Home
last modified time | relevance | path

Searched refs:cert (Results 1 – 25 of 280) sorted by relevance

12345678910>>...12

/openbsd-src/usr.sbin/rpki-client/
H A Dfilemode.c55 struct cert *cert;
69 uripath_add(const char *uri, struct cert *cert) in uripath_add()
77 up->cert = cert; in uripath_add()
82 static struct cert * in uripath_lookup()
91 return up->cert;
129 * Parse the cert pointed at by the AIA URI while doing that also load
130 * the CRL of this cert
53 struct cert *cert; global() member
67 uripath_add(const char * uri,struct cert * cert) uripath_add() argument
135 struct cert *cert = NULL; parse_load_cert() local
185 struct cert *cert; parse_load_certchain() local
244 struct cert *cert; parse_load_ta() local
283 find_tal(struct cert * cert) find_tal() argument
342 struct cert *cert = NULL; proc_parser_file() local
[all...]
H A Dcert.c1 /* $OpenBSD: cert.c,v 1.155 2024/12/18 21:12:26 tb Exp $ */
32 extern ASN1_OBJECT *certpol_oid; /* id-cp-ipAddr-asNumber cert policy */
242 sbgp_assysnum(const char *fn, struct cert *cert, X509_EXTENSION *ext) in sbgp_assysnum() argument
259 if (!sbgp_parse_assysnum(fn, asidentifiers, &cert->ases, in sbgp_assysnum()
260 &cert->num_ases)) in sbgp_assysnum()
467 sbgp_ipaddrblk(const char *fn, struct cert *cert, X509_EXTENSION *ext) in sbgp_ipaddrblk()
484 if (!sbgp_parse_ipaddrblk(fn, addrblk, &cert->ips, &cert in sbgp_ipaddrblk()
466 sbgp_ipaddrblk(const char * fn,struct cert * cert,X509_EXTENSION * ext) sbgp_ipaddrblk() argument
503 sbgp_sia(const char * fn,struct cert * cert,X509_EXTENSION * ext) sbgp_sia() argument
641 certificate_policies(const char * fn,struct cert * cert,X509_EXTENSION * ext) certificate_policies() argument
743 struct cert *cert; cert_parse_ee_cert() local
805 struct cert *cert; cert_parse_pre() local
1272 auth_insert(const char * fn,struct auth_tree * auths,struct cert * cert,struct auth * issuer) auth_insert() argument
1311 insert_brk(struct brk_tree * tree,struct cert * cert,int asid) insert_brk() argument
1345 cert_insert_brks(struct brk_tree * tree,struct cert * cert) cert_insert_brks() argument
[all...]
H A Dvalidate.c46 c = as_check_covered(min, max, a->cert->ases, a->cert->num_ases); in valid_as()
72 c = ip_addr_check_covered(afi, min, max, a->cert->ips, in valid_ip()
73 a->cert->num_ips); in valid_ip()
89 valid_cert(const char *fn, struct auth *a, const struct cert *cert) in valid_cert()
94 for (i = 0; i < cert->num_ases; i++) { in valid_cert()
95 if (cert->ases[i].type == CERT_AS_INHERIT) in valid_cert()
98 if (cert->ases[i].type == CERT_AS_ID) { in valid_cert()
99 min = cert in valid_cert()
88 valid_cert(const char * fn,struct auth * a,const struct cert * cert) valid_cert() argument
132 valid_roa(const char * fn,struct cert * cert,struct roa * roa) valid_roa() argument
157 valid_spl(const char * fn,struct cert * cert,struct spl * spl) valid_spl() argument
440 valid_rsc(const char * fn,struct cert * cert,struct rsc * rsc) valid_rsc() argument
510 valid_aspa(const char * fn,struct cert * cert,struct aspa * aspa) valid_aspa() argument
527 valid_geofeed(const char * fn,struct cert * cert,struct geofeed * g) valid_geofeed() argument
[all...]
H A Dconstraints.c513 constraints_check_as(const char *fn, struct cert_as *cert, in constraints_check_as() argument
520 if (cert->type == CERT_AS_INHERIT) in constraints_check_as()
523 if (cert->type == CERT_AS_ID) { in constraints_check_as()
524 min = cert->id; in constraints_check_as()
525 max = cert->id; in constraints_check_as()
527 min = cert->range.min; in constraints_check_as()
528 max = cert->range.max; in constraints_check_as()
532 if (!as_check_overlap(cert, fn, deny_ases, num_deny_ases, 1)) in constraints_check_as()
543 constraints_check_ips(const char *fn, struct cert_ip *cert, in constraints_check_ips() argument
548 if (cert in constraints_check_ips()
569 constraints_validate(const char * fn,const struct cert * cert) constraints_validate() argument
[all...]
H A Dparser.c96 * and that the SKI of the cert matches with the AKI.
106 warnx("%s: RFC 6487: unknown cert with SKI %s", fn, in find_issuer()
119 if (strcmp(aki, a->cert->ski) != 0) { in find_issuer()
121 aki, a->cert->ski); in find_issuer()
191 roa->talid = a->cert->talid; in proc_parser_roa()
233 spl->talid = a->cert->talid; in proc_parser_spl()
401 mft->talid = a->cert->talid; in proc_parser_mft_pre()
559 static struct cert * in proc_parser_cert()
563 struct cert *cert; in proc_parser_cert()
549 struct cert *cert; proc_parser_cert() local
837 struct cert *cert; parse_entity() local
[all...]
/openbsd-src/regress/usr.bin/ssh/
H A Dcert-hostkey.sh6 rm -f $OBJ/known_hosts-cert* $OBJ/host_ca_key* $OBJ/host_revoked_*
19 *rsa*cert*)
26 *cert*) types="$i,$types";;
64 kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
65 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
106 $OBJ/cert_host_key_${ktype}-cert.pub || \
108 cat $OBJ/cert_host_key_${ktype}-cert.pub >> $OBJ/host_revoked_cert
117 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
118 ${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \
119 -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
[all …]
H A Dagent-pkcs11-cert.sh46 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
48 ${SSH_SOFTHSM_DIR}/RSA-cert.pub ||
54 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
55 ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list
61 ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
68 for x in ${SSH_SOFTHSM_DIR}/EC-cert.pub ${SSH_SOFTHSM_DIR}/RSA-cert.pub ; do
78 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
80 ${SSH_SOFTHSM_DIR}/RSA-cert.pub ||
84 ${SSH_SOFTHSM_DIR}/EC-cert.pub \
85 ${SSH_SOFTHSM_DIR}/RSA-cert.pub | sort > $OBJ/expect_list
[all …]
/openbsd-src/regress/usr.bin/ssh/unittests/authopt/testdata/
H A Dmktestdata.sh7 rm -f *.cert
18 mv user_key-cert.pub "$output"
21 sign all_permit.cert -Opermit-agent-forwarding -Opermit-port-forwarding \
23 sign no_permit.cert -Oclear
25 sign no_agentfwd.cert -Ono-agent-forwarding
26 sign no_portfwd.cert -Ono-port-forwarding
27 sign no_pty.cert -Ono-pty
28 sign no_user_rc.cert -Ono-user-rc
29 sign no_x11fwd.cert -Ono-X11-forwarding
31 sign only_agentfwd.cert -Oclear -Opermit-agent-forwarding
[all …]
/openbsd-src/regress/lib/libcrypto/CA/
H A DMakefile21 root.cert.pem: root.cnf root.key.pem \
25 -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
38 intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem \
43 -in intermediate.csr.pem -out intermediate.cert.pem
47 run-verify-intermediate: root.cert.pem intermediate.cert.pem
49 openssl verify -CAfile root.cert.pem intermediate.cert.pem
51 chain.pem: intermediate.cert.pem root.cert.pem
52 cat intermediate.cert.pem root.cert.pem > chain.pem
66 server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
70 -in server.csr.pem -out server.cert.pem
[all …]
/openbsd-src/sbin/isakmpd/
H A Dx509.c88 X509 *cert; member
102 x509_generate_kn(int id, X509 *cert) in x509_generate_kn() argument
123 cert)); in x509_generate_kn()
125 issuer = X509_get_issuer_name(cert); in x509_generate_kn()
126 subject = X509_get_subject_name(cert); in x509_generate_kn()
132 if (!x509_cert_get_key(cert, &key)) { in x509_generate_kn()
171 X509_STORE_CTX_init(csc, x509_cas, cert, NULL); in x509_generate_kn()
175 X509_STORE_CTX_init(csc, x509_certs, cert, NULL); in x509_generate_kn()
222 if (((tm = X509_get_notBefore(cert)) == NULL) || in x509_generate_kn()
318 tm = X509_get_notAfter(cert); in x509_generate_kn()
[all …]
/openbsd-src/lib/libcrypto/x509/
H A Dx509_verify.c34 static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
36 static int x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert,
38 static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
40 static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert,
152 x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert, in x509_verify_chain_append() argument
158 if (!x509_constraints_extract_names(chain->names, cert, in x509_verify_chain_append()
164 X509_up_ref(cert); in x509_verify_chain_append()
165 if (!sk_X509_push(chain->certs, cert)) { in x509_verify_chain_append()
166 X509_free(cert); in x509_verify_chain_append()
232 x509_verify_cert_cache_extensions(X509 *cert) in x509_verify_cert_cache_extensions() argument
[all …]
/openbsd-src/lib/libssl/
H A Dssl_cert.c181 ssl_cert_dup(SSL_CERT *cert) in ssl_cert_dup() argument
196 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; in ssl_cert_dup()
198 ret->valid = cert->valid; in ssl_cert_dup()
199 ret->mask_k = cert->mask_k; in ssl_cert_dup()
200 ret->mask_a = cert->mask_a; in ssl_cert_dup()
202 if (cert->dhe_params != NULL) { in ssl_cert_dup()
203 ret->dhe_params = DHparams_dup(cert->dhe_params); in ssl_cert_dup()
209 ret->dhe_params_cb = cert->dhe_params_cb; in ssl_cert_dup()
210 ret->dhe_params_auto = cert->dhe_params_auto; in ssl_cert_dup()
213 if (cert->pkeys[i].x509 != NULL) { in ssl_cert_dup()
[all …]
/openbsd-src/usr.sbin/relayd/
H A Dssl.c103 X509 *cert = NULL; in ssl_update_certificate() local
111 if ((cert = PEM_read_bio_X509(in, NULL, in ssl_update_certificate()
121 if (!X509_NAME_oneline(X509_get_subject_name(cert), in ssl_update_certificate()
123 !X509_NAME_oneline(X509_get_issuer_name(cert), in ssl_update_certificate()
127 if ((cert = X509_dup(cert)) == NULL) in ssl_update_certificate()
131 X509_set_pubkey(cert, pkey); in ssl_update_certificate()
132 X509_set_issuer_name(cert, X509_get_subject_name(cacert)); in ssl_update_certificate()
135 if (!X509_sign(cert, capkey, EVP_sha256())) { in ssl_update_certificate()
144 X509_print_fp(stdout, cert); in ssl_update_certificate()
154 if (!PEM_write_bio_X509(out, cert)) { in ssl_update_certificate()
[all …]
/openbsd-src/regress/usr.bin/ssh/unittests/sshkey/
H A Dtest_sshkey.c383 ASSERT_PTR_NE(k1->cert, NULL); in sshkey_tests()
384 k1->cert->type = SSH2_CERT_TYPE_USER; in sshkey_tests()
385 k1->cert->serial = 1234; in sshkey_tests()
386 k1->cert->key_id = strdup("estragon"); in sshkey_tests()
387 ASSERT_PTR_NE(k1->cert->key_id, NULL); in sshkey_tests()
388 k1->cert->principals = calloc(4, sizeof(*k1->cert->principals)); in sshkey_tests()
389 ASSERT_PTR_NE(k1->cert->principals, NULL); in sshkey_tests()
390 k1->cert->principals[0] = strdup("estragon"); in sshkey_tests()
391 k1->cert in sshkey_tests()
[all...]
/openbsd-src/usr.bin/ssh/
H A Dsshkey.c212 return impl->cert; in sshkey_type_is_cert()
239 if (allow_short && !impl->cert && impl->shortname != NULL && in sshkey_type_from_name()
299 return match_pattern_list("ssh-rsa-cert-v01@openssh.com", in sshkey_alg_list()
301 match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", in sshkey_alg_list()
303 match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", in sshkey_alg_list()
322 if ((certs_only && !impl->cert) || (plain_only && impl->cert)) in sshkey_alg_list()
401 return !impl->cert; in sshkey_is_sk()
426 /* Return the cert-less equivalent to a certified key type */ in sshkey_type_plain()
450 /* Return the cert equivalen in sshkey_type_certified()
541 cert_free(struct sshkey_cert * cert) cert_free() argument
562 struct sshkey_cert *cert; cert_new() local
2149 struct sshbuf *cert = NULL; sshkey_certify_custom() local
2369 sshkey_format_cert_validity(const struct sshkey_cert * cert,char * s,size_t l) sshkey_format_cert_validity() argument
[all...]
/openbsd-src/lib/libtls/
H A Dtls_keypair.c35 X509 *cert = NULL; in tls_keypair_pubkey_hash() local
46 if (tls_keypair_load_cert(keypair, error, &cert) == -1) in tls_keypair_pubkey_hash()
48 if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1) in tls_keypair_pubkey_hash()
54 X509_free(cert); in tls_keypair_pubkey_hash()
79 const uint8_t *cert, size_t len) in tls_keypair_set_cert_mem() argument
81 if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1) in tls_keypair_set_cert_mem()
136 X509 **cert) in tls_keypair_load_cert() argument
143 X509_free(*cert); in tls_keypair_load_cert()
144 *cert = NULL; in tls_keypair_load_cert()
157 if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, in tls_keypair_load_cert()
/openbsd-src/lib/libcrypto/ct/
H A Dct_sct_ctx.c103 ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) in ct_x509_get_ext() argument
105 int ret = X509_get_ext_by_NID(cert, nid, -1); in ct_x509_get_ext()
109 X509_get_ext_by_NID(cert, nid, ret) >= 0; in ct_x509_get_ext()
120 ct_x509_cert_fixup(X509 *cert, X509 *presigner) in ct_x509_cert_fixup() argument
130 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, in ct_x509_cert_fixup()
145 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) in ct_x509_cert_fixup()
150 X509_EXTENSION *certext = X509_get_ext(cert, certidx); in ct_x509_cert_fixup()
165 SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) in SCT_CTX_set1_cert() argument
172 int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); in SCT_CTX_set1_cert()
184 certderlen = i2d_X509(cert, &certder); in SCT_CTX_set1_cert()
[all …]
/openbsd-src/sbin/iked/
H A Dca.c75 int ca_x509_subjectaltname_get(X509 *cert, struct iked_id *);
229 X509 *cert; in ca_decode_cert_bundle() local
295 cert = d2i_X509_bio(rawcert, NULL); in ca_decode_cert_bundle()
297 if (cert == NULL) { in ca_decode_cert_bundle()
303 if (!sk_X509_push(untrusted, cert)) { in ca_decode_cert_bundle()
306 X509_free(cert); in ca_decode_cert_bundle()
460 ca_setscert(struct iked *env, struct iked_sahdr *sh, uint8_t type, X509 *cert) in ca_setscert() argument
467 if ((buf = ca_x509_serialize(cert)) == NULL) in ca_setscert()
603 X509 *issuer = NULL, *cert; in ca_getcert() local
640 cert = ca_by_subjectaltname(store->ca_certs, &id); in ca_getcert()
[all …]
/openbsd-src/regress/lib/libssl/verify/
H A Dcreate-libressl-test-certs.pl11 my @ca = cert(
20 my @leafcert = cert(
34 @leafcert = cert(
48 my @caO = cert(
56 my @caX = cert(
66 my @subcaR = cert(
75 @leafcert = cert(
88 sub cert { CERT_create(not_after => 10*365*86400+time(), @_) } subroutine
H A Dverify.c34 const char *cert; member
52 .cert = NULL,
58 .cert = "server-unusual-wildcard.pem",
70 .cert = NULL,
76 .cert = "server-unusual-wildcard.pem",
87 .cert = NULL,
93 .cert = "server-common-wildcard.pem",
105 .cert = NULL,
111 .cert = "server-common-wildcard.pem",
122 .cert = NULL,
[all …]
/openbsd-src/regress/usr.bin/openssl/x509/
H A Dcreate-libressl-test-certs.pl11 my @ca = cert(
20 my @leafcert = cert(
34 @leafcert = cert(
48 my @caO = cert(
56 my @caX = cert(
66 my @subcaR = cert(
75 @leafcert = cert(
88 sub cert { CERT_create(not_after => 10*365*86400+time(), @_) } subroutine
/openbsd-src/regress/usr.sbin/rpki-client/
H A DMakefile.inc6 PROGS += test-cert
30 validate.c as.c cert.c cms.c crl.c mft.c json.c \
39 SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \
42 run-regress-test-cert: test-cert
43 ./test-cert -v ${.CURDIR}/../cer/*.cer
44 ./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,}
47 encoding.c print.c json.c cert
[all...]
/openbsd-src/regress/usr.bin/ssh/unittests/authopt/
H A Dtests.c288 struct sshkey *cert; in test_cert_parse() local
296 sshkey_free(cert); \ in test_cert_parse()
301 cert = load_key("no_" keybase ".cert"); \ in test_cert_parse()
304 opts = sshauthopt_from_cert(cert); \ in test_cert_parse()
308 cert = load_key("only_" keybase ".cert"); \ in test_cert_parse()
312 opts = sshauthopt_from_cert(cert); \ in test_cert_parse()
324 cert = load_key("all_permit.cert"); in test_cert_parse()
326 opts = sshauthopt_from_cert(cert); in test_cert_parse()
331 cert = load_key("no_permit.cert"); in test_cert_parse()
334 opts = sshauthopt_from_cert(cert); in test_cert_parse()
[all …]
/openbsd-src/regress/lib/libssl/interop/cert/
H A DMakefile19 .for ccert in nocert cert
20 .for scert in nocert cert
25 .if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
28 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
29 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
40 REGRESS_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
43 SLOW_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
46 run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
52 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
59 ${ccert:S/^nocert//:S/^cert/
[all...]
/openbsd-src/lib/libcrypto/ts/
H A Dts_rsp_verify.c77 static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
79 static int TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
80 static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
283 X509 *cert; in TS_check_signing_certs() local
290 cert = sk_X509_value(chain, 0); in TS_check_signing_certs()
292 if (TS_find_cert(cert_ids, cert) != 0) in TS_check_signing_certs()
302 cert = sk_X509_value(chain, i); in TS_check_signing_certs()
304 if (TS_find_cert(cert_ids, cert) < 0) in TS_check_signing_certs()
313 cert = sk_X509_value(chain, 0); in TS_check_signing_certs()
315 if (TS_find_cert_v2(cert_ids_v2, cert) != 0) in TS_check_signing_certs()
[all …]

12345678910>>...12