Home
last modified time | relevance | path

Searched refs:cert (Results 1 – 25 of 282) sorted by relevance

12345678910>>...12

/openbsd/usr.sbin/rpki-client/
H A Dfilemode.c53 struct cert *cert; member
67 uripath_add(const char *uri, struct cert *cert) in uripath_add() argument
75 up->cert = cert; in uripath_add()
135 struct cert *cert = NULL; in parse_load_cert() local
184 struct cert *cert; in parse_load_certchain() local
222 cert->talid = a->cert->talid; in parse_load_certchain()
239 struct cert *cert; in parse_load_ta() local
278 find_tal(struct cert *cert) in find_tal() argument
337 struct cert *cert = NULL; in proc_parser_file() local
408 cert = cert_parse(file, cert); in proc_parser_file()
[all …]
H A Dcert.c1 /* $OpenBSD: cert.c,v 1.141 2024/06/07 08:36:54 tb Exp $ */
32 extern ASN1_OBJECT *certpol_oid; /* id-cp-ipAddr-asNumber cert policy */
242 sbgp_assysnum(const char *fn, struct cert *cert, X509_EXTENSION *ext) in sbgp_assysnum() argument
259 if (!sbgp_parse_assysnum(fn, asidentifiers, &cert->as, &cert->asz)) in sbgp_assysnum()
466 sbgp_ipaddrblk(const char *fn, struct cert *cert, X509_EXTENSION *ext) in sbgp_ipaddrblk() argument
483 if (!sbgp_parse_ipaddrblk(fn, addrblk, &cert->ips, &cert in sbgp_ipaddrblk()
503 sbgp_sia(const char * fn,struct cert * cert,X509_EXTENSION * ext) sbgp_sia() argument
630 certificate_policies(const char * fn,struct cert * cert,X509_EXTENSION * ext) certificate_policies() argument
732 struct cert *cert; cert_parse_ee_cert() local
797 struct cert *cert; cert_parse_pre() local
1272 auth_insert(const char * fn,struct auth_tree * auths,struct cert * cert,struct auth * issuer) auth_insert() argument
1307 insert_brk(struct brk_tree * tree,struct cert * cert,int asid) insert_brk() argument
1341 cert_insert_brks(struct brk_tree * tree,struct cert * cert) cert_insert_brks() argument
[all...]
H A Dvalidate.c46 c = as_check_covered(min, max, a->cert->as, a->cert->asz); in valid_as()
88 valid_cert(const char *fn, struct auth *a, const struct cert *cert) in valid_cert() argument
116 if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min, in valid_cert()
132 valid_roa(const char *fn, struct cert *cert, struct roa *roa) in valid_roa() argument
139 roa->ips[i].max, cert->ips, cert->ipsz) > 0) in valid_roa()
157 valid_spl(const char *fn, struct cert *cert, struct spl *spl) in valid_spl() argument
439 valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc) in valid_rsc() argument
453 if (as_check_covered(min, max, cert->as, cert->asz) > 0) in valid_rsc()
462 rsc->ips[i].max, cert->ips, cert->ipsz) > 0) in valid_rsc()
509 valid_aspa(const char *fn, struct cert *cert, struct aspa *aspa) in valid_aspa() argument
[all …]
H A Dparser.c92 * and that the SKI of the cert matches with the AKI.
101 warnx("%s: RFC 6487: unknown cert with SKI %s", fn, aki); in find_issuer()
113 if (strcmp(aki, a->cert->ski) != 0) { in find_issuer()
115 aki, a->cert->ski); in find_issuer()
184 roa->talid = a->cert->talid; in proc_parser_roa()
219 spl->talid = a->cert->talid; in proc_parser_spl()
379 mft->talid = a->cert->talid; in proc_parser_mft_pre()
528 static struct cert *
532 struct cert *cert; in proc_parser_cert() local
586 struct cert *cert; proc_parser_root_cert() local
739 struct cert *cert; parse_entity() local
[all...]
H A Dconstraints.c520 if (cert->type == CERT_AS_INHERIT) in constraints_check_as()
523 if (cert->type == CERT_AS_ID) { in constraints_check_as()
524 min = cert->id; in constraints_check_as()
525 max = cert->id; in constraints_check_as()
527 min = cert->range.min; in constraints_check_as()
528 max = cert->range.max; in constraints_check_as()
548 if (cert->type == CERT_IP_INHERIT) in constraints_check_ips()
556 if (ip_addr_check_covered(cert->afi, cert->min, cert->max, in constraints_check_ips()
569 constraints_validate(const char *fn, const struct cert *cert) in constraints_validate() argument
571 int talid = cert->talid; in constraints_validate()
[all …]
/openbsd/regress/usr.bin/ssh/
H A Dcert-hostkey.sh19 *rsa*cert*)
65 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
117 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
168 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
177 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
189 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
197 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
208 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
229 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
295 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
[all …]
H A Dagent-pkcs11-cert.sh46 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
48 ${SSH_SOFTHSM_DIR}/RSA-cert.pub ||
54 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
55 ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list
61 ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
68 for x in ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
78 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
80 ${SSH_SOFTHSM_DIR}/RSA-cert.pub ||
84 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
85 ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list
[all …]
/openbsd/regress/usr.bin/ssh/unittests/authopt/testdata/
H A Dmktestdata.sh7 rm -f *.cert
18 mv user_key-cert.pub "$output"
23 sign no_permit.cert -Oclear
25 sign no_agentfwd.cert -Ono-agent-forwarding
26 sign no_portfwd.cert -Ono-port-forwarding
27 sign no_pty.cert -Ono-pty
28 sign no_user_rc.cert -Ono-user-rc
29 sign no_x11fwd.cert -Ono-X11-forwarding
33 sign only_pty.cert -Oclear -Opermit-pty
37 sign force_command.cert -Oforce-command="foo"
[all …]
/openbsd/regress/lib/libcrypto/CA/
H A DMakefile21 root.cert.pem: root.cnf root.key.pem \
38 intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem \
47 run-verify-intermediate: root.cert.pem intermediate.cert.pem
49 openssl verify -CAfile root.cert.pem intermediate.cert.pem
51 chain.pem: intermediate.cert.pem root.cert.pem
52 cat intermediate.cert.pem root.cert.pem > chain.pem
66 server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
70 -in server.csr.pem -out server.cert.pem
84 client.cert.pem: intermediate.cnf intermediate.cert.pem client.csr.pem
88 -in client.csr.pem -out client.cert.pem
[all …]
/openbsd/sbin/isakmpd/
H A Dx509.c88 X509 *cert; member
123 cert)); in x509_generate_kn()
535 cert = LIST_NEXT(cert, link)) { in x509_hash_find()
559 cert->cert)); in x509_hash_find()
560 return cert->cert; in x509_hash_find()
589 certh->cert = cert; in x509_hash_enter()
609 X509 *cert; in x509_read_from_dir() local
914 X509 *cert; in x509_cert_insert() local
918 if (!cert) { in x509_cert_insert()
945 if (certh->cert == cert) in x509_hash_lookup()
[all …]
/openbsd/lib/libcrypto/x509/
H A Dx509_verify.c34 static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
36 static int x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert,
38 static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
40 static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert,
152 x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert, in x509_verify_chain_append() argument
158 if (!x509_constraints_extract_names(chain->names, cert, in x509_verify_chain_append()
164 X509_up_ref(cert); in x509_verify_chain_append()
165 if (!sk_X509_push(chain->certs, cert)) { in x509_verify_chain_append()
166 X509_free(cert); in x509_verify_chain_append()
232 x509_verify_cert_cache_extensions(X509 *cert) in x509_verify_cert_cache_extensions() argument
238 x509_verify_cert_self_signed(X509 * cert) x509_verify_cert_self_signed() argument
245 x509_verify_check_chain_end(X509 * cert,int full_chain) x509_verify_check_chain_end() argument
253 x509_verify_ctx_cert_is_root(struct x509_verify_ctx * ctx,X509 * cert,int full_chain) x509_verify_ctx_cert_is_root() argument
434 X509 *cert = sk_X509_value(ctx->xsc->chain, depth); x509_verify_ctx_validate_legacy_chain() local
564 x509_verify_consider_candidate(struct x509_verify_ctx * ctx,X509 * cert,int is_root_cert,X509 * candidate,struct x509_verify_chain * current_chain,int full_chain,char * name) x509_verify_consider_candidate() argument
632 x509_verify_cert_error(struct x509_verify_ctx * ctx,X509 * cert,size_t depth,int error,int ok) x509_verify_cert_error() argument
647 x509_verify_build_chains(struct x509_verify_ctx * ctx,X509 * cert,struct x509_verify_chain * current_chain,int full_chain,char * name) x509_verify_build_chains() argument
749 x509_verify_cert_hostname(struct x509_verify_ctx * ctx,X509 * cert,char * name) x509_verify_cert_hostname() argument
815 x509_verify_cert_times(X509 * cert,time_t * cmp_time,int * error) x509_verify_cert_times() argument
847 x509_verify_validate_constraints(X509 * cert,struct x509_verify_chain * current_chain,int * error) x509_verify_validate_constraints() argument
887 x509_verify_cert_extensions(struct x509_verify_ctx * ctx,X509 * cert,int need_ca) x509_verify_cert_extensions() argument
917 x509_verify_cert_valid(struct x509_verify_ctx * ctx,X509 * cert,struct x509_verify_chain * current_chain) x509_verify_cert_valid() argument
[all...]
/openbsd/lib/libssl/
H A Dssl_cert.c181 ssl_cert_dup(SSL_CERT *cert) in ssl_cert_dup() argument
196 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; in ssl_cert_dup()
198 ret->valid = cert->valid; in ssl_cert_dup()
199 ret->mask_k = cert->mask_k; in ssl_cert_dup()
200 ret->mask_a = cert->mask_a; in ssl_cert_dup()
202 if (cert->dhe_params != NULL) { in ssl_cert_dup()
302 return ssl->cert; in ssl_get0_cert()
304 return ctx->cert; in ssl_get0_cert()
387 X509_up_ref(cert); in ssl_cert_add1_chain_cert()
397 X509 *cert; in ssl_verify_cert_chain() local
[all …]
/openbsd/usr.sbin/relayd/
H A Dssl.c103 X509 *cert = NULL; in ssl_update_certificate() local
111 if ((cert = PEM_read_bio_X509(in, NULL, in ssl_update_certificate()
121 if (!X509_NAME_oneline(X509_get_subject_name(cert), in ssl_update_certificate()
123 !X509_NAME_oneline(X509_get_issuer_name(cert), in ssl_update_certificate()
127 if ((cert = X509_dup(cert)) == NULL) in ssl_update_certificate()
131 X509_set_pubkey(cert, pkey); in ssl_update_certificate()
135 if (!X509_sign(cert, capkey, EVP_sha256())) { in ssl_update_certificate()
144 X509_print_fp(stdout, cert); in ssl_update_certificate()
154 if (!PEM_write_bio_X509(out, cert)) { in ssl_update_certificate()
171 if (cert) in ssl_update_certificate()
[all …]
/openbsd/regress/usr.bin/ssh/unittests/sshkey/
H A Dtest_sshkey.c379 ASSERT_PTR_NE(k1->cert, NULL); in sshkey_tests()
380 k1->cert->type = SSH2_CERT_TYPE_USER; in sshkey_tests()
381 k1->cert->serial = 1234; in sshkey_tests()
382 k1->cert->key_id = strdup("estragon"); in sshkey_tests()
384 k1->cert->principals = calloc(4, sizeof(*k1->cert->principals)); in sshkey_tests()
394 k1->cert->nprincipals = 4; in sshkey_tests()
395 k1->cert->valid_after = 0; in sshkey_tests()
397 sshbuf_free(k1->cert->critical); in sshkey_tests()
398 k1->cert->critical = sshbuf_new(); in sshkey_tests()
400 sshbuf_free(k1->cert->extensions); in sshkey_tests()
[all …]
/openbsd/usr.bin/ssh/
H A Dsshkey.c310 if ((certs_only && !impl->cert) || (plain_only && impl->cert)) in sshkey_alg_list()
556 freezero(cert, sizeof(*cert)); in cert_free()
564 if ((cert = calloc(1, sizeof(*cert))) == NULL) in cert_new()
576 return cert; in cert_new()
693 if (!cert_compare(a->cert, b->cert)) in sshkey_equal()
1787 key->cert->nprincipals, key->cert->nprincipals + 1, in cert_parse()
2001 if (key->cert == NULL || key->cert->signature_type == NULL) in sshkey_check_cert_sigtype()
2182 cert = k->cert->certblob; /* for readability */ in sshkey_certify_custom()
2198 if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || in sshkey_certify_custom()
2199 (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || in sshkey_certify_custom()
[all …]
/openbsd/lib/libtls/
H A Dtls_keypair.c35 X509 *cert = NULL; in tls_keypair_pubkey_hash() local
46 if (tls_keypair_load_cert(keypair, error, &cert) == -1) in tls_keypair_pubkey_hash()
48 if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1) in tls_keypair_pubkey_hash()
54 X509_free(cert); in tls_keypair_pubkey_hash()
79 const uint8_t *cert, size_t len) in tls_keypair_set_cert_mem() argument
81 if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1) in tls_keypair_set_cert_mem()
136 X509 **cert) in tls_keypair_load_cert() argument
143 X509_free(*cert); in tls_keypair_load_cert()
144 *cert = NULL; in tls_keypair_load_cert()
157 if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, in tls_keypair_load_cert()
/openbsd/lib/libcrypto/ct/
H A Dct_sct_ctx.c103 ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) in ct_x509_get_ext() argument
105 int ret = X509_get_ext_by_NID(cert, nid, -1); in ct_x509_get_ext()
109 X509_get_ext_by_NID(cert, nid, ret) >= 0; in ct_x509_get_ext()
120 ct_x509_cert_fixup(X509 *cert, X509 *presigner) in ct_x509_cert_fixup() argument
130 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, in ct_x509_cert_fixup()
145 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) in ct_x509_cert_fixup()
150 X509_EXTENSION *certext = X509_get_ext(cert, certidx); in ct_x509_cert_fixup()
165 SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) in SCT_CTX_set1_cert() argument
184 certderlen = i2d_X509(cert, &certder); in SCT_CTX_set1_cert()
190 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); in SCT_CTX_set1_cert()
[all …]
/openbsd/sbin/iked/
H A Dca.c229 X509 *cert; in ca_decode_cert_bundle() local
641 if (cert) { in ca_getcert()
713 X509 *cert; in ca_chain_by_issuer() local
722 *dst = cert; in ca_chain_by_issuer()
743 *dst = cert; in ca_chain_by_issuer()
1173 X509 *cert; in ca_by_issuer() local
1211 X509 *cert; in ca_by_subjectaltname() local
1224 return (cert); in ca_by_subjectaltname()
1228 return (cert); in ca_by_subjectaltname()
1241 X509 *cert; in ca_store_certs_info() local
[all …]
/openbsd/regress/lib/libssl/verify/
H A Dcreate-libressl-test-certs.pl11 my @ca = cert(
20 my @leafcert = cert(
34 @leafcert = cert(
48 my @caO = cert(
56 my @caX = cert(
66 my @subcaR = cert(
75 @leafcert = cert(
88 sub cert { CERT_create(not_after => 10*365*86400+time(), @_) } subroutine
H A Dverify.c34 const char *cert; member
52 .cert = NULL,
58 .cert = "server-unusual-wildcard.pem",
70 .cert = NULL,
76 .cert = "server-unusual-wildcard.pem",
87 .cert = NULL,
93 .cert = "server-common-wildcard.pem",
105 .cert = NULL,
111 .cert = "server-common-wildcard.pem",
122 .cert = NULL,
[all …]
/openbsd/regress/usr.bin/openssl/x509/
H A Dcreate-libressl-test-certs.pl11 my @ca = cert(
20 my @leafcert = cert(
34 @leafcert = cert(
48 my @caO = cert(
56 my @caX = cert(
66 my @subcaR = cert(
75 @leafcert = cert(
88 sub cert { CERT_create(not_after => 10*365*86400+time(), @_) } subroutine
/openbsd/regress/usr.sbin/rpki-client/
H A DMakefile.inc6 PROGS += test-cert
29 validate.c as.c cert.c cms.c crl.c mft.c json.c \
38 SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \
41 run-regress-test-cert: test-cert
42 ./test-cert -v ${.CURDIR}/../cer/*.cer
43 ./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,}
46 encoding.c print.c json.c cert.c as.c \
58 encoding.c print.c validate.c cert.c crl.c mft.c json.c \
64 encoding.c print.c validate.c as.c cert.c mft.c json.c \
88 encoding.c print.c validate.c cert.c crl.c mft.c json.c \
[all …]
/openbsd/regress/usr.bin/ssh/unittests/authopt/
H A Dtests.c288 struct sshkey *cert; in test_cert_parse() local
296 sshkey_free(cert); \ in test_cert_parse()
324 cert = load_key("all_permit.cert"); in test_cert_parse()
326 opts = sshauthopt_from_cert(cert); in test_cert_parse()
331 cert = load_key("no_permit.cert"); in test_cert_parse()
334 opts = sshauthopt_from_cert(cert); in test_cert_parse()
343 opts = sshauthopt_from_cert(cert); in test_cert_parse()
352 opts = sshauthopt_from_cert(cert); in test_cert_parse()
363 sshkey_free(cert); \ in test_cert_parse()
375 struct sshkey *cert; in test_merge() local
[all …]
/openbsd/regress/lib/libssl/interop/cert/
H A DMakefile22 .for ccert in nocert cert
23 .for scert in nocert cert
28 .if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
31 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
32 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
43 REGRESS_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${s…
46 SLOW_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
49 run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
55 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
62 ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
[all …]
/openbsd/lib/libcrypto/ts/
H A Dts_rsp_verify.c283 X509 *cert; in TS_check_signing_certs() local
290 cert = sk_X509_value(chain, 0); in TS_check_signing_certs()
292 if (TS_find_cert(cert_ids, cert) != 0) in TS_check_signing_certs()
302 cert = sk_X509_value(chain, i); in TS_check_signing_certs()
304 if (TS_find_cert(cert_ids, cert) < 0) in TS_check_signing_certs()
313 cert = sk_X509_value(chain, 0); in TS_check_signing_certs()
315 if (TS_find_cert_v2(cert_ids_v2, cert) != 0) in TS_check_signing_certs()
325 cert = sk_X509_value(chain, i); in TS_check_signing_certs()
327 if (TS_find_cert_v2(cert_ids_v2, cert) < 0) in TS_check_signing_certs()
379 if (!cert_ids || !cert) in TS_find_cert()
[all …]

12345678910>>...12