commit 1d0ca1a33669df8081d43b03c167707fcf033d54
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 27 16:50:00 2015 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Mar 27 16:50:00 2015 +0100
tree 7eda1d828150625e0040763f3106de3905a5fbf9
parent 1022fed36e0120d9a9b876226427049888e0cd69

Move key_usage to more that 8 bits

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 1d7b95a..950eba1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
   * Support for DTLS 1.0 and 1.2 (RFC 6347).
 
 API Changes
+   * Last argument of x509_crt_check_key_usage() changed from int to unsigned.
    * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
      available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
    * Test certificates in certs.c are no longer guaranteed to be nul-terminated
@@ -33,6 +34,7 @@
 Semi-API changes (technically public, morally private)
    * Change md_info_t into an opaque structure (use md_get_xxx() accessors).
    * Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
+   * x509_crt.key_usage changed from unsigned char to unsigned int.
 
 Changes
    * Support for receiving SSLv2 ClientHello is now disabled by default at

include/mbedtls/x509_crt.h

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 4da8f84..7816801 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -79,7 +79,7 @@
     int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
     int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
 
-    unsigned char key_usage;    /**< Optional key usage extension value: See the values in x509.h */
+    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
 
     x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
 
@@ -261,7 +261,7 @@
  *                 (intermediate) CAs the keyUsage extension is automatically
  *                 checked by \c x509_crt_verify().
  */
-int x509_crt_check_key_usage( const x509_crt *crt, int usage );
+int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage );
 #endif /* POLARSSL_X509_CHECK_KEY_USAGE) */
 
 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 03e6488..b911c4e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -247,7 +247,7 @@
 
 static int x509_get_key_usage( unsigned char **p,
                                const unsigned char *end,
-                               unsigned char *key_usage)
+                               unsigned int *key_usage)
 {
     int ret;
     x509_bitstring bs = { 0, 0, NULL };
@@ -1381,7 +1381,7 @@
 }
 
 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
-int x509_crt_check_key_usage( const x509_crt *crt, int usage )
+int x509_crt_check_key_usage( const x509_crt *crt, unsigned int usage )
 {
     if( ( crt->ext_types & EXT_KEY_USAGE ) != 0 &&
         ( crt->key_usage & usage ) != usage )