decoding: added flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME

This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in certificates (which are common) even though strict DER adherence is enforced in other fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

decoding: added flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME
This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in certificates (which are common) even though strict DER adherence is enforced in other fields. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
16bad0c7 · Nikos Mavrogiannopoulos · 42ca3d7d · 16bad0c7 · 16bad0c7
Commit 16bad0c7 authored May 05, 2017 by Nikos Mavrogiannopoulos
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -332,7 +332,7 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r
      return ASN1_TIME_ENCODING_ERROR;
    }

-  if (flags & ASN1_DECODE_FLAG_STRICT_DER)
+  if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME))
    {
      p = &der[len_len];
      for (i=0;i<(unsigned)(str_len-1);i++)

--- a/lib/libtasn1.h
+++ b/lib/libtasn1.h
@@ -191,6 +191,8 @@ extern "C"
 #define ASN1_DECODE_FLAG_ALLOW_PADDING 1
 /* This flag would ensure that no BER decoding takes place */
 #define ASN1_DECODE_FLAG_STRICT_DER (1<<1)
+/* This flag will tolerate Time encoding errors when in strict DER */
+#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2)


  struct asn1_data_node_st