add no asn strict guard on REQ version check

wolfSSL · Jun 18, 2024 · 960991c · 960991c
1 parent 07967ba
commit 960991c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -31162,12 +31162,14 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
     DerCert der[1];
 #endif
 
+#ifndef WOLFSSL_NO_ASN_STRICT
     /* check that the cert. req. version matches rfc2986 sect. 4.1 */
     if (cert->version != 0) {
         WOLFSSL_MSG("Only version 0 for CSR supported");
         WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E);
         return ASN_VERSION_E;
     }
+#endif
 
     if (eccKey)
         cert->keyType = ECC_KEY;
@@ -31256,12 +31258,14 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
     (void)dilithiumKey;
     (void)sphincsKey;
 
+#ifndef WOLFSSL_NO_ASN_STRICT
     /* check that the cert. req. version matches rfc2986 sect. 4.1 */
     if (cert->version != 0) {
         WOLFSSL_MSG("Only version 0 for CSR supported");
         WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E);
         return ASN_VERSION_E;
     }
+#endif
 
     CALLOC_ASNSETDATA(dataASN, certReqBodyASN_Length, ret, cert->heap);
 

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -21820,11 +21820,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     #endif /* WOLFSSL_EKU_OID */
     #endif /* WOLFSSL_CERT_EXT */
 
+    #ifndef WOLFSSL_NO_ASN_STRICT
         req->version = 2; /* test bad version fails */
         derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
         if (derSz >= 0) {
             ERROR_OUT(-7976, exit_rsa);
         }
+    #endif
 
         req->version = 0;
         derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);