Lines Matching +refs:cc +refs:with
59 * -- Each certificate is decoded in due course, with the following
84 * -- Otherwise, the hashed subject DN is compared with the saved
97 * with the expected key type (initialization parameter). The public
99 * DN are also compared with the "direct trust" keys; if the key
100 * and DN are matched, then validation ends with a success.
104 * decoded public key. Failure here ends validation with an error.
109 * present, indicate a CA, and have a path length compatible with
146 * signatures is valid, then validation ends with a success.
184 br_x509_minimal_context *cc;
187 cc = (br_x509_minimal_context *)(void *)ctx;
188 for (u = 0; u < cc->num_name_elts; u ++) {
189 cc->name_elts[u].status = 0;
190 cc->name_elts[u].buf[0] = 0;
192 memset(&cc->pkey, 0, sizeof cc->pkey);
193 cc->num_certs = 0;
194 cc->err = 0;
195 cc->cpu.dp = cc->dp_stack;
196 cc->cpu.rp = cc->rp_stack;
197 br_x509_minimal_init_main(&cc->cpu);
199 cc->server_name = NULL;
201 cc->server_name = server_name;
208 br_x509_minimal_context *cc;
210 cc = (br_x509_minimal_context *)(void *)ctx;
211 if (cc->err != 0) {
215 cc->err = BR_ERR_X509_TRUNCATED;
218 cc->cert_length = length;
224 br_x509_minimal_context *cc;
226 cc = (br_x509_minimal_context *)(void *)ctx;
227 if (cc->err != 0) {
230 cc->hbuf = buf;
231 cc->hlen = len;
232 br_x509_minimal_run(&cc->cpu);
238 br_x509_minimal_context *cc;
240 cc = (br_x509_minimal_context *)(void *)ctx;
241 if (cc->err == 0 && cc->cert_length != 0) {
242 cc->err = BR_ERR_X509_TRUNCATED;
244 cc->num_certs ++;
250 br_x509_minimal_context *cc;
252 cc = (br_x509_minimal_context *)(void *)ctx;
253 if (cc->err == 0) {
254 if (cc->num_certs == 0) {
255 cc->err = BR_ERR_X509_EMPTY_CHAIN;
257 cc->err = BR_ERR_X509_NOT_TRUSTED;
259 } else if (cc->err == BR_ERR_X509_OK) {
262 return (unsigned)cc->err;
268 br_x509_minimal_context *cc;
270 cc = (br_x509_minimal_context *)(void *)ctx;
271 if (cc->err == BR_ERR_X509_OK
272 || cc->err == BR_ERR_X509_NOT_TRUSTED)
275 *usages = cc->key_usages;
372 * Verify the signature on the certificate with the provided public key.
373 * This function checks the public key type with regards to the expected
422 cc: read8-low ( -- x ) {
441 cc: read-blob-inner ( addr len -- addr len ) {
467 cc: compute-tbs-hash ( id -- hashlen ) {
475 cc: zero-server-name ( -- bool ) {
489 cc: start-tbs-hash ( -- ) {
495 cc: stop-tbs-hash ( -- ) {
500 cc: start-dn-hash ( -- ) {
507 cc: compute-dn-hash ( -- ) {
512 \ Get the length of hash values obtained with the DN hasher.
513 cc: dn-hash-length ( -- len ) {
518 cc: blobcopy ( addr-dst addr-src len -- ) {
536 cc: offset-name-element ( san -- n ) {
567 cc: copy-name-element ( bool offbuf -- ) {
590 cc: copy-name-SAN ( bool tag -- ) {
708 cc: check-validity-range ( na-days na-seconds nb-days nb-seconds -- int ) {
755 \ Swap the top two elements with the two elements immediately below.
759 \ Match the name in the pad with the expected server name. Returned value
763 \ wildcard match, if the found name starts with "*.". We only match a
765 cc: match-server-name ( -- bool ) {
803 cc: copy-ee-rsa-pkey ( nlen elen -- ) {
815 cc: copy-ee-ec-pkey ( curve qlen -- ) {
826 cc: check-direct-trust ( -- ) {
885 \ Check the signature on the certificate with regards to all trusted CA.
887 cc: check-trust-anchor-CA ( -- ) {
911 \ parameters. The resulting hash value is compared with the one in
913 cc: do-rsa-vrfy ( nlen elen -- err ) {
930 cc: do-ecdsa-vrfy ( curve qlen -- err ) {
942 cc: print-bytes ( addr len -- ) {
953 cc: printOID ( -- ) {
985 \ Extensions with specific processing.
1007 \ with the current chain length.
1200 \ Signature algorithm. This structure is redundant with the one
1323 \ with an OID, an optional boolean, and a value; the value is
1342 \ Extensions with specific processing.
1435 \ want to check the server name with regards to the SAN extension.
1448 \ RSA with PKCS#1 v1.5 padding, and hash functions SHA-1,
1469 ecdsa-with-SHA1 eqOID
1471 ecdsa-with-SHA224 eqOID
1473 ecdsa-with-SHA256 eqOID
1475 ecdsa-with-SHA384 eqOID
1477 ecdsa-with-SHA512 eqOID