From 9b5b9fd85d20cb0e76b4e54b5fbca12a2c7102d5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 1 Dec 2020 16:41:20 +1000
Subject: [PATCH] OCSP: Handle extensions in singleResponse

---
 wolfcrypt/src/asn.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e67ae7886..56b74573d 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -16828,6 +16828,18 @@ static int DecodeSingleResponse(byte* source,
 #endif
     }
 
+    /* Skip the optional extensions in singleResponse. */
+    localIdx = idx;
+    if (((int)(idx - prevIndex) < wrapperSz) &&
+        GetASNTag(source, &localIdx, &tag, size) == 0 &&
+        tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1))
+    {
+        idx++;
+        if (GetLength(source, &idx, &length, size) < 0)
+            return ASN_PARSE_E;
+        idx += length;
+    }
+
     *ioIndex = idx;
 
     return 0;