diff --git a/ChangeLog b/ChangeLog index 1d7b95a45..950eba109 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Features * Support for DTLS 1.0 and 1.2 (RFC 6347). API Changes + * Last argument of x509_crt_check_key_usage() changed from int to unsigned. * test_ca_list (from certs.h) is renamed to test_cas_pem and is only available if POLARSSL_PEM_PARSE_C is defined (it never worked without). * Test certificates in certs.c are no longer guaranteed to be nul-terminated @@ -33,6 +34,7 @@ New deprecations Semi-API changes (technically public, morally private) * Change md_info_t into an opaque structure (use md_get_xxx() accessors). * Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl. + * x509_crt.key_usage changed from unsigned char to unsigned int. Changes * Support for receiving SSLv2 ClientHello is now disabled by default at diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 4da8f84da..7816801fe 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -79,7 +79,7 @@ typedef struct _x509_crt int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ - unsigned char key_usage; /**< Optional key usage extension value: See the values in x509.h */ + unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ @@ -261,7 +261,7 @@ int x509_crt_verify( x509_crt *crt, * (intermediate) CAs the keyUsage extension is automatically * checked by \c x509_crt_verify(). */ -int x509_crt_check_key_usage( const x509_crt *crt, int usage ); +int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage ); #endif /* POLARSSL_X509_CHECK_KEY_USAGE) */ #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) diff --git a/library/x509_crt.c b/library/x509_crt.c index 03e64886e..b911c4e4c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -247,7 +247,7 @@ static int x509_get_ns_cert_type( unsigned char **p, static int x509_get_key_usage( unsigned char **p, const unsigned char *end, - unsigned char *key_usage) + unsigned int *key_usage) { int ret; x509_bitstring bs = { 0, 0, NULL }; @@ -1381,7 +1381,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, } #if defined(POLARSSL_X509_CHECK_KEY_USAGE) -int x509_crt_check_key_usage( const x509_crt *crt, int usage ) +int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage ) { if( ( crt->ext_types & EXT_KEY_USAGE ) != 0 && ( crt->key_usage & usage ) != usage )