ(status->serialSz, entry->status->serialSz);
        AssertIntEQ(XMEMCMP(status->serial, entry->status->serial,
            status->serialSz), 0);