fix errors due to CreateOcspRequest()

addressed review comments
wolfSSL · Jul 31, 2024 · 5ee488b · 5ee488b
1 parent 2c6405c
commit 5ee488b
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 12 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -23360,7 +23360,7 @@ int SendFinished(WOLFSSL* ssl)
  *
  * Returns 0 on success
  */
-static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
+int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
  DecodedCert* cert, byte* certData, word32 length,
  byte *ctxOwnsRequest)
 {

diff --git a/src/tls.c b/src/tls.c
@@ -3165,12 +3165,8 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
  if (!isRequest && csr->ssl->options.tls1_3) {
- if (csr->responses[idx].length != 0)
- size = (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
- csr->responses[idx].length);
- else
- size = (word16)OPAQUE16_LEN;
- return size;
+ return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
+ csr->responses[idx].length);;
  }
 #else
  (void)idx;
@@ -3272,6 +3268,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
  OcspRequest* request;
  TLSX* extension;
  CertificateStatusRequest* csr;
+ byte ctxOwnsRequest = 0;
 #endif
 
 #if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_TLS13) \
@@ -3494,9 +3491,8 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
  request = &csr->request.ocsp[i + 1];
  if (ret == 0) {
  ret = CreateOcspRequest(ssl, request, cert,
- der.buffer, der.length);
- if (ret == 0 &&
- request == ssl->ctx->certOcspRequest) {
+ der.buffer, der.length, &ctxOwnsRequest);
+ if (ctxOwnsRequest) {
  wolfSSL_Mutex* ocspLock =
  &SSL_CM(ssl)->ocsp_stapling->ocspLock;
  if (wc_LockMutex(ocspLock) == 0) {

diff --git a/src/tls13.c b/src/tls13.c
@@ -8432,7 +8432,7 @@ static word32 WriteCSRToBuffer(WOLFSSL* ssl, word16* extSz, word16 extSz_num)
  for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) {
  extSz[extIdx] = TLSX_CSR_GetSize_ex(csr, 0, extIdx + 1);
 
- if (extSz[extIdx] > OPAQUE16_LEN &&
+ if (extSz[extIdx] > (OPAQUE8_LEN + OPAQUE24_LEN) &&
  ssl->buffers.certExts[extIdx + 1] == NULL) {
  ret = AllocDer(&ssl->buffers.certExts[extIdx + 1],
  extSz[extIdx] + ex_offset,

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -3269,7 +3269,8 @@ WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
 WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx);
 
 WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
- DecodedCert* cert, byte* certData, word32 length);
+ DecodedCert* cert, byte* certData, word32 length,
+ byte *ctxOwnsRequest);
 #endif
 
 /** Certificate Status Request v2 - RFC 6961 */