/openssl/crypto/ec/curve448/ |
H A D | scalar.c | 58 chain = (chain + accum[i]) - sub->limb[i]; in sc_subx() 60 chain >>= WBITS; in sc_subx() 64 chain = 0; in sc_subx() 66 chain = (chain + out->limb[i]) + (p->limb[i] & borrow); in sc_subx() 68 chain >>= WBITS; in sc_subx() 92 chain = 0; in sc_montmul() 100 chain += accum[j]; in sc_montmul() 101 chain += hi_carry; in sc_montmul() 131 chain = (chain + a->limb[i]) + b->limb[i]; in ossl_curve448_scalar_add() 133 chain >>= WBITS; in ossl_curve448_scalar_add() [all …]
|
/openssl/test/ |
H A D | bio_prefix_text.c | 40 static BIO **chain = NULL; variable 99 chain = OPENSSL_zalloc(sizeof(*chain) * n); in setup_bio_chain() 101 if (chain != NULL) { in setup_bio_chain() 113 if (chain[i] == NULL) in setup_bio_chain() 115 next = chain[i]; in setup_bio_chain() 118 return chain != NULL; in setup_bio_chain() 122 OPENSSL_free(chain); in setup_bio_chain() 128 if (chain != NULL) { in cleanup() 130 OPENSSL_free(chain); in cleanup() 183 if (chain == NULL) { in setup() [all …]
|
H A D | cmp_protect_test.c | 30 STACK_OF(X509) *chain; 48 sk_X509_free(fixture->chain); in tear_down() 343 STACK_OF(X509) *chain = in execute_cmp_build_cert_chain_test() 347 if (TEST_ptr(chain)) { in execute_cmp_build_cert_chain_test() 349 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); in execute_cmp_build_cert_chain_test() 350 OSSL_STACK_OF_X509_free(chain); in execute_cmp_build_cert_chain_test() 361 ret = TEST_int_eq(fixture->expected, chain != NULL); in execute_cmp_build_cert_chain_test() 362 if (ret && chain != NULL) { in execute_cmp_build_cert_chain_test() 364 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); in execute_cmp_build_cert_chain_test() 365 OSSL_STACK_OF_X509_free(chain); in execute_cmp_build_cert_chain_test() [all …]
|
H A D | danetest.c | 55 static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) in verify_chain() argument 66 || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain)) in verify_chain() 99 STACK_OF(X509) *chain; in STACK_OF() 102 if (!TEST_ptr(chain = sk_X509_new_null())) in STACK_OF() 123 if (!TEST_true(sk_X509_push(chain, cert))) in STACK_OF() 139 return chain; in STACK_OF() 146 OSSL_STACK_OF_X509_free(chain); in STACK_OF() 299 STACK_OF(X509) *chain; in test_tlsafile() 341 if (!TEST_ptr(chain = load_chain(f, ncert))) { in test_tlsafile() 346 ok = verify_chain(ssl, chain); in test_tlsafile() [all …]
|
H A D | x509_load_cert_file_test.c | 14 static const char *chain; variable 27 || !TEST_true(X509_load_cert_file(lookup, chain, X509_FILETYPE_PEM)) in test_load_cert_file() 61 chain = test_get_argument(0); in setup_tests() 62 if (chain == NULL) in setup_tests()
|
/openssl/doc/man3/ |
H A D | BIO_push.pod | 5 BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain 19 Otherwise it prepends I<b>, which may be a single BIO or a chain of BIOs, 23 BIO_pop() removes the BIO I<b> from any chain is is part of. 26 returns the next BIO in the chain, or NULL if there is no next BIO. 28 the original chain, it can thus be freed or be made part of a different chain. 31 by I<next>. The new chain may include some of the same BIOs from the old chain 38 the deleted BIO does not need to be at the end of a chain. 46 BIO_push() returns the head of the chain, 49 BIO_pop() returns the next BIO in the chain, 61 is made then the new chain will be I<b64-f>. After making the calls [all …]
|
H A D | SSL_check_chain.pod | 5 SSL_check_chain - check certificate chain suitability 11 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); 16 certificate chain B<chain> is suitable for use with the current session 22 chain. 24 B<CERT_PKEY_VALID>: the chain can be used with the current session. 52 B<CERT_PKEY_SUITEB>: chain is suitable for Suite B use. 61 function on each chain in turn: starting with the one it considers the 62 most secure. It could then use the chain of the first set which returns 65 As a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be 68 chain is suitable a server should fall back to the most secure chain which [all …]
|
H A D | SSL_CTX_add_extra_chain_cert.pod | 9 - add, get or clear extra chain certificates 22 SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain 26 SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates 27 associated with B<ctx>, or the chain associated with the current certificate 28 of B<ctx> if the extra chain is empty. 31 SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates 35 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates 42 When sending a certificate chain, extra chain certificates are sent in order 45 If no chain is specified, the library will try to complete the chain from the 55 Only one set of extra chain certificates can be specified per SSL_CTX
|
H A D | SSL_CTX_add1_chain_cert.pod | 11 chain certificate processing 41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain 51 SSL_CTX_clear_chain_certs() clears any existing chain associated with the 55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>. 56 Normally this uses the chain store 57 or the verify store if the chain store is not set. 58 If the function is successful the built chain will replace any existing chain. 62 use all existing chain certificates only to build the chain (effectively 67 Details of the chain building process are described in 100 not increment reference counts and the supplied certificate or chain [all …]
|
H A D | SSL_get_peer_cert_chain.pod | 6 chain of the peer 18 forming the certificate chain sent by the peer. If called on the client side, 24 NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it 26 has sent them) it is B<not> a verified chain. 28 SSL_get0_verified_chain() returns the B<verified> certificate chain 32 X509_V_OK) the chain may be incomplete or invalid. 42 If applications wish to use any certificates in the returned chain 44 obtain a copy of the whole chain with X509_chain_up_ref(). 55 or the certificate chain is no longer available when a session is reused. 59 The return value points to the certificate chain presented by the peer.
|
H A D | SSL_CTX_set1_verify_cert_store.pod | 11 verification or chain store 37 set the certificate store used for certificate chain building to B<st>. 60 The verification store is used to verify the certificate chain sent by the 62 the server's certificate chain and an SSL/TLS server will use it to verify 63 any client certificate chain. 65 The chain store is used to build the certificate chain. 66 Details of the chain building and checking process are described in 70 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 74 automatic chain building is disabled. 76 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building [all …]
|
H A D | SSL_CTX_set_max_cert_list.pod | 5 …set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain 20 certificate chain for all SSL objects created from B<ctx> to be <size> bytes. 27 certificate chain for B<ssl> to be <size> bytes. This setting stays valid 34 During the handshake process, the peer may send a certificate chain. 35 The TLS/SSL standard does not give any maximum size of the certificate chain. 39 chain is set. 41 The default value for the maximum certificate chain size is 100kB (30kB 43 chains (OpenSSL's default maximum chain length is 10, see 48 chain size allowed to be sent by the peer, see e.g. the work on 57 If the maximum certificate chain size allowed is exceeded, the handshake will
|
H A D | BIO_new_CMS.pod | 15 BIO_new_CMS() returns a streaming filter BIO chain based on B<cms>. The output 16 of the filter is written to B<out>. Any data written to the chain is 21 The chain returned by this function behaves like a standard filter BIO. It 24 After all content has been written through the chain BIO_flush() must be called 31 removed from the chain using BIO_pop() and freed with BIO_free() until B<out> 33 called to free up the whole chain. 38 It is possible to chain multiple BIOs to, for example, create a triple wrapped 43 Large numbers of small writes through the chain should be avoided as this will 54 BIO_new_CMS() returns a BIO chain when successful or NULL if an error
|
H A D | BIO_find_type.pod | 5 BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal 17 The BIO_find_type() searches for a B<BIO> of a given type in a chain, starting 29 BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs 30 in a chain or used in conjunction with BIO_find_type() to find all BIOs of a 39 BIO_next() returns the next BIO in a chain. 45 Traverse a chain looking for digest BIOs: 49 btmp = in_bio; /* in_bio is chain to search through */
|
H A D | X509_verify_cert.pod | 7 X509_STORE_CTX_verify - build and verify X509 certificate chain 21 X509_build_chain() builds a certificate chain starting from I<target> 23 If I<store> is NULL it builds the chain as far down as possible, ignoring errors. 24 Else the chain must reach a trust anchor contained in I<store>. 27 In case there is more than one possibility for the chain, only one is taken. 36 certificate chain based on parameters in I<ctx>. 41 a list of non-trusted certificates that may be helpful for chain construction, 75 return 1 if a complete chain can be built and validated, 79 If a complete chain can be built and validated both functions return 1.
|
H A D | BIO_f_buffer.pod | 30 to the next BIO in the chain. Data read from a buffering BIO comes from 31 an internal buffer which is filled from the next BIO in the chain. 53 BIO_read_ex() operations on the next BIO in the chain and storing the 59 buffering BIO to a chain it is therefore possible to provide 63 Do not add more than one BIO_f_buffer() to a BIO chain. The result of 67 Data is only written to the next BIO in the chain when the write buffer fills
|
H A D | X509_STORE_CTX_new.pod | 97 which will be untrusted but may be used to build the chain. 132 X509_STORE_CTX_set0_verified_chain() sets the validated chain to I<chain>. 133 Ownership of the chain is transferred to I<ctx>, 137 I<ctx> that contains the constructed (output) chain. 163 that were used in building the chain. 168 I<ctx> that contains the validated chain. 170 Details of the chain building and checking process are described in 174 X509_STORE_CTX_set0_verified_chain() sets the validated chain used 175 by I<ctx> to be I<chain>. 176 Ownership of the chain is transferred to I<ctx>, [all …]
|
/openssl/demos/guide/ |
H A D | Makefile | 18 all: $(TESTS) chain 27 chain: chain.pem target 30 chain.pem: pkey.pem 31 openssl req -x509 -new -key pkey.pem -days 36500 -subj / -out chain.pem 39 .PHONY: test chain
|
/openssl/crypto/ocsp/ |
H A D | ocsp_vfy.c | 19 static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain); 68 if (chain != NULL) in ocsp_verify_signer() 69 *chain = X509_STORE_CTX_get1_chain(ctx); in ocsp_verify_signer() 102 STACK_OF(X509) *chain = NULL; in OCSP_basic_verify() 134 ret = ocsp_check_issuer(bs, chain); in OCSP_basic_verify() 147 x = sk_X509_value(chain, sk_X509_num(chain) - 1); in OCSP_basic_verify() 157 OSSL_STACK_OF_X509_free(chain); in OCSP_basic_verify() 229 if (sk_X509_num(chain) <= 0) { in ocsp_check_issuer() 241 signer = sk_X509_value(chain, 0); in ocsp_check_issuer() 243 if (sk_X509_num(chain) > 1) { in ocsp_check_issuer() [all …]
|
/openssl/ssl/ |
H A D | ssl_cert.c | 142 if (cpk->chain) { in ssl_cert_dup() 143 rpk->chain = X509_chain_up_ref(cpk->chain); in ssl_cert_dup() 144 if (!rpk->chain) { in ssl_cert_dup() 251 cpk->chain = NULL; in ssl_cert_clear_certs() 311 cpk->chain = chain; in ssl_cert_set0_chain() 319 if (!chain) in ssl_cert_set1_chain() 343 if (!cpk->chain) in ssl_cert_add0_chain_cert() 345 if (!cpk->chain || !sk_X509_push(cpk->chain, x)) in ssl_cert_add0_chain_cert() 1128 x = sk_X509_value(chain, sk_X509_num(chain) - 1); in ssl_build_cert_chain() 1150 cpk->chain = chain; in ssl_build_cert_chain() [all …]
|
/openssl/crypto/x509/ |
H A D | x509_vfy.c | 191 int num = sk_X509_num(ctx->chain); in check_auth_level() 336 if (ctx->chain != NULL) { in x509_verify_x509() 1441 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); in check_crl_path() 2299 return ctx->chain; in STACK_OF() 2304 if (ctx->chain == NULL) in STACK_OF() 2475 ctx->untrusted = chain; in X509_STORE_CTX_init() 2480 ctx->chain = NULL; in X509_STORE_CTX_init() 2631 ctx->chain = NULL; in X509_STORE_CTX_cleanup() 2681 ctx->chain = sk; in X509_STORE_CTX_set0_verified_chain() 3228 ctx->chain = NULL; in get1_trusted_issuer() [all …]
|
H A D | v3_asid.c | 747 STACK_OF(X509) *chain, in asid_validate_path_internal() 754 if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) in asid_validate_path_internal() 773 x = sk_X509_value(chain, i); in asid_validate_path_internal() 804 for (i++; i < sk_X509_num(chain); i++) { in asid_validate_path_internal() 805 x = sk_X509_value(chain, i); in asid_validate_path_internal() 881 if (ctx->chain == NULL in X509v3_asid_validate_path() 882 || sk_X509_num(ctx->chain) == 0 in X509v3_asid_validate_path() 887 return asid_validate_path_internal(ctx, ctx->chain, NULL); in X509v3_asid_validate_path() 894 int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, in X509v3_asid_validate_resource_set() argument 899 if (chain == NULL || sk_X509_num(chain) == 0) in X509v3_asid_validate_resource_set() [all …]
|
/openssl/doc/internal/man3/ |
H A D | ossl_cmp_msg_protect.pod | 36 ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx> 37 tries to build it using ctx->untrusted and caches the result in ctx->chain. 40 of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). 48 because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert.
|
/openssl/crypto/ts/ |
H A D | ts_rsp_verify.c | 20 X509 *signer, STACK_OF(X509) **chain); 22 const STACK_OF(X509) *chain); 96 STACK_OF(X509) *chain = NULL; in TS_RESP_verify_signature() 136 if (!ts_verify_cert(store, untrusted, signer, &chain)) in TS_RESP_verify_signature() 138 if (!ts_check_signing_certs(si, chain)) in TS_RESP_verify_signature() 161 OSSL_STACK_OF_X509_free(chain); in TS_RESP_verify_signature() 172 X509 *signer, STACK_OF(X509) **chain) in ts_verify_cert() 178 *chain = NULL; in ts_verify_cert() 194 *chain = X509_STORE_CTX_get1_chain(cert_ctx); in ts_verify_cert() 232 const STACK_OF(X509) *chain) in ts_check_signing_certs() [all …]
|
/openssl/test/ssl-tests/ |
H A D | 32-compressed-certificate.cnf.in | 85 "Certificate" => test_pem("ee-client-chain.pem"), 103 "Certificate" => test_pem("ee-client-chain.pem"), 121 "Certificate" => test_pem("ee-client-chain.pem"), 139 "Certificate" => test_pem("ee-client-chain.pem"),
|