Home
last modified time | relevance | path

Searched refs:chain (Results 1 – 25 of 159) sorted by relevance

1234567

/openssl/crypto/ec/curve448/
H A Dscalar.c58 chain = (chain + accum[i]) - sub->limb[i]; in sc_subx()
60 chain >>= WBITS; in sc_subx()
64 chain = 0; in sc_subx()
66 chain = (chain + out->limb[i]) + (p->limb[i] & borrow); in sc_subx()
68 chain >>= WBITS; in sc_subx()
92 chain = 0; in sc_montmul()
100 chain += accum[j]; in sc_montmul()
101 chain += hi_carry; in sc_montmul()
131 chain = (chain + a->limb[i]) + b->limb[i]; in ossl_curve448_scalar_add()
133 chain >>= WBITS; in ossl_curve448_scalar_add()
[all …]
/openssl/test/
H A Dbio_prefix_text.c40 static BIO **chain = NULL; variable
99 chain = OPENSSL_zalloc(sizeof(*chain) * n); in setup_bio_chain()
101 if (chain != NULL) { in setup_bio_chain()
113 if (chain[i] == NULL) in setup_bio_chain()
115 next = chain[i]; in setup_bio_chain()
118 return chain != NULL; in setup_bio_chain()
122 OPENSSL_free(chain); in setup_bio_chain()
128 if (chain != NULL) { in cleanup()
130 OPENSSL_free(chain); in cleanup()
183 if (chain == NULL) { in setup()
[all …]
H A Dcmp_protect_test.c30 STACK_OF(X509) *chain;
48 sk_X509_free(fixture->chain); in tear_down()
343 STACK_OF(X509) *chain = in execute_cmp_build_cert_chain_test()
347 if (TEST_ptr(chain)) { in execute_cmp_build_cert_chain_test()
349 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); in execute_cmp_build_cert_chain_test()
350 OSSL_STACK_OF_X509_free(chain); in execute_cmp_build_cert_chain_test()
361 ret = TEST_int_eq(fixture->expected, chain != NULL); in execute_cmp_build_cert_chain_test()
362 if (ret && chain != NULL) { in execute_cmp_build_cert_chain_test()
364 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); in execute_cmp_build_cert_chain_test()
365 OSSL_STACK_OF_X509_free(chain); in execute_cmp_build_cert_chain_test()
[all …]
H A Ddanetest.c55 static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) in verify_chain() argument
66 || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain)) in verify_chain()
99 STACK_OF(X509) *chain; in STACK_OF()
102 if (!TEST_ptr(chain = sk_X509_new_null())) in STACK_OF()
123 if (!TEST_true(sk_X509_push(chain, cert))) in STACK_OF()
139 return chain; in STACK_OF()
146 OSSL_STACK_OF_X509_free(chain); in STACK_OF()
299 STACK_OF(X509) *chain; in test_tlsafile()
341 if (!TEST_ptr(chain = load_chain(f, ncert))) { in test_tlsafile()
346 ok = verify_chain(ssl, chain); in test_tlsafile()
[all …]
H A Dx509_load_cert_file_test.c14 static const char *chain; variable
27 || !TEST_true(X509_load_cert_file(lookup, chain, X509_FILETYPE_PEM)) in test_load_cert_file()
61 chain = test_get_argument(0); in setup_tests()
62 if (chain == NULL) in setup_tests()
/openssl/doc/man3/
H A DBIO_push.pod5 BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain
19 Otherwise it prepends I<b>, which may be a single BIO or a chain of BIOs,
23 BIO_pop() removes the BIO I<b> from any chain is is part of.
26 returns the next BIO in the chain, or NULL if there is no next BIO.
28 the original chain, it can thus be freed or be made part of a different chain.
31 by I<next>. The new chain may include some of the same BIOs from the old chain
38 the deleted BIO does not need to be at the end of a chain.
46 BIO_push() returns the head of the chain,
49 BIO_pop() returns the next BIO in the chain,
61 is made then the new chain will be I<b64-f>. After making the calls
[all …]
H A DSSL_check_chain.pod5 SSL_check_chain - check certificate chain suitability
11 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
16 certificate chain B<chain> is suitable for use with the current session
22 chain.
24 B<CERT_PKEY_VALID>: the chain can be used with the current session.
52 B<CERT_PKEY_SUITEB>: chain is suitable for Suite B use.
61 function on each chain in turn: starting with the one it considers the
62 most secure. It could then use the chain of the first set which returns
65 As a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be
68 chain is suitable a server should fall back to the most secure chain which
[all …]
H A DSSL_CTX_add_extra_chain_cert.pod9 - add, get or clear extra chain certificates
22 SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
26 SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
27 associated with B<ctx>, or the chain associated with the current certificate
28 of B<ctx> if the extra chain is empty.
31 SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
35 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
42 When sending a certificate chain, extra chain certificates are sent in order
45 If no chain is specified, the library will try to complete the chain from the
55 Only one set of extra chain certificates can be specified per SSL_CTX
H A DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
51 SSL_CTX_clear_chain_certs() clears any existing chain associated with the
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
56 Normally this uses the chain store
57 or the verify store if the chain store is not set.
58 If the function is successful the built chain will replace any existing chain.
62 use all existing chain certificates only to build the chain (effectively
67 Details of the chain building process are described in
100 not increment reference counts and the supplied certificate or chain
[all …]
H A DSSL_get_peer_cert_chain.pod6 chain of the peer
18 forming the certificate chain sent by the peer. If called on the client side,
24 NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it
26 has sent them) it is B<not> a verified chain.
28 SSL_get0_verified_chain() returns the B<verified> certificate chain
32 X509_V_OK) the chain may be incomplete or invalid.
42 If applications wish to use any certificates in the returned chain
44 obtain a copy of the whole chain with X509_chain_up_ref().
55 or the certificate chain is no longer available when a session is reused.
59 The return value points to the certificate chain presented by the peer.
H A DSSL_CTX_set1_verify_cert_store.pod11 verification or chain store
37 set the certificate store used for certificate chain building to B<st>.
60 The verification store is used to verify the certificate chain sent by the
62 the server's certificate chain and a SSL/TLS server will use it to verify
63 any client certificate chain.
65 The chain store is used to build the certificate chain.
66 Details of the chain building and checking process are described in
70 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is
74 automatic chain building is disabled.
76 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building
[all …]
H A DSSL_CTX_set_max_cert_list.pod5 …set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain
20 certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
27 certificate chain for B<ssl> to be <size> bytes. This setting stays valid
34 During the handshake process, the peer may send a certificate chain.
35 The TLS/SSL standard does not give any maximum size of the certificate chain.
39 chain is set.
41 The default value for the maximum certificate chain size is 100kB (30kB
43 chains (OpenSSL's default maximum chain length is 10, see
48 chain size allowed to be sent by the peer, see e.g. the work on
57 If the maximum certificate chain size allowed is exceeded, the handshake will
H A DBIO_new_CMS.pod15 BIO_new_CMS() returns a streaming filter BIO chain based on B<cms>. The output
16 of the filter is written to B<out>. Any data written to the chain is
21 The chain returned by this function behaves like a standard filter BIO. It
24 After all content has been written through the chain BIO_flush() must be called
31 removed from the chain using BIO_pop() and freed with BIO_free() until B<out>
33 called to free up the whole chain.
38 It is possible to chain multiple BIOs to, for example, create a triple wrapped
43 Large numbers of small writes through the chain should be avoided as this will
54 BIO_new_CMS() returns a BIO chain when successful or NULL if an error
H A DBIO_find_type.pod5 BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
17 The BIO_find_type() searches for a B<BIO> of a given type in a chain, starting
29 BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
30 in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
39 BIO_next() returns the next BIO in a chain.
45 Traverse a chain looking for digest BIOs:
49 btmp = in_bio; /* in_bio is chain to search through */
H A DX509_verify_cert.pod7 X509_STORE_CTX_verify - build and verify X509 certificate chain
21 X509_build_chain() builds a certificate chain starting from I<target>
23 If I<store> is NULL it builds the chain as far down as possible, ignoring errors.
24 Else the chain must reach a trust anchor contained in I<store>.
27 In case there is more than one possibility for the chain, only one is taken.
36 certificate chain based on parameters in I<ctx>.
41 a list of non-trusted certificates that may be helpful for chain construction,
75 return 1 if a complete chain can be built and validated,
79 If a complete chain can be built and validated both functions return 1.
H A DBIO_f_buffer.pod30 to the next BIO in the chain. Data read from a buffering BIO comes from
31 an internal buffer which is filled from the next BIO in the chain.
53 BIO_read_ex() operations on the next BIO in the chain and storing the
59 buffering BIO to a chain it is therefore possible to provide
63 Do not add more than one BIO_f_buffer() to a BIO chain. The result of
67 Data is only written to the next BIO in the chain when the write buffer fills
H A DX509_STORE_CTX_new.pod97 which will be untrusted but may be used to build the chain.
132 X509_STORE_CTX_set0_verified_chain() sets the validated chain to I<chain>.
133 Ownership of the chain is transferred to I<ctx>,
137 I<ctx> that contains the constructed (output) chain.
163 that were used in building the chain.
168 I<ctx> that contains the validated chain.
170 Details of the chain building and checking process are described in
174 X509_STORE_CTX_set0_verified_chain() sets the validated chain used
175 by I<ctx> to be I<chain>.
176 Ownership of the chain is transferred to I<ctx>,
[all …]
/openssl/demos/guide/
H A DMakefile18 all: $(TESTS) chain
27 chain: chain.pem target
30 chain.pem: pkey.pem
31 openssl req -x509 -new -key pkey.pem -days 36500 -subj / -out chain.pem
39 .PHONY: test chain
/openssl/crypto/ocsp/
H A Docsp_vfy.c19 static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
68 if (chain != NULL) in ocsp_verify_signer()
69 *chain = X509_STORE_CTX_get1_chain(ctx); in ocsp_verify_signer()
102 STACK_OF(X509) *chain = NULL; in OCSP_basic_verify()
134 ret = ocsp_check_issuer(bs, chain); in OCSP_basic_verify()
147 x = sk_X509_value(chain, sk_X509_num(chain) - 1); in OCSP_basic_verify()
157 OSSL_STACK_OF_X509_free(chain); in OCSP_basic_verify()
229 if (sk_X509_num(chain) <= 0) { in ocsp_check_issuer()
241 signer = sk_X509_value(chain, 0); in ocsp_check_issuer()
243 if (sk_X509_num(chain) > 1) { in ocsp_check_issuer()
[all …]
/openssl/ssl/
H A Dssl_cert.c142 if (cpk->chain) { in ssl_cert_dup()
143 rpk->chain = X509_chain_up_ref(cpk->chain); in ssl_cert_dup()
144 if (!rpk->chain) { in ssl_cert_dup()
251 cpk->chain = NULL; in ssl_cert_clear_certs()
311 cpk->chain = chain; in ssl_cert_set0_chain()
319 if (!chain) in ssl_cert_set1_chain()
343 if (!cpk->chain) in ssl_cert_add0_chain_cert()
345 if (!cpk->chain || !sk_X509_push(cpk->chain, x)) in ssl_cert_add0_chain_cert()
1128 x = sk_X509_value(chain, sk_X509_num(chain) - 1); in ssl_build_cert_chain()
1150 cpk->chain = chain; in ssl_build_cert_chain()
[all …]
/openssl/crypto/x509/
H A Dx509_vfy.c193 int num = sk_X509_num(ctx->chain); in check_auth_level()
338 if (ctx->chain != NULL) { in x509_verify_x509()
1408 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); in check_crl_path()
2266 return ctx->chain; in STACK_OF()
2271 if (ctx->chain == NULL) in STACK_OF()
2442 ctx->untrusted = chain; in X509_STORE_CTX_init()
2447 ctx->chain = NULL; in X509_STORE_CTX_init()
2598 ctx->chain = NULL; in X509_STORE_CTX_cleanup()
2648 ctx->chain = sk; in X509_STORE_CTX_set0_verified_chain()
3195 ctx->chain = NULL; in get1_trusted_issuer()
[all …]
H A Dv3_asid.c747 STACK_OF(X509) *chain, in asid_validate_path_internal()
754 if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) in asid_validate_path_internal()
773 x = sk_X509_value(chain, i); in asid_validate_path_internal()
804 for (i++; i < sk_X509_num(chain); i++) { in asid_validate_path_internal()
805 x = sk_X509_value(chain, i); in asid_validate_path_internal()
881 if (ctx->chain == NULL in X509v3_asid_validate_path()
882 || sk_X509_num(ctx->chain) == 0 in X509v3_asid_validate_path()
887 return asid_validate_path_internal(ctx, ctx->chain, NULL); in X509v3_asid_validate_path()
894 int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, in X509v3_asid_validate_resource_set() argument
899 if (chain == NULL || sk_X509_num(chain) == 0) in X509v3_asid_validate_resource_set()
[all …]
/openssl/doc/internal/man3/
H A Dossl_cmp_msg_protect.pod36 ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
37 tries to build it using ctx->untrusted and caches the result in ctx->chain.
40 of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
48 because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert.
/openssl/crypto/ts/
H A Dts_rsp_verify.c20 X509 *signer, STACK_OF(X509) **chain);
22 const STACK_OF(X509) *chain);
96 STACK_OF(X509) *chain = NULL; in TS_RESP_verify_signature()
136 if (!ts_verify_cert(store, untrusted, signer, &chain)) in TS_RESP_verify_signature()
138 if (!ts_check_signing_certs(si, chain)) in TS_RESP_verify_signature()
161 OSSL_STACK_OF_X509_free(chain); in TS_RESP_verify_signature()
172 X509 *signer, STACK_OF(X509) **chain) in ts_verify_cert()
178 *chain = NULL; in ts_verify_cert()
194 *chain = X509_STORE_CTX_get1_chain(cert_ctx); in ts_verify_cert()
232 const STACK_OF(X509) *chain) in ts_check_signing_certs()
[all …]
/openssl/test/ssl-tests/
H A D32-compressed-certificate.cnf.in85 "Certificate" => test_pem("ee-client-chain.pem"),
103 "Certificate" => test_pem("ee-client-chain.pem"),
121 "Certificate" => test_pem("ee-client-chain.pem"),
139 "Certificate" => test_pem("ee-client-chain.pem"),

Completed in 69 milliseconds

1234567