Commit 1d0ca1a3 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Move key_usage to more that 8 bits

parent 1022fed3
......@@ -6,6 +6,7 @@ Features
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
* Last argument of x509_crt_check_key_usage() changed from int to unsigned.
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
* Test certificates in certs.c are no longer guaranteed to be nul-terminated
......@@ -33,6 +34,7 @@ New deprecations
Semi-API changes (technically public, morally private)
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).
* Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
* x509_crt.key_usage changed from unsigned char to unsigned int.
Changes
* Support for receiving SSLv2 ClientHello is now disabled by default at
......
......@@ -79,7 +79,7 @@ typedef struct _x509_crt
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
unsigned char key_usage; /**< Optional key usage extension value: See the values in x509.h */
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
......@@ -261,7 +261,7 @@ int x509_crt_verify( x509_crt *crt,
* (intermediate) CAs the keyUsage extension is automatically
* checked by \c x509_crt_verify().
*/
int x509_crt_check_key_usage( const x509_crt *crt, int usage );
int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage );
#endif /* POLARSSL_X509_CHECK_KEY_USAGE) */
#if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
......
......@@ -247,7 +247,7 @@ static int x509_get_ns_cert_type( unsigned char **p,
static int x509_get_key_usage( unsigned char **p,
const unsigned char *end,
unsigned char *key_usage)
unsigned int *key_usage)
{
int ret;
x509_bitstring bs = { 0, 0, NULL };
......@@ -1381,7 +1381,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
}
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
int x509_crt_check_key_usage( const x509_crt *crt, int usage )
int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage )
{
if( ( crt->ext_types & EXT_KEY_USAGE ) != 0 &&
( crt->key_usage & usage ) != usage )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment