Update prototype of x509write_set_key_usage()

Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
parent 655a9645
......@@ -73,7 +73,8 @@ API Changes
* ecdsa_write_signature() gained an addtional md_alg argument and
ecdsa_write_signature_det() was deprecated.
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
* Last argument of x509_crt_check_key_usage() and
mbedtls_x509write_crt_set_key_usage() changed from int to unsigned.
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
* Test certificates in certs.c are no longer guaranteed to be nul-terminated
......
......@@ -570,7 +570,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
*
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, unsigned char key_usage );
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage );
/**
* \brief Set the Netscape Cert Type flags
......
......@@ -217,15 +217,21 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
}
#endif /* MBEDTLS_SHA1_C */
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, unsigned char key_usage )
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage )
{
unsigned char buf[4];
unsigned char buf[4], ku;
unsigned char *c;
int ret;
/* We currently only support 7 bits, from 0x80 to 0x02 */
if( ( key_usage & ~0xfe ) != 0 )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
c = buf + 4;
ku = (unsigned char) key_usage;
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
return( ret );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment