From fd0390430d4e6801d3c24c23b0b2b46f18b7bdc0 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Tue, 20 Aug 2019 07:22:54 +0900
Subject: [PATCH] Give error code resolution to
 wolfSSL_CertManagerCheckOCSPResponse

---
 src/ocsp.c          | 4 +++-
 wolfcrypt/src/asn.c | 9 +++++----
 wolfssl/internal.h  | 1 +
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 17c4a8377..4c8a6b3e4 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -299,7 +299,8 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
     InitOcspResponse(ocspResponse, newStatus, response, responseSz);
     ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0);
     if (ret != 0) {
-        WOLFSSL_MSG("OcspResponseDecode failed");
+        ocsp->error = ret;
+        WOLFSSL_LEAVE("OcspResponseDecode failed", ocsp->error);
         goto end;
     }
 
@@ -434,6 +435,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
                 XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
             return ret;
         }
+        WOLFSSL_LEAVE("CheckOcspRequest", ocsp->error);
         return OCSP_LOOKUP_FAIL;
     }
 #endif
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 45ea341bb..bafba6a9f 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -14479,6 +14479,7 @@ static int DecodeResponseData(byte* source,
     int length;
     int version;
     word32 responderId = 0;
+    int ret;
 
     WOLFSSL_ENTER("DecodeResponseData");
 
@@ -14516,8 +14517,8 @@ static int DecodeResponseData(byte* source,
                                         &resp->producedDateFormat, size) < 0)
         return ASN_PARSE_E;
 
-    if (DecodeSingleResponse(source, &idx, resp, size) < 0)
-        return ASN_PARSE_E;
+    if ((ret = DecodeSingleResponse(source, &idx, resp, size)) < 0)
+        return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */
 
     /*
      * Check the length of the ResponseData against the current index to
@@ -14582,8 +14583,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
         return ASN_INPUT_E;
     end_index = idx + length;
 
-    if (DecodeResponseData(source, &idx, resp, size) < 0)
-        return ASN_PARSE_E;
+    if ((ret = DecodeResponseData(source, &idx, resp, size)) < 0)
+        return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */
 
     /* Get the signature algorithm */
     if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0)
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 97b2433df..5375bb639 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1857,6 +1857,7 @@ struct WOLFSSL_OCSP {
     WOLFSSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
     OcspEntry*            ocspList;      /* OCSP response list */
     wolfSSL_Mutex         ocspLock;      /* OCSP list lock */
+    int                   error;
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
     defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
     int(*statusCb)(WOLFSSL*, void*);