Use uint16_t to store key usage field in X.509 CRT
Also, reorder the fields to avoid padding, thereby reducing the size of
mbedtls_x509_crt_frame by 2 Bytes.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 26f3a62..47b29de 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -63,13 +63,13 @@
uint8_t ns_cert_type; /**< Optional Netscape certificate type extension value:
* See the values in x509.h */
- unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
- uint32_t ext_types; /**< Bitfield indicating which extensions are present.
- * See the values in x509.h. */
-
mbedtls_md_type_t sig_md; /**< The hash algorithm used to hash CRT before signing. */
mbedtls_pk_type_t sig_pk; /**< The signature algorithm used to sign the CRT hash. */
+ uint16_t key_usage; /**< Optional key usage extension value: See the values in x509.h */
+ uint32_t ext_types; /**< Bitfield indicating which extensions are present.
+ * See the values in x509.h. */
+
mbedtls_x509_time valid_from; /**< The start time of certificate validity. */
mbedtls_x509_time valid_to; /**< The end time of certificate validity. */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index ffd3d9b..4e5f6f5 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -781,7 +781,7 @@
static int x509_get_key_usage( unsigned char **p,
const unsigned char *end,
- unsigned int *key_usage)
+ uint16_t *key_usage)
{
int ret;
size_t i;
@@ -795,9 +795,9 @@
/* Get actual bitstring */
*key_usage = 0;
- for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
+ for( i = 0; i < bs.len && i < sizeof( *key_usage ); i++ )
{
- *key_usage |= (unsigned int) bs.p[i] << (8*i);
+ *key_usage |= (uint16_t) bs.p[i] << ( 8*i );
}
return( 0 );