- Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers
diff --git a/ChangeLog b/ChangeLog
index bf33cf7..000f7cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,8 @@
Bugfix
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
ticket #37)
+ * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
+ before version numbers
= Version 1.0.0 released on 2011-07-27
Features
diff --git a/library/x509parse.c b/library/x509parse.c
index e359ca7..bdafb22 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -307,6 +307,26 @@
}
/*
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ */
+static int x509_crl_get_version( unsigned char **p,
+ const unsigned char *end,
+ int *ver )
+{
+ int ret;
+
+ if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
+ {
+ if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
+ return( *ver = 0 );
+
+ return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
+ }
+
+ return( 0 );
+}
+
+/*
* CertificateSerialNumber ::= INTEGER
*/
static int x509_get_serial( unsigned char **p,
@@ -1613,7 +1633,7 @@
*
* signature AlgorithmIdentifier
*/
- if( ( ret = x509_get_version( &p, end, &crl->version ) ) != 0 ||
+ if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
{
x509_crl_free( crl );
