From f4d32f695f771ce869cd12bd224dae5062df9692 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 24 Aug 2017 17:24:42 +0100 Subject: [PATCH] Parse OCSP ResponseType OID Parse the OCSP ResponseType OID contained in the ResponseBytes. --- include/mbedtls/x509_ocsp.h | 3 ++- library/x509_ocsp.c | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_ocsp.h b/include/mbedtls/x509_ocsp.h index 31df46e4ea..0190796d3c 100644 --- a/include/mbedtls/x509_ocsp.h +++ b/include/mbedtls/x509_ocsp.h @@ -36,7 +36,8 @@ #include -#define MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_STATUS -0x9010 /**< The OCSP response status is invalid */ +#define MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_STATUS -0x2A00 /**< The OCSP response status is invalid */ +#define MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_TYPE -0x2A10 /**< The OCSP response type is invalid */ /* OCSP response status values as defined in RFC 6960 Section 4.2.1 */ #define MBEDTLS_X509_OCSP_RESPONSE_STATUS_SUCCESSFUL 0 diff --git a/library/x509_ocsp.c b/library/x509_ocsp.c index 13b864343a..325c9cca14 100644 --- a/library/x509_ocsp.c +++ b/library/x509_ocsp.c @@ -92,6 +92,24 @@ static int x509_ocsp_get_response_type( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *resp_type ) { + int ret; + size_t len; + + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + + resp_type->tag = MBEDTLS_ASN1_OID; + resp_type->len = len; + resp_type->p = *p; + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP, resp_type ) != 0 && + MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP_BASIC, resp_type ) != 0 ) + { + return( MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_TYPE ); + } + + *p = *p + len; + return( 0 ); }