wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix OCSP signature leading zero, certdecode free on parse failure

Browse Source
This commit is contained in:
toddouska
2017-02-06 14:10:38 -08:00
parent 895bf8dfbc
commit f938a75780
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
wolfcrypt/src/asn.c
View File

@@ -9641,9 +9641,18 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
/* Obtain pointer to the start of the signature, and save the size */ /* Obtain pointer to the start of the signature, and save the size */
if (source[idx++] == ASN_BIT_STRING) if (source[idx++] == ASN_BIT_STRING)
{ {
int sigLength = 0; int sigLength = 0;
if (GetLength(source, &idx, &sigLength, size) < 0) byte b;
if (GetLength(source, &idx, &sigLength, size) <= 0)
return ASN_PARSE_E; return ASN_PARSE_E;
b = source[idx++];
if (b != 0x00) {
return ASN_EXPECT_0_E;
}
sigLength--;
resp->sigSz = sigLength; resp->sigSz = sigLength;
resp->sig = source + idx; resp->sig = source + idx;
idx += sigLength; idx += sigLength;
@@ -9662,8 +9671,11 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
InitDecodedCert(&cert, resp->cert, resp->certSz, heap); InitDecodedCert(&cert, resp->cert, resp->certSz, heap);
ret = ParseCertRelative(&cert, CERT_TYPE, VERIFY, cm); ret = ParseCertRelative(&cert, CERT_TYPE, VERIFY, cm);
if (ret < 0) if (ret < 0) {
WOLFSSL_MSG("\tOCSP Responder certificate parsing failed");
FreeDecodedCert(&cert);
return ret; return ret;
}
ret = ConfirmSignature(resp->response, resp->responseSz, ret = ConfirmSignature(resp->response, resp->responseSz,
cert.publicKey, cert.pubKeySize, cert.keyOID, cert.publicKey, cert.pubKeySize, cert.keyOID,