Lines Matching +refs:cc +refs:check +refs:functions
34 * and decoding functions use it to ensure that no attempt is made at
184 br_x509_minimal_context *cc;
187 cc = (br_x509_minimal_context *)(void *)ctx;
188 for (u = 0; u < cc->num_name_elts; u ++) {
189 cc->name_elts[u].status = 0;
190 cc->name_elts[u].buf[0] = 0;
192 memset(&cc->pkey, 0, sizeof cc->pkey);
193 cc->num_certs = 0;
194 cc->err = 0;
195 cc->cpu.dp = cc->dp_stack;
196 cc->cpu.rp = cc->rp_stack;
197 br_x509_minimal_init_main(&cc->cpu);
199 cc->server_name = NULL;
201 cc->server_name = server_name;
208 br_x509_minimal_context *cc;
210 cc = (br_x509_minimal_context *)(void *)ctx;
211 if (cc->err != 0) {
215 cc->err = BR_ERR_X509_TRUNCATED;
218 cc->cert_length = length;
224 br_x509_minimal_context *cc;
226 cc = (br_x509_minimal_context *)(void *)ctx;
227 if (cc->err != 0) {
230 cc->hbuf = buf;
231 cc->hlen = len;
232 br_x509_minimal_run(&cc->cpu);
238 br_x509_minimal_context *cc;
240 cc = (br_x509_minimal_context *)(void *)ctx;
241 if (cc->err == 0 && cc->cert_length != 0) {
242 cc->err = BR_ERR_X509_TRUNCATED;
244 cc->num_certs ++;
250 br_x509_minimal_context *cc;
252 cc = (br_x509_minimal_context *)(void *)ctx;
253 if (cc->err == 0) {
254 if (cc->num_certs == 0) {
255 cc->err = BR_ERR_X509_EMPTY_CHAIN;
257 cc->err = BR_ERR_X509_NOT_TRUSTED;
259 } else if (cc->err == BR_ERR_X509_OK) {
262 return (unsigned)cc->err;
268 br_x509_minimal_context *cc;
270 cc = (br_x509_minimal_context *)(void *)ctx;
271 if (cc->err == BR_ERR_X509_OK
272 || cc->err == BR_ERR_X509_NOT_TRUSTED)
275 *usages = cc->key_usages;
422 cc: read8-low ( -- x ) {
441 cc: read-blob-inner ( addr len -- addr len ) {
467 cc: compute-tbs-hash ( id -- hashlen ) {
475 cc: zero-server-name ( -- bool ) {
488 \ Start TBS hash computation. The hash functions are reinitialised.
489 cc: start-tbs-hash ( -- ) {
495 cc: stop-tbs-hash ( -- ) {
500 cc: start-dn-hash ( -- ) {
507 cc: compute-dn-hash ( -- ) {
513 cc: dn-hash-length ( -- len ) {
518 cc: blobcopy ( addr-dst addr-src len -- ) {
536 cc: offset-name-element ( san -- n ) {
567 cc: copy-name-element ( bool offbuf -- ) {
590 cc: copy-name-SAN ( bool tag -- ) {
620 12 of check-primitive read-value-UTF8 endof
622 18 of check-primitive read-value-latin1 endof
624 19 of check-primitive read-value-latin1 endof
626 20 of check-primitive read-value-latin1 endof
628 22 of check-primitive read-value-latin1 endof
630 30 of check-primitive read-value-UTF16 endof
655 read-tag 0x11 check-tag-constructed read-length-open-elt
708 cc: check-validity-range ( na-days na-seconds nb-days nb-seconds -- int ) {
765 cc: match-server-name ( -- bool ) {
803 cc: copy-ee-rsa-pkey ( nlen elen -- ) {
815 cc: copy-ee-ec-pkey ( curve qlen -- ) {
826 cc: check-direct-trust ( -- ) {
887 cc: check-trust-anchor-CA ( -- ) {
913 cc: do-rsa-vrfy ( nlen elen -- err ) {
930 cc: do-ecdsa-vrfy ( curve qlen -- err ) {
942 cc: print-bytes ( addr len -- ) {
953 cc: printOID ( -- ) {
1005 \ the certificate is not the EE. We check that the extension contains
1018 drop check-primitive read-small-int-value
1038 read-tag 0x03 check-tag-primitive
1127 check-constructed read-length-open-elt
1130 read-tag 0x20 check-tag-constructed
1138 check-primitive
1143 check-primitive
1150 check-primitive
1156 \ We check only names of type dNSName; they use IA5String,
1159 \ check-primitive
1187 drop check-constructed read-length-open-elt
1189 0x02 check-tag-primitive
1196 \ Serial number. We just check that the tag is correct.
1197 0x02 check-tag-primitive
1210 read-date { nbd nbs } read-date nbd nbs check-validity-range
1216 \ For the EE, we must check whether the Common Name, if
1330 check-constructed read-length-open-elt
1340 0x04 check-tag-primitive read-length-open-elt
1435 \ want to check the server name with regards to the SAN extension.
1436 \ However, we want to check direct trust before trying to decode
1439 ee if check-direct-trust then
1446 read-tag check-sequence read-length-open-elt
1448 \ RSA with PKCS#1 v1.5 padding, and hash functions SHA-1,
1515 check-trust-anchor-CA ;