From cebdf17159b5f2f63338a27faaff06e4df94396f Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Fri, 11 Nov 2011 15:01:31 +0000
Subject: [PATCH]  - Allowed X509 key usage parsing to accept 4 byte values
 instead of the standard 1 byte version sometimes used by Microsoft. (Closes
 ticket #38)

---
 ChangeLog           | 2 ++
 library/x509parse.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e67f64d16..b37624538 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,8 @@ Bugfix
      ticket #37)
    * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
      before version numbers
+   * Allowed X509 key usage parsing to accept 4 byte values instead of the
+     standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
 
 = Version 1.0.0 released on 2011-07-27
 Features
diff --git a/library/x509parse.c b/library/x509parse.c
index 9fc8831e0..ceb3db2eb 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -749,7 +749,7 @@ static int x509_get_key_usage( unsigned char **p,
     if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
 
-    if( bs.len != 1 )
+    if( bs.len > 1 )
         return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
                 POLARSSL_ERR_ASN1_INVALID_LENGTH );