Use uint16_t to store key usage field in X.509 CRT

Also, reorder the fields to avoid padding, thereby reducing the size of
mbedtls_x509_crt_frame by 2 Bytes.
This commit is contained in:
Hanno Becker 2019-05-13 12:52:57 +01:00
parent 00d390338d
commit fd5c185ed6
2 changed files with 7 additions and 7 deletions

View file

@ -63,13 +63,13 @@ typedef struct mbedtls_x509_crt_frame
uint8_t ns_cert_type; /**< Optional Netscape certificate type extension value: uint8_t ns_cert_type; /**< Optional Netscape certificate type extension value:
* See the values in x509.h */ * See the values in x509.h */
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
uint32_t ext_types; /**< Bitfield indicating which extensions are present.
* See the values in x509.h. */
mbedtls_md_type_t sig_md; /**< The hash algorithm used to hash CRT before signing. */ mbedtls_md_type_t sig_md; /**< The hash algorithm used to hash CRT before signing. */
mbedtls_pk_type_t sig_pk; /**< The signature algorithm used to sign the CRT hash. */ mbedtls_pk_type_t sig_pk; /**< The signature algorithm used to sign the CRT hash. */
uint16_t key_usage; /**< Optional key usage extension value: See the values in x509.h */
uint32_t ext_types; /**< Bitfield indicating which extensions are present.
* See the values in x509.h. */
mbedtls_x509_time valid_from; /**< The start time of certificate validity. */ mbedtls_x509_time valid_from; /**< The start time of certificate validity. */
mbedtls_x509_time valid_to; /**< The end time of certificate validity. */ mbedtls_x509_time valid_to; /**< The end time of certificate validity. */

View file

@ -781,7 +781,7 @@ static int x509_get_ns_cert_type( unsigned char **p,
static int x509_get_key_usage( unsigned char **p, static int x509_get_key_usage( unsigned char **p,
const unsigned char *end, const unsigned char *end,
unsigned int *key_usage) uint16_t *key_usage)
{ {
int ret; int ret;
size_t i; size_t i;
@ -795,9 +795,9 @@ static int x509_get_key_usage( unsigned char **p,
/* Get actual bitstring */ /* Get actual bitstring */
*key_usage = 0; *key_usage = 0;
for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) for( i = 0; i < bs.len && i < sizeof( *key_usage ); i++ )
{ {
*key_usage |= (unsigned int) bs.p[i] << (8*i); *key_usage |= (uint16_t) bs.p[i] << ( 8*i );
} }
return( 0 ); return( 0 );