Add a pile of compatibility functions. Change-Id: I75c8783139c717be34a9159a2291d2ae55ee71d5 Reviewed-on: https://boringssl-review.googlesource.com/30984 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/crypto.c b/crypto/crypto.c index 4feda17..93e2f82 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c
@@ -214,3 +214,5 @@ CRYPTO_library_init(); return 1; } + +void OPENSSL_cleanup(void) {}
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index fe269cd..6f2708c 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c
@@ -135,6 +135,16 @@ return 1; } +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) +{ + return crl->crl->lastUpdate; +} + +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) +{ + return crl->crl->nextUpdate; +} + void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg) {
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 92d0100..5e1f641 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c
@@ -817,3 +817,28 @@ } return X509_V_OK; } + +uint32_t X509_get_extension_flags(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + return x->ex_flags; +} + +uint32_t X509_get_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_KUSAGE) + return x->ex_kusage; + return UINT32_MAX; +} + +uint32_t X509_get_extended_key_usage(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_XKUSAGE) + return x->ex_xkusage; + return UINT32_MAX; +}
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 8e1a271..d35cf71 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h
@@ -125,6 +125,9 @@ OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +// OPENSSL_cleanup does nothing. +OPENSSL_EXPORT void OPENSSL_cleanup(void); + // FIPS_mode_set returns one if |on| matches whether BoringSSL was built with // |BORINGSSL_FIPS| and zero otherwise. OPENSSL_EXPORT int FIPS_mode_set(int on);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 79cadc3..eeab5ec 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -531,6 +531,8 @@ #define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) #define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); #define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) #define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) #define X509_CRL_get_issuer(x) ((x)->crl->issuer)
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 56cf59c..1af439d 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h
@@ -682,6 +682,11 @@ OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose); OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject); OPENSSL_EXPORT int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + +OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x); +OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x); +OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x); + OPENSSL_EXPORT int X509_PURPOSE_get_count(void); OPENSSL_EXPORT X509_PURPOSE * X509_PURPOSE_get0(int idx); OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(char *sname);