From 4f602e02badc68d77fbae69b1d7f4c2682b5771e Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 31 Oct 2019 12:06:59 +0900 Subject: [PATCH 1/3] accept ASN_INTEGER for compatibility --- wolfcrypt/src/asn.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 637f4c355..a28651f27 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7215,7 +7215,13 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) /* If the basic ca constraint is false, this extension may be named, but * left empty. So, if the length is 0, just return. */ - ret = GetBoolean(input, &idx, sz); + if(input[idx] == ASN_BOOLEAN) + ret = GetBoolean(input, &idx, sz); + /* For OpenSSL compatibility, if ASN_INTEGER do nothing */ + else if (input[idx] == ASN_INTEGER) + return 0; + else + ret = ASN_PARSE_E; if (ret < 0) { WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN"); return ret; From 2ef4d1a16e95526e2a165c73ff4c2de316a6c2d0 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 31 Oct 2019 17:29:46 +0900 Subject: [PATCH 2/3] Keep else to GetBoolean --- wolfcrypt/src/asn.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a28651f27..18a4b87de 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7215,13 +7215,10 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) /* If the basic ca constraint is false, this extension may be named, but * left empty. So, if the length is 0, just return. */ - if(input[idx] == ASN_BOOLEAN) - ret = GetBoolean(input, &idx, sz); /* For OpenSSL compatibility, if ASN_INTEGER do nothing */ - else if (input[idx] == ASN_INTEGER) + if (input[idx] == ASN_INTEGER) return 0; - else - ret = ASN_PARSE_E; + ret = GetBoolean(input, &idx, sz); if (ret < 0) { WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN"); return ret; From 76404c937ecd95a68582426bd526cbb48157c433 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 2 Nov 2019 13:01:40 +0900 Subject: [PATCH 3/3] #ifdef guard --- wolfcrypt/src/asn.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 18a4b87de..943bd7949 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7216,8 +7216,11 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) * left empty. So, if the length is 0, just return. */ /* For OpenSSL compatibility, if ASN_INTEGER do nothing */ + #ifdef WOLFSSL_X509_BASICCONS_INT if (input[idx] == ASN_INTEGER) return 0; + #endif + ret = GetBoolean(input, &idx, sz); if (ret < 0) { WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN");