From 1d0ca1a33669df8081d43b03c167707fcf033d54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 27 Mar 2015 16:50:00 +0100
Subject: [PATCH] Move key_usage to more that 8 bits

---
 ChangeLog                  | 2 ++
 include/mbedtls/x509_crt.h | 4 ++--
 library/x509_crt.c         | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1d7b95a45..950eba109 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ Features
   * Support for DTLS 1.0 and 1.2 (RFC 6347).
 
 API Changes
+   * Last argument of x509_crt_check_key_usage() changed from int to unsigned.
    * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
      available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
    * Test certificates in certs.c are no longer guaranteed to be nul-terminated
@@ -33,6 +34,7 @@ New deprecations
 Semi-API changes (technically public, morally private)
    * Change md_info_t into an opaque structure (use md_get_xxx() accessors).
    * Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
+   * x509_crt.key_usage changed from unsigned char to unsigned int.
 
 Changes
    * Support for receiving SSLv2 ClientHello is now disabled by default at
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 4da8f84da..7816801fe 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -79,7 +79,7 @@ typedef struct _x509_crt
     int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
     int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
 
-    unsigned char key_usage;    /**< Optional key usage extension value: See the values in x509.h */
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
 
     x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
 
@@ -261,7 +261,7 @@ int x509_crt_verify( x509_crt *crt,
  *                 (intermediate) CAs the keyUsage extension is automatically
  *                 checked by \c x509_crt_verify().
  */
-int x509_crt_check_key_usage( const x509_crt *crt, int usage );
+int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage );
 #endif /* POLARSSL_X509_CHECK_KEY_USAGE) */
 
 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 03e64886e..b911c4e4c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -247,7 +247,7 @@ static int x509_get_ns_cert_type( unsigned char **p,
 
 static int x509_get_key_usage( unsigned char **p,
                                const unsigned char *end,
-                               unsigned char *key_usage)
+                               unsigned int *key_usage)
 {
     int ret;
     x509_bitstring bs = { 0, 0, NULL };
@@ -1381,7 +1381,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
 }
 
 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
-int x509_crt_check_key_usage( const x509_crt *crt, int usage )
+int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage )
 {
     if( ( crt->ext_types & EXT_KEY_USAGE ) != 0 &&
         ( crt->key_usage & usage ) != usage )