Home
last modified time | relevance | path

Searched refs:chain (Results 1 – 25 of 144) sorted by relevance

123456

/openssl-master/crypto/ec/curve448/
A Dscalar.c58 chain = (chain + accum[i]) - sub->limb[i]; in sc_subx()
60 chain >>= WBITS; in sc_subx()
64 chain = 0; in sc_subx()
66 chain = (chain + out->limb[i]) + (p->limb[i] & borrow); in sc_subx()
68 chain >>= WBITS; in sc_subx()
92 chain = 0; in sc_montmul()
100 chain += accum[j]; in sc_montmul()
101 chain += hi_carry; in sc_montmul()
131 chain = (chain + a->limb[i]) + b->limb[i]; in ossl_curve448_scalar_add()
133 chain >>= WBITS; in ossl_curve448_scalar_add()
[all …]
/openssl-master/test/
A Dbio_prefix_text.c40 static BIO **chain = NULL; variable
99 chain = OPENSSL_zalloc(sizeof(*chain) * n); in setup_bio_chain()
101 if (chain != NULL) { in setup_bio_chain()
113 if (chain[i] == NULL) in setup_bio_chain()
115 next = chain[i]; in setup_bio_chain()
118 return chain != NULL; in setup_bio_chain()
122 OPENSSL_free(chain); in setup_bio_chain()
128 if (chain != NULL) { in cleanup()
130 OPENSSL_free(chain); in cleanup()
183 if (chain == NULL) { in setup()
[all …]
A Dcmp_protect_test.c29 STACK_OF(X509) *chain;
46 sk_X509_free(fixture->chain); in tear_down()
336 STACK_OF(X509) *chain = in execute_cmp_build_cert_chain_test()
340 if (TEST_ptr(chain)) { in execute_cmp_build_cert_chain_test()
342 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); in execute_cmp_build_cert_chain_test()
343 sk_X509_pop_free(chain, X509_free); in execute_cmp_build_cert_chain_test()
354 ret = TEST_int_eq(fixture->expected, chain != NULL); in execute_cmp_build_cert_chain_test()
355 if (ret && chain != NULL) { in execute_cmp_build_cert_chain_test()
357 ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain)); in execute_cmp_build_cert_chain_test()
358 sk_X509_pop_free(chain, X509_free); in execute_cmp_build_cert_chain_test()
[all …]
A Ddanetest.c55 static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) in verify_chain() argument
66 || !TEST_true(X509_STORE_CTX_init(store_ctx, store, NULL, chain)) in verify_chain()
99 STACK_OF(X509) *chain; in STACK_OF()
102 if (!TEST_ptr(chain = sk_X509_new_null())) in STACK_OF()
123 if (!TEST_true(sk_X509_push(chain, cert))) in STACK_OF()
139 return chain; in STACK_OF()
146 sk_X509_pop_free(chain, X509_free); in STACK_OF()
299 STACK_OF(X509) *chain; in test_tlsafile()
341 if (!TEST_ptr(chain = load_chain(f, ncert))) { in test_tlsafile()
346 ok = verify_chain(ssl, chain); in test_tlsafile()
[all …]
/openssl-master/doc/man3/
A DBIO_push.pod5 BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain
20 BIO_pop() removes the BIO B<b> from a chain and returns the next BIO
21 in the chain, or NULL if there is no next BIO. The removed BIO then
22 becomes a single BIO with no association with the original chain,
23 it can thus be freed or attached to a different chain.
26 by B<next>. The new chain may include some of the same BIOs from the old chain
32 joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain,
33 the deleted BIO does not need to be at the end of a chain.
41 BIO_push() returns the end of the chain, B<b>.
43 BIO_pop() returns the next BIO in the chain, or NULL if there is no next
[all …]
A DSSL_check_chain.pod5 SSL_check_chain - check certificate chain suitability
11 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
16 certificate chain B<chain> is suitable for use with the current session
22 chain.
24 B<CERT_PKEY_VALID>: the chain can be used with the current session.
52 B<CERT_PKEY_SUITEB>: chain is suitable for Suite B use.
61 function on each chain in turn: starting with the one it considers the
62 most secure. It could then use the chain of the first set which returns
65 As a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be
68 chain is suitable a server should fall back to the most secure chain which
[all …]
A DSSL_CTX_add_extra_chain_cert.pod9 - add, get or clear extra chain certificates
22 SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
26 SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
27 associated with B<ctx>, or the chain associated with the current certificate
28 of B<ctx> if the extra chain is empty.
31 SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
35 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
42 When sending a certificate chain, extra chain certificates are sent in order
45 If no chain is specified, the library will try to complete the chain from the
55 Only one set of extra chain certificates can be specified per SSL_CTX
A DSSL_CTX_set1_verify_cert_store.pod9 verification or chain store
31 set the certificate store used for certificate chain building to B<st>.
49 The verification store is used to verify the certificate chain sent by the
51 the server's certificate chain and a SSL/TLS server will use it to verify
52 any client certificate chain.
54 The chain store is used to build the certificate chain.
55 Details of the chain building and checking process are described in
59 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is
63 automatic chain building is disabled.
65 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building
[all …]
A DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
51 SSL_CTX_clear_chain_certs() clears any existing chain associated with the
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
56 Normally this uses the chain store
57 or the verify store if the chain store is not set.
58 If the function is successful the built chain will replace any existing chain.
62 use all existing chain certificates only to build the chain (effectively
67 Details of the chain building process are described in
100 not increment reference counts and the supplied certificate or chain
[all …]
A DSSL_get_peer_cert_chain.pod6 chain of the peer
18 forming the certificate chain sent by the peer. If called on the client side,
24 NB: SSL_get_peer_cert_chain() returns the peer chain as sent by the peer: it
26 has sent them) it is B<not> a verified chain.
28 SSL_get0_verified_chain() returns the B<verified> certificate chain
32 X509_V_OK) the chain may be incomplete or invalid.
42 If applications wish to use any certificates in the returned chain
44 obtain a copy of the whole chain with X509_chain_up_ref().
55 or the certificate chain is no longer available when a session is reused.
59 The return value points to the certificate chain presented by the peer.
A DSSL_CTX_set_max_cert_list.pod5 …set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain
20 certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
27 certificate chain for B<ssl> to be <size> bytes. This setting stays valid
34 During the handshake process, the peer may send a certificate chain.
35 The TLS/SSL standard does not give any maximum size of the certificate chain.
39 chain is set.
41 The default value for the maximum certificate chain size is 100kB (30kB
43 chains (OpenSSL's default maximum chain length is 10, see
48 chain size allowed to be sent by the peer, see e.g. the work on
57 If the maximum certificate chain size allowed is exceeded, the handshake will
A DBIO_new_CMS.pod15 BIO_new_CMS() returns a streaming filter BIO chain based on B<cms>. The output
16 of the filter is written to B<out>. Any data written to the chain is
21 The chain returned by this function behaves like a standard filter BIO. It
24 After all content has been written through the chain BIO_flush() must be called
31 removed from the chain using BIO_pop() and freed with BIO_free() until B<out>
33 called to free up the whole chain.
38 It is possible to chain multiple BIOs to, for example, create a triple wrapped
43 Large numbers of small writes through the chain should be avoided as this will
54 BIO_new_CMS() returns a BIO chain when successful or NULL if an error
A DBIO_find_type.pod5 BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
17 The BIO_find_type() searches for a BIO of a given type in a chain, starting
29 BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
30 in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
39 BIO_next() returns the next BIO in a chain.
45 Traverse a chain looking for digest BIOs:
49 btmp = in_bio; /* in_bio is chain to search through */
A DX509_STORE_CTX_new.pod71 If you want to verify a further certificate or chain with the same I<ctx>
78 which will be untrusted but may be used to build the chain.
95 X509_STORE_CTX_set0_verified_chain() sets the validated chain to I<chain>.
96 Ownership of the chain is transferred to I<ctx>,
100 I<ctx> that contains the constructed (output) chain.
123 that were used in building the chain.
128 I<ctx> that contains the validated chain.
130 Details of the chain building and checking process are described in
134 X509_STORE_CTX_set0_verified_chain() sets the validated chain used
135 by I<ctx> to be I<chain>.
[all …]
A DX509_verify_cert.pod7 X509_STORE_CTX_verify - build and verify X509 certificate chain
21 X509_build_chain() builds a certificate chain starting from I<target>
23 If I<store> is NULL it builds the chain as far down as possible, ignoring errors.
24 Else the chain must reach a trust anchor contained in I<store>.
27 In case there is more than one possibility for the chain, only one is taken.
36 certificate chain based on parameters in I<ctx>.
41 a list of non-trusted certificates that may be helpful for chain construction,
69 return 1 if a complete chain can be built and validated,
73 If a complete chain can be built and validated both functions return 1.
A DBIO_f_buffer.pod30 to the next BIO in the chain. Data read from a buffering BIO comes from
31 an internal buffer which is filled from the next BIO in the chain.
53 BIO_read_ex() operations on the next BIO in the chain and storing the
59 buffering BIO to a chain it is therefore possible to provide
63 Do not add more than one BIO_f_buffer() to a BIO chain. The result of
67 Data is only written to the next BIO in the chain when the write buffer fills
A DSSL_CTX_use_certificate.pod49 …int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int ove…
50 int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);
68 certificates needed to form the complete certificate chain can be
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
89 similar except it loads the certificate chain into B<ssl>.
102 certificate B<x>, private key B<key>, and certificate B<chain> onto the
105 B<x>, B<pkey> and B<chain> are set only if all were not previously set.
106 If B<override> is non-0, then the certificate, private key and chain certs
153 certificate chain store for all certificate types, OpenSSL 1.0.2 and later
154 have a separate chain store for each type. SSL_CTX_use_certificate_chain_file()
[all …]
A DOSSL_ESS_check_signing_certs.pod24 const STACK_OF(X509) *chain,
40 OSSL_ESS_check_signing_certs() checks if the validation chain I<chain> contains
48 I<chain>, i.e. the signer certificate.
49 Any further certficates referenced in the list must also be found in I<chain>.
/openssl-master/ssl/
A Dssl_cert.c115 if (cpk->chain) { in ssl_cert_dup()
116 rpk->chain = X509_chain_up_ref(cpk->chain); in ssl_cert_dup()
117 if (!rpk->chain) { in ssl_cert_dup()
216 cpk->chain = NULL; in ssl_cert_clear_certs()
268 cpk->chain = chain; in ssl_cert_set0_chain()
275 if (!chain) in ssl_cert_set1_chain()
298 if (!cpk->chain) in ssl_cert_add0_chain_cert()
300 if (!cpk->chain || !sk_X509_push(cpk->chain, x)) in ssl_cert_add0_chain_cert()
916 x = sk_X509_value(chain, sk_X509_num(chain) - 1); in ssl_build_cert_chain()
938 cpk->chain = chain; in ssl_build_cert_chain()
[all …]
/openssl-master/crypto/ocsp/
A Docsp_vfy.c19 static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
67 if (chain != NULL) in ocsp_verify_signer()
68 *chain = X509_STORE_CTX_get1_chain(ctx); in ocsp_verify_signer()
101 STACK_OF(X509) *chain = NULL; in OCSP_basic_verify()
133 ret = ocsp_check_issuer(bs, chain); in OCSP_basic_verify()
146 x = sk_X509_value(chain, sk_X509_num(chain) - 1); in OCSP_basic_verify()
156 sk_X509_pop_free(chain, X509_free); in OCSP_basic_verify()
228 if (sk_X509_num(chain) <= 0) { in ocsp_check_issuer()
240 signer = sk_X509_value(chain, 0); in ocsp_check_issuer()
242 if (sk_X509_num(chain) > 1) { in ocsp_check_issuer()
[all …]
/openssl-master/crypto/x509/
A Dx509_vfy.c186 int num = sk_X509_num(ctx->chain); in check_auth_level()
275 if (ctx->chain != NULL) { in X509_verify_cert()
1345 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); in check_crl_path()
2161 return ctx->chain; in STACK_OF()
2166 if (ctx->chain == NULL) in STACK_OF()
2327 ctx->untrusted = chain; in X509_STORE_CTX_init()
2332 ctx->chain = NULL; in X509_STORE_CTX_init()
2488 ctx->chain = NULL; in X509_STORE_CTX_cleanup()
2527 ctx->chain = sk; in X509_STORE_CTX_set0_verified_chain()
2979 ctx->chain = NULL; in get1_trusted_issuer()
[all …]
A Dv3_asid.c724 STACK_OF(X509) *chain, in asid_validate_path_internal()
731 if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) in asid_validate_path_internal()
750 x = sk_X509_value(chain, i); in asid_validate_path_internal()
781 for (i++; i < sk_X509_num(chain); i++) { in asid_validate_path_internal()
782 x = sk_X509_value(chain, i); in asid_validate_path_internal()
858 if (ctx->chain == NULL in X509v3_asid_validate_path()
859 || sk_X509_num(ctx->chain) == 0 in X509v3_asid_validate_path()
864 return asid_validate_path_internal(ctx, ctx->chain, NULL); in X509v3_asid_validate_path()
871 int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, in X509v3_asid_validate_resource_set() argument
876 if (chain == NULL || sk_X509_num(chain) == 0) in X509v3_asid_validate_resource_set()
[all …]
/openssl-master/crypto/ts/
A Dts_rsp_verify.c20 X509 *signer, STACK_OF(X509) **chain);
22 const STACK_OF(X509) *chain);
96 STACK_OF(X509) *chain = NULL; in TS_RESP_verify_signature()
136 if (!ts_verify_cert(store, untrusted, signer, &chain)) in TS_RESP_verify_signature()
138 if (!ts_check_signing_certs(si, chain)) in TS_RESP_verify_signature()
161 sk_X509_pop_free(chain, X509_free); in TS_RESP_verify_signature()
172 X509 *signer, STACK_OF(X509) **chain) in ts_verify_cert()
178 *chain = NULL; in ts_verify_cert()
194 *chain = X509_STORE_CTX_get1_chain(cert_ctx); in ts_verify_cert()
232 const STACK_OF(X509) *chain) in ts_check_signing_certs()
[all …]
/openssl-master/doc/internal/man3/
A Dossl_cmp_msg_protect.pod33 ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
34 tries to build it using ctx->untrusted and caches the result in ctx->chain.
37 of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
/openssl-master/test/ssl-tests/
A D26-tls13_client_auth.cnf.in79 "Certificate" => test_pem("ee-client-chain.pem"),
103 "Certificate" => test_pem("ee-client-chain.pem"),
124 "Certificate" => test_pem("ee-client-chain.pem"),
177 "Certificate" => test_pem("ee-client-chain.pem"),
205 "Certificate" => test_pem("ee-client-chain.pem"),
230 "Certificate" => test_pem("ee-client-chain.pem"),

Completed in 38 milliseconds

123456