diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-05 15:02:11 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-18 17:47:17 +0200 |
| commit | f21c3ce53b9e6648b158cf25da60976e7041f072 (patch) | |
| tree | 44e561351bad3a646f86e1fd3cc22fdf059def76 | |
| parent | 42ca3d7dd0854a77909935330adf7648aa3c8453 (diff) | |
| download | libtasn1-f21c3ce53b9e6648b158cf25da60976e7041f072.tar.gz | |
decoding: added flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME
This flag allows decoding errors in time fields even when
in strict DER mode. That is introduced in order to allow
toleration of invalid times in certificates (which are common)
even though strict DER adherence is enforced in other fields.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/decoding.c | 2 | ||||
| -rw-r--r-- | lib/libtasn1.h | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/lib/decoding.c b/lib/decoding.c index fcf3aff..2240b09 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -332,7 +332,7 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r return ASN1_TIME_ENCODING_ERROR; } - if (flags & ASN1_DECODE_FLAG_STRICT_DER) + if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME)) { p = &der[len_len]; for (i=0;i<(unsigned)(str_len-1);i++) diff --git a/lib/libtasn1.h b/lib/libtasn1.h index 0d6203d..ffb0806 100644 --- a/lib/libtasn1.h +++ b/lib/libtasn1.h @@ -191,6 +191,8 @@ extern "C" #define ASN1_DECODE_FLAG_ALLOW_PADDING 1 /* This flag would ensure that no BER decoding takes place */ #define ASN1_DECODE_FLAG_STRICT_DER (1<<1) +/* This flag will tolerate Time encoding errors when in strict DER */ +#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2) struct asn1_data_node_st |