From fd5c185ed656cbf4e1668973c95c67bfda02e1fe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 13 May 2019 12:52:57 +0100 Subject: [PATCH] Use uint16_t to store key usage field in X.509 CRT Also, reorder the fields to avoid padding, thereby reducing the size of mbedtls_x509_crt_frame by 2 Bytes. --- include/mbedtls/x509_crt.h | 8 ++++---- library/x509_crt.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 26f3a622c..47b29def1 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -63,13 +63,13 @@ typedef struct mbedtls_x509_crt_frame uint8_t ns_cert_type; /**< Optional Netscape certificate type extension value: * See the values in x509.h */ - unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ - uint32_t ext_types; /**< Bitfield indicating which extensions are present. - * See the values in x509.h. */ - mbedtls_md_type_t sig_md; /**< The hash algorithm used to hash CRT before signing. */ mbedtls_pk_type_t sig_pk; /**< The signature algorithm used to sign the CRT hash. */ + uint16_t key_usage; /**< Optional key usage extension value: See the values in x509.h */ + uint32_t ext_types; /**< Bitfield indicating which extensions are present. + * See the values in x509.h. */ + mbedtls_x509_time valid_from; /**< The start time of certificate validity. */ mbedtls_x509_time valid_to; /**< The end time of certificate validity. */ diff --git a/library/x509_crt.c b/library/x509_crt.c index ffd3d9bc4..4e5f6f50f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -781,7 +781,7 @@ static int x509_get_ns_cert_type( unsigned char **p, static int x509_get_key_usage( unsigned char **p, const unsigned char *end, - unsigned int *key_usage) + uint16_t *key_usage) { int ret; size_t i; @@ -795,9 +795,9 @@ static int x509_get_key_usage( unsigned char **p, /* Get actual bitstring */ *key_usage = 0; - for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) + for( i = 0; i < bs.len && i < sizeof( *key_usage ); i++ ) { - *key_usage |= (unsigned int) bs.p[i] << (8*i); + *key_usage |= (uint16_t) bs.p[i] << ( 8*i ); } return( 0 );