Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[IGNORE, DRAFT] Test upstream #1739

Closed
wants to merge 5 commits into from
Closed

[IGNORE, DRAFT] Test upstream #1739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
13f5362
delocate: update to handle SVE2
agl Jan 13, 2024
f1b7084
Fix threads detection for CROS_EC/CROS_ZEPHYR
thughes Jan 10, 2024
bc2cdcd
Document and test X509_PURPOSE and X509_TRUST machinery
davidben Dec 25, 2023
0396a2e
Remove X509_STORE_CTX_purpose_inherit
davidben Dec 24, 2023
d78dbc4
comment change
smittals2 Aug 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion crypto/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -701,7 +701,11 @@ else()
build_libcrypto(crypto $<TARGET_OBJECTS:fipsmodule>)
endif()

if(NOT ANDROID)
# CMAKE_SYSTEM_NAME is "Generic" for embedded OSes:
# https://cmake.org/cmake/help/book/mastering-cmake/chapter/Cross%20Compiling%20With%20CMake.html#toolchain-files
#
# For now we assume embedded OSes do not have threads.
if(NOT (ANDROID OR CMAKE_SYSTEM_NAME STREQUAL "Generic"))
find_package(Threads REQUIRED)
target_link_libraries(crypto PUBLIC Threads::Threads)
endif()
Expand Down
19 changes: 9 additions & 10 deletions crypto/x509/v3_purp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -437,6 +437,10 @@ static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
return 0;
}
if (ca) {
// TODO(davidben): Move the various |check_ca| calls out of the
// |check_purpose| callbacks. Those checks are purpose-independent. They are
// also redundant when called from |X509_verify_cert|, though
// not when |X509_check_purpose| is called directly.
return check_ca(x);
}
// We need to do digital signatures or key agreement
Expand Down Expand Up @@ -478,8 +482,7 @@ static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,

static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
int ca) {
int ret;
ret = check_purpose_ssl_server(xp, x, ca);
int ret = check_purpose_ssl_server(xp, x, ca);
if (!ret || ca) {
return ret;
}
Expand Down Expand Up @@ -512,8 +515,7 @@ static int purpose_smime(const X509 *x, int ca) {

static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
int ca) {
int ret;
ret = purpose_smime(x, ca);
int ret = purpose_smime(x, ca);
if (!ret || ca) {
return ret;
}
Expand All @@ -525,8 +527,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,

static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
int ca) {
int ret;
ret = purpose_smime(x, ca);
int ret = purpose_smime(x, ca);
if (!ret || ca) {
return ret;
}
Expand Down Expand Up @@ -560,8 +561,6 @@ static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) {

static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
int ca) {
int i_ext;

// If ca is true we must return if this is a valid CA certificate.
if (ca) {
return check_ca(x);
Expand All @@ -585,9 +584,9 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
}

// Extended Key Usage MUST be critical
i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
int i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
if (i_ext >= 0) {
const X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
const X509_EXTENSION *ext = X509_get_ext(x, i_ext);
if (!X509_EXTENSION_get_critical(ext)) {
return 0;
}
Expand Down
Loading
Loading