From 9be19375e57dabf7b2d3dbf3ac484d20b27df975 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Mon, 27 Jul 2009 20:21:53 +0000
Subject: [PATCH]  - Fill base data for x509_crl_entry in CRL correctly  -
 Internal structure of sequences is not optional anymore (as per RFC)  -
 nextUpdate handles optionality correct if no revokedCertificates are present.
  - x509parse_crl_info handles the case of no entries correctly

---
 library/x509parse.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/library/x509parse.c b/library/x509parse.c
index 506be47d9..56fd809af 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -701,15 +701,13 @@ static int x509_get_entries( unsigned char **p,
                              unsigned char *end,
                              x509_crl_entry *entry )
 {
-    int ret;
+    int ret, entry_len;
     x509_crl_entry *cur_entry = entry;
 
     if( *p == end )
         return( 0 );
 
-    entry->raw.tag = **p;
-
-    if( ( ret = asn1_get_tag( p, end, &entry->raw.len,
+    if( ( ret = asn1_get_tag( p, end, &entry_len,
             ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
     {
         if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
@@ -718,8 +716,7 @@ static int x509_get_entries( unsigned char **p,
         return( ret );
     }
 
-    entry->raw.p = *p;
-    end = *p + entry->raw.len;
+    end = *p + entry_len;
 
     while( *p < end )
     {
@@ -728,12 +725,13 @@ static int x509_get_entries( unsigned char **p,
         if( ( ret = asn1_get_tag( p, end, &len2,
                 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
         {
-            if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
-                return( 0 );
-
             return( ret );
         }
 
+        cur_entry->raw.tag = **p;
+        cur_entry->raw.p = *p;
+        cur_entry->raw.len = len2;
+
         if( ( ret = x509_get_serial( p, end, &cur_entry->serial ) ) != 0 )
             return( ret );
 
@@ -1324,7 +1322,9 @@ int x509parse_crl( x509_crl *chain, unsigned char *buf, int buflen )
     if( ( ret = x509_get_UTCTime( &p, end, &crl->next_update ) ) != 0 )
     {
         if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE |
-                        POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
+                        POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
+             ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE |
+                        POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
         {
             x509_crl_free( crl );
             return( ret );
@@ -2024,7 +2024,7 @@ int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl )
                                prefix );
     SAFE_SNPRINTF();
 
-    while( entry != NULL )
+    while( entry != NULL && entry->raw.len != 0 )
     {
         ret = snprintf( p, n, "\n%sserial number: ",
                                prefix );