Lines Matching refs:ret
178 int ret;
202 ret = hx509_certs_find(context, certs, &q, &signer);
203 if (ret && ocsp->certs)
204 ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
205 if (ret)
217 ret = _hx509_cert_is_parent_cmp(s, p, 0);
218 if (ret != 0) {
219 ret = HX509_PARENT_NOT_CA;
220 hx509_set_error_string(context, 0, ret, "Revoke OCSP signer is "
225 ret = _hx509_verify_signature_bitstring(context,
230 if (ret) {
231 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
236 ret = hx509_cert_check_eku(context, signer,
238 if (ret)
242 ret = _hx509_verify_signature_bitstring(context,
247 if (ret) {
248 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
259 return ret;
271 int ret;
275 ret = decode_OCSPResponse(data, length, &resp, &size);
276 if (ret)
277 return ret;
296 ret = der_heim_oid_cmp(&resp.responseBytes->responseType,
298 if (ret != 0) {
303 ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data,
307 if (ret) {
309 return ret;
333 int ret;
335 ret = rk_undumpdata(ocsp->path, &data, &length);
336 if (ret)
337 return ret;
339 ret = stat(ocsp->path, &sb);
340 if (ret)
343 ret = parse_ocsp_basic(data, length, &basic);
345 if (ret) {
346 hx509_set_error_string(context, 0, ret,
348 return ret;
354 ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
356 if (ret) {
358 return ret;
364 ret = hx509_cert_init(context, &basic.certs->val[i], &c);
365 if (ret)
368 ret = hx509_certs_add(context, certs, c);
370 if (ret)
406 int ret;
440 ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]);
441 if (ret) {
443 return ret;
447 return ret;
465 int ret;
500 ret = hx509_certs_find(context, certs, &q, &signer);
501 if (ret) {
502 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
504 return ret;
508 ret = _hx509_verify_signature_bitstring(context,
513 if (ret) {
514 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
534 ret = hx509_certs_find(context, certs, &q, &crl_parent);
535 if (ret) {
536 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
541 ret = hx509_revoke_verify(context,
549 if (ret) {
550 hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
560 return ret;
569 int ret;
573 ret = rk_undumpdata(path, &data, &length);
574 if (ret)
575 return ret;
577 ret = stat(path, &sb);
578 if (ret)
583 ret = decode_CRLCertificateList(data, length, crl, &size);
585 if (ret)
586 return ret;
615 int ret;
647 ret = load_crl(path,
650 if (ret) {
652 return ret;
657 return ret;
689 int ret;
700 ret = stat(ocsp->path, &sb);
701 if (ret == 0 && ocsp->last_modfied != sb.st_mtime) {
702 ret = load_ocsp(context, ocsp);
703 if (ret)
709 ret = verify_ocsp(context, ocsp, now, certs, parent_cert);
710 if (ret)
717 ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber,
719 if (ret != 0)
723 ret = _hx509_verify_signature(context,
728 if (ret != 0)
734 ret = _hx509_verify_signature(context,
739 if (ret != 0)
775 ret = _hx509_name_cmp(&c->tbsCertificate.issuer,
777 if (ret || diff)
780 ret = stat(crl->path, &sb);
781 if (ret == 0 && crl->last_modfied != sb.st_mtime) {
784 ret = load_crl(crl->path, &crl->last_modfied, &cl);
785 if (ret == 0) {
797 ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert);
798 if (ret) {
823 ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate,
825 if (ret != 0)
871 int ret;
890 ret = hx509_certs_find(context, ctx->certs, &q, &parent);
891 if (ret)
896 ret = HX509_REVOKE_NOT_SAME_PARENT;
897 hx509_set_error_string(context, 0, ret,
907 ret = copy_AlgorithmIdentifier(ctx->digest, &one->reqCert.hashAlgorithm);
908 if (ret)
911 ret = _hx509_create_signature(context,
917 if (ret)
924 ret = _hx509_create_signature(context,
930 if (ret)
933 ret = copy_CertificateSerialNumber(&c->tbsCertificate.serialNumber,
935 if (ret)
941 if (ret) {
946 return ret;
977 int ret;
991 ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx);
993 if (ret)
1000 ret = ENOMEM;
1008 ret = ENOMEM;
1012 ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
1013 if (ret) {
1015 return ret;
1020 ret = ENOMEM;
1025 ret = RAND_bytes(es->val[0].extnValue.data,
1027 if (ret != 1) {
1028 ret = HX509_CRYPTO_INTERNAL_ERROR;
1031 ret = der_copy_octet_string(nonce, &es->val[0].extnValue);
1032 if (ret) {
1033 ret = ENOMEM;
1039 &req, &size, ret);
1041 if (ret)
1050 return ret;
1083 int ret;
1095 ret = load_ocsp(context, &ocsp);
1096 if (ret) {
1098 return ret;
1161 ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
1164 return ret;
1196 int ret;
1204 ret = parse_ocsp_basic(data, length, &basic);
1205 if (ret) {
1206 hx509_set_error_string(context, 0, ret,
1208 return ret;
1213 ret = der_heim_integer_cmp(&basic.tbsResponseData.responses.val[i].certID.serialNumber,
1215 if (ret != 0)
1219 ret = _hx509_verify_signature(context,
1224 if (ret != 0)
1258 ret = hx509_cert_get_subject(cert, &name);
1259 if (ret) {
1263 ret = hx509_name_to_string(name, &subject);
1265 if (ret) {
1298 int ret;
1306 ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked);
1307 if (ret) {
1310 return ret;
1313 return ret;
1382 int ret;
1393 ret = hx509_cert_get_serialnumber(cert,
1395 if (ret) {
1397 return ret;
1433 int ret;
1440 ret = HX509_PRIVATE_KEY_MISSING;
1441 hx509_set_error_string(context, 0, ret,
1443 return ret;
1454 ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature);
1455 if (ret) {
1460 ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer,
1462 if (ret) {
1473 ret = ENOMEM;
1490 ret = ENOMEM;
1495 ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList);
1496 if (ret)
1506 &c.tbsCertList, &size, ret);
1507 if (ret) {
1508 hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL");
1515 ret = _hx509_create_signature_bitstring(context,
1522 if (ret) {
1523 hx509_set_error_string(context, 0, ret, "Failed to sign CRL");
1528 &c, &size, ret);
1529 if (ret) {
1530 hx509_set_error_string(context, 0, ret, "failed to encode CRL");
1542 return ret;