feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add a build flag ASN_TEMPLATE_SKIP_ISCA_CHECK to optionally skip the isCa != false check.

Browse Source
This commit is contained in:
Kareem
2023-09-07 15:23:52 -07:00
parent 7d85e390a9
commit 8e40130003
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wolfcrypt/src/asn.c
View File

@@ -18584,10 +18584,12 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
if ((ret == 0) && (dataASN[BASICCONSASN_IDX_SEQ].length != 0)) { if ((ret == 0) && (dataASN[BASICCONSASN_IDX_SEQ].length != 0)) {
/* Bad encoding when CA Boolean is false /* Bad encoding when CA Boolean is false
* (default when not present). */ * (default when not present). */
#ifndef ASN_TEMPLATE_SKIP_ISCA_CHECK
if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!isCA)) { if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!isCA)) {
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
#endif
/* Path length must be a 7-bit value. */ /* Path length must be a 7-bit value. */
if ((ret == 0) && (cert->pathLength >= (1 << 7))) { if ((ret == 0) && (cert->pathLength >= (1 << 7))) {
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);