ssl_cert.cc
Go to the documentation of this file.
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to. The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  * notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  * notice, this list of conditions and the following disclaimer in the
29  * documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  * must display the following acknowledgement:
32  * "This product includes cryptographic software written by
33  * Eric Young (eay@cryptsoft.com)"
34  * The word 'cryptographic' can be left out if the rouines from the library
35  * being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  * the apps directory (application code) you must include an acknowledgement:
38  * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed. i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.]
56  */
57 /* ====================================================================
58  * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59  *
60  * Redistribution and use in source and binary forms, with or without
61  * modification, are permitted provided that the following conditions
62  * are met:
63  *
64  * 1. Redistributions of source code must retain the above copyright
65  * notice, this list of conditions and the following disclaimer.
66  *
67  * 2. Redistributions in binary form must reproduce the above copyright
68  * notice, this list of conditions and the following disclaimer in
69  * the documentation and/or other materials provided with the
70  * distribution.
71  *
72  * 3. All advertising materials mentioning features or use of this
73  * software must display the following acknowledgment:
74  * "This product includes software developed by the OpenSSL Project
75  * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76  *
77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78  * endorse or promote products derived from this software without
79  * prior written permission. For written permission, please contact
80  * openssl-core@openssl.org.
81  *
82  * 5. Products derived from this software may not be called "OpenSSL"
83  * nor may "OpenSSL" appear in their names without prior written
84  * permission of the OpenSSL Project.
85  *
86  * 6. Redistributions of any form whatsoever must retain the following
87  * acknowledgment:
88  * "This product includes software developed by the OpenSSL Project
89  * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90  *
91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102  * OF THE POSSIBILITY OF SUCH DAMAGE.
103  * ====================================================================
104  *
105  * This product includes cryptographic software written by Eric Young
106  * (eay@cryptsoft.com). This product includes software written by Tim
107  * Hudson (tjh@cryptsoft.com).
108  *
109  */
110 /* ====================================================================
111  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112  * ECC cipher suite support in OpenSSL originally developed by
113  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */
114 
115 #include <openssl/ssl.h>
116 
117 #include <assert.h>
118 #include <limits.h>
119 #include <string.h>
120 
121 #include <utility>
122 
123 #include <openssl/bn.h>
124 #include <openssl/bytestring.h>
125 #include <openssl/ec_key.h>
126 #include <openssl/err.h>
127 #include <openssl/mem.h>
128 #include <openssl/sha.h>
129 #include <openssl/x509.h>
130 
131 #include "../crypto/internal.h"
132 #include "internal.h"
133 
134 
135 BSSL_NAMESPACE_BEGIN
136 
137 CERT::CERT(const SSL_X509_METHOD *x509_method_arg)
138  : x509_method(x509_method_arg) {}
139 
140 CERT::~CERT() {
141  ssl_cert_clear_certs(this);
142  x509_method->cert_free(this);
143 }
144 
145 static CRYPTO_BUFFER *buffer_up_ref(CRYPTO_BUFFER *buffer) {
146  CRYPTO_BUFFER_up_ref(buffer);
147  return buffer;
148 }
149 
150 UniquePtr<CERT> ssl_cert_dup(CERT *cert) {
151  UniquePtr<CERT> ret = MakeUnique<CERT>(cert->x509_method);
152  if (!ret) {
153  return nullptr;
154  }
155 
156  if (cert->chain) {
157  ret->chain.reset(sk_CRYPTO_BUFFER_deep_copy(
158  cert->chain.get(), buffer_up_ref, CRYPTO_BUFFER_free));
159  if (!ret->chain) {
160  return nullptr;
161  }
162  }
163 
164  ret->privatekey = UpRef(cert->privatekey);
165  ret->key_method = cert->key_method;
166 
167  if (!ret->sigalgs.CopyFrom(cert->sigalgs)) {
168  return nullptr;
169  }
170 
171  ret->cert_cb = cert->cert_cb;
172  ret->cert_cb_arg = cert->cert_cb_arg;
173 
174  ret->x509_method->cert_dup(ret.get(), cert);
175 
176  ret->signed_cert_timestamp_list = UpRef(cert->signed_cert_timestamp_list);
177  ret->ocsp_response = UpRef(cert->ocsp_response);
178 
179  ret->sid_ctx_length = cert->sid_ctx_length;
180  OPENSSL_memcpy(ret->sid_ctx, cert->sid_ctx, sizeof(ret->sid_ctx));
181 
182  if (cert->dc) {
183  ret->dc = cert->dc->Dup();
184  if (!ret->dc) {
185  return nullptr;
186  }
187  }
188 
189  ret->dc_privatekey = UpRef(cert->dc_privatekey);
190  ret->dc_key_method = cert->dc_key_method;
191 
192  return ret;
193 }
194 
195 // Free up and clear all certificates and chains
196 void ssl_cert_clear_certs(CERT *cert) {
197  if (cert == NULL) {
198  return;
199  }
200 
201  cert->x509_method->cert_clear(cert);
202 
203  cert->chain.reset();
204  cert->privatekey.reset();
205  cert->key_method = nullptr;
206 
207  cert->dc.reset();
208  cert->dc_privatekey.reset();
209  cert->dc_key_method = nullptr;
210 }
211 
212 static void ssl_cert_set_cert_cb(CERT *cert, int (*cb)(SSL *ssl, void *arg),
213  void *arg) {
214  cert->cert_cb = cb;
215  cert->cert_cb_arg = arg;
216 }
217 
218 enum leaf_cert_and_privkey_result_t {
219  leaf_cert_and_privkey_error,
220  leaf_cert_and_privkey_ok,
221  leaf_cert_and_privkey_mismatch,
222 };
223 
224 // check_leaf_cert_and_privkey checks whether the certificate in |leaf_buffer|
225 // and the private key in |privkey| are suitable and coherent. It returns
226 // |leaf_cert_and_privkey_error| and pushes to the error queue if a problem is
227 // found. If the certificate and private key are valid, but incoherent, it
228 // returns |leaf_cert_and_privkey_mismatch|. Otherwise it returns
229 // |leaf_cert_and_privkey_ok|.
230 static enum leaf_cert_and_privkey_result_t check_leaf_cert_and_privkey(
231  CRYPTO_BUFFER *leaf_buffer, EVP_PKEY *privkey) {
232  CBS cert_cbs;
233  CRYPTO_BUFFER_init_CBS(leaf_buffer, &cert_cbs);
234  UniquePtr<EVP_PKEY> pubkey = ssl_cert_parse_pubkey(&cert_cbs);
235  if (!pubkey) {
236  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
237  return leaf_cert_and_privkey_error;
238  }
239 
240  if (!ssl_is_key_type_supported(pubkey->type)) {
241  OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
242  return leaf_cert_and_privkey_error;
243  }
244 
245  // An ECC certificate may be usable for ECDH or ECDSA. We only support ECDSA
246  // certificates, so sanity-check the key usage extension.
247  if (pubkey->type == EVP_PKEY_EC &&
248  !ssl_cert_check_key_usage(&cert_cbs, key_usage_digital_signature)) {
249  OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
250  return leaf_cert_and_privkey_error;
251  }
252 
253  if (privkey != NULL &&
254  // Sanity-check that the private key and the certificate match.
255  !ssl_compare_public_and_private_key(pubkey.get(), privkey)) {
256  ERR_clear_error();
257  return leaf_cert_and_privkey_mismatch;
258  }
259 
260  return leaf_cert_and_privkey_ok;
261 }
262 
263 static int cert_set_chain_and_key(
264  CERT *cert, CRYPTO_BUFFER *const *certs, size_t num_certs,
265  EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method) {
266  if (num_certs == 0 ||
267  (privkey == NULL && privkey_method == NULL)) {
268  OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
269  return 0;
270  }
271 
272  if (privkey != NULL && privkey_method != NULL) {
273  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD);
274  return 0;
275  }
276 
277  switch (check_leaf_cert_and_privkey(certs[0], privkey)) {
278  case leaf_cert_and_privkey_error:
279  return 0;
280  case leaf_cert_and_privkey_mismatch:
281  OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH);
282  return 0;
283  case leaf_cert_and_privkey_ok:
284  break;
285  }
286 
287  UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs_sk(sk_CRYPTO_BUFFER_new_null());
288  if (!certs_sk) {
289  return 0;
290  }
291 
292  for (size_t i = 0; i < num_certs; i++) {
293  if (!PushToStack(certs_sk.get(), UpRef(certs[i]))) {
294  return 0;
295  }
296  }
297 
298  cert->privatekey = UpRef(privkey);
299  cert->key_method = privkey_method;
300 
301  cert->chain = std::move(certs_sk);
302  return 1;
303 }
304 
305 bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer) {
306  switch (check_leaf_cert_and_privkey(buffer.get(), cert->privatekey.get())) {
307  case leaf_cert_and_privkey_error:
308  return false;
309  case leaf_cert_and_privkey_mismatch:
310  // don't fail for a cert/key mismatch, just free current private key
311  // (when switching to a different cert & key, first this function should
312  // be used, then |ssl_set_pkey|.
313  cert->privatekey.reset();
314  break;
315  case leaf_cert_and_privkey_ok:
316  break;
317  }
318 
319  cert->x509_method->cert_flush_cached_leaf(cert);
320 
321  if (cert->chain != nullptr) {
322  CRYPTO_BUFFER_free(sk_CRYPTO_BUFFER_value(cert->chain.get(), 0));
323  sk_CRYPTO_BUFFER_set(cert->chain.get(), 0, buffer.release());
324  return true;
325  }
326 
327  cert->chain.reset(sk_CRYPTO_BUFFER_new_null());
328  if (cert->chain == nullptr) {
329  return false;
330  }
331 
332  if (!PushToStack(cert->chain.get(), std::move(buffer))) {
333  cert->chain.reset();
334  return false;
335  }
336 
337  return true;
338 }
339 
340 bool ssl_has_certificate(const SSL_HANDSHAKE *hs) {
341  return hs->config->cert->chain != nullptr &&
342  sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0) != nullptr &&
343  ssl_has_private_key(hs);
344 }
345 
346 bool ssl_parse_cert_chain(uint8_t *out_alert,
347  UniquePtr<STACK_OF(CRYPTO_BUFFER)> *out_chain,
348  UniquePtr<EVP_PKEY> *out_pubkey,
349  uint8_t *out_leaf_sha256, CBS *cbs,
350  CRYPTO_BUFFER_POOL *pool) {
351  out_chain->reset();
352  out_pubkey->reset();
353 
354  CBS certificate_list;
355  if (!CBS_get_u24_length_prefixed(cbs, &certificate_list)) {
356  *out_alert = SSL_AD_DECODE_ERROR;
357  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
358  return false;
359  }
360 
361  if (CBS_len(&certificate_list) == 0) {
362  return true;
363  }
364 
365  UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain(sk_CRYPTO_BUFFER_new_null());
366  if (!chain) {
367  *out_alert = SSL_AD_INTERNAL_ERROR;
368  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
369  return false;
370  }
371 
372  UniquePtr<EVP_PKEY> pubkey;
373  while (CBS_len(&certificate_list) > 0) {
374  CBS certificate;
375  if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
376  CBS_len(&certificate) == 0) {
377  *out_alert = SSL_AD_DECODE_ERROR;
378  OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
379  return false;
380  }
381 
382  if (sk_CRYPTO_BUFFER_num(chain.get()) == 0) {
383  pubkey = ssl_cert_parse_pubkey(&certificate);
384  if (!pubkey) {
385  *out_alert = SSL_AD_DECODE_ERROR;
386  return false;
387  }
388 
389  // Retain the hash of the leaf certificate if requested.
390  if (out_leaf_sha256 != NULL) {
391  SHA256(CBS_data(&certificate), CBS_len(&certificate), out_leaf_sha256);
392  }
393  }
394 
395  UniquePtr<CRYPTO_BUFFER> buf(
396  CRYPTO_BUFFER_new_from_CBS(&certificate, pool));
397  if (!buf ||
398  !PushToStack(chain.get(), std::move(buf))) {
399  *out_alert = SSL_AD_INTERNAL_ERROR;
400  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
401  return false;
402  }
403  }
404 
405  *out_chain = std::move(chain);
406  *out_pubkey = std::move(pubkey);
407  return true;
408 }
409 
410 bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb) {
411  if (!ssl_has_certificate(hs)) {
412  return CBB_add_u24(cbb, 0);
413  }
414 
415  CBB certs;
416  if (!CBB_add_u24_length_prefixed(cbb, &certs)) {
417  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
418  return false;
419  }
420 
421  STACK_OF(CRYPTO_BUFFER) *chain = hs->config->cert->chain.get();
422  for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(chain); i++) {
423  CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(chain, i);
424  CBB child;
425  if (!CBB_add_u24_length_prefixed(&certs, &child) ||
426  !CBB_add_bytes(&child, CRYPTO_BUFFER_data(buffer),
427  CRYPTO_BUFFER_len(buffer)) ||
428  !CBB_flush(&certs)) {
429  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
430  return false;
431  }
432  }
433 
434  return CBB_flush(cbb);
435 }
436 
437 // ssl_cert_skip_to_spki parses a DER-encoded, X.509 certificate from |in| and
438 // positions |*out_tbs_cert| to cover the TBSCertificate, starting at the
439 // subjectPublicKeyInfo.
440 static bool ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert) {
441  /* From RFC 5280, section 4.1
442  * Certificate ::= SEQUENCE {
443  * tbsCertificate TBSCertificate,
444  * signatureAlgorithm AlgorithmIdentifier,
445  * signatureValue BIT STRING }
446 
447  * TBSCertificate ::= SEQUENCE {
448  * version [0] EXPLICIT Version DEFAULT v1,
449  * serialNumber CertificateSerialNumber,
450  * signature AlgorithmIdentifier,
451  * issuer Name,
452  * validity Validity,
453  * subject Name,
454  * subjectPublicKeyInfo SubjectPublicKeyInfo,
455  * ... } */
456  CBS buf = *in;
457 
458  CBS toplevel;
459  if (!CBS_get_asn1(&buf, &toplevel, CBS_ASN1_SEQUENCE) ||
460  CBS_len(&buf) != 0 ||
461  !CBS_get_asn1(&toplevel, out_tbs_cert, CBS_ASN1_SEQUENCE) ||
462  // version
463  !CBS_get_optional_asn1(
464  out_tbs_cert, NULL, NULL,
465  CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
466  // serialNumber
467  !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_INTEGER) ||
468  // signature algorithm
469  !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
470  // issuer
471  !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
472  // validity
473  !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
474  // subject
475  !CBS_get_asn1(out_tbs_cert, NULL, CBS_ASN1_SEQUENCE)) {
476  return false;
477  }
478 
479  return true;
480 }
481 
482 UniquePtr<EVP_PKEY> ssl_cert_parse_pubkey(const CBS *in) {
483  CBS buf = *in, tbs_cert;
484  if (!ssl_cert_skip_to_spki(&buf, &tbs_cert)) {
485  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
486  return nullptr;
487  }
488 
489  return UniquePtr<EVP_PKEY>(EVP_parse_public_key(&tbs_cert));
490 }
491 
492 bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
493  const EVP_PKEY *privkey) {
494  if (EVP_PKEY_is_opaque(privkey)) {
495  // We cannot check an opaque private key and have to trust that it
496  // matches.
497  return true;
498  }
499 
500  switch (EVP_PKEY_cmp(pubkey, privkey)) {
501  case 1:
502  return true;
503  case 0:
504  OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH);
505  return false;
506  case -1:
507  OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH);
508  return false;
509  case -2:
510  OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
511  return false;
512  }
513 
514  assert(0);
515  return false;
516 }
517 
518 bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) {
519  if (privkey == nullptr) {
520  OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
521  return false;
522  }
523 
524  if (cert->chain == nullptr ||
525  sk_CRYPTO_BUFFER_value(cert->chain.get(), 0) == nullptr) {
526  OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
527  return false;
528  }
529 
530  CBS cert_cbs;
531  CRYPTO_BUFFER_init_CBS(sk_CRYPTO_BUFFER_value(cert->chain.get(), 0),
532  &cert_cbs);
533  UniquePtr<EVP_PKEY> pubkey = ssl_cert_parse_pubkey(&cert_cbs);
534  if (!pubkey) {
535  OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
536  return false;
537  }
538 
539  return ssl_compare_public_and_private_key(pubkey.get(), privkey);
540 }
541 
542 bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit) {
543  CBS buf = *in;
544 
545  CBS tbs_cert, outer_extensions;
546  int has_extensions;
547  if (!ssl_cert_skip_to_spki(&buf, &tbs_cert) ||
548  // subjectPublicKeyInfo
549  !CBS_get_asn1(&tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
550  // issuerUniqueID
551  !CBS_get_optional_asn1(&tbs_cert, NULL, NULL,
552  CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
553  // subjectUniqueID
554  !CBS_get_optional_asn1(&tbs_cert, NULL, NULL,
555  CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
556  !CBS_get_optional_asn1(
557  &tbs_cert, &outer_extensions, &has_extensions,
558  CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) {
559  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
560  return false;
561  }
562 
563  if (!has_extensions) {
564  return true;
565  }
566 
567  CBS extensions;
568  if (!CBS_get_asn1(&outer_extensions, &extensions, CBS_ASN1_SEQUENCE)) {
569  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
570  return false;
571  }
572 
573  while (CBS_len(&extensions) > 0) {
574  CBS extension, oid, contents;
575  if (!CBS_get_asn1(&extensions, &extension, CBS_ASN1_SEQUENCE) ||
576  !CBS_get_asn1(&extension, &oid, CBS_ASN1_OBJECT) ||
577  (CBS_peek_asn1_tag(&extension, CBS_ASN1_BOOLEAN) &&
578  !CBS_get_asn1(&extension, NULL, CBS_ASN1_BOOLEAN)) ||
579  !CBS_get_asn1(&extension, &contents, CBS_ASN1_OCTETSTRING) ||
580  CBS_len(&extension) != 0) {
581  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
582  return false;
583  }
584 
585  static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f};
586  if (CBS_len(&oid) != sizeof(kKeyUsageOID) ||
587  OPENSSL_memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) !=
588  0) {
589  continue;
590  }
591 
592  CBS bit_string;
593  if (!CBS_get_asn1(&contents, &bit_string, CBS_ASN1_BITSTRING) ||
594  CBS_len(&contents) != 0) {
595  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
596  return false;
597  }
598 
599  // This is the KeyUsage extension. See
600  // https://tools.ietf.org/html/rfc5280#section-4.2.1.3
601  if (!CBS_is_valid_asn1_bitstring(&bit_string)) {
602  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
603  return false;
604  }
605 
606  if (!CBS_asn1_bitstring_has_bit(&bit_string, bit)) {
607  OPENSSL_PUT_ERROR(SSL, SSL_R_KEY_USAGE_BIT_INCORRECT);
608  return false;
609  }
610 
611  return true;
612  }
613 
614  // No KeyUsage extension found.
615  return true;
616 }
617 
618 UniquePtr<STACK_OF(CRYPTO_BUFFER)> ssl_parse_client_CA_list(SSL *ssl,
619  uint8_t *out_alert,
620  CBS *cbs) {
621  CRYPTO_BUFFER_POOL *const pool = ssl->ctx->pool;
622 
623  UniquePtr<STACK_OF(CRYPTO_BUFFER)> ret(sk_CRYPTO_BUFFER_new_null());
624  if (!ret) {
625  *out_alert = SSL_AD_INTERNAL_ERROR;
626  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
627  return nullptr;
628  }
629 
630  CBS child;
631  if (!CBS_get_u16_length_prefixed(cbs, &child)) {
632  *out_alert = SSL_AD_DECODE_ERROR;
633  OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH);
634  return nullptr;
635  }
636 
637  while (CBS_len(&child) > 0) {
638  CBS distinguished_name;
639  if (!CBS_get_u16_length_prefixed(&child, &distinguished_name)) {
640  *out_alert = SSL_AD_DECODE_ERROR;
641  OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG);
642  return nullptr;
643  }
644 
645  UniquePtr<CRYPTO_BUFFER> buffer(
646  CRYPTO_BUFFER_new_from_CBS(&distinguished_name, pool));
647  if (!buffer ||
648  !PushToStack(ret.get(), std::move(buffer))) {
649  *out_alert = SSL_AD_INTERNAL_ERROR;
650  OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
651  return nullptr;
652  }
653  }
654 
655  if (!ssl->ctx->x509_method->check_client_CA_list(ret.get())) {
656  *out_alert = SSL_AD_DECODE_ERROR;
657  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
658  return nullptr;
659  }
660 
661  return ret;
662 }
663 
664 bool ssl_has_client_CAs(const SSL_CONFIG *cfg) {
665  const STACK_OF(CRYPTO_BUFFER) *names = cfg->client_CA.get();
666  if (names == nullptr) {
667  names = cfg->ssl->ctx->client_CA.get();
668  }
669  if (names == nullptr) {
670  return false;
671  }
672  return sk_CRYPTO_BUFFER_num(names) > 0;
673 }
674 
675 bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb) {
676  CBB child, name_cbb;
677  if (!CBB_add_u16_length_prefixed(cbb, &child)) {
678  return false;
679  }
680 
681  const STACK_OF(CRYPTO_BUFFER) *names = hs->config->client_CA.get();
682  if (names == NULL) {
683  names = hs->ssl->ctx->client_CA.get();
684  }
685  if (names == NULL) {
686  return CBB_flush(cbb);
687  }
688 
689  for (const CRYPTO_BUFFER *name : names) {
690  if (!CBB_add_u16_length_prefixed(&child, &name_cbb) ||
691  !CBB_add_bytes(&name_cbb, CRYPTO_BUFFER_data(name),
692  CRYPTO_BUFFER_len(name))) {
693  return false;
694  }
695  }
696 
697  return CBB_flush(cbb);
698 }
699 
700 bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey,
701  const CRYPTO_BUFFER *leaf) {
702  assert(ssl_protocol_version(hs->ssl) < TLS1_3_VERSION);
703 
704  // Check the certificate's type matches the cipher.
705  if (!(hs->new_cipher->algorithm_auth & ssl_cipher_auth_mask_for_key(pkey))) {
706  OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
707  return false;
708  }
709 
710  if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
711  // Check the key's group and point format are acceptable.
712  EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
713  uint16_t group_id;
714  if (!ssl_nid_to_group_id(
715  &group_id, EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key))) ||
716  !tls1_check_group_id(hs, group_id) ||
717  EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) {
718  OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
719  return false;
720  }
721  }
722 
723  return true;
724 }
725 
726 bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs) {
727  SSL *const ssl = hs->ssl;
728  if (!ssl_has_certificate(hs)) {
729  // Nothing to do.
730  return true;
731  }
732 
733  if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(hs)) {
734  return false;
735  }
736 
737  CBS leaf;
738  CRYPTO_BUFFER_init_CBS(
739  sk_CRYPTO_BUFFER_value(hs->config->cert->chain.get(), 0), &leaf);
740 
741  if (ssl_signing_with_dc(hs)) {
742  hs->local_pubkey = UpRef(hs->config->cert->dc->pkey);
743  } else {
744  hs->local_pubkey = ssl_cert_parse_pubkey(&leaf);
745  }
746  return hs->local_pubkey != NULL;
747 }
748 
749 
750 // Delegated credentials.
751 
752 DC::DC() = default;
753 DC::~DC() = default;
754 
755 UniquePtr<DC> DC::Dup() {
756  bssl::UniquePtr<DC> ret = MakeUnique<DC>();
757  if (!ret) {
758  return nullptr;
759  }
760 
761  ret->raw = UpRef(raw);
762  ret->expected_cert_verify_algorithm = expected_cert_verify_algorithm;
763  ret->pkey = UpRef(pkey);
764  return ret;
765 }
766 
767 // static
768 UniquePtr<DC> DC::Parse(CRYPTO_BUFFER *in, uint8_t *out_alert) {
769  UniquePtr<DC> dc = MakeUnique<DC>();
770  if (!dc) {
771  *out_alert = SSL_AD_INTERNAL_ERROR;
772  return nullptr;
773  }
774 
775  dc->raw = UpRef(in);
776 
777  CBS pubkey, deleg, sig;
778  uint32_t valid_time;
779  uint16_t algorithm;
780  CRYPTO_BUFFER_init_CBS(dc->raw.get(), &deleg);
781  if (!CBS_get_u32(&deleg, &valid_time) ||
782  !CBS_get_u16(&deleg, &dc->expected_cert_verify_algorithm) ||
783  !CBS_get_u24_length_prefixed(&deleg, &pubkey) ||
784  !CBS_get_u16(&deleg, &algorithm) ||
785  !CBS_get_u16_length_prefixed(&deleg, &sig) ||
786  CBS_len(&deleg) != 0) {
787  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
788  *out_alert = SSL_AD_DECODE_ERROR;
789  return nullptr;
790  }
791 
792  dc->pkey.reset(EVP_parse_public_key(&pubkey));
793  if (dc->pkey == nullptr) {
794  OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
795  *out_alert = SSL_AD_DECODE_ERROR;
796  return nullptr;
797  }
798 
799  return dc;
800 }
801 
802 // ssl_can_serve_dc returns true if the host has configured a DC that it can
803 // serve in the handshake. Specifically, it checks that a DC has been
804 // configured and that the DC signature algorithm is supported by the peer.
805 static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) {
806  // Check that a DC has been configured.
807  const CERT *cert = hs->config->cert.get();
808  if (cert->dc == nullptr ||
809  cert->dc->raw == nullptr ||
810  (cert->dc_privatekey == nullptr && cert->dc_key_method == nullptr)) {
811  return false;
812  }
813 
814  // Check that 1.3 or higher has been negotiated.
815  const DC *dc = cert->dc.get();
816  assert(hs->ssl->s3->have_version);
817  if (ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
818  return false;
819  }
820 
821  // Check that the DC signature algorithm is supported by the peer.
822  Span<const uint16_t> peer_sigalgs = hs->peer_delegated_credential_sigalgs;
823  for (uint16_t peer_sigalg : peer_sigalgs) {
824  if (dc->expected_cert_verify_algorithm == peer_sigalg) {
825  return true;
826  }
827  }
828  return false;
829 }
830 
831 bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) {
832  // As of draft-ietf-tls-subcert-03, only the server may use delegated
833  // credentials to authenticate itself.
834  return hs->ssl->server &&
835  hs->delegated_credential_requested &&
836  ssl_can_serve_dc(hs);
837 }
838 
839 static int cert_set_dc(CERT *cert, CRYPTO_BUFFER *const raw, EVP_PKEY *privkey,
840  const SSL_PRIVATE_KEY_METHOD *key_method) {
841  if (privkey == nullptr && key_method == nullptr) {
842  OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
843  return 0;
844  }
845 
846  if (privkey != nullptr && key_method != nullptr) {
847  OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD);
848  return 0;
849  }
850 
851  uint8_t alert;
852  UniquePtr<DC> dc = DC::Parse(raw, &alert);
853  if (dc == nullptr) {
854  OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_DELEGATED_CREDENTIAL);
855  return 0;
856  }
857 
858  if (privkey) {
859  // Check that the public and private keys match.
860  if (!ssl_compare_public_and_private_key(dc->pkey.get(), privkey)) {
861  OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH);
862  return 0;
863  }
864  }
865 
866  cert->dc = std::move(dc);
867  cert->dc_privatekey = UpRef(privkey);
868  cert->dc_key_method = key_method;
869 
870  return 1;
871 }
872 
873 BSSL_NAMESPACE_END
874 
875 using namespace bssl;
876 
877 int SSL_set_chain_and_key(SSL *ssl, CRYPTO_BUFFER *const *certs,
878  size_t num_certs, EVP_PKEY *privkey,
879  const SSL_PRIVATE_KEY_METHOD *privkey_method) {
880  if (!ssl->config) {
881  return 0;
882  }
883  return cert_set_chain_and_key(ssl->config->cert.get(), certs, num_certs,
884  privkey, privkey_method);
885 }
886 
887 int SSL_CTX_set_chain_and_key(SSL_CTX *ctx, CRYPTO_BUFFER *const *certs,
888  size_t num_certs, EVP_PKEY *privkey,
889  const SSL_PRIVATE_KEY_METHOD *privkey_method) {
890  return cert_set_chain_and_key(ctx->cert.get(), certs, num_certs, privkey,
891  privkey_method);
892 }
893 
894 const STACK_OF(CRYPTO_BUFFER)* SSL_CTX_get0_chain(const SSL_CTX *ctx) {
895  return ctx->cert->chain.get();
896 }
897 
898 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len,
899  const uint8_t *der) {
900  UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(der, der_len, NULL));
901  if (!buffer) {
902  return 0;
903  }
904 
905  return ssl_set_cert(ctx->cert.get(), std::move(buffer));
906 }
907 
908 int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) {
909  UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(der, der_len, NULL));
910  if (!buffer || !ssl->config) {
911  return 0;
912  }
913 
914  return ssl_set_cert(ssl->config->cert.get(), std::move(buffer));
915 }
916 
917 void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
918  void *arg) {
919  ssl_cert_set_cert_cb(ctx->cert.get(), cb, arg);
920 }
921 
922 void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
923  if (!ssl->config) {
924  return;
925  }
926  ssl_cert_set_cert_cb(ssl->config->cert.get(), cb, arg);
927 }
928 
929 const STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
930  SSL_SESSION *session = SSL_get_session(ssl);
931  if (session == NULL) {
932  return NULL;
933  }
934 
935  return session->certs.get();
936 }
937 
938 const STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) {
939  if (ssl->s3->hs == NULL) {
940  return NULL;
941  }
942  return ssl->s3->hs->ca_names.get();
943 }
944 
945 static int set_signed_cert_timestamp_list(CERT *cert, const uint8_t *list,
946  size_t list_len) {
947  CBS sct_list;
948  CBS_init(&sct_list, list, list_len);
949  if (!ssl_is_sct_list_valid(&sct_list)) {
950  OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SCT_LIST);
951  return 0;
952  }
953 
954  cert->signed_cert_timestamp_list.reset(
955  CRYPTO_BUFFER_new(CBS_data(&sct_list), CBS_len(&sct_list), nullptr));
956  return cert->signed_cert_timestamp_list != nullptr;
957 }
958 
959 int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list,
960  size_t list_len) {
961  return set_signed_cert_timestamp_list(ctx->cert.get(), list, list_len);
962 }
963 
964 int SSL_set_signed_cert_timestamp_list(SSL *ssl, const uint8_t *list,
965  size_t list_len) {
966  if (!ssl->config) {
967  return 0;
968  }
969  return set_signed_cert_timestamp_list(ssl->config->cert.get(), list,
970  list_len);
971 }
972 
973 int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response,
974  size_t response_len) {
975  ctx->cert->ocsp_response.reset(
976  CRYPTO_BUFFER_new(response, response_len, nullptr));
977  return ctx->cert->ocsp_response != nullptr;
978 }
979 
980 int SSL_set_ocsp_response(SSL *ssl, const uint8_t *response,
981  size_t response_len) {
982  if (!ssl->config) {
983  return 0;
984  }
985  ssl->config->cert->ocsp_response.reset(
986  CRYPTO_BUFFER_new(response, response_len, nullptr));
987  return ssl->config->cert->ocsp_response != nullptr;
988 }
989 
990 void SSL_CTX_set0_client_CAs(SSL_CTX *ctx, STACK_OF(CRYPTO_BUFFER) *name_list) {
991  ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx);
992  ctx->client_CA.reset(name_list);
993 }
994 
995 void SSL_set0_client_CAs(SSL *ssl, STACK_OF(CRYPTO_BUFFER) *name_list) {
996  if (!ssl->config) {
997  return;
998  }
999  ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get());
1000  ssl->config->client_CA.reset(name_list);
1001 }
1002 
1003 int SSL_set1_delegated_credential(SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey,
1004  const SSL_PRIVATE_KEY_METHOD *key_method) {
1005  if (!ssl->config) {
1006  return 0;
1007  }
1008 
1009  return cert_set_dc(ssl->config->cert.get(), dc, pkey, key_method);
1010 }
1011 
1012 int SSL_delegated_credential_used(const SSL *ssl) {
1013  return ssl->s3->delegated_credential_used;
1014 }
CERT::privatekey
UniquePtr< EVP_PKEY > privatekey
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2351
CERT::ocsp_response
UniquePtr< CRYPTO_BUFFER > ocsp_response
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2405
ssl_st::server
bool server
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3777
CERT::~CERT
~CERT()
Definition: ssl_cert.cc:140
CRYPTO_BUFFER_free
#define CRYPTO_BUFFER_free
Definition: boringssl_prefix_symbols.h:1116
CBS_ASN1_INTEGER
#define CBS_ASN1_INTEGER
Definition: bytestring.h:207
bn.h
CBS_get_u24_length_prefixed
#define CBS_get_u24_length_prefixed
Definition: boringssl_prefix_symbols.h:1077
EVP_PKEY_id
#define EVP_PKEY_id
Definition: boringssl_prefix_symbols.h:1638
EVP_PKEY_EC
#define EVP_PKEY_EC
Definition: evp.h:178
CBB_flush
#define CBB_flush
Definition: boringssl_prefix_symbols.h:1045
ssl_has_client_CAs
bool ssl_has_client_CAs(const SSL_CONFIG *cfg)
Definition: ssl_cert.cc:664
leaf_cert_and_privkey_mismatch
@ leaf_cert_and_privkey_mismatch
Definition: ssl_cert.cc:221
CBS_get_u16
#define CBS_get_u16
Definition: boringssl_prefix_symbols.h:1073
cbs_st
Definition: bytestring.h:39
SSL_CTX_set_cert_cb
void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int(*cb)(SSL *ssl, void *arg), void *arg)
Definition: ssl_cert.cc:917
OPENSSL_memcmp
static int OPENSSL_memcmp(const void *s1, const void *s2, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:811
EC_KEY_get_conv_form
#define EC_KEY_get_conv_form
Definition: boringssl_prefix_symbols.h:1347
ctx
Definition: benchmark-async.c:30
ssl_cipher_auth_mask_for_key
uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key)
Definition: ssl_cipher.cc:1282
DC::raw
UniquePtr< CRYPTO_BUFFER > raw
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1586
google::protobuf::extension
const Descriptor::ReservedRange const EnumValueDescriptor const MethodDescriptor extension
Definition: bloaty/third_party/protobuf/src/google/protobuf/descriptor.h:2001
leaf_cert_and_privkey_ok
@ leaf_cert_and_privkey_ok
Definition: ssl_cert.cc:220
ssl_is_key_type_supported
bool ssl_is_key_type_supported(int key_type)
Definition: ssl_privkey.cc:74
SSL_HANDSHAKE::local_pubkey
UniquePtr< EVP_PKEY > local_pubkey
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1909
CBS_data
#define CBS_data
Definition: boringssl_prefix_symbols.h:1057
uint16_t
unsigned short uint16_t
Definition: stdint-msvc2008.h:79
SSL_HANDSHAKE::new_cipher
const SSL_CIPHER * new_cipher
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1933
DC::Parse
static UniquePtr< DC > Parse(CRYPTO_BUFFER *in, uint8_t *out_alert)
Definition: ssl_cert.cc:768
SSL_CTX_use_certificate_ASN1
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len, const uint8_t *der)
Definition: ssl_cert.cc:898
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
internal.h
CRYPTO_BUFFER_new_from_CBS
#define CRYPTO_BUFFER_new_from_CBS
Definition: boringssl_prefix_symbols.h:1120
SSL_delegated_credential_used
int SSL_delegated_credential_used(const SSL *ssl)
Definition: ssl_cert.cc:1012
string.h
CBS_get_u32
#define CBS_get_u32
Definition: boringssl_prefix_symbols.h:1078
CBB_add_u16_length_prefixed
#define CBB_add_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1028
CBS_ASN1_OCTETSTRING
#define CBS_ASN1_OCTETSTRING
Definition: bytestring.h:209
ssl_st::config
bssl::UniquePtr< bssl::SSL_CONFIG > config
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3712
SSL_HANDSHAKE::ssl
SSL * ssl
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1726
buf
voidpf void * buf
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:136
CBS_ASN1_CONTEXT_SPECIFIC
#define CBS_ASN1_CONTEXT_SPECIFIC
Definition: bytestring.h:194
SSL_X509_METHOD
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2510
names
sub_type names
Definition: cxa_demangle.cpp:4905
SSL_AD_INTERNAL_ERROR
#define SSL_AD_INTERNAL_ERROR
Definition: ssl.h:3815
CRYPTO_BUFFER_len
#define CRYPTO_BUFFER_len
Definition: boringssl_prefix_symbols.h:1118
ssl_set_cert
bool ssl_set_cert(CERT *cert, UniquePtr< CRYPTO_BUFFER > buffer)
Definition: ssl_cert.cc:305
EVP_PKEY_is_opaque
#define EVP_PKEY_is_opaque
Definition: boringssl_prefix_symbols.h:1639
CBS_len
#define CBS_len
Definition: boringssl_prefix_symbols.h:1089
SSL_CONFIG::cert
UniquePtr< CERT > cert
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2986
ssl_private_key_method_st
Definition: ssl.h:1248
tls1_check_group_id
bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id)
Definition: extensions.cc:408
CERT::sid_ctx
uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH]
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2410
SSL_R_INVALID_SCT_LIST
#define SSL_R_INVALID_SCT_LIST
Definition: ssl.h:5536
bssl
Definition: hpke_test.cc:37
CBB_add_u24
#define CBB_add_u24
Definition: boringssl_prefix_symbols.h:1030
SSL_R_INVALID_DELEGATED_CREDENTIAL
#define SSL_R_INVALID_DELEGATED_CREDENTIAL
Definition: ssl.h:5568
DC::DC
DC()
crypto_buffer_st
Definition: third_party/boringssl-with-bazel/src/crypto/pool/internal.h:31
ssl_cert_parse_pubkey
UniquePtr< EVP_PKEY > ssl_cert_parse_pubkey(const CBS *in)
Definition: ssl_cert.cc:482
setup.name
name
Definition: setup.py:542
CBS_ASN1_BOOLEAN
#define CBS_ASN1_BOOLEAN
Definition: bytestring.h:206
CERT::dc
UniquePtr< DC > dc
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2415
SSL_CTX_set_chain_and_key
int SSL_CTX_set_chain_and_key(SSL_CTX *ctx, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method)
Definition: ssl_cert.cc:887
CBS_get_asn1
#define CBS_get_asn1
Definition: boringssl_prefix_symbols.h:1061
CERT::sigalgs
Array< uint16_t > sigalgs
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2386
cbs
const CBS * cbs
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:107
check_leaf_cert_and_privkey
static enum leaf_cert_and_privkey_result_t check_leaf_cert_and_privkey(CRYPTO_BUFFER *leaf_buffer, EVP_PKEY *privkey)
Definition: ssl_cert.cc:230
SSL_R_KEY_USAGE_BIT_INCORRECT
#define SSL_R_KEY_USAGE_BIT_INCORRECT
Definition: ssl.h:5569
CRYPTO_BUFFER_up_ref
#define CRYPTO_BUFFER_up_ref
Definition: boringssl_prefix_symbols.h:1122
CBS_is_valid_asn1_bitstring
#define CBS_is_valid_asn1_bitstring
Definition: boringssl_prefix_symbols.h:1087
CBS_init
#define CBS_init
Definition: boringssl_prefix_symbols.h:1085
SSL_use_certificate_ASN1
int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len)
Definition: ssl_cert.cc:908
ssl_add_cert_chain
bool ssl_add_cert_chain(SSL_HANDSHAKE *hs, CBB *cbb)
Definition: ssl_cert.cc:410
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
EC_KEY_get0_group
#define EC_KEY_get0_group
Definition: boringssl_prefix_symbols.h:1344
ssl_ctx_st
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3404
CERT::key_method
const SSL_PRIVATE_KEY_METHOD * key_method
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2378
STACK_OF
const STACK_OF(CRYPTO_BUFFER) *SSL_CTX_get0_chain(const SSL_CTX *ctx)
Definition: ssl_cert.cc:894
X509_R_KEY_TYPE_MISMATCH
#define X509_R_KEY_TYPE_MISMATCH
Definition: x509.h:2392
cert_set_dc
static int cert_set_dc(CERT *cert, CRYPTO_BUFFER *const raw, EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *key_method)
Definition: ssl_cert.cc:839
key_usage_digital_signature
@ key_usage_digital_signature
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1321
ssl_cert_skip_to_spki
static bool ssl_cert_skip_to_spki(const CBS *in, CBS *out_tbs_cert)
Definition: ssl_cert.cc:440
buffer_up_ref
static CRYPTO_BUFFER * buffer_up_ref(CRYPTO_BUFFER *buffer)
Definition: ssl_cert.cc:145
DC::pkey
UniquePtr< EVP_PKEY > pkey
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1593
CERT
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2345
uint32_t
unsigned int uint32_t
Definition: stdint-msvc2008.h:80
CERT::sid_ctx_length
uint8_t sid_ctx_length
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2409
SSL_CONFIG::ssl
SSL *const ssl
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2967
bytestring.h
ssl_check_leaf_certificate
bool ssl_check_leaf_certificate(SSL_HANDSHAKE *hs, EVP_PKEY *pkey, const CRYPTO_BUFFER *leaf)
Definition: ssl_cert.cc:700
CBS_peek_asn1_tag
#define CBS_peek_asn1_tag
Definition: boringssl_prefix_symbols.h:1091
ssl_is_sct_list_valid
bool ssl_is_sct_list_valid(const CBS *contents)
Definition: extensions.cc:4286
SSL_X509_METHOD::cert_clear
void(* cert_clear)(CERT *cert)
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2517
SSL_get0_peer_certificates
#define SSL_get0_peer_certificates
Definition: boringssl_prefix_symbols.h:319
SSL_CTX_set_ocsp_response
int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response, size_t response_len)
Definition: ssl_cert.cc:973
in
const char * in
Definition: third_party/abseil-cpp/absl/strings/internal/str_format/parser_test.cc:391
CERT::chain
UniquePtr< STACK_OF(CRYPTO_BUFFER)> chain
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2359
sk_CRYPTO_BUFFER_new_null
#define sk_CRYPTO_BUFFER_new_null
Definition: boringssl_prefix_symbols.h:557
evp_pkey_st
Definition: evp.h:1046
SSL_HANDSHAKE
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1720
oid
uint8_t oid[9]
Definition: digest_extra.c:124
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
ERR_R_PASSED_NULL_PARAMETER
#define ERR_R_PASSED_NULL_PARAMETER
Definition: err.h:373
ssl_cert_check_key_usage
bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit)
Definition: ssl_cert.cc:542
leaf_cert_and_privkey_result_t
leaf_cert_and_privkey_result_t
Definition: ssl_cert.cc:218
ssl_key_usage_t
ssl_key_usage_t
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1320
ssl_st
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3698
SSL_R_CERT_LENGTH_MISMATCH
#define SSL_R_CERT_LENGTH_MISMATCH
Definition: ssl.h:5395
EC_GROUP_get_curve_name
#define EC_GROUP_get_curve_name
Definition: boringssl_prefix_symbols.h:1327
set_signed_cert_timestamp_list
static int set_signed_cert_timestamp_list(CERT *cert, const uint8_t *list, size_t list_len)
Definition: ssl_cert.cc:945
sha.h
SSL_CTX_set0_client_CAs
void SSL_CTX_set0_client_CAs(SSL_CTX *ctx, STACK_OF(CRYPTO_BUFFER) *name_list)
Definition: ssl_cert.cc:990
SSL_X509_METHOD::cert_flush_cached_leaf
void(* cert_flush_cached_leaf)(CERT *cert)
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2527
SSL_R_NO_CERTIFICATE_ASSIGNED
#define SSL_R_NO_CERTIFICATE_ASSIGNED
Definition: ssl.h:5440
OPENSSL_memcpy
static void * OPENSSL_memcpy(void *dst, const void *src, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:819
BSSL_NAMESPACE_END
#define BSSL_NAMESPACE_END
Definition: base.h:480
ssl_compare_public_and_private_key
bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, const EVP_PKEY *privkey)
Definition: ssl_cert.cc:492
ssl_parse_cert_chain
bool ssl_parse_cert_chain(uint8_t *out_alert, UniquePtr< STACK_OF(CRYPTO_BUFFER)> *out_chain, UniquePtr< EVP_PKEY > *out_pubkey, uint8_t *out_leaf_sha256, CBS *cbs, CRYPTO_BUFFER_POOL *pool)
Definition: ssl_cert.cc:346
err.h
ERR_R_INTERNAL_ERROR
#define ERR_R_INTERNAL_ERROR
Definition: err.h:374
ssl_protocol_version
uint16_t ssl_protocol_version(const SSL *ssl)
Definition: ssl_versions.cc:251
arg
Definition: cmdline.cc:40
name_list
Definition: transport_security_test.cc:199
ssl_cert_set_cert_cb
static void ssl_cert_set_cert_cb(CERT *cert, int(*cb)(SSL *ssl, void *arg), void *arg)
Definition: ssl_cert.cc:212
googletest-filter-unittest.child
child
Definition: bloaty/third_party/googletest/googletest/test/googletest-filter-unittest.py:62
ec_key.h
SSL_set_signed_cert_timestamp_list
int SSL_set_signed_cert_timestamp_list(SSL *ssl, const uint8_t *list, size_t list_len)
Definition: ssl_cert.cc:964
SSL_set0_client_CAs
void SSL_set0_client_CAs(SSL *ssl, STACK_OF(CRYPTO_BUFFER) *name_list)
Definition: ssl_cert.cc:995
CRYPTO_BUFFER_new
#define CRYPTO_BUFFER_new
Definition: boringssl_prefix_symbols.h:1119
ssl_on_certificate_selected
bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs)
Definition: ssl_cert.cc:726
conf.extensions
list extensions
Definition: doc/python/sphinx/conf.py:54
response_len
OPENSSL_EXPORT size_t const uint8_t size_t response_len
Definition: trust_token.h:142
buffer
char buffer[1024]
Definition: libuv/docs/code/idle-compute/main.c:8
SSL_set_chain_and_key
int SSL_set_chain_and_key(SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method)
Definition: ssl_cert.cc:877
EVP_PKEY_cmp
#define EVP_PKEY_cmp
Definition: boringssl_prefix_symbols.h:1615
SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD
#define SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD
Definition: ssl.h:5542
ssl_cipher_st::algorithm_auth
uint32_t algorithm_auth
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:530
Span
Definition: boringssl-with-bazel/src/include/openssl/span.h:32
grpc_core::UniquePtr
std::unique_ptr< T, DefaultDeleteChar > UniquePtr
Definition: src/core/lib/gprpp/memory.h:43
ssl_cert_dup
UniquePtr< CERT > ssl_cert_dup(CERT *cert)
Definition: ssl_cert.cc:150
SSL_R_WRONG_CERTIFICATE_TYPE
#define SSL_R_WRONG_CERTIFICATE_TYPE
Definition: ssl.h:5508
CBS_ASN1_CONSTRUCTED
#define CBS_ASN1_CONSTRUCTED
Definition: bytestring.h:188
ssl.h
ssl_has_private_key
bool ssl_has_private_key(const SSL_HANDSHAKE *hs)
Definition: ssl_privkey.cc:136
DC::expected_cert_verify_algorithm
uint16_t expected_cert_verify_algorithm
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1590
ssl_cert_clear_certs
void ssl_cert_clear_certs(CERT *cert)
Definition: ssl_cert.cc:196
ec_key_st
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h:723
SHA256
#define SHA256
Definition: boringssl_prefix_symbols.h:2154
ssl_signing_with_dc
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs)
Definition: ssl_cert.cc:831
ssl_nid_to_group_id
bool ssl_nid_to_group_id(uint16_t *out_group_id, int nid)
Definition: ssl_key_share.cc:363
CERT::cert_cb
int(* cert_cb)(SSL *ssl, void *arg)
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2394
DC
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1572
CERT::signed_cert_timestamp_list
UniquePtr< CRYPTO_BUFFER > signed_cert_timestamp_list
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2402
TLS1_3_VERSION
#define TLS1_3_VERSION
Definition: ssl.h:653
ssl_session_st
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3787
sk_CRYPTO_BUFFER_value
#define sk_CRYPTO_BUFFER_value
Definition: boringssl_prefix_symbols.h:561
CBB_add_bytes
#define CBB_add_bytes
Definition: boringssl_prefix_symbols.h:1025
contents
string_view contents
Definition: elf.cc:597
sk_CRYPTO_BUFFER_deep_copy
#define sk_CRYPTO_BUFFER_deep_copy
Definition: boringssl_prefix_symbols.h:556
BSSL_NAMESPACE_BEGIN
Definition: trust_token_test.cc:45
ssl_st::s3
bssl::SSL3_STATE * s3
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3730
SSL_R_LENGTH_MISMATCH
#define SSL_R_LENGTH_MISMATCH
Definition: ssl.h:5430
SSL_R_BAD_ECC_CERT
#define SSL_R_BAD_ECC_CERT
Definition: ssl.h:5375
CBS_get_optional_asn1
#define CBS_get_optional_asn1
Definition: boringssl_prefix_symbols.h:1069
CERT::CERT
CERT(const SSL_X509_METHOD *x509_method)
Definition: ssl_cert.cc:137
SSL_HANDSHAKE::config
SSL_CONFIG * config
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1729
cert_set_chain_and_key
static int cert_set_chain_and_key(CERT *cert, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method)
Definition: ssl_cert.cc:263
x509_st
Definition: third_party/boringssl-with-bazel/src/crypto/x509/internal.h:139
CBS_ASN1_BITSTRING
#define CBS_ASN1_BITSTRING
Definition: bytestring.h:208
EVP_PKEY_get0_EC_KEY
#define EVP_PKEY_get0_EC_KEY
Definition: boringssl_prefix_symbols.h:1629
CRYPTO_BUFFER_init_CBS
#define CRYPTO_BUFFER_init_CBS
Definition: boringssl_prefix_symbols.h:1117
POINT_CONVERSION_UNCOMPRESSED
@ POINT_CONVERSION_UNCOMPRESSED
Definition: ec.h:91
SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH
#define SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH
Definition: ssl.h:5541
SSL_AD_DECODE_ERROR
#define SSL_AD_DECODE_ERROR
Definition: ssl.h:3810
CBS_ASN1_OBJECT
#define CBS_ASN1_OBJECT
Definition: bytestring.h:211
SSL_CONFIG::client_CA
UniquePtr< STACK_OF(CRYPTO_BUFFER)> client_CA
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3005
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
SSL_R_NO_PRIVATE_KEY_ASSIGNED
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED
Definition: ssl.h:5448
CBS_get_u16_length_prefixed
#define CBS_get_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1074
asyncio_get_stats.response
response
Definition: asyncio_get_stats.py:28
EVP_parse_public_key
#define EVP_parse_public_key
Definition: boringssl_prefix_symbols.h:1743
PushToStack
std::enable_if<!internal::StackTraits< Stack >::kIsConst, bool >::type PushToStack(Stack *sk, UniquePtr< typename internal::StackTraits< Stack >::Type > elem)
Definition: stack.h:515
SSL_R_CA_DN_TOO_LONG
#define SSL_R_CA_DN_TOO_LONG
Definition: ssl.h:5391
ssl_can_serve_dc
static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs)
Definition: ssl_cert.cc:805
SSL_get0_server_requested_CAs
#define SSL_get0_server_requested_CAs
Definition: boringssl_prefix_symbols.h:322
arg
struct arg arg
ERR_clear_error
#define ERR_clear_error
Definition: boringssl_prefix_symbols.h:1413
ssl_add_client_CA_list
bool ssl_add_client_CA_list(SSL_HANDSHAKE *hs, CBB *cbb)
Definition: ssl_cert.cc:675
SSL_set1_delegated_credential
int SSL_set1_delegated_credential(SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey, const SSL_PRIVATE_KEY_METHOD *key_method)
Definition: ssl_cert.cc:1003
CERT::x509_method
const SSL_X509_METHOD * x509_method
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2382
crypto_buffer_pool_st
Definition: third_party/boringssl-with-bazel/src/crypto/pool/internal.h:39
pool
InternalDescriptorPool * pool
Definition: bloaty/third_party/protobuf/php/ext/google/protobuf/protobuf.h:807
ssl_has_certificate
bool ssl_has_certificate(const SSL_HANDSHAKE *hs)
Definition: ssl_cert.cc:340
SSL_R_UNKNOWN_CERTIFICATE_TYPE
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE
Definition: ssl.h:5495
SSL_CONFIG
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2960
SSL_X509_METHOD::cert_free
void(* cert_free)(CERT *cert)
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2519
sk_CRYPTO_BUFFER_set
#define sk_CRYPTO_BUFFER_set
Definition: boringssl_prefix_symbols.h:560
DC::Dup
UniquePtr< DC > Dup()
Definition: ssl_cert.cc:755
SSL_set_ocsp_response
int SSL_set_ocsp_response(SSL *ssl, const uint8_t *response, size_t response_len)
Definition: ssl_cert.cc:980
SSL_R_DECODE_ERROR
#define SSL_R_DECODE_ERROR
Definition: ssl.h:5405
SSL_HANDSHAKE::peer_delegated_credential_sigalgs
Array< uint16_t > peer_delegated_credential_sigalgs
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1866
mem.h
ssl_parse_client_CA_list
UniquePtr< STACK_OF(CRYPTO_BUFFER)> ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs)
Definition: ssl_cert.cc:618
SSL_CTX_get0_chain
#define SSL_CTX_get0_chain
Definition: boringssl_prefix_symbols.h:86
CERT::dc_key_method
const SSL_PRIVATE_KEY_METHOD * dc_key_method
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2423
SSL_CTX_set_signed_cert_timestamp_list
int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list, size_t list_len)
Definition: ssl_cert.cc:959
SSL_get_session
#define SSL_get_session
Definition: boringssl_prefix_symbols.h:376
X509_R_KEY_VALUES_MISMATCH
#define X509_R_KEY_VALUES_MISMATCH
Definition: x509.h:2393
CBS_ASN1_SEQUENCE
#define CBS_ASN1_SEQUENCE
Definition: bytestring.h:214
SSL_set_cert_cb
void SSL_set_cert_cb(SSL *ssl, int(*cb)(SSL *ssl, void *arg), void *arg)
Definition: ssl_cert.cc:922
ssl_session_st::certs
bssl::UniquePtr< STACK_OF(CRYPTO_BUFFER)> certs
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3825
ssl_st::ctx
bssl::UniquePtr< SSL_CTX > ctx
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3754
X509_R_UNKNOWN_KEY_TYPE
#define X509_R_UNKNOWN_KEY_TYPE
Definition: x509.h:2405
DC::~DC
~DC()
sk_CRYPTO_BUFFER_num
#define sk_CRYPTO_BUFFER_num
Definition: boringssl_prefix_symbols.h:558
cb
OPENSSL_EXPORT pem_password_cb * cb
Definition: pem.h:351
CERT::dc_privatekey
UniquePtr< EVP_PKEY > dc_privatekey
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2419
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
CRYPTO_BUFFER_data
#define CRYPTO_BUFFER_data
Definition: boringssl_prefix_symbols.h:1115
ERR_R_MALLOC_FAILURE
#define ERR_R_MALLOC_FAILURE
Definition: err.h:371
leaf_cert_and_privkey_error
@ leaf_cert_and_privkey_error
Definition: ssl_cert.cc:219
SSL_HANDSHAKE::delegated_credential_requested
bool delegated_credential_requested
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:1977
CERT::cert_cb_arg
void * cert_cb_arg
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2395
SSL_R_CANNOT_PARSE_LEAF_CERT
#define SSL_R_CANNOT_PARSE_LEAF_CERT
Definition: ssl.h:5539
CBS_asn1_bitstring_has_bit
#define CBS_asn1_bitstring_has_bit
Definition: boringssl_prefix_symbols.h:1053
x509.h
ssl_cert_check_private_key
bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey)
Definition: ssl_cert.cc:518
cbb_st
Definition: bytestring.h:375
CBB_add_u24_length_prefixed
#define CBB_add_u24_length_prefixed
Definition: boringssl_prefix_symbols.h:1031

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:20