AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #2082 from hanno-arm/iotssl-2490

Browse Source 
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
This commit is contained in:
Gilles Peskine 2022-04-28 18:13:55 +02:00 committed by GitHub
commit f21617915f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/doc-x509-profile-pk.txt Normal file
View File

@ -0,0 +1,5 @@
Bugfix
* Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
documentation stated that the `allowed_pks` field applies to signatures
only, but in fact it does apply to the public key type of the end entity
certificate, too. Fixes #1992.

4
include/mbedtls/x509_crt.h
View File

@ -190,7 +190,9 @@ mbedtls_x509_subject_alternative_name;
typedef struct mbedtls_x509_crt_profile typedef struct mbedtls_x509_crt_profile
{ {
uint32_t allowed_mds; /**< MDs for signatures */ uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */ uint32_t allowed_pks; /**< PK algs for public keys;
* this applies to all certificates
* in the provided chain. */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
} }