Lines Matching refs:ret
222 int ret;
241 ret = copy_Certificate(c, (*cert)->data);
242 if (ret) {
247 return ret;
278 int ret;
280 ret = decode_Certificate(ptr, len, &t, &size);
281 if (ret) {
282 hx509_set_error_string(context, 0, ret, "Failed to decode certificate");
283 return ret;
292 ret = hx509_cert_init(context, &t, cert);
294 return ret;
698 int ret;
704 ret = der_copy_octet_string(entry, &list->val[list->len]);
705 if (ret)
706 return ret;
755 int ret;
763 ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa);
765 if (ret == HX509_EXTENSION_NOT_FOUND) {
767 } else if (ret != 0) {
768 hx509_set_error_string(context, 0, ret, "Error searching for SAN");
770 return ret;
777 ret = add_to_list(list, &sa.val[j].u.otherName.value);
778 if (ret) {
779 hx509_set_error_string(context, 0, ret,
784 return ret;
800 int ret;
818 ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size);
819 if (ret)
820 return ret;
859 int ret;
873 ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
874 assert(ret == 0);
884 ret = decode_BasicConstraints(e->extnValue.data,
887 if (ret)
888 return ret;
892 ret = HX509_PARENT_IS_CA;
895 ret = 0;
899 ret = HX509_PARENT_NOT_CA;
902 ret = HX509_CA_PATH_TOO_DEEP;
906 return ret;
917 int ret_ai, ret_si, ret;
919 ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
922 if (ret)
923 return ret;
978 ret = _hx509_name_cmp(&issuer->tbsCertificate.subject,
981 if (ret)
982 return ret;
1004 int ret;
1014 ret = hx509_certs_find(context, trust_anchors, &q, &c);
1015 if (ret == 0)
1017 return ret == 0;
1025 int ret, diff;
1026 ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
1029 if (ret) {
1030 hx509_set_error_string(context, 0, ret,
1033 ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
1035 return ret;
1060 int ret;
1071 ret = find_extension_auth_key_id(current->data, &ai);
1072 if (ret) {
1097 ret = hx509_certs_find(context, pool, &q, parent);
1098 if (ret == 0) {
1106 ret = hx509_certs_find(context, trust_anchors, &q, parent);
1107 if (ret == 0) {
1109 return ret;
1118 ret = hx509_cert_get_subject(current, &name);
1119 if (ret) {
1123 ret = hx509_name_to_string(name, &str);
1125 if (ret) {
1150 int ret;
1162 ret = decode_ProxyCertInfo(e->extnValue.data,
1166 if (ret) {
1168 return ret;
1245 int ret;
1250 ret = _hx509_path_append(context, path, cert);
1251 if (ret)
1252 return ret;
1258 ret = find_parent(context, time_now, anchors, path,
1261 if (ret)
1262 return ret;
1264 ret = _hx509_path_append(context, path, parent);
1265 if (ret)
1266 return ret;
1406 int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED;
1407 hx509_set_error_string(context, 0, ret,
1410 return ret;
1480 int ret;
1482 ret = copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, spki);
1483 if (ret)
1484 hx509_set_error_string(context, 0, ret, "Failed to copy SPKI");
1485 return ret;
1508 int ret;
1510 ret = copy_AlgorithmIdentifier(&p->data->tbsCertificate.subjectPublicKeyInfo.algorithm, alg);
1511 if (ret)
1512 hx509_set_error_string(context, 0, ret,
1514 return ret;
1521 int ret;
1524 ret = HX509_EXTENSION_NOT_FOUND;
1525 hx509_set_error_string(context, 0, ret, "%s unique id doesn't exists", name);
1526 return ret;
1528 ret = der_copy_bit_string(cert, subject);
1529 if (ret) {
1530 hx509_set_error_string(context, 0, ret, "malloc out of memory", name);
1531 return ret;
1665 int ret;
1667 ret = find_extension_name_constraints(c, &tnc);
1668 if (ret == HX509_EXTENSION_NOT_FOUND)
1670 else if (ret) {
1671 hx509_set_error_string(context, 0, ret, "Failed getting NameConstraints");
1672 return ret;
1674 ret = HX509_VERIFY_CONSTRAINTS;
1675 hx509_set_error_string(context, 0, ret, "Not a CA and "
1682 ret = ENOMEM;
1686 ret = copy_NameConstraints(&tnc, &nc->val[nc->len]);
1687 if (ret) {
1695 return ret;
1708 int diff, ret;
1712 ret = _hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value, &diff);
1713 if (ret)
1714 return ret;
1725 int ret;
1733 ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]);
1734 if (ret)
1735 return ret;
1802 int ret;
1814 ret = match_X501Name(&c_name, &n_name);
1815 if (ret == 0)
1817 return ret;
1832 int ret;
1837 ret = find_extension_subject_alt_name(c, &i, &sa);
1838 if (ret == HX509_EXTENSION_NOT_FOUND) {
1839 ret = 0;
1841 } else if (ret != 0)
1847 ret = match_general_name(n, &sa.val[j], match);
1852 return ret;
1861 int ret = 0;
1886 ret = match_general_name(&t->val[i].base, &certname, &name);
1894 ret = match_alt_name(&t->val[i].base, c, &same, &alt_name);
1898 return ret;
1906 int match, ret;
1914 ret = match_tree(&gs, c, &match);
1915 if (ret) {
1917 return ret;
1930 ret = match_tree(&gs, c, &match);
1931 if (ret) {
1933 return ret;
1980 int ret, proxy_cert_depth, selfsigned_depth, diff;
1988 ret = init_name_constraints(&nc);
1989 if (ret)
1990 return ret;
2006 ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
2007 if (ret)
2015 ret = _hx509_calculate_path(context, 0, ctx->time_now,
2018 if (ret)
2052 ret = check_key_usage(context, c, 1 << 5,
2054 if (ret) {
2055 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
2064 ret = certificate_is_self_signed(context, c, &selfsigned);
2065 if (ret)
2082 ret = HX509_PATH_TOO_LONG;
2083 hx509_set_error_string(context, 0, ret,
2093 ret = HX509_PROXY_CERT_INVALID;
2094 hx509_set_error_string(context, 0, ret,
2102 ret = HX509_PROXY_CERT_INVALID;
2103 hx509_set_error_string(context, 0, ret,
2117 ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject, &diff);
2118 if (ret) {
2119 hx509_set_error_string(context, 0, ret, "Out of memory");
2123 ret = HX509_PROXY_CERT_NAME_WRONG;
2124 hx509_set_error_string(context, 0, ret,
2132 ret = copy_Name(&c->tbsCertificate.subject, &proxy_issuer);
2133 if (ret) {
2144 ret = HX509_PROXY_CERT_NAME_WRONG;
2145 hx509_set_error_string(context, 0, ret,
2155 ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer, &diff);
2156 if (ret) {
2157 hx509_set_error_string(context, 0, ret, "Out of memory");
2161 ret = HX509_PROXY_CERT_NAME_WRONG;
2162 hx509_set_error_string(context, 0, ret,
2186 ret = _hx509_name_cmp(&proxy_issuer,
2188 if (ret) {
2189 hx509_set_error_string(context, 0, ret, "out of memory");
2193 ret = HX509_PROXY_CERT_NAME_WRONG;
2200 ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
2201 if (ret) {
2210 ret = check_basic_constraints(context, c, type,
2212 if (ret)
2223 ret = HX509_CERT_USED_BEFORE_TIME;
2229 ret = HX509_CERT_USED_AFTER_TIME;
2246 for (ret = 0, k = path.len; k > 0; k--) {
2253 ret = certificate_is_self_signed(context, c, &selfsigned);
2254 if (ret)
2259 ret = check_name_constraints(context, &nc, c);
2260 if (ret) {
2264 ret = add_name_constraints(context, c, i == 0, &nc);
2265 if (ret)
2279 ret = hx509_certs_init(context, "MEMORY:revoke-certs", 0,
2281 if (ret)
2285 ret = hx509_certs_add(context, certs, path.val[i]);
2286 if (ret) {
2291 ret = hx509_certs_merge(context, certs, pool);
2292 if (ret) {
2300 ret = hx509_revoke_verify(context,
2306 if (ret) {
2332 ret = certificate_is_self_signed(context, signer->data, &selfsigned);
2333 if (ret)
2345 ret = _hx509_verify_signature_bitstring(context,
2350 if (ret) {
2351 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
2367 ret = _hx509_signature_best_before(context,
2370 if (ret)
2381 return ret;
2462 int ret;
2472 ret = find_extension_subject_alt_name(cert->data, &i, &san);
2473 if (ret == HX509_EXTENSION_NOT_FOUND)
2475 else if (ret != 0)
2501 for (ret = 0, k = name->u.rdnSequence.len; ret == 0 && k > 0; k--) {
2503 for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) {
2533 ret = HX509_NAME_CONSTRAINT_ERROR;
2539 ret = HX509_NAME_CONSTRAINT_ERROR;
2541 return ret;
2639 int ret;
2649 ret = hx509_cert_get_subject(cert, &name);
2650 if (ret)
2652 ret = hx509_name_to_string(name, &cert->friendlyname);
2654 if (ret)
2659 ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
2660 if (ret)
2764 int ret;
2772 ret = der_copy_heim_integer(serialNumber, q->serial);
2773 if (ret) {
2776 return ret;
2785 ret = copy_Name(issuer, q->issuer_name);
2786 if (ret) {
2789 return ret;
2834 int ret;
2851 ret = der_copy_oid(eku, q->eku);
2852 if (ret) {
2855 return ret;
2948 int ret, diff;
2965 ret = _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name, &diff);
2966 if (ret || diff)
2971 ret = _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name, &diff);
2972 if (ret || diff)
2979 ret = _hx509_find_extension_subject_key_id(c, &si);
2980 if (ret == 0) {
2982 ret = 1;
2985 if (ret)
3041 ret = (*q->cmp_func)(context, cert, q->cmp_func_ctx);
3042 if (ret != 0)
3053 ret = _hx509_verify_signature(context,
3058 if (ret != 0)
3080 ret = _hx509_cert_to_env(context, cert, &env);
3081 if (ret)
3084 ret = _hx509_expr_eval(context, env, q->expr);
3086 if (ret == 0)
3270 int ret;
3273 ret = find_extension_eku(_hx509_get_cert(cert), &e);
3274 if (ret) {
3276 return ret;
3306 int ret;
3320 ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size);
3321 if (ret)
3322 return ret;
3331 int ret;
3335 ret = find_extension_eku(_hx509_get_cert(cert), e);
3336 if (ret && ret != HX509_EXTENSION_NOT_FOUND) {
3338 return ret;
3360 int ret;
3366 _hx509_get_cert(c), &size, ret);
3367 if (ret) {
3370 return ret;
3375 return ret;
3422 int ret;
3429 ret = hx509_env_add(context, &envcert, "version", buf);
3431 if (ret)
3435 ret = hx509_cert_get_subject(cert, &name);
3436 if (ret)
3439 ret = hx509_name_to_string(name, &buf);
3440 if (ret) {
3445 ret = hx509_env_add(context, &envcert, "subject", buf);
3447 if (ret)
3451 ret = hx509_cert_get_issuer(cert, &name);
3452 if (ret)
3455 ret = hx509_name_to_string(name, &buf);
3457 if (ret)
3460 ret = hx509_env_add(context, &envcert, "issuer", buf);
3462 if (ret)
3467 ret = _hx509_cert_get_eku(context, cert, &eku);
3468 if (ret == HX509_EXTENSION_NOT_FOUND)
3470 else if (ret != 0)
3478 ret = der_print_heim_oid(&eku.val[i], '.', &buf);
3479 if (ret) {
3484 ret = hx509_env_add(context, &enveku, buf, "oid-name-here");
3486 if (ret) {
3494 ret = hx509_env_add_binding(context, &envcert, "eku", enveku);
3495 if (ret) {
3510 ret = _hx509_create_signature(context,
3516 if (ret != 0)
3519 ret = hex_encode(sig.data, sig.length, &buf);
3521 if (ret < 0) {
3522 ret = ENOMEM;
3523 hx509_set_error_string(context, 0, ret,
3528 ret = hx509_env_add(context, &envhash, "sha1", buf);
3530 if (ret)
3533 ret = hx509_env_add_binding(context, &envcert, "hash", envhash);
3534 if (ret) {
3540 ret = hx509_env_add_binding(context, env, "certificate", envcert);
3541 if (ret)
3548 return ret;
3568 int ret;
3573 ret = hx509_cert_get_issuer(cert, &name);
3574 if (ret)
3575 return ret;
3581 ret = hx509_cert_get_subject(cert, &name);
3582 if (ret)
3583 return ret;
3592 ret = hx509_cert_get_serialnumber(cert, &serialNumber);
3593 if (ret)
3594 return ret;
3595 ret = der_print_hex_heim_integer(&serialNumber, &str);
3596 if (ret)
3597 return ret;
3604 ret = hx509_cert_keyusage_print(context, cert, &str);
3605 if (ret == 0) {