From 2fc70a27ae167a69f44e1ae1152e28d5779d2874 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Fri, 22 Oct 2021 18:37:15 +0000
Subject: [PATCH] Prepare to provide X509_get_{extended_,}key_usage()

ok beck jsing
---
 lib/libcrypto/x509/x509_purp.c | 28 +++++++++++++++++++++++++++-
 lib/libcrypto/x509/x509v3.h    |  6 +++++-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/x509/x509_purp.c b/lib/libcrypto/x509/x509_purp.c
index 3c05cc31b26..43236b2cd33 100644
--- a/lib/libcrypto/x509/x509_purp.c
+++ b/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.8 2021/10/21 13:51:52 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.9 2021/10/22 18:37:15 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -942,3 +942,29 @@ X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
 	}
 	return X509_V_OK;
 }
+
+uint32_t
+X509_get_key_usage(X509 *x)
+{
+	/* Call for side-effect of computing hash and caching extensions */
+	if (X509_check_purpose(x, -1, -1) != 1)
+		return 0;
+
+	if (x->ex_flags & EXFLAG_KUSAGE)
+		return x->ex_kusage;
+
+	return UINT32_MAX;
+}
+
+uint32_t
+X509_get_extended_key_usage(X509 *x)
+{
+	/* Call for side-effect of computing hash and caching extensions */
+	if (X509_check_purpose(x, -1, -1) != 1)
+		return 0;
+
+	if (x->ex_flags & EXFLAG_XKUSAGE)
+		return x->ex_xkusage;
+
+	return UINT32_MAX;
+}
diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h
index 9467a666c5a..84229a18907 100644
--- a/lib/libcrypto/x509/x509v3.h
+++ b/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.6 2021/10/21 13:51:52 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.7 2021/10/22 18:37:15 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -799,6 +799,10 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(const X509_PURPOSE *);
+#if defined(LIBRESSL_NEW_API)
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+#endif
 
 STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-- 
2.20.1