eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adapt check_key_usage to new weird bits

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-06-23 10:48:44 +02:00
parent 9a702255f4
commit 655a964539
3 changed files with 37 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

20
library/x509_crt.c
View file

@ -1519,10 +1519,24 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
}
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, unsigned int usage )
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage )
{
if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) != 0 &&
( crt->key_usage & usage ) != usage )
unsigned int usage_must, usage_may;
unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
| MBEDTLS_X509_KU_DECIPHER_ONLY;
if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
return( 0 );
usage_must = usage & ~may_mask;
if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
usage_may = usage & may_mask;
if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
return( 0 );