From f21c3ce53b9e6648b158cf25da60976e7041f072 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 5 May 2017 15:02:11 +0200
Subject: decoding: added flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME

This flag allows decoding errors in time fields even when
in strict DER mode. That is introduced in order to allow
toleration of invalid times in certificates (which are common)
even though strict DER adherence is enforced in other fields.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/decoding.c | 2 +-
 lib/libtasn1.h | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/decoding.c b/lib/decoding.c
index fcf3aff..2240b09 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -332,7 +332,7 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r
       return ASN1_TIME_ENCODING_ERROR;
     }
 
-  if (flags & ASN1_DECODE_FLAG_STRICT_DER)
+  if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME))
     {
       p = &der[len_len];
       for (i=0;i<(unsigned)(str_len-1);i++)
diff --git a/lib/libtasn1.h b/lib/libtasn1.h
index 0d6203d..ffb0806 100644
--- a/lib/libtasn1.h
+++ b/lib/libtasn1.h
@@ -191,6 +191,8 @@ extern "C"
 #define ASN1_DECODE_FLAG_ALLOW_PADDING 1
 /* This flag would ensure that no BER decoding takes place */
 #define ASN1_DECODE_FLAG_STRICT_DER (1<<1)
+/* This flag will tolerate Time encoding errors when in strict DER */
+#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2)
 
 
   struct asn1_data_node_st
-- 
cgit v1.2.1