Lines Matching refs:context
83 pk_copy_error(krb5_context context,
104 BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer)
109 krb5_clear_error_message(context);
118 integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
124 krb5_set_error_message(context, ENOMEM,
133 select_dh_group(krb5_context context, DH *dh, unsigned long bits,
150 krb5_set_error_message(context, EINVAL,
159 p = integer_to_BN(context, "p", &m->p);
160 g = integer_to_BN(context, "g", &m->g);
161 q = integer_to_BN(context, "q", &m->q);
190 find_cert(krb5_context context, struct krb5_pk_identity *id,
216 pk_copy_error(context, context->hx509ctx, ret,
221 ret = hx509_certs_find(context->hx509ctx, id->certs, q, cert);
224 pk_copy_error(context, context->hx509ctx, ret,
232 create_signature(krb5_context context,
244 ret = hx509_cms_create_signed_1(context->hx509ctx,
256 pk_copy_error(context, context->hx509ctx, ret,
265 cert2epi(hx509_context context, void *ctx, hx509_cert c)
361 build_edi(krb5_context context,
370 build_auth_pack(krb5_context context,
383 krb5_clear_error_message(context);
387 krb5_us_timeofday(context, &sec, &usec);
395 krb5_abortx(context, "internal error in ASN.1 encoder");
397 ret = krb5_create_checksum(context,
410 krb5_set_error_message(context, ENOMEM,
431 moduli_file = krb5_config_get_string(context, NULL,
437 krb5_config_get_int_default(context, NULL, 0,
442 ret = _krb5_parse_moduli(context, moduli_file, &ctx->m);
448 krb5_set_error_message(context, ENOMEM,
453 ret = select_dh_group(context, ctx->u.dh, dh_min_bits, ctx->m);
458 krb5_set_error_message(context, ENOMEM,
467 krb5_clear_error_message(context);
472 krb5_clear_error_message(context);
476 ret = krb5_copy_data(context, a->clientDHNonce,
500 ret = BN_to_integer(context, p, &dp.p);
505 ret = BN_to_integer(context, g, &dp.g);
510 ret = BN_to_integer(context, q, &dp.q);
533 krb5_abortx(context, "Internal ASN1 encoder error");
536 ret = BN_to_integer(context, pub_key, &dh_pub_key);
546 krb5_abortx(context, "asn1 internal error");
571 krb5_abortx(context, "asn1 internal error");
612 krb5_abortx(context, "internal error");
622 ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL,
634 _krb5_pk_mk_ContentInfo(krb5_context context,
656 pk_mk_padata(krb5_context context,
684 krb5_clear_error_message(context);
690 krb5_clear_error_message(context);
694 krb5_us_timeofday(context, &sec, &usec);
703 krb5_set_error_message(context, ret,
709 krb5_abortx(context, "internal ASN1 encoder error");
717 ret = build_auth_pack(context, nonce, ctx, req_body, &ap);
726 krb5_set_error_message(context, ret,
732 krb5_abortx(context, "internal ASN1 encoder error");
736 krb5_abortx(context, "internal pkinit error");
738 ret = create_signature(context, oid, &buf, ctx->id,
747 krb5_set_error_message(context, ret,
778 krb5_set_error_message(context, ret,
783 ret = build_edi(context, context->hx509ctx,
786 krb5_set_error_message(context, ret,
801 krb5_abortx(context, "internal pkinit error");
803 krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret);
807 krb5_abortx(context, "Internal ASN1 encoder error");
809 ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
814 krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
824 _krb5_pk_mk_padata(krb5_context context,
836 krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY,
841 win2k_compat = krb5_config_get_bool_default(context, NULL,
850 krb5_config_get_bool_default(context, NULL,
861 krb5_config_get_bool_default(context, NULL,
873 krb5_config_get_bool_default(context, NULL,
881 krb5_config_get_bool_default(context, NULL,
889 krb5_config_get_bool_default(context, NULL,
896 return pk_mk_padata(context, ctx, req_body, nonce, md);
900 pk_verify_sign(krb5_context context,
920 ret = hx509_cms_verify_signed(context->hx509ctx,
931 pk_copy_error(context, context->hx509ctx, ret,
938 krb5_clear_error_message(context);
943 ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert);
945 pk_copy_error(context, context->hx509ctx, ret,
964 get_reply_key_win(krb5_context context,
978 krb5_set_error_message(context, ret,
985 krb5_set_error_message(context, ret,
994 krb5_set_error_message(context, ENOMEM,
1002 krb5_set_error_message(context, ret,
1012 get_reply_key(krb5_context context,
1026 krb5_set_error_message(context, ret,
1040 ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
1046 ret = krb5_verify_checksum(context, crypto, 6,
1049 krb5_crypto_destroy(context, crypto);
1059 krb5_set_error_message(context, ENOMEM,
1067 krb5_set_error_message(context, ret,
1078 pk_verify_host(krb5_context context,
1087 ret = hx509_cert_check_eku(context->hx509ctx, host->cert,
1090 krb5_set_error_message(context, ret,
1099 ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx,
1104 krb5_set_error_message(context, ret,
1120 krb5_set_error_message(context, ret,
1134 krb5_set_error_message(context, ret,
1149 ret = hx509_verify_hostname(context->hx509ctx, host->cert,
1156 krb5_set_error_message(context, ret,
1164 pk_rd_pa_reply_enckey(krb5_context context,
1184 krb5_set_error_message(context, EINVAL,
1192 ret = hx509_cms_unenvelope(context->hx509ctx,
1202 pk_copy_error(context, context->hx509ctx, ret,
1236 krb5_set_error_message(context, ret,
1247 krb5_set_error_message(context, ret,
1253 ret = pk_verify_sign(context,
1264 ret = pk_verify_host(context, realm, hi, ctx, host);
1273 krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
1279 krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
1287 ret = get_reply_key(context, &content, req_buffer, key);
1289 ret = get_reply_key_win(context, &content, nonce, key);
1292 ret = get_reply_key(context, &content, req_buffer, key);
1310 pk_rd_pa_reply_dh(krb5_context context,
1338 krb5_set_error_message(context, EINVAL,
1343 ret = pk_verify_sign(context,
1354 ret = pk_verify_host(context, realm, hi, ctx, host);
1360 krb5_set_error_message(context, ret,
1371 krb5_set_error_message(context, ret,
1379 krb5_set_error_message(context, ret,
1387 krb5_set_error_message(context, ret,
1394 krb5_set_error_message(context, ret,
1402 krb5_set_error_message(context, ret,
1418 krb5_set_error_message(context, ret,
1424 kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
1437 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1445 krb5_set_error_message(context, ret,
1476 krb5_set_error_message(context, ret,
1486 krb5_set_error_message(context, ret,
1496 krb5_set_error_message(context, ret,
1507 krb5_set_error_message(context, ret,
1516 krb5_set_error_message(context, ret,
1521 ret = _krb5_pk_octetstring2key(context,
1527 krb5_set_error_message(context, ret,
1552 _krb5_pk_rd_pa_reply(krb5_context context,
1573 krb5_set_error_message(context, EINVAL,
1583 krb5_set_error_message(context, ret,
1590 _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh");
1594 _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key");
1602 _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key");
1609 krb5_set_error_message(context, EINVAL,
1618 krb5_set_error_message(context, ret,
1640 krb5_set_error_message(context, ret,
1647 ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
1653 ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm,
1657 krb5_abortx(context, "pk-init as-rep case not possible to happen");
1670 krb5_set_error_message(context, EINVAL,
1683 krb5_set_error_message(context, ret,
1689 krb5_clear_error_message(context);
1700 krb5_set_error_message(context, ret,
1705 ret = pk_rd_pa_reply_enckey(context, PKINIT_WIN2K, &data, &oid, realm,
1715 krb5_set_error_message(context, ret,
1723 krb5_set_error_message(context, ret,
1731 krb5_context context;
1762 ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
1771 _krb5_pk_set_user_id(krb5_context context,
1790 ret = hx509_query_alloc(context->hx509ctx, &q);
1792 pk_copy_error(context, context->hx509ctx, ret,
1800 if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) {
1804 ret = find_cert(context, ctx->id, q, &ctx->id->cert);
1805 hx509_query_free(context->hx509ctx, q);
1807 if (ret == 0 && _krb5_have_debug(context, 2)) {
1834 _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn);
1844 _krb5_pk_load_id(krb5_context context,
1861 krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA,
1870 krb5_set_error_message(context, ENOMEM,
1878 ret = hx509_lock_init(context->hx509ctx, &lock);
1880 pk_copy_error(context, context->hx509ctx, ret, "Failed init lock");
1888 p.context = context;
1899 ret = hx509_certs_init(context->hx509ctx, user_id, 0, lock, &id->certs);
1902 pk_copy_error(context, context->hx509ctx, ret,
1910 ret = hx509_certs_init(context->hx509ctx, anchor_id, 0, NULL, &id->anchors);
1912 pk_copy_error(context, context->hx509ctx, ret,
1917 ret = hx509_certs_init(context->hx509ctx, "MEMORY:pkinit-cert-chain",
1920 pk_copy_error(context, context->hx509ctx, ret,
1926 ret = hx509_certs_append(context->hx509ctx, id->certpool,
1929 pk_copy_error(context, context->hx509ctx, ret,
1938 ret = hx509_revoke_init(context->hx509ctx, &id->revokectx);
1940 pk_copy_error(context, context->hx509ctx, ret,
1946 ret = hx509_revoke_add_crl(context->hx509ctx,
1950 pk_copy_error(context, context->hx509ctx, ret,
1957 hx509_context_set_missing_revoke(context->hx509ctx, 1);
1959 ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx);
1961 pk_copy_error(context, context->hx509ctx, ret,
1962 "Failed init verify context");
1988 pk_copy_error(krb5_context context,
2002 krb5_clear_error_message(context);
2008 krb5_clear_error_message(context);
2012 krb5_set_error_message(context, hxret, "%s: %s", f, s);
2018 parse_integer(krb5_context context, char **p, const char *file, int lineno,
2025 krb5_set_error_message(context, EINVAL,
2032 krb5_set_error_message(context, ret,
2043 _krb5_parse_moduli_line(krb5_context context,
2057 krb5_set_error_message(context, ENOMEM,
2072 krb5_set_error_message(context, ret,
2080 krb5_set_error_message(context, ret, N_("malloc: out of memeory", ""));
2086 krb5_set_error_message(context, ret,
2094 krb5_set_error_message(context, ret,
2100 ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
2103 ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
2106 ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
2191 _krb5_parse_moduli(krb5_context context, const char *file,
2205 krb5_set_error_message(context, ENOMEM,
2211 ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
2219 ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
2234 if (_krb5_expand_path_tokens(context, file, &exp_file) == 0) {
2260 krb5_set_error_message(context, ENOMEM,
2268 ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element);
2285 _krb5_dh_group_ok(krb5_context context, unsigned long bits,
2301 krb5_set_error_message(context,
2314 krb5_set_error_message(context,
2366 krb5_get_init_creds_opt_set_pkinit(krb5_context context,
2383 krb5_set_error_message(context, EINVAL,
2391 krb5_set_error_message(context, ENOMEM,
2402 pool = krb5_config_get_strings(context, NULL,
2408 pki_revoke = krb5_config_get_strings(context, NULL,
2414 krb5_appdefault_string(context, "kinit",
2415 krb5_principal_get_realm(context, principal),
2423 ret = _krb5_pk_load_id(context,
2439 _krb5_pk_set_user_id(context,
2447 hx509_context hx509ctx = context->hx509ctx;
2470 krb5_set_error_message(context, EINVAL,
2478 krb5_set_error_message(context, EINVAL,
2485 krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
2491 krb5_set_error_message(context, EINVAL,
2496 krb5_set_error_message(context, EINVAL,
2497 N_("PKINIT: on pkinit context", ""));
2501 _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs);
2505 krb5_set_error_message(context, EINVAL,
2514 get_ms_san(hx509_context context, hx509_cert cert, char **upn)
2521 ret = hx509_cert_find_subjectAltName_otherName(context,
2539 find_ms_san(hx509_context context, hx509_cert cert, void *ctx)
2544 ret = get_ms_san(context, cert, &upn);
2559 krb5_pk_enterprise_cert(krb5_context context,
2577 krb5_set_error_message(context, ENOENT, "no user id");
2581 ret = hx509_certs_init(context->hx509ctx, user_id, 0, NULL, &certs);
2583 pk_copy_error(context, context->hx509ctx, ret,
2588 ret = hx509_query_alloc(context->hx509ctx, &q);
2590 krb5_set_error_message(context, ret, "out of memory");
2600 ret = hx509_certs_filter(context->hx509ctx, certs, q, &result);
2601 hx509_query_free(context->hx509ctx, q);
2604 pk_copy_error(context, context->hx509ctx, ret,
2609 ret = hx509_get_one_cert(context->hx509ctx, result, &cert);
2612 pk_copy_error(context, context->hx509ctx, ret,
2617 ret = get_ms_san(context->hx509ctx, cert, &name);
2619 pk_copy_error(context, context->hx509ctx, ret,
2624 ret = krb5_make_principal(context, principal, realm, name, NULL);
2629 krb5_principal_set_type(context, *principal, KRB5_NT_ENTERPRISE_PRINCIPAL);
2632 ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res);
2636 ret = hx509_certs_add(context->hx509ctx, *res, cert);
2648 krb5_set_error_message(context, EINVAL,