Skip to content

Commit

Permalink
Document some key usage accessors
Browse files Browse the repository at this point in the history 
Bug: 426
Change-Id: I423d1471c586764e20c720684e3d225abbf5d662
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64251
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
(cherry picked from commit e6ce79a89f031af791fe0910dc11d811cbfd3bc7)
  • Loading branch information
@davidben @torben-hansen
davidben authored and torben-hansen committed Apr 19, 2024
1 parent 2fe70b5 commit 9c399e5
Showing 1 changed file with 21 additions and 3 deletions.
24 changes: 21 additions & 3 deletions include/openssl/x509.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3175,6 +3175,8 @@ OPENSSL_EXPORT void X509_STORE_set_check_crl(
OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
X509_STORE_get_check_crl(X509_STORE *ctx);

// X509_STORE_CTX_new returns a newly-allocated, empty |X509_STORE_CTX|, or NULL
// on error.
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);

OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
Expand Down Expand Up @@ -4256,9 +4258,25 @@ OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose);
OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject);
OPENSSL_EXPORT int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);

OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x);
OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x);
OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x);
OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x509);

// X509_get_key_usage returns a bitmask of key usages (see Section 4.2.1.3 of
// RFC 5280) which |x509| is valid for. The result will be a combination of
// |KU_*| constants.
//
// If |x509| has no key usage extension, all key usages are valid and this
// function returns |UINT32_MAX|. If there was an error processing |x509|'s
// extensions, this function returns zero.
OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x509);

// X509_get_extended_key_usage returns a bitmask of extended key usages (see
// Section 4.2.1.12 of RFC 5280) which |x509| is valid for. The result will be
// a combination of |XKU_*| constants.
//
// If |x509| has no extended key usage extension, all extended key usages are
// valid and this function returns |UINT32_MAX|. If there was an error
// processing |x509|'s extensions, this function returns zero.
OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x509);

// X509_get0_subject_key_id returns |x509|'s subject key identifier, if present.
// (See RFC 5280, section 4.2.1.2.) It returns NULL if the extension is not
Expand Down

0 comments on commit 9c399e5

Please sign in to comment.