|
@@ -33446,6 +33446,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|
|
#endif
|
|
|
int ret;
|
|
|
int sigLength;
|
|
|
+ const byte* sigParams = NULL;
|
|
|
+ word32 sigParamsSz = 0;
|
|
|
|
|
|
WOLFSSL_ENTER("DecodeBasicOcspResponse");
|
|
|
(void)heap;
|
|
@@ -33463,8 +33465,26 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|
|
return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */
|
|
|
|
|
|
/* Get the signature algorithm */
|
|
|
- if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0)
|
|
|
+ if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) {
|
|
|
return ASN_PARSE_E;
|
|
|
+ }
|
|
|
+#ifdef WC_RSA_PSS
|
|
|
+ else if (resp->sigOID == CTC_RSASSAPSS) {
|
|
|
+ word32 sz;
|
|
|
+ int len;
|
|
|
+ const byte* params;
|
|
|
+
|
|
|
+ sz = idx;
|
|
|
+ params = source + idx;
|
|
|
+ if (GetSequence(source, &idx, &len, size) < 0)
|
|
|
+ ret = ASN_PARSE_E;
|
|
|
+ if (ret == 0) {
|
|
|
+ idx += len;
|
|
|
+ sigParams = params;
|
|
|
+ sigParamsSz = idx - sz;
|
|
|
+ }
|
|
|
+ }
|
|
|
+#endif
|
|
|
|
|
|
ret = CheckBitString(source, &idx, &sigLength, size, 1, NULL);
|
|
|
if (ret != 0)
|
|
@@ -33532,7 +33552,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|
|
&cert->sigCtx,
|
|
|
resp->response, resp->responseSz,
|
|
|
cert->publicKey, cert->pubKeySize, cert->keyOID,
|
|
|
- resp->sig, resp->sigSz, resp->sigOID, NULL, 0, NULL);
|
|
|
+ resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
|
|
|
+ NULL);
|
|
|
|
|
|
if (ret != 0) {
|
|
|
WOLFSSL_MSG("\tOCSP Confirm signature failed");
|
|
@@ -33569,7 +33590,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|
|
/* ConfirmSignature is blocking here */
|
|
|
sigValid = ConfirmSignature(&sigCtx, resp->response,
|
|
|
resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID,
|
|
|
- resp->sig, resp->sigSz, resp->sigOID, NULL, 0, NULL);
|
|
|
+ resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz,
|
|
|
+ NULL);
|
|
|
}
|
|
|
if (ca == NULL || sigValid != 0) {
|
|
|
WOLFSSL_MSG("\tOCSP Confirm signature failed");
|