Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/cebdf17159b5f2f63338a27faaff06e4df94396f^!/.
commit
cebdf17159b5f2f63338a27faaff06e4df94396f
[log]
author
Paul Bakker <p.j.bakker@polarssl.org>
Fri Nov 11 15:01:31 2011 +0000
committer
Paul Bakker <p.j.bakker@polarssl.org>
Fri Nov 11 15:01:31 2011 +0000
tree
250954fd185da88e48ec9ff88a7573c0526e74ef
parent
03a30d34dc5c1b9eae5805bf6c12b38ac0bf5faa [diff]
 - Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)


diff --git a/ChangeLog b/ChangeLog
index e67f64d..b376245 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -26,6 +26,8 @@
      ticket #37)
    * Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag
      before version numbers
+   * Allowed X509 key usage parsing to accept 4 byte values instead of the
+     standard 1 byte version sometimes used by Microsoft. (Closes ticket #38)
 
 = Version 1.0.0 released on 2011-07-27
 Features

diff --git a/library/x509parse.c b/library/x509parse.c
index 9fc8831..ceb3db2 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -749,7 +749,7 @@
     if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
 
-    if( bs.len != 1 )
+    if( bs.len > 1 )
         return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
                 POLARSSL_ERR_ASN1_INVALID_LENGTH );