Skip to content

Commit

Permalink
Define KU_ constants via corresponding X509v3_KU_
Browse files Browse the repository at this point in the history 
Also wrap X509v3_KU_UNDEF in `#ifndef OPENSSL_NO_DEPRECATED_3_4`.

Fixes #22955

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #24138)
  • Loading branch information
@t8m
Viktor Dukhovni authored and t8m committed Apr 17, 2024
1 parent 299996f commit 14bed67
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 19 deletions.
28 changes: 18 additions & 10 deletions include/openssl/x509.h.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,16 +67,24 @@ extern "C" {
# define X509_FILETYPE_ASN1 2
# define X509_FILETYPE_DEFAULT 3

# define X509v3_KU_DIGITAL_SIGNATURE 0x0080
# define X509v3_KU_NON_REPUDIATION 0x0040
# define X509v3_KU_KEY_ENCIPHERMENT 0x0020
# define X509v3_KU_DATA_ENCIPHERMENT 0x0010
# define X509v3_KU_KEY_AGREEMENT 0x0008
# define X509v3_KU_KEY_CERT_SIGN 0x0004
# define X509v3_KU_CRL_SIGN 0x0002
# define X509v3_KU_ENCIPHER_ONLY 0x0001
# define X509v3_KU_DECIPHER_ONLY 0x8000
# define X509v3_KU_UNDEF 0xffff
/*-
* <https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3>:
* The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0`
* is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is
* then the MSB of the second octet, or 0x8000.
*/
# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */
# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */
# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */
# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */
# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */
# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */
# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */
# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */
# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */
# ifndef OPENSSL_NO_DEPRECATED_3_4
# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */
# endif

struct X509_algor_st {
ASN1_OBJECT *algorithm;
Expand Down
19 changes: 10 additions & 9 deletions include/openssl/x509v3.h.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -422,15 +422,16 @@ struct ISSUING_DIST_POINT_st {
# define EXFLAG_SAN_CRITICAL 0x80000
# define EXFLAG_NO_FINGERPRINT 0x100000

# define KU_DIGITAL_SIGNATURE 0x0080
# define KU_NON_REPUDIATION 0x0040
# define KU_KEY_ENCIPHERMENT 0x0020
# define KU_DATA_ENCIPHERMENT 0x0010
# define KU_KEY_AGREEMENT 0x0008
# define KU_KEY_CERT_SIGN 0x0004
# define KU_CRL_SIGN 0x0002
# define KU_ENCIPHER_ONLY 0x0001
# define KU_DECIPHER_ONLY 0x8000
/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */
# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE
# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION
# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT
# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT
# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT
# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN
# define KU_CRL_SIGN X509v3_KU_CRL_SIGN
# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY
# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY

# define NS_SSL_CLIENT 0x80
# define NS_SSL_SERVER 0x40
Expand Down

0 comments on commit 14bed67

Please sign in to comment.