/openbsd/usr.sbin/rpki-client/ |
H A D | filemode.c | 53 struct cert *cert; member 67 uripath_add(const char *uri, struct cert *cert) in uripath_add() argument 75 up->cert = cert; in uripath_add() 135 struct cert *cert = NULL; in parse_load_cert() local 184 struct cert *cert; in parse_load_certchain() local 222 cert->talid = a->cert->talid; in parse_load_certchain() 239 struct cert *cert; in parse_load_ta() local 278 find_tal(struct cert *cert) in find_tal() argument 337 struct cert *cert = NULL; in proc_parser_file() local 408 cert = cert_parse(file, cert); in proc_parser_file() [all …]
|
H A D | cert.c | 1 /* $OpenBSD: cert.c,v 1.141 2024/06/07 08:36:54 tb Exp $ */ 32 extern ASN1_OBJECT *certpol_oid; /* id-cp-ipAddr-asNumber cert policy */ 242 sbgp_assysnum(const char *fn, struct cert *cert, X509_EXTENSION *ext) in sbgp_assysnum() argument 259 if (!sbgp_parse_assysnum(fn, asidentifiers, &cert->as, &cert->asz)) in sbgp_assysnum() 466 sbgp_ipaddrblk(const char *fn, struct cert *cert, X509_EXTENSION *ext) in sbgp_ipaddrblk() argument 483 if (!sbgp_parse_ipaddrblk(fn, addrblk, &cert->ips, &cert in sbgp_ipaddrblk() 503 sbgp_sia(const char * fn,struct cert * cert,X509_EXTENSION * ext) sbgp_sia() argument 630 certificate_policies(const char * fn,struct cert * cert,X509_EXTENSION * ext) certificate_policies() argument 732 struct cert *cert; cert_parse_ee_cert() local 797 struct cert *cert; cert_parse_pre() local 1272 auth_insert(const char * fn,struct auth_tree * auths,struct cert * cert,struct auth * issuer) auth_insert() argument 1307 insert_brk(struct brk_tree * tree,struct cert * cert,int asid) insert_brk() argument 1341 cert_insert_brks(struct brk_tree * tree,struct cert * cert) cert_insert_brks() argument [all...] |
H A D | validate.c | 46 c = as_check_covered(min, max, a->cert->as, a->cert->asz); in valid_as() 88 valid_cert(const char *fn, struct auth *a, const struct cert *cert) in valid_cert() argument 116 if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min, in valid_cert() 132 valid_roa(const char *fn, struct cert *cert, struct roa *roa) in valid_roa() argument 139 roa->ips[i].max, cert->ips, cert->ipsz) > 0) in valid_roa() 157 valid_spl(const char *fn, struct cert *cert, struct spl *spl) in valid_spl() argument 439 valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc) in valid_rsc() argument 453 if (as_check_covered(min, max, cert->as, cert->asz) > 0) in valid_rsc() 462 rsc->ips[i].max, cert->ips, cert->ipsz) > 0) in valid_rsc() 509 valid_aspa(const char *fn, struct cert *cert, struct aspa *aspa) in valid_aspa() argument [all …]
|
H A D | parser.c | 92 * and that the SKI of the cert matches with the AKI. 101 warnx("%s: RFC 6487: unknown cert with SKI %s", fn, aki); in find_issuer() 113 if (strcmp(aki, a->cert->ski) != 0) { in find_issuer() 115 aki, a->cert->ski); in find_issuer() 184 roa->talid = a->cert->talid; in proc_parser_roa() 219 spl->talid = a->cert->talid; in proc_parser_spl() 379 mft->talid = a->cert->talid; in proc_parser_mft_pre() 528 static struct cert * 532 struct cert *cert; in proc_parser_cert() local 586 struct cert *cert; proc_parser_root_cert() local 739 struct cert *cert; parse_entity() local [all...] |
H A D | constraints.c | 520 if (cert->type == CERT_AS_INHERIT) in constraints_check_as() 523 if (cert->type == CERT_AS_ID) { in constraints_check_as() 524 min = cert->id; in constraints_check_as() 525 max = cert->id; in constraints_check_as() 527 min = cert->range.min; in constraints_check_as() 528 max = cert->range.max; in constraints_check_as() 548 if (cert->type == CERT_IP_INHERIT) in constraints_check_ips() 556 if (ip_addr_check_covered(cert->afi, cert->min, cert->max, in constraints_check_ips() 569 constraints_validate(const char *fn, const struct cert *cert) in constraints_validate() argument 571 int talid = cert->talid; in constraints_validate() [all …]
|
/openbsd/regress/usr.bin/ssh/ |
H A D | cert-hostkey.sh | 19 *rsa*cert*) 65 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 117 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 168 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 177 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 189 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 197 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 208 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 229 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert 295 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert [all …]
|
H A D | agent-pkcs11-cert.sh | 46 ${SSH_SOFTHSM_DIR}/EC-cert.pub \ 48 ${SSH_SOFTHSM_DIR}/RSA-cert.pub || 54 ${SSH_SOFTHSM_DIR}/EC-cert.pub \ 55 ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list 61 ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do 68 for x in ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do 78 ${SSH_SOFTHSM_DIR}/EC-cert.pub \ 80 ${SSH_SOFTHSM_DIR}/RSA-cert.pub || 84 ${SSH_SOFTHSM_DIR}/EC-cert.pub \ 85 ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list [all …]
|
/openbsd/regress/usr.bin/ssh/unittests/authopt/testdata/ |
H A D | mktestdata.sh | 7 rm -f *.cert 18 mv user_key-cert.pub "$output" 23 sign no_permit.cert -Oclear 25 sign no_agentfwd.cert -Ono-agent-forwarding 26 sign no_portfwd.cert -Ono-port-forwarding 27 sign no_pty.cert -Ono-pty 28 sign no_user_rc.cert -Ono-user-rc 29 sign no_x11fwd.cert -Ono-X11-forwarding 33 sign only_pty.cert -Oclear -Opermit-pty 37 sign force_command.cert -Oforce-command="foo" [all …]
|
/openbsd/regress/lib/libcrypto/CA/ |
H A D | Makefile | 21 root.cert.pem: root.cnf root.key.pem \ 38 intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem \ 47 run-verify-intermediate: root.cert.pem intermediate.cert.pem 49 openssl verify -CAfile root.cert.pem intermediate.cert.pem 51 chain.pem: intermediate.cert.pem root.cert.pem 52 cat intermediate.cert.pem root.cert.pem > chain.pem 66 server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem 70 -in server.csr.pem -out server.cert.pem 84 client.cert.pem: intermediate.cnf intermediate.cert.pem client.csr.pem 88 -in client.csr.pem -out client.cert.pem [all …]
|
/openbsd/sbin/isakmpd/ |
H A D | x509.c | 88 X509 *cert; member 123 cert)); in x509_generate_kn() 535 cert = LIST_NEXT(cert, link)) { in x509_hash_find() 559 cert->cert)); in x509_hash_find() 560 return cert->cert; in x509_hash_find() 589 certh->cert = cert; in x509_hash_enter() 609 X509 *cert; in x509_read_from_dir() local 914 X509 *cert; in x509_cert_insert() local 918 if (!cert) { in x509_cert_insert() 945 if (certh->cert == cert) in x509_hash_lookup() [all …]
|
/openbsd/lib/libcrypto/x509/ |
H A D | x509_verify.c | 34 static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert, 36 static int x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, 38 static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, 40 static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, 152 x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert, in x509_verify_chain_append() argument 158 if (!x509_constraints_extract_names(chain->names, cert, in x509_verify_chain_append() 164 X509_up_ref(cert); in x509_verify_chain_append() 165 if (!sk_X509_push(chain->certs, cert)) { in x509_verify_chain_append() 166 X509_free(cert); in x509_verify_chain_append() 232 x509_verify_cert_cache_extensions(X509 *cert) in x509_verify_cert_cache_extensions() argument 238 x509_verify_cert_self_signed(X509 * cert) x509_verify_cert_self_signed() argument 245 x509_verify_check_chain_end(X509 * cert,int full_chain) x509_verify_check_chain_end() argument 253 x509_verify_ctx_cert_is_root(struct x509_verify_ctx * ctx,X509 * cert,int full_chain) x509_verify_ctx_cert_is_root() argument 434 X509 *cert = sk_X509_value(ctx->xsc->chain, depth); x509_verify_ctx_validate_legacy_chain() local 564 x509_verify_consider_candidate(struct x509_verify_ctx * ctx,X509 * cert,int is_root_cert,X509 * candidate,struct x509_verify_chain * current_chain,int full_chain,char * name) x509_verify_consider_candidate() argument 632 x509_verify_cert_error(struct x509_verify_ctx * ctx,X509 * cert,size_t depth,int error,int ok) x509_verify_cert_error() argument 647 x509_verify_build_chains(struct x509_verify_ctx * ctx,X509 * cert,struct x509_verify_chain * current_chain,int full_chain,char * name) x509_verify_build_chains() argument 749 x509_verify_cert_hostname(struct x509_verify_ctx * ctx,X509 * cert,char * name) x509_verify_cert_hostname() argument 815 x509_verify_cert_times(X509 * cert,time_t * cmp_time,int * error) x509_verify_cert_times() argument 847 x509_verify_validate_constraints(X509 * cert,struct x509_verify_chain * current_chain,int * error) x509_verify_validate_constraints() argument 887 x509_verify_cert_extensions(struct x509_verify_ctx * ctx,X509 * cert,int need_ca) x509_verify_cert_extensions() argument 917 x509_verify_cert_valid(struct x509_verify_ctx * ctx,X509 * cert,struct x509_verify_chain * current_chain) x509_verify_cert_valid() argument [all...] |
/openbsd/lib/libssl/ |
H A D | ssl_cert.c | 181 ssl_cert_dup(SSL_CERT *cert) in ssl_cert_dup() argument 196 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; in ssl_cert_dup() 198 ret->valid = cert->valid; in ssl_cert_dup() 199 ret->mask_k = cert->mask_k; in ssl_cert_dup() 200 ret->mask_a = cert->mask_a; in ssl_cert_dup() 202 if (cert->dhe_params != NULL) { in ssl_cert_dup() 302 return ssl->cert; in ssl_get0_cert() 304 return ctx->cert; in ssl_get0_cert() 387 X509_up_ref(cert); in ssl_cert_add1_chain_cert() 397 X509 *cert; in ssl_verify_cert_chain() local [all …]
|
/openbsd/usr.sbin/relayd/ |
H A D | ssl.c | 103 X509 *cert = NULL; in ssl_update_certificate() local 111 if ((cert = PEM_read_bio_X509(in, NULL, in ssl_update_certificate() 121 if (!X509_NAME_oneline(X509_get_subject_name(cert), in ssl_update_certificate() 123 !X509_NAME_oneline(X509_get_issuer_name(cert), in ssl_update_certificate() 127 if ((cert = X509_dup(cert)) == NULL) in ssl_update_certificate() 131 X509_set_pubkey(cert, pkey); in ssl_update_certificate() 135 if (!X509_sign(cert, capkey, EVP_sha256())) { in ssl_update_certificate() 144 X509_print_fp(stdout, cert); in ssl_update_certificate() 154 if (!PEM_write_bio_X509(out, cert)) { in ssl_update_certificate() 171 if (cert) in ssl_update_certificate() [all …]
|
/openbsd/regress/usr.bin/ssh/unittests/sshkey/ |
H A D | test_sshkey.c | 379 ASSERT_PTR_NE(k1->cert, NULL); in sshkey_tests() 380 k1->cert->type = SSH2_CERT_TYPE_USER; in sshkey_tests() 381 k1->cert->serial = 1234; in sshkey_tests() 382 k1->cert->key_id = strdup("estragon"); in sshkey_tests() 384 k1->cert->principals = calloc(4, sizeof(*k1->cert->principals)); in sshkey_tests() 394 k1->cert->nprincipals = 4; in sshkey_tests() 395 k1->cert->valid_after = 0; in sshkey_tests() 397 sshbuf_free(k1->cert->critical); in sshkey_tests() 398 k1->cert->critical = sshbuf_new(); in sshkey_tests() 400 sshbuf_free(k1->cert->extensions); in sshkey_tests() [all …]
|
/openbsd/usr.bin/ssh/ |
H A D | sshkey.c | 310 if ((certs_only && !impl->cert) || (plain_only && impl->cert)) in sshkey_alg_list() 556 freezero(cert, sizeof(*cert)); in cert_free() 564 if ((cert = calloc(1, sizeof(*cert))) == NULL) in cert_new() 576 return cert; in cert_new() 693 if (!cert_compare(a->cert, b->cert)) in sshkey_equal() 1787 key->cert->nprincipals, key->cert->nprincipals + 1, in cert_parse() 2001 if (key->cert == NULL || key->cert->signature_type == NULL) in sshkey_check_cert_sigtype() 2182 cert = k->cert->certblob; /* for readability */ in sshkey_certify_custom() 2198 if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || in sshkey_certify_custom() 2199 (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || in sshkey_certify_custom() [all …]
|
/openbsd/lib/libtls/ |
H A D | tls_keypair.c | 35 X509 *cert = NULL; in tls_keypair_pubkey_hash() local 46 if (tls_keypair_load_cert(keypair, error, &cert) == -1) in tls_keypair_pubkey_hash() 48 if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1) in tls_keypair_pubkey_hash() 54 X509_free(cert); in tls_keypair_pubkey_hash() 79 const uint8_t *cert, size_t len) in tls_keypair_set_cert_mem() argument 81 if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1) in tls_keypair_set_cert_mem() 136 X509 **cert) in tls_keypair_load_cert() argument 143 X509_free(*cert); in tls_keypair_load_cert() 144 *cert = NULL; in tls_keypair_load_cert() 157 if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, in tls_keypair_load_cert()
|
/openbsd/lib/libcrypto/ct/ |
H A D | ct_sct_ctx.c | 103 ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) in ct_x509_get_ext() argument 105 int ret = X509_get_ext_by_NID(cert, nid, -1); in ct_x509_get_ext() 109 X509_get_ext_by_NID(cert, nid, ret) >= 0; in ct_x509_get_ext() 120 ct_x509_cert_fixup(X509 *cert, X509 *presigner) in ct_x509_cert_fixup() argument 130 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, in ct_x509_cert_fixup() 145 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) in ct_x509_cert_fixup() 150 X509_EXTENSION *certext = X509_get_ext(cert, certidx); in ct_x509_cert_fixup() 165 SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) in SCT_CTX_set1_cert() argument 184 certderlen = i2d_X509(cert, &certder); in SCT_CTX_set1_cert() 190 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); in SCT_CTX_set1_cert() [all …]
|
/openbsd/sbin/iked/ |
H A D | ca.c | 229 X509 *cert; in ca_decode_cert_bundle() local 641 if (cert) { in ca_getcert() 713 X509 *cert; in ca_chain_by_issuer() local 722 *dst = cert; in ca_chain_by_issuer() 743 *dst = cert; in ca_chain_by_issuer() 1173 X509 *cert; in ca_by_issuer() local 1211 X509 *cert; in ca_by_subjectaltname() local 1224 return (cert); in ca_by_subjectaltname() 1228 return (cert); in ca_by_subjectaltname() 1241 X509 *cert; in ca_store_certs_info() local [all …]
|
/openbsd/regress/lib/libssl/verify/ |
H A D | create-libressl-test-certs.pl | 11 my @ca = cert( 20 my @leafcert = cert( 34 @leafcert = cert( 48 my @caO = cert( 56 my @caX = cert( 66 my @subcaR = cert( 75 @leafcert = cert( 88 sub cert { CERT_create(not_after => 10*365*86400+time(), @_) } subroutine
|
H A D | verify.c | 34 const char *cert; member 52 .cert = NULL, 58 .cert = "server-unusual-wildcard.pem", 70 .cert = NULL, 76 .cert = "server-unusual-wildcard.pem", 87 .cert = NULL, 93 .cert = "server-common-wildcard.pem", 105 .cert = NULL, 111 .cert = "server-common-wildcard.pem", 122 .cert = NULL, [all …]
|
/openbsd/regress/usr.bin/openssl/x509/ |
H A D | create-libressl-test-certs.pl | 11 my @ca = cert( 20 my @leafcert = cert( 34 @leafcert = cert( 48 my @caO = cert( 56 my @caX = cert( 66 my @subcaR = cert( 75 @leafcert = cert( 88 sub cert { CERT_create(not_after => 10*365*86400+time(), @_) } subroutine
|
/openbsd/regress/usr.sbin/rpki-client/ |
H A D | Makefile.inc | 6 PROGS += test-cert 29 validate.c as.c cert.c cms.c crl.c mft.c json.c \ 38 SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \ 41 run-regress-test-cert: test-cert 42 ./test-cert -v ${.CURDIR}/../cer/*.cer 43 ./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,} 46 encoding.c print.c json.c cert.c as.c \ 58 encoding.c print.c validate.c cert.c crl.c mft.c json.c \ 64 encoding.c print.c validate.c as.c cert.c mft.c json.c \ 88 encoding.c print.c validate.c cert.c crl.c mft.c json.c \ [all …]
|
/openbsd/regress/usr.bin/ssh/unittests/authopt/ |
H A D | tests.c | 288 struct sshkey *cert; in test_cert_parse() local 296 sshkey_free(cert); \ in test_cert_parse() 324 cert = load_key("all_permit.cert"); in test_cert_parse() 326 opts = sshauthopt_from_cert(cert); in test_cert_parse() 331 cert = load_key("no_permit.cert"); in test_cert_parse() 334 opts = sshauthopt_from_cert(cert); in test_cert_parse() 343 opts = sshauthopt_from_cert(cert); in test_cert_parse() 352 opts = sshauthopt_from_cert(cert); in test_cert_parse() 363 sshkey_free(cert); \ in test_cert_parse() 375 struct sshkey *cert; in test_merge() local [all …]
|
/openbsd/regress/lib/libssl/interop/cert/ |
H A D | Makefile | 22 .for ccert in nocert cert 23 .for scert in nocert cert 28 .if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \ 31 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \ 32 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \ 43 REGRESS_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${s… 46 SLOW_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv} 49 run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \ 55 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \ 62 ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \ [all …]
|
/openbsd/lib/libcrypto/ts/ |
H A D | ts_rsp_verify.c | 283 X509 *cert; in TS_check_signing_certs() local 290 cert = sk_X509_value(chain, 0); in TS_check_signing_certs() 292 if (TS_find_cert(cert_ids, cert) != 0) in TS_check_signing_certs() 302 cert = sk_X509_value(chain, i); in TS_check_signing_certs() 304 if (TS_find_cert(cert_ids, cert) < 0) in TS_check_signing_certs() 313 cert = sk_X509_value(chain, 0); in TS_check_signing_certs() 315 if (TS_find_cert_v2(cert_ids_v2, cert) != 0) in TS_check_signing_certs() 325 cert = sk_X509_value(chain, i); in TS_check_signing_certs() 327 if (TS_find_cert_v2(cert_ids_v2, cert) < 0) in TS_check_signing_certs() 379 if (!cert_ids || !cert) in TS_find_cert() [all …]
|