diff --git a/ChangeLog b/ChangeLog index bf33cf7d4..000f7cd25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Changes Bugfix * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes ticket #37) + * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag + before version numbers = Version 1.0.0 released on 2011-07-27 Features diff --git a/library/x509parse.c b/library/x509parse.c index e359ca7ac..bdafb22ea 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -306,6 +306,26 @@ static int x509_get_version( unsigned char **p, return( 0 ); } +/* + * Version ::= INTEGER { v1(0), v2(1), v3(2) } + */ +static int x509_crl_get_version( unsigned char **p, + const unsigned char *end, + int *ver ) +{ + int ret; + + if( ( ret = asn1_get_int( p, end, ver ) ) != 0 ) + { + if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) + return( *ver = 0 ); + + return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret ); + } + + return( 0 ); +} + /* * CertificateSerialNumber ::= INTEGER */ @@ -1613,7 +1633,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen ) * * signature AlgorithmIdentifier */ - if( ( ret = x509_get_version( &p, end, &crl->version ) ) != 0 || + if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 ) { x509_crl_free( crl );