Update prototype of x509write_set_key_usage()

Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-06-23 11:07:37 +02:00
parent 655a964539
commit 1cd10adc7c
3 changed files with 14 additions and 6 deletions

View file

@ -73,7 +73,8 @@ API Changes
* ecdsa_write_signature() gained an addtional md_alg argument and * ecdsa_write_signature() gained an addtional md_alg argument and
ecdsa_write_signature_det() was deprecated. ecdsa_write_signature_det() was deprecated.
* pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA. * pk_sign() no longer accepts md_alg == POLARSSL_MD_NONE with ECDSA.
* Last argument of x509_crt_check_key_usage() changed from int to unsigned. * Last argument of x509_crt_check_key_usage() and
mbedtls_x509write_crt_set_key_usage() changed from int to unsigned.
* test_ca_list (from certs.h) is renamed to test_cas_pem and is only * test_ca_list (from certs.h) is renamed to test_cas_pem and is only
available if POLARSSL_PEM_PARSE_C is defined (it never worked without). available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
* Test certificates in certs.c are no longer guaranteed to be nul-terminated * Test certificates in certs.c are no longer guaranteed to be nul-terminated

View file

@ -570,7 +570,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
* *
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
*/ */
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, unsigned char key_usage ); int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage );
/** /**
* \brief Set the Netscape Cert Type flags * \brief Set the Netscape Cert Type flags

View file

@ -217,15 +217,21 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
} }
#endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_SHA1_C */
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, unsigned char key_usage ) int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage )
{ {
unsigned char buf[4]; unsigned char buf[4], ku;
unsigned char *c; unsigned char *c;
int ret; int ret;
c = buf + 4; /* We currently only support 7 bits, from 0x80 to 0x02 */
if( ( key_usage & ~0xfe ) != 0 )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 ) c = buf + 4;
ku = (unsigned char) key_usage;
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
return( ret ); return( ret );
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,