Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
diff --git a/ChangeLog.d/x509_ext_types_accessor.txt b/ChangeLog.d/x509_ext_types_accessor.txt
new file mode 100644
index 0000000..13a3152
--- /dev/null
+++ b/ChangeLog.d/x509_ext_types_accessor.txt
@@ -0,0 +1,3 @@
+Features
+ * Add the function mbedtls_x509_crt_has_ext_type() to access the ext types
+ field within mbedtls_x509_crt context, as requested in #5585.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 3e331d4..aa45957 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -957,6 +957,23 @@
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+/**
+ * \brief Query certificate for given extension type
+ *
+ * \param[in] ctx Certificate context to be queried, must not be \c NULL
+ * \param ext_type Extension type being queried for, must be a valid
+ * extension type. Must be one of the MBEDTLS_X509_EXT_XXX
+ * values
+ *
+ * \return 0 if the given extension type is not present,
+ * non-zero otherwise
+ */
+static inline int mbedtls_x509_crt_has_ext_type( const mbedtls_x509_crt *ctx,
+ int ext_type )
+{
+ return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
+}
+
/** \} name Structures and functions for parsing and writing X.509 certificates */
#if defined(MBEDTLS_X509_CRT_WRITE_C)
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index e21b450..d04b7d8 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -2791,3 +2791,11 @@
X509 CRT verify restart: one int, int badsign, max_ops=500
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C
x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100
+
+X509 ext types accessor: ext type present
+depends_on:MBEDTLS_X509_CRT_PARSE_C
+x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_KEY_USAGE
+
+X509 ext types accessor: ext type not present
+depends_on:MBEDTLS_X509_CRT_PARSE_C
+x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 8605b63..1d06fe3 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -401,6 +401,22 @@
* END_DEPENDENCIES
*/
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+void x509_accessor_ext_types( int ext_type, int has_ext_type )
+{
+ mbedtls_x509_crt crt;
+ int expected_result = ext_type & has_ext_type;
+
+ mbedtls_x509_crt_init( &crt );
+
+ crt.ext_types = ext_type;
+
+ TEST_ASSERT( mbedtls_x509_crt_has_ext_type( &crt, has_ext_type ) == expected_result );
+
+ mbedtls_x509_crt_free( &crt );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_parse_san( char * crt_file, char * result_str )
{