pkix_build.c

Bug Summary

File:	s/lib/libpkix/pkix/top/pkix_build.c
Warning:	line 3429, column 13 2nd function call argument is an uninitialized value
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_build.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/top -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/top -resource-dir /usr/lib/llvm-19/lib/clang/19 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux6.12_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-01-06-222215-268153-1 -x c pkix_build.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_build.c
6 *
7 * Top level buildChain function
8 *
9 */
10 
11/* #define PKIX_BUILDDEBUG 1 */
12/* #define PKIX_FORWARDBUILDERSTATEDEBUG 1 */
13 
14#include "pkix_build.h"
15 
16extern PRLogModuleInfo *pkixLog;
17 
18/*
19 * List of critical extension OIDs associate with what build chain has
20 * checked. Those OIDs need to be removed from the unresolved critical
21 * extension OIDs list manually (instead of by checker automatically).
22 */
23static SECOidTag buildCheckedCritExtOIDs[] = {
24        PKIX_CERTKEYUSAGE_OIDSEC_OID_X509_KEY_USAGE,
25        PKIX_CERTSUBJALTNAME_OIDSEC_OID_X509_SUBJECT_ALT_NAME,
26        PKIX_BASICCONSTRAINTS_OIDSEC_OID_X509_BASIC_CONSTRAINTS,
27        PKIX_NAMECONSTRAINTS_OIDSEC_OID_X509_NAME_CONSTRAINTS,
28        PKIX_EXTENDEDKEYUSAGE_OIDSEC_OID_X509_EXT_KEY_USAGE,
29        PKIX_NSCERTTYPE_OIDSEC_OID_NS_CERT_EXT_CERT_TYPE,
30        PKIX_UNKNOWN_OIDSEC_OID_UNKNOWN
31};
32 
33/* --Private-ForwardBuilderState-Functions---------------------------------- */
34 
35/*
36 * FUNCTION: pkix_ForwardBuilderState_Destroy
37 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
38 */
39static PKIX_Error *
40pkix_ForwardBuilderState_Destroy(
41        PKIX_PL_Object *object,
42        void *plContext)
43{
44        PKIX_ForwardBuilderState *state = NULL((void*)0);
45 
46        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_Destroy")static const char cMyFuncName[] = {"pkix_ForwardBuilderState_Destroy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
47        PKIX_NULLCHECK_ONE(object)do { if ((object) == ((void*)0)){ stdVars.aPkixErrorReceived =
 ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
48 
49        PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_FORWARDBUILDERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTFORWARDBUILDERSTATE; goto cleanup; } } while
 (0)
50                (object, PKIX_FORWARDBUILDERSTATE_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_FORWARDBUILDERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTFORWARDBUILDERSTATE; goto cleanup; } } while
 (0)
51                PKIX_OBJECTNOTFORWARDBUILDERSTATE)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_FORWARDBUILDERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTFORWARDBUILDERSTATE; goto cleanup; } } while
 (0);
52 
53        state = (PKIX_ForwardBuilderState *)object;
54 
55        state->status = BUILD_INITIAL;
56        state->traversedCACerts = 0;
57        state->certStoreIndex = 0;
58        state->numCerts = 0;
59        state->numAias = 0;
60        state->certIndex = 0;
61        state->aiaIndex = 0;
62        state->certCheckedIndex = 0;
63        state->checkerIndex = 0;
64        state->hintCertIndex = 0;
65        state->numFanout = 0;
66        state->numDepth = 0;
67        state->reasonCode = 0;
68        state->canBeCached = PKIX_FALSE((PKIX_Boolean) 0);
69        state->useOnlyLocal = PKIX_FALSE((PKIX_Boolean) 0);
70        state->revChecking = PKIX_FALSE((PKIX_Boolean) 0);
71        state->usingHintCerts = PKIX_FALSE((PKIX_Boolean) 0);
72        state->certLoopingDetected = PKIX_FALSE((PKIX_Boolean) 0);
73        PKIX_DECREF(state->validityDate)do { if (state->validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->validityDate), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->validityDate = ((void*)0); } } while (0);
74        PKIX_DECREF(state->prevCert)do { if (state->prevCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->prevCert), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } state->
prevCert = ((void*)0); } } while (0);
75        PKIX_DECREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->candidateCert = ((void*)0); } } while (0);
76        PKIX_DECREF(state->traversedSubjNames)do { if (state->traversedSubjNames){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->traversedSubjNames
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->traversedSubjNames = ((void*)0); }
 } while (0);
77        PKIX_DECREF(state->trustChain)do { if (state->trustChain){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->trustChain), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } state->
trustChain = ((void*)0); } } while (0);
78        PKIX_DECREF(state->aia)do { if (state->aia){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->aia), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } state->
aia = ((void*)0); } } while (0);
79        PKIX_DECREF(state->candidateCerts)do { if (state->candidateCerts){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->candidateCerts
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->candidateCerts = ((void*)0); } } while
 (0);
80        PKIX_DECREF(state->reversedCertChain)do { if (state->reversedCertChain){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->reversedCertChain
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->reversedCertChain = ((void*)0); } }
 while (0);
81        PKIX_DECREF(state->checkedCritExtOIDs)do { if (state->checkedCritExtOIDs){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->checkedCritExtOIDs
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->checkedCritExtOIDs = ((void*)0); }
 } while (0);
82        PKIX_DECREF(state->checkerChain)do { if (state->checkerChain){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->checkerChain), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->checkerChain = ((void*)0); } } while (0);
83        PKIX_DECREF(state->certSel)do { if (state->certSel){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->certSel), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } state->
certSel = ((void*)0); } } while (0);
84        PKIX_DECREF(state->verifyNode)do { if (state->verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->verifyNode), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } state->
verifyNode = ((void*)0); } } while (0);
85        PKIX_DECREF(state->client)do { if (state->client){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->client), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } state->
client = ((void*)0); } } while (0);
86 
87        /*
88         * If we ever add a child link we have to be careful not to have loops
89         * in the Destroy process. But with one-way links we should be okay.
90         */
91        if (state->parentState == NULL((void*)0)) {
92                state->buildConstants.numAnchors = 0;
93                state->buildConstants.numCertStores = 0;
94                state->buildConstants.numHintCerts = 0;
95                state->buildConstants.procParams = 0;
96                PKIX_DECREF(state->buildConstants.testDate)do { if (state->buildConstants.testDate){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.testDate), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.testDate = ((void*)
0); } } while (0);
97                PKIX_DECREF(state->buildConstants.timeLimit)do { if (state->buildConstants.timeLimit){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.timeLimit), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.timeLimit = ((void*
)0); } } while (0);
98                PKIX_DECREF(state->buildConstants.targetCert)do { if (state->buildConstants.targetCert){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.targetCert), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.targetCert = ((void
*)0); } } while (0);
99                PKIX_DECREF(state->buildConstants.targetPubKey)do { if (state->buildConstants.targetPubKey){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.targetPubKey), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.targetPubKey = ((void
*)0); } } while (0);
100                PKIX_DECREF(state->buildConstants.certStores)do { if (state->buildConstants.certStores){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.certStores), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.certStores = ((void
*)0); } } while (0);
101                PKIX_DECREF(state->buildConstants.anchors)do { if (state->buildConstants.anchors){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.anchors), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.anchors = ((void*)0
); } } while (0);
102                PKIX_DECREF(state->buildConstants.userCheckers)do { if (state->buildConstants.userCheckers){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.userCheckers), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.userCheckers = ((void
*)0); } } while (0);
103                PKIX_DECREF(state->buildConstants.hintCerts)do { if (state->buildConstants.hintCerts){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.hintCerts), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.hintCerts = ((void*
)0); } } while (0);
104                PKIX_DECREF(state->buildConstants.revChecker)do { if (state->buildConstants.revChecker){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.revChecker), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.revChecker = ((void
*)0); } } while (0);
105                PKIX_DECREF(state->buildConstants.aiaMgr)do { if (state->buildConstants.aiaMgr){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->buildConstants
.aiaMgr), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->buildConstants.aiaMgr = ((void*)0)
; } } while (0);
106        } else {
107                PKIX_DECREF(state->parentState)do { if (state->parentState){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->parentState), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->parentState = ((void*)0); } } while (0);
108        }
109 
110cleanup:
111 
112        PKIX_RETURN(FORWARDBUILDERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_FORWARDBUILDERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
113}
114 
115/*
116 * FUNCTION: pkix_ForwardBuilderState_Create
117 *
118 * DESCRIPTION:
119 *  Allocate and initialize a ForwardBuilderState.
120 *
121 * PARAMETERS
122 *  "traversedCACerts"
123 *      Number of CA certificates traversed.
124 *  "numFanout"
125 *      Number of Certs that can be considered at this level (0 = no limit)
126 *  "numDepth"
127 *      Number of additional levels that can be searched (0 = no limit)
128 *  "canBeCached"
129 *      Boolean value indicating whether all certs on the chain can be cached.
130 *  "validityDate"
131 *      Address of Date at which build chain Certs' most restricted validity
132 *      time is kept. May be NULL.
133 *  "prevCert"
134 *      Address of Cert just traversed. Must be non-NULL.
135 *  "traversedSubjNames"
136 *      Address of List of GeneralNames that have been traversed.
137 *      Must be non-NULL.
138 *  "trustChain"
139 *      Address of List of certificates traversed. Must be non-NULL.
140 *  "parentState"
141 *      Address of previous ForwardBuilderState
142 *  "pState"
143 *      Address where ForwardBuilderState will be stored. Must be non-NULL.
144 *  "plContext"
145 *      Platform-specific context pointer.
146 * THREAD SAFETY:
147 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
148 * RETURNS:
149 *  Returns NULL if the function succeeds.
150 *  Returns a Build Error if the function fails in a non-fatal way.
151 *  Returns a Fatal Error if the function fails in an unrecoverable way.
152 */
153static PKIX_Error *
154pkix_ForwardBuilderState_Create(
155        PKIX_Int32 traversedCACerts,
156        PKIX_UInt32 numFanout,
157        PKIX_UInt32 numDepth,
158        PKIX_Boolean canBeCached,
159        PKIX_PL_Date *validityDate,
160        PKIX_PL_Cert *prevCert,
161        PKIX_List *traversedSubjNames,
162        PKIX_List *trustChain,
163        PKIX_ForwardBuilderState *parentState,
164        PKIX_ForwardBuilderState **pState,
165        void *plContext)
166{
167        PKIX_ForwardBuilderState *state = NULL((void*)0);
168 
169        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_Create")static const char cMyFuncName[] = {"pkix_ForwardBuilderState_Create"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
170        PKIX_NULLCHECK_FOUR(prevCert, traversedSubjNames, pState, trustChain)do { if (((prevCert) == ((void*)0)) || ((traversedSubjNames) ==
 ((void*)0)) || ((pState) == ((void*)0)) || ((trustChain) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
 stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
171 
172        PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_FORWARDBUILDERSTATE_TYPE
, sizeof (PKIX_ForwardBuilderState), (PKIX_PL_Object **)&
state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT; goto cleanup
; } } while (0)
173                (PKIX_FORWARDBUILDERSTATE_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_FORWARDBUILDERSTATE_TYPE
, sizeof (PKIX_ForwardBuilderState), (PKIX_PL_Object **)&
state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT; goto cleanup
; } } while (0)
174                sizeof (PKIX_ForwardBuilderState),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_FORWARDBUILDERSTATE_TYPE
, sizeof (PKIX_ForwardBuilderState), (PKIX_PL_Object **)&
state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT; goto cleanup
; } } while (0)
175                (PKIX_PL_Object **)&state,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_FORWARDBUILDERSTATE_TYPE
, sizeof (PKIX_ForwardBuilderState), (PKIX_PL_Object **)&
state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT; goto cleanup
; } } while (0)
176                plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_FORWARDBUILDERSTATE_TYPE
, sizeof (PKIX_ForwardBuilderState), (PKIX_PL_Object **)&
state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT; goto cleanup
; } } while (0)
177                PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_FORWARDBUILDERSTATE_TYPE
, sizeof (PKIX_ForwardBuilderState), (PKIX_PL_Object **)&
state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT; goto cleanup
; } } while (0);
178 
179        state->status = BUILD_INITIAL;
180        state->traversedCACerts = traversedCACerts;
181        state->certStoreIndex = 0;
182        state->numCerts = 0;
183        state->numAias = 0;
184        state->certIndex = 0;
185        state->aiaIndex = 0;
186        state->certCheckedIndex = 0;
187        state->checkerIndex = 0;
188        state->hintCertIndex = 0;
189        state->numFanout = numFanout;
190        state->numDepth = numDepth;
191        state->reasonCode = 0;
192        state->revChecking = numDepth;
193        state->canBeCached = canBeCached;
194        state->useOnlyLocal = PKIX_TRUE((PKIX_Boolean) 1);
195        state->revChecking = PKIX_FALSE((PKIX_Boolean) 0);
196        state->usingHintCerts = PKIX_FALSE((PKIX_Boolean) 0);
197        state->certLoopingDetected = PKIX_FALSE((PKIX_Boolean) 0);
198 
199        PKIX_INCREF(validityDate)do { if (validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(validityDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0);
200        state->validityDate = validityDate;
201 
202        PKIX_INCREF(prevCert)do { if (prevCert){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(prevCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0);
203        state->prevCert = prevCert;
204 
205        state->candidateCert = NULL((void*)0);
206 
207        PKIX_INCREF(traversedSubjNames)do { if (traversedSubjNames){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(traversedSubjNames), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
208        state->traversedSubjNames = traversedSubjNames;
209 
210        PKIX_INCREF(trustChain)do { if (trustChain){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(trustChain), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0);
211        state->trustChain = trustChain;
212 
213        state->aia = NULL((void*)0);
214        state->candidateCerts = NULL((void*)0);
215        state->reversedCertChain = NULL((void*)0);
216        state->checkedCritExtOIDs = NULL((void*)0);
217        state->checkerChain = NULL((void*)0);
218        state->certSel = NULL((void*)0);
219        state->verifyNode = NULL((void*)0);
220        state->client = NULL((void*)0);
221 
222        PKIX_INCREF(parentState)do { if (parentState){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(parentState), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0);
223        state->parentState = parentState;
224 
225        if (parentState != NULL((void*)0)) {
226                state->buildConstants.numAnchors =
227                         parentState->buildConstants.numAnchors;
228                state->buildConstants.numCertStores = 
229                        parentState->buildConstants.numCertStores; 
230                state->buildConstants.numHintCerts = 
231                        parentState->buildConstants.numHintCerts; 
232                state->buildConstants.maxFanout =
233                        parentState->buildConstants.maxFanout;
234                state->buildConstants.maxDepth =
235                        parentState->buildConstants.maxDepth;
236                state->buildConstants.maxTime =
237                        parentState->buildConstants.maxTime;
238                state->buildConstants.procParams = 
239                        parentState->buildConstants.procParams; 
240                state->buildConstants.testDate =
241                        parentState->buildConstants.testDate;
242                state->buildConstants.timeLimit =
243                        parentState->buildConstants.timeLimit;
244                state->buildConstants.targetCert =
245                        parentState->buildConstants.targetCert;
246                state->buildConstants.targetPubKey =
247                        parentState->buildConstants.targetPubKey;
248                state->buildConstants.certStores =
249                        parentState->buildConstants.certStores;
250                state->buildConstants.anchors =
251                        parentState->buildConstants.anchors;
252                state->buildConstants.userCheckers =
253                        parentState->buildConstants.userCheckers;
254                state->buildConstants.hintCerts =
255                        parentState->buildConstants.hintCerts;
256                state->buildConstants.revChecker =
257                        parentState->buildConstants.revChecker;
258                state->buildConstants.aiaMgr =
259                        parentState->buildConstants.aiaMgr;
260                state->buildConstants.trustOnlyUserAnchors =
261                        parentState->buildConstants.trustOnlyUserAnchors;
262        }
263 
264        *pState = state;
265        state = NULL((void*)0);
266cleanup:
267        
268        PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
269 
270        PKIX_RETURN(FORWARDBUILDERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_FORWARDBUILDERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
271}
272 
273/*
274 * FUNCTION: pkix_Build_GetResourceLimits
275 *
276 * DESCRIPTION:
277 *  Retrieve Resource Limits from ProcessingParams and initialize them in
278 *  BuildConstants.
279 *
280 * PARAMETERS
281 *  "buildConstants"
282 *      Address of a BuildConstants structure containing objects and values
283 *      that remain constant throughout the building of a chain. Must be
284 *      non-NULL.
285 *  "plContext"
286 *      Platform-specific context pointer.
287 * THREAD SAFETY:
288 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
289 * RETURNS:
290 *  Returns NULL if the function succeeds.
291 *  Returns a Build Error if the function fails in a non-fatal way.
292 *  Returns a Fatal Error if the function fails in an unrecoverable way.
293 */
294static PKIX_Error *
295pkix_Build_GetResourceLimits(
296        BuildConstants *buildConstants,
297        void *plContext)
298{
299        PKIX_ResourceLimits *resourceLimits = NULL((void*)0);
300 
301        PKIX_ENTER(BUILD, "pkix_Build_GetResourceLimits")static const char cMyFuncName[] = {"pkix_Build_GetResourceLimits"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
76
←
Assuming 'pkixLoggersDebugTrace' is null→
77
←
Taking false branch→
78
←
Loop condition is false.  Exiting loop→
302        PKIX_NULLCHECK_ONE(buildConstants)do { if ((buildConstants) == ((void*)0)){ stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
79
←
Taking false branch→
80
←
Loop condition is false.  Exiting loop→
303 
304        PKIX_CHECK(PKIX_ProcessingParams_GetResourceLimitsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetResourceLimits
 (buildConstants->procParams, &resourceLimits, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETRESOURCELIMITSFAILED; goto cleanup
; } } while (0)
81
←
Assuming field 'aPkixErrorResult' is non-null→
82
←
Taking true branch→
83
←
Control jumps to line 329→
305                (buildConstants->procParams, &resourceLimits, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetResourceLimits
 (buildConstants->procParams, &resourceLimits, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETRESOURCELIMITSFAILED; goto cleanup
; } } while (0)
306                PKIX_PROCESSINGPARAMSGETRESOURCELIMITSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetResourceLimits
 (buildConstants->procParams, &resourceLimits, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETRESOURCELIMITSFAILED; goto cleanup
; } } while (0);
307 
308        buildConstants->maxFanout = 0;
309        buildConstants->maxDepth = 0;
310        buildConstants->maxTime = 0;
311 
312        if (resourceLimits) {
313 
314                PKIX_CHECK(PKIX_ResourceLimits_GetMaxFanoutdo { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxFanout
 (resourceLimits, &buildConstants->maxFanout, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_RESOURCELIMITSGETMAXFANOUTFAILED; goto cleanup; } } while
 (0)
315                        (resourceLimits, &buildConstants->maxFanout, plContext),do { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxFanout
 (resourceLimits, &buildConstants->maxFanout, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_RESOURCELIMITSGETMAXFANOUTFAILED; goto cleanup; } } while
 (0)
316                        PKIX_RESOURCELIMITSGETMAXFANOUTFAILED)do { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxFanout
 (resourceLimits, &buildConstants->maxFanout, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_RESOURCELIMITSGETMAXFANOUTFAILED; goto cleanup; } } while
 (0);
317 
318                PKIX_CHECK(PKIX_ResourceLimits_GetMaxDepthdo { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxDepth
 (resourceLimits, &buildConstants->maxDepth, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_RESOURCELIMITSGETMAXDEPTHFAILED; goto cleanup; } } while
 (0)
319                        (resourceLimits, &buildConstants->maxDepth, plContext),do { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxDepth
 (resourceLimits, &buildConstants->maxDepth, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_RESOURCELIMITSGETMAXDEPTHFAILED; goto cleanup; } } while
 (0)
320                        PKIX_RESOURCELIMITSGETMAXDEPTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxDepth
 (resourceLimits, &buildConstants->maxDepth, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_RESOURCELIMITSGETMAXDEPTHFAILED; goto cleanup; } } while
 (0);
321 
322                PKIX_CHECK(PKIX_ResourceLimits_GetMaxTimedo { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxTime
 (resourceLimits, &buildConstants->maxTime, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_RESOURCELIMITSGETMAXTIMEFAILED
; goto cleanup; } } while (0)
323                        (resourceLimits, &buildConstants->maxTime, plContext),do { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxTime
 (resourceLimits, &buildConstants->maxTime, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_RESOURCELIMITSGETMAXTIMEFAILED
; goto cleanup; } } while (0)
324                        PKIX_RESOURCELIMITSGETMAXTIMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ResourceLimits_GetMaxTime
 (resourceLimits, &buildConstants->maxTime, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_RESOURCELIMITSGETMAXTIMEFAILED
; goto cleanup; } } while (0);
325        }
326 
327cleanup:
328 
329        PKIX_DECREF(resourceLimits)do { if (resourceLimits){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(resourceLimits), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } resourceLimits
 = ((void*)0); } } while (0);
84
←
Assuming 'resourceLimits' is null→
85
←
Taking false branch→
86
←
Loop condition is false.  Exiting loop→
330 
331        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
87
←
Returning without writing to 'buildConstants->maxFanout'→
88
←
Returning pointer, which participates in a condition later→
332}
333 
334/*
335 * FUNCTION: pkix_ForwardBuilderState_ToString
336 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
337 */
338static PKIX_Error *
339pkix_ForwardBuilderState_ToString
340        (PKIX_PL_Object *object,
341        PKIX_PL_String **pString,
342        void *plContext)
343{
344        PKIX_ForwardBuilderState *state = NULL((void*)0);
345        PKIX_PL_String *formatString = NULL((void*)0);
346        PKIX_PL_String *resultString = NULL((void*)0);
347        PKIX_PL_String *buildStatusString = NULL((void*)0);
348        PKIX_PL_String *validityDateString = NULL((void*)0);
349        PKIX_PL_String *prevCertString = NULL((void*)0);
350        PKIX_PL_String *candidateCertString = NULL((void*)0);
351        PKIX_PL_String *traversedSubjNamesString = NULL((void*)0);
352        PKIX_PL_String *trustChainString = NULL((void*)0);
353        PKIX_PL_String *candidateCertsString = NULL((void*)0);
354        PKIX_PL_String *certSelString = NULL((void*)0);
355        PKIX_PL_String *verifyNodeString = NULL((void*)0);
356        PKIX_PL_String *parentStateString = NULL((void*)0);
357        char *asciiFormat = "\n"
358                "\t{buildStatus: \t%s\n"
359                "\ttraversedCACerts: \t%d\n"
360                "\tcertStoreIndex: \t%d\n"
361                "\tnumCerts: \t%d\n"
362                "\tnumAias: \t%d\n"
363                "\tcertIndex: \t%d\n"
364                "\taiaIndex: \t%d\n"
365                "\tnumFanout: \t%d\n"
366                "\tnumDepth:  \t%d\n"
367                "\treasonCode:  \t%d\n"
368                "\tcanBeCached: \t%d\n"
369                "\tuseOnlyLocal: \t%d\n"
370                "\trevChecking: \t%d\n"
371                "\tvalidityDate: \t%s\n"
372                "\tprevCert: \t%s\n"
373                "\tcandidateCert: \t%s\n"
374                "\ttraversedSubjNames: \t%s\n"
375                "\ttrustChain: \t%s\n"
376                "\tcandidateCerts: \t%s\n"
377                "\tcertSel: \t%s\n"
378                "\tverifyNode: \t%s\n"
379                "\tparentState: \t%s}\n";
380        char *asciiStatus = NULL((void*)0);
381 
382        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_ToString")static const char cMyFuncName[] = {"pkix_ForwardBuilderState_ToString"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
383        PKIX_NULLCHECK_TWO(object, pString)do { if (((object) == ((void*)0)) || ((pString) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
 } } while (0);
384 
385        PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_FORWARDBUILDERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTFORWARDBUILDERSTATE; goto cleanup; } } while
 (0)
386                (object, PKIX_FORWARDBUILDERSTATE_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_FORWARDBUILDERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTFORWARDBUILDERSTATE; goto cleanup; } } while
 (0)
387                PKIX_OBJECTNOTFORWARDBUILDERSTATE)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_FORWARDBUILDERSTATE_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTFORWARDBUILDERSTATE; goto cleanup; } } while
 (0);
388 
389        state = (PKIX_ForwardBuilderState *)object;
390 
391        PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
392                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
393                PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
394 
395        switch (state->status) {
396            case BUILD_SHORTCUTPENDING: asciiStatus = "BUILD_SHORTCUTPENDING";
397                                        break;
398            case BUILD_INITIAL:         asciiStatus = "BUILD_INITIAL";
399                                        break;
400            case BUILD_TRYAIA:          asciiStatus = "BUILD_TRYAIA";
401                                        break;
402            case BUILD_AIAPENDING:      asciiStatus = "BUILD_AIAPENDING";
403                                        break;
404            case BUILD_COLLECTINGCERTS: asciiStatus = "BUILD_COLLECTINGCERTS";
405                                        break;
406            case BUILD_GATHERPENDING:   asciiStatus = "BUILD_GATHERPENDING";
407                                        break;
408            case BUILD_CERTVALIDATING:  asciiStatus = "BUILD_CERTVALIDATING";
409                                        break;
410            case BUILD_ABANDONNODE:     asciiStatus = "BUILD_ABANDONNODE";
411                                        break;
412            case BUILD_DATEPREP:        asciiStatus = "BUILD_DATEPREP";
413                                        break;
414            case BUILD_CHECKTRUSTED:    asciiStatus = "BUILD_CHECKTRUSTED";
415                                        break;
416            case BUILD_CHECKTRUSTED2:   asciiStatus = "BUILD_CHECKTRUSTED2";
417                                        break;
418            case BUILD_ADDTOCHAIN:      asciiStatus = "BUILD_ADDTOCHAIN";
419                                        break;
420            case BUILD_VALCHAIN:        asciiStatus = "BUILD_VALCHAIN";
421                                        break;
422            case BUILD_VALCHAIN2:       asciiStatus = "BUILD_VALCHAIN2";
423                                        break;
424            case BUILD_EXTENDCHAIN:     asciiStatus = "BUILD_EXTENDCHAIN";
425                                        break;
426            case BUILD_GETNEXTCERT:     asciiStatus = "BUILD_GETNEXTCERT";
427                                        break;
428            default:                    asciiStatus = "INVALID STATUS";
429                                        break;
430        }
431 
432        PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiStatus
, 0, &buildStatusString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
433                (PKIX_ESCASCII, asciiStatus, 0, &buildStatusString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiStatus
, 0, &buildStatusString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
434                PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiStatus
, 0, &buildStatusString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
435 
436        PKIX_TOSTRINGdo { int descNum; if ((state->validityDate) != ((void*)0))
 { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->validityDate), (&validityDateString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&validityDateString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
437               (state->validityDate, &validityDateString, plContext,do { int descNum; if ((state->validityDate) != ((void*)0))
 { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->validityDate), (&validityDateString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&validityDateString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
438                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->validityDate) != ((void*)0))
 { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->validityDate), (&validityDateString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&validityDateString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
439 
440        PKIX_TOSTRINGdo { int descNum; if ((state->prevCert) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(state->prevCert), (&prevCertString), (plContext)); descNum
 = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&prevCertString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
441               (state->prevCert, &prevCertString, plContext,do { int descNum; if ((state->prevCert) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(state->prevCert), (&prevCertString), (plContext)); descNum
 = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&prevCertString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
442                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->prevCert) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(state->prevCert), (&prevCertString), (plContext)); descNum
 = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&prevCertString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
443 
444        PKIX_TOSTRINGdo { int descNum; if ((state->candidateCert) != ((void*)0)
) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->candidateCert), (&candidateCertString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&candidateCertString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
445                (state->candidateCert, &candidateCertString, plContext,do { int descNum; if ((state->candidateCert) != ((void*)0)
) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->candidateCert), (&candidateCertString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&candidateCertString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
446                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->candidateCert) != ((void*)0)
) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->candidateCert), (&candidateCertString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&candidateCertString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
447 
448        PKIX_TOSTRINGdo { int descNum; if ((state->traversedSubjNames) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->traversedSubjNames), (&traversedSubjNamesString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
 { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&traversedSubjNamesString), (plContext)); descNum =
 PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (
stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
 (0)
449                (state->traversedSubjNames,do { int descNum; if ((state->traversedSubjNames) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->traversedSubjNames), (&traversedSubjNamesString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
 { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&traversedSubjNamesString), (plContext)); descNum =
 PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (
stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
 (0)
450                &traversedSubjNamesString,do { int descNum; if ((state->traversedSubjNames) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->traversedSubjNames), (&traversedSubjNamesString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
 { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&traversedSubjNamesString), (plContext)); descNum =
 PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (
stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
 (0)
451                plContext,do { int descNum; if ((state->traversedSubjNames) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->traversedSubjNames), (&traversedSubjNamesString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
 { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&traversedSubjNamesString), (plContext)); descNum =
 PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (
stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
 (0)
452                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->traversedSubjNames) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->traversedSubjNames), (&traversedSubjNamesString
), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else
 { stdVars.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)"
, 0, (&traversedSubjNamesString), (plContext)); descNum =
 PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult = (
stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = descNum; goto cleanup; } } while (0); } while
 (0);
453 
454        PKIX_TOSTRINGdo { int descNum; if ((state->trustChain) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->trustChain), (&trustChainString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&trustChainString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
455                (state->trustChain, &trustChainString, plContext,do { int descNum; if ((state->trustChain) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->trustChain), (&trustChainString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&trustChainString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
456                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->trustChain) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->trustChain), (&trustChainString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&trustChainString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
457 
458        PKIX_TOSTRINGdo { int descNum; if ((state->candidateCerts) != ((void*)0
)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->candidateCerts), (&candidateCertsString), (
plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars
.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&
candidateCertsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
459                (state->candidateCerts, &candidateCertsString, plContext,do { int descNum; if ((state->candidateCerts) != ((void*)0
)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->candidateCerts), (&candidateCertsString), (
plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars
.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&
candidateCertsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
460                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->candidateCerts) != ((void*)0
)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->candidateCerts), (&candidateCertsString), (
plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars
.aPkixErrorResult = PKIX_PL_String_Create(0, "(null)", 0, (&
candidateCertsString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0);
461 
462        PKIX_TOSTRINGdo { int descNum; if ((state->certSel) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(state->certSel), (&certSelString), (plContext)); descNum
 = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&certSelString)
, (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
463                (state->certSel, &certSelString, plContext,do { int descNum; if ((state->certSel) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(state->certSel), (&certSelString), (plContext)); descNum
 = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&certSelString)
, (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
464                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->certSel) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(state->certSel), (&certSelString), (plContext)); descNum
 = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&certSelString)
, (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
465 
466        PKIX_TOSTRINGdo { int descNum; if ((state->verifyNode) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->verifyNode), (&verifyNodeString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&verifyNodeString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
467                (state->verifyNode, &verifyNodeString, plContext,do { int descNum; if ((state->verifyNode) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->verifyNode), (&verifyNodeString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&verifyNodeString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
468                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->verifyNode) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->verifyNode), (&verifyNodeString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&verifyNodeString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
469 
470        PKIX_TOSTRINGdo { int descNum; if ((state->parentState) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->parentState), (&parentStateString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&parentStateString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
471                (state->parentState, &parentStateString, plContext,do { int descNum; if ((state->parentState) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->parentState), (&parentStateString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&parentStateString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
472                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if ((state->parentState) != ((void*)0)) {
 stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)(state->parentState), (&parentStateString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&parentStateString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
473 
474        PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
475                (&resultString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
476                plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
477                formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
478                buildStatusString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
479                (PKIX_Int32)state->traversedCACerts,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
480                (PKIX_UInt32)state->certStoreIndex,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
481                (PKIX_UInt32)state->numCerts,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
482                (PKIX_UInt32)state->numAias,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
483                (PKIX_UInt32)state->certIndex,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
484                (PKIX_UInt32)state->aiaIndex,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
485                (PKIX_UInt32)state->numFanout,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
486                (PKIX_UInt32)state->numDepth,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
487                (PKIX_UInt32)state->reasonCode,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
488                state->canBeCached,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
489                state->useOnlyLocal,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
490                state->revChecking,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
491                validityDateString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
492                prevCertString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
493                candidateCertString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
494                traversedSubjNamesString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
495                trustChainString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
496                candidateCertsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
497                certSelString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
498                verifyNodeString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
499                parentStateString),do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0)
500                PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&resultString
, plContext, formatString, buildStatusString, (PKIX_Int32)state
->traversedCACerts, (PKIX_UInt32)state->certStoreIndex,
 (PKIX_UInt32)state->numCerts, (PKIX_UInt32)state->numAias
, (PKIX_UInt32)state->certIndex, (PKIX_UInt32)state->aiaIndex
, (PKIX_UInt32)state->numFanout, (PKIX_UInt32)state->numDepth
, (PKIX_UInt32)state->reasonCode, state->canBeCached, state
->useOnlyLocal, state->revChecking, validityDateString,
 prevCertString, candidateCertString, traversedSubjNamesString
, trustChainString, candidateCertsString, certSelString, verifyNodeString
, parentStateString)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_SPRINTFFAILED; goto cleanup; } } while
 (0);
501 
502        *pString = resultString;
503 
504cleanup:
505        PKIX_DECREF(formatString)do { if (formatString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(formatString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } formatString = ((void
*)0); } } while (0);
506        PKIX_DECREF(buildStatusString)do { if (buildStatusString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(buildStatusString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } buildStatusString
 = ((void*)0); } } while (0);
507        PKIX_DECREF(validityDateString)do { if (validityDateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(validityDateString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } validityDateString
 = ((void*)0); } } while (0);
508        PKIX_DECREF(prevCertString)do { if (prevCertString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(prevCertString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } prevCertString
 = ((void*)0); } } while (0);
509        PKIX_DECREF(candidateCertString)do { if (candidateCertString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(candidateCertString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } candidateCertString
 = ((void*)0); } } while (0);
510        PKIX_DECREF(traversedSubjNamesString)do { if (traversedSubjNamesString){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(traversedSubjNamesString
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } traversedSubjNamesString = ((void*)0); } } while
 (0);
511        PKIX_DECREF(trustChainString)do { if (trustChainString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustChainString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } trustChainString
 = ((void*)0); } } while (0);
512        PKIX_DECREF(candidateCertsString)do { if (candidateCertsString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(candidateCertsString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } candidateCertsString
 = ((void*)0); } } while (0);
513        PKIX_DECREF(certSelString)do { if (certSelString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSelString), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certSelString
 = ((void*)0); } } while (0);
514        PKIX_DECREF(verifyNodeString)do { if (verifyNodeString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNodeString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } verifyNodeString
 = ((void*)0); } } while (0);
515        PKIX_DECREF(parentStateString)do { if (parentStateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(parentStateString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } parentStateString
 = ((void*)0); } } while (0);
516 
517        PKIX_RETURN(FORWARDBUILDERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_FORWARDBUILDERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
518 
519}
520 
521/*
522 * FUNCTION: pkix_ForwardBuilderState_RegisterSelf
523 *
524 * DESCRIPTION:
525 *  Registers PKIX_FORWARDBUILDERSTATE_TYPE and its related functions
526 *  with systemClasses[]
527 *
528 * THREAD SAFETY:
529 *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
530 *
531 *  Since this function is only called by PKIX_PL_Initialize, which should
532 *  only be called once, it is acceptable that this function is not
533 *  thread-safe.
534 */
535PKIX_Error *
536pkix_ForwardBuilderState_RegisterSelf(void *plContext)
537{
538 
539        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
540        pkix_ClassTable_Entry entry;
541 
542        PKIX_ENTER(FORWARDBUILDERSTATE,static const char cMyFuncName[] = {"pkix_ForwardBuilderState_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
543                    "pkix_ForwardBuilderState_RegisterSelf")static const char cMyFuncName[] = {"pkix_ForwardBuilderState_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
544 
545        entry.description = "ForwardBuilderState";
546        entry.objCounter = 0;
547        entry.typeObjectSize = sizeof(PKIX_ForwardBuilderState);
548        entry.destructor = pkix_ForwardBuilderState_Destroy;
549        entry.equalsFunction = NULL((void*)0);
550        entry.hashcodeFunction = NULL((void*)0);
551        entry.toStringFunction = pkix_ForwardBuilderState_ToString;
552        entry.comparator = NULL((void*)0);
553        entry.duplicateFunction = NULL((void*)0);
554 
555        systemClasses[PKIX_FORWARDBUILDERSTATE_TYPE] = entry;
556 
557        PKIX_RETURN(FORWARDBUILDERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_FORWARDBUILDERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
558}
559 
560#if PKIX_FORWARDBUILDERSTATEDEBUG
561/*
562 * FUNCTION: pkix_ForwardBuilderState_DumpState
563 *
564 * DESCRIPTION:
565 *  This function invokes the ToString function on the argument pointed to
566 *  by "state".
567 * PARAMETERS:
568 *  "state"
569 *      The address of the ForwardBuilderState object. Must be non-NULL.
570 *
571 * THREAD SAFETY:
572 *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
573 */
574PKIX_Error *
575pkix_ForwardBuilderState_DumpState(
576        PKIX_ForwardBuilderState *state,
577        void *plContext)
578{
579        PKIX_PL_String *stateString = NULL((void*)0);
580        char *stateAscii = NULL((void*)0);
581        PKIX_UInt32 length;
582 
583        PKIX_ENTER(FORWARDBUILDERSTATE,"pkix_ForwardBuilderState_DumpState")static const char cMyFuncName[] = {"pkix_ForwardBuilderState_DumpState"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
584        PKIX_NULLCHECK_ONE(state)do { if ((state) == ((void*)0)){ stdVars.aPkixErrorReceived =
 ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
585 
586        PKIX_CHECK(PKIX_PL_Object_InvalidateCachedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
 ((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
 cleanup; } } while (0)
587                ((PKIX_PL_Object *)state, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
 ((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
 cleanup; } } while (0)
588                PKIX_OBJECTINVALIDATECACHEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_InvalidateCache
 ((PKIX_PL_Object *)state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTINVALIDATECACHEFAILED; goto
 cleanup; } } while (0);
589 
590        PKIX_CHECK(PKIX_PL_Object_ToStringdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
591                ((PKIX_PL_Object*)state, &stateString, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0)
592                PKIX_OBJECTTOSTRINGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_ToString ((PKIX_PL_Object
*)state, &stateString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTTOSTRINGFAILED; goto cleanup
; } } while (0);
593 
594        PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
595                    (stateString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
596                    PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
597                    (void **)&stateAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
598                    &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
599                    plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
600                    PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (stateString
, 0, (void **)&stateAscii, &length, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
601 
602        PKIX_DEBUG_ARG("In Phase 1: state = %s\n", stateAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("In Phase 1: state = %s\n", stateAscii); } while (0);
603 
604        PKIX_FREE(stateAscii)do { if (stateAscii) { stdVars.aPkixTempResult = PKIX_PL_Free
((stateAscii), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stateAscii = ((void*)0); } } while (0);
605        PKIX_DECREF(stateString)do { if (stateString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(stateString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stateString = ((void
*)0); } } while (0);
606 
607cleanup:
608        PKIX_RETURN(FORWARDBUILDERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_FORWARDBUILDERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
609}
610#endif
611 
612/*
613 * FUNCTION: pkix_ForwardBuilderState_IsIOPending
614 * DESCRIPTION:
615 *
616 *  This function determines whether the state of the ForwardBuilderState
617 *  pointed to by "state" indicates I/O is in progress, and stores the Boolean
618 *  result at "pPending".
619 *
620 * PARAMETERS:
621 *  "state"
622 *      The address of the ForwardBuilderState object. Must be non-NULL.
623 *  "pPending"
624 *      The address at which the result is stored. Must be non-NULL.
625 *  "plContext"
626 *      Platform-specific context pointer.
627 * THREAD SAFETY:
628 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
629 * RETURNS:
630 *  Returns NULL if the function succeeds.
631 *  Returns a ForwardBuilderState Error if the function fails in a
632 *      non-fatal way.
633 *  Returns a Fatal Error if the function fails in an unrecoverable way.
634 */
635static PKIX_Error*
636pkix_ForwardBuilderState_IsIOPending(
637        PKIX_ForwardBuilderState *state,
638        PKIX_Boolean *pPending,
639        void *plContext)
640{
641        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_IsIOPending")static const char cMyFuncName[] = {"pkix_ForwardBuilderState_IsIOPending"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_FORWARDBUILDERSTATE_ERROR; ; do { if
 (pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
642        PKIX_NULLCHECK_TWO(state, pPending)do { if (((state) == ((void*)0)) || ((pPending) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
 } } while (0);
643 
644        if ((state->status == BUILD_GATHERPENDING) ||
645            (state->status == BUILD_CHECKTRUSTED2) ||
646            (state->status == BUILD_VALCHAIN2) ||
647            (state->status == BUILD_AIAPENDING)) {
648                *pPending = PKIX_TRUE((PKIX_Boolean) 1);
649        } else {
650                *pPending = PKIX_FALSE((PKIX_Boolean) 0);
651        }
652 
653        PKIX_RETURN(FORWARDBUILDERSTATE)return PKIX_DoReturn(&stdVars, (PKIX_FORWARDBUILDERSTATE_ERROR
), ((PKIX_Boolean) 1), plContext);;
654}
655 
656/* --Private-BuildChain-Functions------------------------------------------- */
657 
658/*
659 * FUNCTION: pkix_Build_SortCertComparator
660 * DESCRIPTION:
661 *
662 *  This Function takes two Certificates cast in "obj1" and "obj2",
663 *  compares them to determine which is a more preferable certificate
664 *  for chain building. This Function is suitable for use as a
665 *  comparator callback for pkix_List_BubbleSort, setting "*pResult" to
666 *  > 0 if "obj1" is less desirable than "obj2" and < 0 if "obj1"
667 *  is more desirable than "obj2".
668 *
669 * PARAMETERS:
670 *  "obj1"
671 *      Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert.
672 *      Must be non-NULL.
673 *  "obj2"
674 *      Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert.
675 *      Must be non-NULL.
676 *  "pResult"
677 *      Address where the comparison result is returned. Must be non-NULL.
678 *  "plContext"
679 *      Platform-specific context pointer.
680 * THREAD SAFETY:
681 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
682 * RETURNS:
683 *  Returns NULL if the function succeeds.
684 *  Returns a Build Error if the function fails in a non-fatal way
685 *  Returns a Fatal Error if the function fails in an unrecoverable way.
686 */
687static PKIX_Error *
688pkix_Build_SortCertComparator(
689        PKIX_PL_Object *obj1,
690        PKIX_PL_Object *obj2,
691        PKIX_Int32 *pResult,
692        void *plContext)
693{
694        PKIX_PL_Date *date1 = NULL((void*)0);
695        PKIX_PL_Date *date2 = NULL((void*)0);
696        PKIX_Int32 result = 0;
697 
698        PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator")static const char cMyFuncName[] = {"pkix_Build_SortCertComparator"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
699        PKIX_NULLCHECK_THREE(obj1, obj2, pResult)do { if (((obj1) == ((void*)0)) || ((obj2) == ((void*)0)) || (
(pResult) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
700 
701        /*
702         * For sorting candidate certificates, we use NotAfter date as the
703         * comparison key for now (can be expanded if desired in the future).
704         *
705         * In PKIX_BuildChain, the List of CertStores was reordered so that
706         * trusted CertStores are ahead of untrusted CertStores. That sort, or
707         * this one, could be taken out if it is determined that it doesn't help
708         * performance, or in some way hinders the solution of choosing desired
709         * candidates.
710         */
711 
712        PKIX_CHECK(pkix_CheckType(obj1, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(obj1, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0)
713                    PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(obj1, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0);
714        PKIX_CHECK(pkix_CheckType(obj2, PKIX_CERT_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType(obj2, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0)
715                    PKIX_OBJECTNOTCERT)do { stdVars.aPkixErrorResult = (pkix_CheckType(obj2, PKIX_CERT_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTNOTCERT; goto cleanup; } } while (0);
716 
717        PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfterdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 ((PKIX_PL_Cert *)obj1, &date1, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0)
718                ((PKIX_PL_Cert *)obj1, &date1, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 ((PKIX_PL_Cert *)obj1, &date1, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0)
719                PKIX_CERTGETVALIDITYNOTAFTERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 ((PKIX_PL_Cert *)obj1, &date1, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0);
720 
721        PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfterdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 ((PKIX_PL_Cert *)obj2, &date2, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0)
722                ((PKIX_PL_Cert *)obj2, &date2, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 ((PKIX_PL_Cert *)obj2, &date2, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0)
723                PKIX_CERTGETVALIDITYNOTAFTERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 ((PKIX_PL_Cert *)obj2, &date2, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0);
724        
725        PKIX_CHECK(PKIX_PL_Object_Comparedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)date1, (PKIX_PL_Object *)date2, &result, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED
; goto cleanup; } } while (0)
726                ((PKIX_PL_Object *)date1,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)date1, (PKIX_PL_Object *)date2, &result, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED
; goto cleanup; } } while (0)
727                (PKIX_PL_Object *)date2,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)date1, (PKIX_PL_Object *)date2, &result, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED
; goto cleanup; } } while (0)
728                &result,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)date1, (PKIX_PL_Object *)date2, &result, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED
; goto cleanup; } } while (0)
729                plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)date1, (PKIX_PL_Object *)date2, &result, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED
; goto cleanup; } } while (0)
730                PKIX_OBJECTCOMPARATORFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)date1, (PKIX_PL_Object *)date2, &result, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED
; goto cleanup; } } while (0);
731 
732        /*
733         * Invert the result, so that if date1 is greater than date2,
734         * obj1 is sorted before obj2. This is because pkix_List_BubbleSort
735         * sorts in ascending order.
736         */
737        *pResult = -result;
738 
739cleanup:
740 
741        PKIX_DECREF(date1)do { if (date1){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(date1), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } date1 = ((void*)0)
; } } while (0);
742        PKIX_DECREF(date2)do { if (date2){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(date2), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } date2 = ((void*)0)
; } } while (0);
743 
744        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
745}
746 
747/* This local error check macro */
748#define ERROR_CHECK(errCode)if (stdVars.aPkixErrorResult) { if (pkixLog) { do { if (((pkixLog
)->level >= (PR_LOG_DEBUG))) { PR_LogPrint ("====> ERROR_CHECK code %s\n"
, "errCode"); } } while (0); } stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } if (verifyNode) { do { if (verifyNode->
error){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object
 *)(verifyNode->error), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode->error
 = ((void*)0); } } while (0); do { if (stdVars.aPkixErrorResult
){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object
 *)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0); verifyNode->error = stdVars.aPkixErrorResult; } stdVars
.aPkixErrorCode = errCode; goto cleanup; } \
749    if (pkixErrorResultstdVars.aPkixErrorResult) { \
750        if (pkixLog) { \
751            PR_LOG(pkixLog, PR_LOG_DEBUG, ("====> ERROR_CHECK code %s\n", #errCode))do { if (((pkixLog)->level >= (PR_LOG_DEBUG))) { PR_LogPrint
 ("====> ERROR_CHECK code %s\n", #errCode); } } while (0); \
752        } \
753        pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_TRUE((PKIX_Boolean) 1); \
754        pkixErrorClassstdVars.aPkixErrorClass = pkixErrorResultstdVars.aPkixErrorResult->errClass; \
755        if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { \
756            goto cleanup; \
757        } \
758        if (verifyNode) { \
759            PKIX_DECREF(verifyNode->error)do { if (verifyNode->error){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode->error), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } verifyNode
->error = ((void*)0); } } while (0); \
760            PKIX_INCREF(pkixErrorResult)do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0); \
761            verifyNode->error = pkixErrorResultstdVars.aPkixErrorResult; \
762        } \
763        pkixErrorCodestdVars.aPkixErrorCode = errCode; \
764        goto cleanup; \
765    }
766 
767/*
768 * FUNCTION: pkix_Build_VerifyCertificate
769 * DESCRIPTION:
770 *
771 *  Checks whether the previous Cert stored in the ForwardBuilderState pointed
772 *  to by "state" successfully chains, including signature verification, to the
773 *  candidate Cert also stored in "state", using the Boolean value in "trusted"
774 *  to determine whether "candidateCert" is trusted.
775 *
776 *  First it checks whether "candidateCert" has already been traversed by
777 *  determining whether it is contained in the List of traversed Certs. It then
778 *  checks the candidate Cert with user checkers, if any, in the List pointed to
779 *  by "userCheckers". Finally, it runs the signature validation.
780 *
781 *  If this Certificate fails verification, and state->verifyNode is non-NULL,
782 *  this function sets the Error code into the verifyNode.
783 *
784 * PARAMETERS:
785 *  "state"
786 *      Address of ForwardBuilderState to be used. Must be non-NULL.
787 *  "userCheckers"
788 *      Address of a List of CertChainCheckers to be used, if present, to
789 *      validate the candidateCert.
790 *  "trusted"
791 *      Boolean value of trust for the candidate Cert
792 *  "plContext"
793 *      Platform-specific context pointer.
794 * THREAD SAFETY:
795 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
796 * RETURNS:
797 *  Returns NULL if the function succeeds.
798 *  Returns a Build Error if the function fails in a non-fatal way
799 *  Returns a Fatal Error if the function fails in an unrecoverable way.
800 */
801static PKIX_Error *
802pkix_Build_VerifyCertificate(
803        PKIX_ForwardBuilderState *state,
804        PKIX_List *userCheckers,
805        PKIX_Boolean *pTrusted,
806        PKIX_VerifyNode *verifyNode,
807        void *plContext)
808{
809        PKIX_UInt32 numUserCheckers = 0;
810        PKIX_UInt32 i = 0;
811        PKIX_Boolean loopFound = PKIX_FALSE((PKIX_Boolean) 0);
812        PKIX_Boolean supportForwardChecking = PKIX_FALSE((PKIX_Boolean) 0);
813        PKIX_Boolean trusted = PKIX_FALSE((PKIX_Boolean) 0);
814        PKIX_PL_Cert *candidateCert = NULL((void*)0);
815        PKIX_PL_PublicKey *candidatePubKey = NULL((void*)0);
816        PKIX_CertChainChecker *userChecker = NULL((void*)0);
817        PKIX_CertChainChecker_CheckCallback checkerCheck = NULL((void*)0);
818        PKIX_PL_TrustAnchorMode trustAnchorMode =
819                PKIX_PL_TrustAnchorMode_Ignore;
820        void *nbioContext = NULL((void*)0);
821        
822        PKIX_ENTER(BUILD, "pkix_Build_VerifyCertificate")static const char cMyFuncName[] = {"pkix_Build_VerifyCertificate"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
823        PKIX_NULLCHECK_TWO(state, pTrusted)do { if (((state) == ((void*)0)) || ((pTrusted) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
 } } while (0);
824        PKIX_NULLCHECK_THREEdo { if (((state->candidateCerts) == ((void*)0)) || ((state
->prevCert) == ((void*)0)) || ((state->trustChain) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
 stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0)
825                (state->candidateCerts, state->prevCert, state->trustChain)do { if (((state->candidateCerts) == ((void*)0)) || ((state
->prevCert) == ((void*)0)) || ((state->trustChain) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
 stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
826 
827        PKIX_INCREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
828        candidateCert = state->candidateCert;
829 
830        if (state->buildConstants.numAnchors) {
831            if (state->buildConstants.trustOnlyUserAnchors) {
832                trustAnchorMode = PKIX_PL_TrustAnchorMode_Exclusive;
833            } else {
834                trustAnchorMode = PKIX_PL_TrustAnchorMode_Additive;
835            }
836        } else {
837            trustAnchorMode = PKIX_PL_TrustAnchorMode_Ignore;
838        }
839 
840        PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(candidateCert
, trustAnchorMode, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0)
841            PKIX_PL_Cert_IsCertTrusted(candidateCert, trustAnchorMode,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(candidateCert
, trustAnchorMode, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0)
842                                       &trusted, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(candidateCert
, trustAnchorMode, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0)
843            PKIX_CERTISCERTTRUSTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(candidateCert
, trustAnchorMode, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0);
844 
845        *pTrusted = trusted;
846 
847        /* check for loops */
848        PKIX_CHECK(pkix_List_Containsdo { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
trustChain, (PKIX_PL_Object *)candidateCert, &loopFound, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
849                (state->trustChain,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
trustChain, (PKIX_PL_Object *)candidateCert, &loopFound, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
850                (PKIX_PL_Object *)candidateCert,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
trustChain, (PKIX_PL_Object *)candidateCert, &loopFound, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
851                &loopFound,do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
trustChain, (PKIX_PL_Object *)candidateCert, &loopFound, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
852                plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
trustChain, (PKIX_PL_Object *)candidateCert, &loopFound, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0)
853                PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains (state->
trustChain, (PKIX_PL_Object *)candidateCert, &loopFound, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCONTAINSFAILED; goto cleanup; } } while (0);
854 
855        if (loopFound) {
856                if (verifyNode != NULL((void*)0)) {
857                        PKIX_Error *verifyError = NULL((void*)0);
858                        PKIX_ERROR_CREATE{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
859                                (BUILD,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
860                                PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
861                                verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } };
862                        PKIX_DECREF(verifyNode->error)do { if (verifyNode->error){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode->error), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } verifyNode
->error = ((void*)0); } } while (0);
863                        verifyNode->error = verifyError;
864                }
865                /* Even if error logged, still need to abort
866                 * if cert is not trusted. */
867                if (!trusted) {
868                        PKIX_ERROR(PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED, ((void*)0), stdVars.
aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED
; goto cleanup; };
869                }
870                state->certLoopingDetected = PKIX_TRUE((PKIX_Boolean) 1);
871        }
872 
873        if (userCheckers != NULL((void*)0)) {
874 
875                PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
876                    (userCheckers, &numUserCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
877                    PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
878 
879                for (i = 0; i < numUserCheckers; i++) {
880 
881                    PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
882                        (userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
883                        i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
884                        (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
885                        plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
886                        PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
887 
888                    PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
889                        (PKIX_CertChainChecker_IsForwardCheckingSupporteddo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
890                        (userChecker, &supportForwardChecking, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
891                        PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0);
892 
893                    if (supportForwardChecking == PKIX_TRUE((PKIX_Boolean) 1)) {
894 
895                        PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback
 (userChecker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED
; goto cleanup; } } while (0)
896                            (userChecker, &checkerCheck, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback
 (userChecker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED
; goto cleanup; } } while (0)
897                            PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback
 (userChecker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED
; goto cleanup; } } while (0);
898 
899                        pkixErrorResultstdVars.aPkixErrorResult =
900                            checkerCheck(userChecker, candidateCert, NULL((void*)0),
901                                         &nbioContext, plContext);
902 
903                        ERROR_CHECK(PKIX_USERCHECKERCHECKFAILED)if (stdVars.aPkixErrorResult) { if (pkixLog) { do { if (((pkixLog
)->level >= (PR_LOG_DEBUG))) { PR_LogPrint ("====> ERROR_CHECK code %s\n"
, "PKIX_USERCHECKERCHECKFAILED"); } } while (0); } stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } if (verifyNode) { do { if (verifyNode->
error){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object
 *)(verifyNode->error), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode->error
 = ((void*)0); } } while (0); do { if (stdVars.aPkixErrorResult
){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object
 *)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0); verifyNode->error = stdVars.aPkixErrorResult; } stdVars
.aPkixErrorCode = PKIX_USERCHECKERCHECKFAILED; goto cleanup; };
904                    }
905 
906                    PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
907                }
908        }
909 
910        /* Check that public key of the trusted dsa cert has
911         * dsa parameters */
912        if (trusted) {
913            PKIX_Boolean paramsNeeded = PKIX_FALSE((PKIX_Boolean) 0);
914            PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (candidateCert, &candidatePubKey, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
915                       (candidateCert, &candidatePubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (candidateCert, &candidatePubKey, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
916                       PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (candidateCert, &candidatePubKey, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0);
917            PKIX_CHECK(PKIX_PL_PublicKey_NeedsDSAParametersdo { stdVars.aPkixErrorResult = (PKIX_PL_PublicKey_NeedsDSAParameters
 (candidatePubKey, &paramsNeeded, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYNEEDSDSAPARAMETERSFAILED
; goto cleanup; } } while (0)
918                       (candidatePubKey, &paramsNeeded, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_PublicKey_NeedsDSAParameters
 (candidatePubKey, &paramsNeeded, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYNEEDSDSAPARAMETERSFAILED
; goto cleanup; } } while (0)
919                       PKIX_PUBLICKEYNEEDSDSAPARAMETERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_PublicKey_NeedsDSAParameters
 (candidatePubKey, &paramsNeeded, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PUBLICKEYNEEDSDSAPARAMETERSFAILED
; goto cleanup; } } while (0);
920            if (paramsNeeded) {
921                PKIX_ERROR(PKIX_MISSINGDSAPARAMETERS){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_MISSINGDSAPARAMETERS, ((void*)0), stdVars.aPkixType, 2
, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_MISSINGDSAPARAMETERS; goto
 cleanup; };
922            }
923        }
924 
925cleanup:
926        PKIX_DECREF(candidateCert)do { if (candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(candidateCert), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } candidateCert
 = ((void*)0); } } while (0);
927        PKIX_DECREF(candidatePubKey)do { if (candidatePubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(candidatePubKey), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } candidatePubKey
 = ((void*)0); } } while (0);
928        PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
929 
930        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
931}
932 
933/*
934 * FUNCTION: pkix_Build_ValidationCheckers
935 * DESCRIPTION:
936 *
937 *  Creates a List of Objects to be used in determining whether the List of
938 *  Certs pointed to by "certChain" successfully validates using the
939 *  ForwardBuilderState pointed to by "state", and the TrustAnchor pointed to by
940 *  "anchor". These objects are a reversed Cert Chain, consisting of the certs
941 *  in "certChain" in reversed order, suitable for presenting to the
942 *  CertChainCheckers; a List of critical extension OIDS that have already been
943 *  processed in forward building; a List of CertChainCheckers to be called, and
944 *  a List of RevocationCheckers to be called. These results are stored in
945 *  fields of "state".
946 *
947 * PARAMETERS:
948 *  "state"
949 *      Address of ForwardBuilderState to be used. Must be non-NULL.
950 *  "certChain"
951 *      Address of List of Certs to be validated. Must be non-NULL.
952 *  "anchor"
953 *      Address of TrustAnchor to be used. Must be non-NULL.
954 *  "addEkuChecker"
955 *      Boolean flags that tells to add eku checker to the list
956 *      of checkers. Only needs to be done for existing chain revalidation.
957 *  "plContext"
958 *      Platform-specific context pointer.
959 * THREAD SAFETY:
960 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
961 * RETURNS:
962 *  Returns NULL if the function succeeds.
963 *  Returns a Build Error if the function fails in a non-fatal way
964 *  Returns a Fatal Error if the function fails in an unrecoverable way.
965 */
966static PKIX_Error *
967pkix_Build_ValidationCheckers(
968        PKIX_ForwardBuilderState *state,
969        PKIX_List *certChain,
970        PKIX_TrustAnchor *anchor,
971        PKIX_Boolean chainRevalidationStage,
972        void *plContext)
973{
974        PKIX_List *checkers = NULL((void*)0);
975        PKIX_List *initialPolicies = NULL((void*)0);
976        PKIX_List *reversedCertChain = NULL((void*)0);
977        PKIX_List *buildCheckedCritExtOIDsList = NULL((void*)0);
978        PKIX_ProcessingParams *procParams = NULL((void*)0);
979        PKIX_PL_Cert *trustedCert = NULL((void*)0);
980        PKIX_PL_PublicKey *trustedPubKey = NULL((void*)0);
981        PKIX_PL_CertNameConstraints *trustedNC = NULL((void*)0);
982        PKIX_CertChainChecker *sigChecker = NULL((void*)0);
983        PKIX_CertChainChecker *policyChecker = NULL((void*)0);
984        PKIX_CertChainChecker *userChecker = NULL((void*)0);
985        PKIX_CertChainChecker *nameConstraintsChecker = NULL((void*)0);
986        PKIX_CertChainChecker *checker = NULL((void*)0);
987        PKIX_CertSelector *certSelector = NULL((void*)0);
988        PKIX_List *userCheckerExtOIDs = NULL((void*)0);
989        PKIX_PL_OID *oid = NULL((void*)0);
990        PKIX_Boolean supportForwardChecking = PKIX_FALSE((PKIX_Boolean) 0);
991        PKIX_Boolean policyQualifiersRejected = PKIX_FALSE((PKIX_Boolean) 0);
992        PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE((PKIX_Boolean) 0);
993        PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE((PKIX_Boolean) 0);
994        PKIX_Boolean initialExplicitPolicy = PKIX_FALSE((PKIX_Boolean) 0);
995        PKIX_UInt32 numChainCerts;
996        PKIX_UInt32 numCertCheckers;
997        PKIX_UInt32 i;
998 
999        PKIX_ENTER(BUILD, "pkix_Build_ValidationCheckers")static const char cMyFuncName[] = {"pkix_Build_ValidationCheckers"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1000        PKIX_NULLCHECK_THREE(state, certChain, anchor)do { if (((state) == ((void*)0)) || ((certChain) == ((void*)0
)) || ((anchor) == ((void*)0))){ stdVars.aPkixErrorReceived =
 ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1001 
1002        PKIX_CHECK(PKIX_List_Create(&checkers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&checkers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1003                PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&checkers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1004 
1005        PKIX_CHECK(PKIX_List_ReverseListdo { stdVars.aPkixErrorResult = (PKIX_List_ReverseList (certChain
, &reversedCertChain, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREVERSELISTFAILED; goto cleanup
; } } while (0)
1006                (certChain, &reversedCertChain, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_ReverseList (certChain
, &reversedCertChain, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREVERSELISTFAILED; goto cleanup
; } } while (0)
1007                PKIX_LISTREVERSELISTFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_ReverseList (certChain
, &reversedCertChain, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREVERSELISTFAILED; goto cleanup
; } } while (0);
1008 
1009        PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (reversedCertChain
, &numChainCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1010                (reversedCertChain, &numChainCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (reversedCertChain
, &numChainCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1011                PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (reversedCertChain
, &numChainCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1012 
1013        procParams = state->buildConstants.procParams;
1014 
1015        /* Do need to add a number of checker to revalidate
1016         * a built chain. KU, EKU, CertType and Validity Date
1017         * get checked by certificate selector during chain
1018         * construction, but needed to be checked for chain from
1019         * the cache.*/
1020        if (chainRevalidationStage) {
1021            PKIX_CHECK(pkix_ExpirationChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize
 (state->buildConstants.testDate, &checker, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1022                       (state->buildConstants.testDate, &checker, plContext),do { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize
 (state->buildConstants.testDate, &checker, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1023                       PKIX_EXPIRATIONCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize
 (state->buildConstants.testDate, &checker, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
1024            PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)checker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1025                       (checkers, (PKIX_PL_Object *)checker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)checker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1026                       PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)checker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1027            PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
1028            
1029            PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0)
1030                       (procParams, &certSelector, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0)
1031                    PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0);
1032 
1033            PKIX_CHECK(pkix_TargetCertChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize
 (certSelector, numChainCerts, &checker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1034                       (certSelector, numChainCerts, &checker, plContext),do { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize
 (certSelector, numChainCerts, &checker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1035                       PKIX_EXPIRATIONCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize
 (certSelector, numChainCerts, &checker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
1036            PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)checker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1037                       (checkers, (PKIX_PL_Object *)checker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)checker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1038                       PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)checker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1039            PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
1040        }
1041 
1042        PKIX_CHECK(PKIX_ProcessingParams_GetInitialPoliciesdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies
 (procParams, &initialPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED
; goto cleanup; } } while (0)
1043                (procParams, &initialPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies
 (procParams, &initialPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED
; goto cleanup; } } while (0)
1044                PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies
 (procParams, &initialPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED
; goto cleanup; } } while (0);
1045 
1046        PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejecteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected
 (procParams, &policyQualifiersRejected, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED
; goto cleanup; } } while (0)
1047                (procParams, &policyQualifiersRejected, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected
 (procParams, &policyQualifiersRejected, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED
; goto cleanup; } } while (0)
1048                PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected
 (procParams, &policyQualifiersRejected, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED
; goto cleanup; } } while (0);
1049 
1050        PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibiteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited
 (procParams, &initialPolicyMappingInhibit, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
1051                (procParams, &initialPolicyMappingInhibit, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited
 (procParams, &initialPolicyMappingInhibit, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
1052                PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited
 (procParams, &initialPolicyMappingInhibit, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0);
1053 
1054        PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibiteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited
 (procParams, &initialAnyPolicyInhibit, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED
; goto cleanup; } } while (0)
1055                (procParams, &initialAnyPolicyInhibit, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited
 (procParams, &initialAnyPolicyInhibit, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED
; goto cleanup; } } while (0)
1056                PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited
 (procParams, &initialAnyPolicyInhibit, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED
; goto cleanup; } } while (0);
1057 
1058        PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequireddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired
 (procParams, &initialExplicitPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED
; goto cleanup; } } while (0)
1059                (procParams, &initialExplicitPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired
 (procParams, &initialExplicitPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED
; goto cleanup; } } while (0)
1060                PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired
 (procParams, &initialExplicitPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED
; goto cleanup; } } while (0);
1061 
1062        PKIX_CHECK(pkix_PolicyChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1063                (initialPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1064                policyQualifiersRejected,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1065                initialPolicyMappingInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1066                initialExplicitPolicy,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1067                initialAnyPolicyInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1068                numChainCerts,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1069                &policyChecker,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1070                plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1071                PKIX_POLICYCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
 (initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numChainCerts
, &policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
1072 
1073        PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1074                (checkers, (PKIX_PL_Object *)policyChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1075                PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1076 
1077        /*
1078         * Create an OID list that contains critical extensions processed
1079         * by BuildChain. These are specified in a static const array.
1080         */
1081        PKIX_CHECK(PKIX_List_Create(&buildCheckedCritExtOIDsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&buildCheckedCritExtOIDsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1082                PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&buildCheckedCritExtOIDsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1083 
1084        for (i = 0; buildCheckedCritExtOIDs[i] != PKIX_UNKNOWN_OIDSEC_OID_UNKNOWN; i++) {
1085                PKIX_CHECK(PKIX_PL_OID_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (buildCheckedCritExtOIDs
[i], &oid, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while
 (0)
1086                        (buildCheckedCritExtOIDs[i], &oid, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (buildCheckedCritExtOIDs
[i], &oid, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while
 (0)
1087                        PKIX_OIDCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_OID_Create (buildCheckedCritExtOIDs
[i], &oid, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_OIDCREATEFAILED; goto cleanup; } } while
 (0);
1088 
1089                PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (buildCheckedCritExtOIDsList
, (PKIX_PL_Object *) oid, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1090                        (buildCheckedCritExtOIDsList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (buildCheckedCritExtOIDsList
, (PKIX_PL_Object *) oid, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1091                        (PKIX_PL_Object *) oid,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (buildCheckedCritExtOIDsList
, (PKIX_PL_Object *) oid, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1092                        plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (buildCheckedCritExtOIDsList
, (PKIX_PL_Object *) oid, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1093                        PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (buildCheckedCritExtOIDsList
, (PKIX_PL_Object *) oid, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1094 
1095                PKIX_DECREF(oid)do { if (oid){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(oid), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } oid = ((void*)0); }
 } while (0);
1096        }
1097 
1098        if (state->buildConstants.userCheckers != NULL((void*)0)) {
1099 
1100                PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
buildConstants.userCheckers, &numCertCheckers, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1101                        (state->buildConstants.userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
buildConstants.userCheckers, &numCertCheckers, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1102                        &numCertCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
buildConstants.userCheckers, &numCertCheckers, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1103                        plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
buildConstants.userCheckers, &numCertCheckers, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1104                        PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
buildConstants.userCheckers, &numCertCheckers, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0);
1105 
1106                for (i = 0; i < numCertCheckers; i++) {
1107 
1108                        PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.userCheckers, i, (PKIX_PL_Object **) &userChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1109                            (state->buildConstants.userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.userCheckers, i, (PKIX_PL_Object **) &userChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1110                            i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.userCheckers, i, (PKIX_PL_Object **) &userChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1111                            (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.userCheckers, i, (PKIX_PL_Object **) &userChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1112                            plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.userCheckers, i, (PKIX_PL_Object **) &userChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
1113                            PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.userCheckers, i, (PKIX_PL_Object **) &userChecker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0);
1114 
1115                        PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1116                            (PKIX_CertChainChecker_IsForwardCheckingSupporteddo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1117                            (userChecker, &supportForwardChecking, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1118                            PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
 (userChecker, &supportForwardChecking, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0);
1119 
1120                        /*
1121                         * If this userChecker supports forwardChecking then it
1122                         * should have been checked during build chain. Skip
1123                         * checking but need to add checker's extension OIDs
1124                         * to buildCheckedCritExtOIDsList.
1125                         */
1126                        if (supportForwardChecking == PKIX_TRUE((PKIX_Boolean) 1)) {
1127 
1128                          PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
 (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1129                            (PKIX_CertChainChecker_GetSupportedExtensionsdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
 (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1130                            (userChecker, &userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
 (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1131                            PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
 (userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0);
1132 
1133                          if (userCheckerExtOIDs != NULL((void*)0)) {
1134                            PKIX_CHECK(pkix_List_AppendListdo { stdVars.aPkixErrorResult = (pkix_List_AppendList (buildCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1135                                (buildCheckedCritExtOIDsList,do { stdVars.aPkixErrorResult = (pkix_List_AppendList (buildCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1136                                userCheckerExtOIDs,do { stdVars.aPkixErrorResult = (pkix_List_AppendList (buildCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1137                                plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendList (buildCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1138                                PKIX_LISTAPPENDLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendList (buildCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0);
1139                          }
1140 
1141                        } else {
1142                            PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1143                                (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1144                                (PKIX_PL_Object *)userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1145                                plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1146                                PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1147                        }
1148 
1149                        PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs
 = ((void*)0); } } while (0);
1150                        PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
1151                }
1152        }
1153 
1154        /* Enabling post chain building signature check on the certs. */
1155        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
1156                   (anchor, &trustedCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
1157                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0);
1158        
1159        PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
1160                   (trustedCert, &trustedPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
1161                   PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0);
1162        
1163        PKIX_CHECK(pkix_SignatureChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
 (trustedPubKey, numChainCerts, &sigChecker, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1164                   (trustedPubKey,do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
 (trustedPubKey, numChainCerts, &sigChecker, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1165                    numChainCerts,do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
 (trustedPubKey, numChainCerts, &sigChecker, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1166                    &sigChecker,do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
 (trustedPubKey, numChainCerts, &sigChecker, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1167                    plContext),do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
 (trustedPubKey, numChainCerts, &sigChecker, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
1168                   PKIX_SIGNATURECHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
 (trustedPubKey, numChainCerts, &sigChecker, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
1169        
1170        PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1171                   (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1172                    (PKIX_PL_Object *)sigChecker,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1173                    plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1174                   PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1175 
1176        /* Enabling post chain building name constraints check on the certs. */
1177        PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraintsdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints
 (anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED
; goto cleanup; } } while (0)
1178                  (anchor, &trustedNC, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints
 (anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED
; goto cleanup; } } while (0)
1179                  PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints
 (anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED
; goto cleanup; } } while (0);
1180 
1181        PKIX_CHECK(pkix_NameConstraintsChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
 (trustedNC, numChainCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
 } } while (0)
1182                  (trustedNC, numChainCerts, &nameConstraintsChecker,do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
 (trustedNC, numChainCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
 } } while (0)
1183                   plContext),do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
 (trustedNC, numChainCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
 } } while (0)
1184                  PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
 (trustedNC, numChainCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
 } } while (0);
1185 
1186        PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1187                  (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1188                   (PKIX_PL_Object *)nameConstraintsChecker,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1189                   plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
1190                  PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
1191 
1192 
1193        PKIX_DECREF(state->reversedCertChain)do { if (state->reversedCertChain){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->reversedCertChain
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->reversedCertChain = ((void*)0); } }
 while (0);
1194        PKIX_INCREF(reversedCertChain)do { if (reversedCertChain){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(reversedCertChain), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
1195        state->reversedCertChain = reversedCertChain;
1196        PKIX_DECREF(state->checkedCritExtOIDs)do { if (state->checkedCritExtOIDs){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->checkedCritExtOIDs
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->checkedCritExtOIDs = ((void*)0); }
 } while (0);
1197        PKIX_INCREF(buildCheckedCritExtOIDsList)do { if (buildCheckedCritExtOIDsList){ stdVars.aPkixTempResult
 = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildCheckedCritExtOIDsList
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
1198        state->checkedCritExtOIDs = buildCheckedCritExtOIDsList;
1199        PKIX_DECREF(state->checkerChain)do { if (state->checkerChain){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->checkerChain), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->checkerChain = ((void*)0); } } while (0);
1200        state->checkerChain = checkers;
1201        checkers = NULL((void*)0);
1202        state->certCheckedIndex = 0;
1203        state->checkerIndex = 0;
1204        state->revChecking = PKIX_FALSE((PKIX_Boolean) 0);
1205 
1206 
1207cleanup:
1208 
1209        PKIX_DECREF(oid)do { if (oid){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(oid), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } oid = ((void*)0); }
 } while (0);
1210        PKIX_DECREF(reversedCertChain)do { if (reversedCertChain){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(reversedCertChain), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } reversedCertChain
 = ((void*)0); } } while (0);
1211        PKIX_DECREF(buildCheckedCritExtOIDsList)do { if (buildCheckedCritExtOIDsList){ stdVars.aPkixTempResult
 = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(buildCheckedCritExtOIDsList
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } buildCheckedCritExtOIDsList = ((void*)0); } }
 while (0);
1212        PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
1213        PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void*
)0); } } while (0);
1214        PKIX_DECREF(initialPolicies)do { if (initialPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(initialPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } initialPolicies
 = ((void*)0); } } while (0);
1215        PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
1216        PKIX_DECREF(trustedPubKey)do { if (trustedPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedPubKey), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } trustedPubKey
 = ((void*)0); } } while (0);
1217        PKIX_DECREF(certSelector)do { if (certSelector){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSelector), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSelector = ((void
*)0); } } while (0);
1218        PKIX_DECREF(sigChecker)do { if (sigChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(sigChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } sigChecker = ((void
*)0); } } while (0);
1219        PKIX_DECREF(trustedNC)do { if (trustedNC){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedNC), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedNC = ((void
*)0); } } while (0);
1220        PKIX_DECREF(nameConstraintsChecker)do { if (nameConstraintsChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(nameConstraintsChecker), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } nameConstraintsChecker = ((void*)0); } } while (0);
1221        PKIX_DECREF(policyChecker)do { if (policyChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(policyChecker), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyChecker
 = ((void*)0); } } while (0);
1222        PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
1223        PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs
 = ((void*)0); } } while (0);
1224 
1225        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1226}
1227 
1228/*
1229 * FUNCTION: pkix_Build_ValidateEntireChain
1230 * DESCRIPTION:
1231 *
1232 *  Checks whether the current List of Certs successfully validates using the 
1233 *  TrustAnchor pointed to by "anchor" and other parameters contained, as was
1234 *  the Cert List, in "state".
1235 *
1236 *  If a checker using non-blocking I/O returns with a non-NULL non-blocking I/O
1237 *  context (NBIOContext), an indication that I/O is in progress and the
1238 *  checking has not been completed, this function stores that context at
1239 *  "pNBIOContext". Otherwise, it stores NULL at "pNBIOContext".
1240 *
1241 *  If not awaiting I/O and if successful, a ValidateResult is created
1242 *  containing the Public Key of the target certificate (including DSA parameter
1243 *  inheritance, if any) and the PolicyNode representing the policy tree output
1244 *  by the validation algorithm.  If not successful, an Error pointer is
1245 *  returned.
1246 *
1247 * PARAMETERS:
1248 *  "state"
1249 *      Address of ForwardBuilderState to be used. Must be non-NULL.
1250 *  "anchor"
1251 *      Address of TrustAnchor to be used. Must be non-NULL.
1252 *  "pNBIOContext"
1253 *      Address at which the NBIOContext is stored indicating whether the
1254 *      validation is complete. Must be non-NULL.
1255 *  "pValResult"
1256 *      Address at which the ValidateResult is stored. Must be non-NULL.
1257 *  "plContext"
1258 *      Platform-specific context pointer.
1259 * THREAD SAFETY:
1260 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1261 * RETURNS:
1262 *  Returns NULL if the function succeeds.
1263 *  Returns a Build Error if the function fails in a non-fatal way
1264 *  Returns a Fatal Error if the function fails in an unrecoverable way.
1265 */
1266static PKIX_Error *
1267pkix_Build_ValidateEntireChain(
1268        PKIX_ForwardBuilderState *state,
1269        PKIX_TrustAnchor *anchor,
1270        void **pNBIOContext,
1271        PKIX_ValidateResult **pValResult,
1272        PKIX_VerifyNode *verifyNode,
1273        void *plContext)
1274{
1275        PKIX_UInt32 numChainCerts = 0;
1276        PKIX_PL_PublicKey *subjPubKey = NULL((void*)0);
1277        PKIX_PolicyNode *policyTree = NULL((void*)0);
1278        PKIX_ValidateResult *valResult = NULL((void*)0);
1279        void *nbioContext = NULL((void*)0);
1280 
1281        PKIX_ENTER(BUILD, "pkix_Build_ValidateEntireChain")static const char cMyFuncName[] = {"pkix_Build_ValidateEntireChain"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1282        PKIX_NULLCHECK_FOUR(state, anchor, pNBIOContext, pValResult)do { if (((state) == ((void*)0)) || ((anchor) == ((void*)0)) ||
 ((pNBIOContext) == ((void*)0)) || ((pValResult) == ((void*)0
))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
 } } while (0);
1283 
1284        *pNBIOContext = NULL((void*)0); /* prepare for case of error exit */
1285 
1286        PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
reversedCertChain, &numChainCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1287                (state->reversedCertChain, &numChainCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
reversedCertChain, &numChainCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1288                PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
reversedCertChain, &numChainCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0);
1289 
1290        pkixErrorResultstdVars.aPkixErrorResult =
1291            pkix_CheckChain(state->reversedCertChain, numChainCerts, anchor,
1292                            state->checkerChain,
1293                            state->buildConstants.revChecker,
1294                            state->checkedCritExtOIDs,
1295                            state->buildConstants.procParams,
1296                            &state->certCheckedIndex, &state->checkerIndex,
1297                            &state->revChecking, &state->reasonCode,
1298                            &nbioContext, &subjPubKey, &policyTree, NULL((void*)0),
1299                            plContext);
1300 
1301        if (nbioContext != NULL((void*)0)) {
1302                *pNBIOContext = nbioContext;
1303                goto cleanup;
1304        }
1305 
1306        ERROR_CHECK(PKIX_CHECKCHAINFAILED)if (stdVars.aPkixErrorResult) { if (pkixLog) { do { if (((pkixLog
)->level >= (PR_LOG_DEBUG))) { PR_LogPrint ("====> ERROR_CHECK code %s\n"
, "PKIX_CHECKCHAINFAILED"); } } while (0); } stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } if (verifyNode) { do { if (verifyNode->
error){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object
 *)(verifyNode->error), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode->error
 = ((void*)0); } } while (0); do { if (stdVars.aPkixErrorResult
){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef ((PKIX_PL_Object
 *)(stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0); verifyNode->error = stdVars.aPkixErrorResult; } stdVars
.aPkixErrorCode = PKIX_CHECKCHAINFAILED; goto cleanup; };
1307 
1308        /* XXX Remove this assertion after 2014-12-31. See bug 946984. */
1309        PORT_Assert(state->reasonCode == 0)((state->reasonCode == 0)?((void)0):PR_Assert("state->reasonCode == 0"
,"pkix_build.c",1309));
1310 
1311        PKIX_CHECK(pkix_ValidateResult_Createdo { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
subjPubKey, anchor, policyTree, &valResult, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED
; goto cleanup; } } while (0)
1312                (subjPubKey, anchor, policyTree, &valResult, plContext),do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
subjPubKey, anchor, policyTree, &valResult, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED
; goto cleanup; } } while (0)
1313                PKIX_VALIDATERESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
subjPubKey, anchor, policyTree, &valResult, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTCREATEFAILED
; goto cleanup; } } while (0);
1314 
1315        *pValResult = valResult;
1316        valResult = NULL((void*)0);
1317 
1318cleanup:
1319        PKIX_DECREF(subjPubKey)do { if (subjPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(subjPubKey), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjPubKey = ((void
*)0); } } while (0);
1320        PKIX_DECREF(policyTree)do { if (policyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(policyTree), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } policyTree = ((void
*)0); } } while (0);
1321        PKIX_DECREF(valResult)do { if (valResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(valResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } valResult = ((void
*)0); } } while (0);
1322 
1323        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1324}
1325 
1326/*
1327 * FUNCTION: pkix_Build_SortCandidateCerts
1328 * DESCRIPTION:
1329 *
1330 *  This function sorts a List of candidate Certs pointed to by "candidates"
1331 *  using an algorithm that places Certs most likely to produce a successful
1332 *  chain at the front of the list, storing the resulting sorted List at
1333 *  "pSortedCandidates".
1334 *
1335 *  At present the only sort criterion is that trusted Certs go ahead of
1336 *  untrusted Certs.
1337 *
1338 * PARAMETERS:
1339 *  "candidates"
1340 *      Address of List of Candidate Certs to be sorted. Must be non-NULL.
1341 *  "pSortedCandidates"
1342 *      Address at which sorted List is stored. Must be non-NULL.
1343 *  "plContext"
1344 *      Platform-specific context pointer.
1345 * THREAD SAFETY:
1346 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1347 * RETURNS:
1348 *  Returns NULL if the function succeeds.
1349 *  Returns a Build Error if the function fails in a non-fatal way
1350 *  Returns a Fatal Error if the function fails in an unrecoverable way.
1351 */
1352static PKIX_Error *
1353pkix_Build_SortCandidateCerts(
1354        PKIX_List *candidates,
1355        PKIX_List **pSortedCandidates,
1356        void *plContext)
1357{
1358        PKIX_List *sortedList = NULL((void*)0);
1359 
1360        PKIX_ENTER(BUILD, "pkix_Build_SortCandidateCerts")static const char cMyFuncName[] = {"pkix_Build_SortCandidateCerts"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1361        PKIX_NULLCHECK_TWO(candidates, pSortedCandidates)do { if (((candidates) == ((void*)0)) || ((pSortedCandidates)
 == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1362 
1363        /*
1364         * Both bubble and quick sort algorithms are available.
1365         * For a list of fewer than around 100 items, the bubble sort is more
1366         * efficient. (This number was determined by experimenting with both
1367         * algorithms on a Java List.)
1368         * If the candidate list is very small, using the sort can drag down
1369         * the performance a little bit.
1370         */
1371 
1372        PKIX_CHECK(pkix_List_BubbleSortdo { stdVars.aPkixErrorResult = (pkix_List_BubbleSort (candidates
, pkix_Build_SortCertComparator, &sortedList, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTBUBBLESORTFAILED
; goto cleanup; } } while (0)
1373                (candidates,do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort (candidates
, pkix_Build_SortCertComparator, &sortedList, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTBUBBLESORTFAILED
; goto cleanup; } } while (0)
1374                pkix_Build_SortCertComparator,do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort (candidates
, pkix_Build_SortCertComparator, &sortedList, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTBUBBLESORTFAILED
; goto cleanup; } } while (0)
1375                &sortedList,do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort (candidates
, pkix_Build_SortCertComparator, &sortedList, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTBUBBLESORTFAILED
; goto cleanup; } } while (0)
1376                plContext),do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort (candidates
, pkix_Build_SortCertComparator, &sortedList, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTBUBBLESORTFAILED
; goto cleanup; } } while (0)
1377                PKIX_LISTBUBBLESORTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort (candidates
, pkix_Build_SortCertComparator, &sortedList, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTBUBBLESORTFAILED
; goto cleanup; } } while (0);
1378 
1379        *pSortedCandidates = sortedList;
1380 
1381cleanup:
1382 
1383        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1384}
1385 
1386/*
1387 * FUNCTION: pkix_Build_BuildSelectorAndParams
1388 * DESCRIPTION:
1389 *
1390 *  This function creates a CertSelector, initialized with an appropriate
1391 *  ComCertSelParams, using the variables provided in the ForwardBuilderState
1392 *  pointed to by "state". The CertSelector created is stored in the certsel
1393 *  element of "state".
1394 *
1395 * PARAMETERS:
1396 *  "state"
1397 *      Address of ForwardBuilderState to be used. Must be non-NULL.
1398 *  "plContext"
1399 *      Platform-specific context pointer.
1400 * THREAD SAFETY:
1401 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1402 * RETURNS:
1403 *  Returns NULL if the function succeeds.
1404 *  Returns a Build Error if the function fails in a non-fatal way
1405 *  Returns a Fatal Error if the function fails in an unrecoverable way.
1406 */
1407static PKIX_Error *
1408pkix_Build_BuildSelectorAndParams(
1409        PKIX_ForwardBuilderState *state,
1410        void *plContext)
1411{
1412        PKIX_ComCertSelParams *certSelParams = NULL((void*)0);
1413        PKIX_CertSelector *certSel = NULL((void*)0);
1414        PKIX_PL_X500Name *currentIssuer = NULL((void*)0);
1415        PKIX_PL_ByteArray *authKeyId = NULL((void*)0);
1416        PKIX_PL_Date *testDate = NULL((void*)0);
1417        PKIX_CertSelector *callerCertSelector = NULL((void*)0);
1418        PKIX_ComCertSelParams *callerComCertSelParams = NULL((void*)0);
1419        PKIX_UInt32 reqKu = 0;
1420        PKIX_List   *reqEkuOids = NULL((void*)0);
1421 
1422        PKIX_ENTER(BUILD, "pkix_Build_BuildSelectorAndParams")static const char cMyFuncName[] = {"pkix_Build_BuildSelectorAndParams"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1423        PKIX_NULLCHECK_THREE(state, state->prevCert, state->traversedSubjNames)do { if (((state) == ((void*)0)) || ((state->prevCert) == (
(void*)0)) || ((state->traversedSubjNames) == ((void*)0)))
{ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
1424 
1425        PKIX_CHECK(PKIX_PL_Cert_GetIssuerdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (state
->prevCert, &currentIssuer, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup
; } } while (0)
1426                (state->prevCert, &currentIssuer, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (state
->prevCert, &currentIssuer, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup
; } } while (0)
1427                PKIX_CERTGETISSUERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetIssuer (state
->prevCert, &currentIssuer, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETISSUERFAILED; goto cleanup
; } } while (0);
1428 
1429        PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifierdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier
 (state->prevCert, &authKeyId, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
1430                (state->prevCert, &authKeyId, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier
 (state->prevCert, &authKeyId, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
1431                PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAuthorityKeyIdentifier
 (state->prevCert, &authKeyId, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED
; goto cleanup; } } while (0);
1432 
1433        PKIX_CHECK(PKIX_ComCertSelParams_Create(&certSelParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_Create
(&certSelParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSCREATEFAILED;
 goto cleanup; } } while (0)
1434                PKIX_COMCERTSELPARAMSCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_Create
(&certSelParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSCREATEFAILED;
 goto cleanup; } } while (0);
1435 
1436        PKIX_CHECK(PKIX_ComCertSelParams_SetSubjectdo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetSubject
 (certSelParams, currentIssuer, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETSUBJECTFAILED
; goto cleanup; } } while (0)
1437                (certSelParams, currentIssuer, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetSubject
 (certSelParams, currentIssuer, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETSUBJECTFAILED
; goto cleanup; } } while (0)
1438                PKIX_COMCERTSELPARAMSSETSUBJECTFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetSubject
 (certSelParams, currentIssuer, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETSUBJECTFAILED
; goto cleanup; } } while (0);
1439 
1440        if (authKeyId != NULL((void*)0)) {
1441            PKIX_CHECK(PKIX_ComCertSelParams_SetSubjKeyIdentifierdo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetSubjKeyIdentifier
 (certSelParams, authKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETSUBJKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
1442                    (certSelParams, authKeyId, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetSubjKeyIdentifier
 (certSelParams, authKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETSUBJKEYIDENTIFIERFAILED
; goto cleanup; } } while (0)
1443                    PKIX_COMCERTSELPARAMSSETSUBJKEYIDENTIFIERFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetSubjKeyIdentifier
 (certSelParams, authKeyId, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETSUBJKEYIDENTIFIERFAILED
; goto cleanup; } } while (0);
1444        }
1445 
1446        PKIX_INCREF(state->buildConstants.testDate)do { if (state->buildConstants.testDate){ stdVars.aPkixTempResult
 = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(state->buildConstants
.testDate), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
1447        testDate = state->buildConstants.testDate;
1448 
1449        PKIX_CHECK(PKIX_ComCertSelParams_SetCertificateValiddo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
 (certSelParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0)
1450                (certSelParams, testDate, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
 (certSelParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0)
1451                PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
 (certSelParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0);
1452 
1453        PKIX_CHECK(PKIX_ComCertSelParams_SetBasicConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetBasicConstraints
 (certSelParams, state->traversedCACerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0)
1454                (certSelParams, state->traversedCACerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetBasicConstraints
 (certSelParams, state->traversedCACerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0)
1455                PKIX_COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetBasicConstraints
 (certSelParams, state->traversedCACerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED
; goto cleanup; } } while (0);
1456 
1457        PKIX_CHECK(PKIX_ComCertSelParams_SetPathToNamesdo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetPathToNames
 (certSelParams, state->traversedSubjNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETPATHTONAMESFAILED
; goto cleanup; } } while (0)
1458                (certSelParams, state->traversedSubjNames, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetPathToNames
 (certSelParams, state->traversedSubjNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETPATHTONAMESFAILED
; goto cleanup; } } while (0)
1459                PKIX_COMCERTSELPARAMSSETPATHTONAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetPathToNames
 (certSelParams, state->traversedSubjNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETPATHTONAMESFAILED
; goto cleanup; } } while (0);
1460 
1461        PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (state->buildConstants.procParams, &callerCertSelector
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED; goto cleanup
; } } while (0)
1462                    (state->buildConstants.procParams,do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (state->buildConstants.procParams, &callerCertSelector
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED; goto cleanup
; } } while (0)
1463                     &callerCertSelector, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (state->buildConstants.procParams, &callerCertSelector
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED; goto cleanup
; } } while (0)
1464                    PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (state->buildConstants.procParams, &callerCertSelector
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED; goto cleanup
; } } while (0);
1465 
1466        if (callerCertSelector != NULL((void*)0)) {
1467 
1468            /* Get initial EKU OIDs from ComCertSelParams, if set */
1469            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (callerCertSelector, &callerComCertSelParams, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
1470                       (callerCertSelector, &callerComCertSelParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (callerCertSelector, &callerComCertSelParams, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
1471                       PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (callerCertSelector, &callerComCertSelParams, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0);
1472 
1473            if (callerComCertSelParams != NULL((void*)0)) {
1474                PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsagedo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetExtendedKeyUsage
 (callerComCertSelParams, &reqEkuOids, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0)
1475                           (callerComCertSelParams, &reqEkuOids, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetExtendedKeyUsage
 (callerComCertSelParams, &reqEkuOids, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0)
1476                           PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetExtendedKeyUsage
 (callerComCertSelParams, &reqEkuOids, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0);
1477 
1478                PKIX_CHECK(PKIX_ComCertSelParams_GetKeyUsagedo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetKeyUsage
 (callerComCertSelParams, &reqKu, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0)
1479                           (callerComCertSelParams, &reqKu, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetKeyUsage
 (callerComCertSelParams, &reqKu, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0)
1480                           PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetKeyUsage
 (callerComCertSelParams, &reqKu, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED
; goto cleanup; } } while (0);
1481            }
1482        }
1483 
1484        PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetKeyUsage
(certSelParams, reqKu, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED
; goto cleanup; } } while (0)
1485            PKIX_ComCertSelParams_SetKeyUsage(certSelParams, reqKu,do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetKeyUsage
(certSelParams, reqKu, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED
; goto cleanup; } } while (0)
1486                                              plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetKeyUsage
(certSelParams, reqKu, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED
; goto cleanup; } } while (0)
1487            PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetKeyUsage
(certSelParams, reqKu, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED
; goto cleanup; } } while (0);
1488        
1489        PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetExtendedKeyUsage
(certSelParams, reqEkuOids, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED
; goto cleanup; } } while (0)
1490            PKIX_ComCertSelParams_SetExtendedKeyUsage(certSelParams,do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetExtendedKeyUsage
(certSelParams, reqEkuOids, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED
; goto cleanup; } } while (0)
1491                                                      reqEkuOids,do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetExtendedKeyUsage
(certSelParams, reqEkuOids, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED
; goto cleanup; } } while (0)
1492                                                      plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetExtendedKeyUsage
(certSelParams, reqEkuOids, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED
; goto cleanup; } } while (0)
1493            PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetExtendedKeyUsage
(certSelParams, reqEkuOids, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED
; goto cleanup; } } while (0);
1494 
1495        PKIX_CHECK(PKIX_CertSelector_Createdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_Create (((
void*)0), ((void*)0), &state->certSel, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORCREATEFAILED
; goto cleanup; } } while (0)
1496                (NULL, NULL, &state->certSel, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_Create (((
void*)0), ((void*)0), &state->certSel, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORCREATEFAILED
; goto cleanup; } } while (0)
1497                PKIX_CERTSELECTORCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_Create (((
void*)0), ((void*)0), &state->certSel, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORCREATEFAILED
; goto cleanup; } } while (0);
1498 
1499        PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_SetCommonCertSelectorParams
 (state->certSel, certSelParams, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
1500                (state->certSel, certSelParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_SetCommonCertSelectorParams
 (state->certSel, certSelParams, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
1501                PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_SetCommonCertSelectorParams
 (state->certSel, certSelParams, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0);
1502 
1503        PKIX_CHECK(PKIX_List_Create(&state->candidateCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&state->
candidateCerts, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while
 (0)
1504                PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&state->
candidateCerts, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup; } } while
 (0);
1505 
1506        state->certStoreIndex = 0;
1507 
1508cleanup:
1509        PKIX_DECREF(certSelParams)do { if (certSelParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSelParams), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certSelParams
 = ((void*)0); } } while (0);
1510        PKIX_DECREF(certSel)do { if (certSel){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSel), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSel = ((void*)
0); } } while (0);
1511        PKIX_DECREF(currentIssuer)do { if (currentIssuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(currentIssuer), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } currentIssuer
 = ((void*)0); } } while (0);
1512        PKIX_DECREF(authKeyId)do { if (authKeyId){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(authKeyId), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } authKeyId = ((void
*)0); } } while (0);
1513        PKIX_DECREF(testDate)do { if (testDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(testDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } testDate = ((void*
)0); } } while (0);
1514        PKIX_DECREF(reqEkuOids)do { if (reqEkuOids){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(reqEkuOids), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } reqEkuOids = ((void
*)0); } } while (0);
1515        PKIX_DECREF(callerComCertSelParams)do { if (callerComCertSelParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(callerComCertSelParams), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } callerComCertSelParams = ((void*)0); } } while (0);
1516        PKIX_DECREF(callerCertSelector)do { if (callerCertSelector){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(callerCertSelector), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } callerCertSelector
 = ((void*)0); } } while (0);
1517 
1518        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1519}
1520 
1521/* Match trust anchor to select params in order to find next cert. */
1522static PKIX_Error*
1523pkix_Build_SelectCertsFromTrustAnchors(
1524    PKIX_List *trustAnchorsList,
1525    PKIX_ComCertSelParams *certSelParams,
1526    PKIX_List **pMatchList,
1527    void *plContext) 
1528{
1529    unsigned int anchorIndex = 0;
1530    PKIX_TrustAnchor *anchor = NULL((void*)0);
1531    PKIX_PL_Cert *trustedCert = NULL((void*)0);
1532    PKIX_List *matchList = NULL((void*)0);
1533    PKIX_CertSelector *certSel = NULL((void*)0);
1534    PKIX_CertSelector_MatchCallback selectorMatchCB = NULL((void*)0);
1535 
1536    PKIX_ENTER(BUILD, "pkix_Build_SelectCertsFromTrustAnchors")static const char cMyFuncName[] = {"pkix_Build_SelectCertsFromTrustAnchors"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1537    
1538    PKIX_CHECK(PKIX_CertSelector_Createdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_Create (((
void*)0), ((void*)0), &certSel, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORCREATEFAILED
; goto cleanup; } } while (0)
1539               (NULL, NULL, &certSel, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_Create (((
void*)0), ((void*)0), &certSel, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORCREATEFAILED
; goto cleanup; } } while (0)
1540               PKIX_CERTSELECTORCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_Create (((
void*)0), ((void*)0), &certSel, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORCREATEFAILED
; goto cleanup; } } while (0);
1541    PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_SetCommonCertSelectorParams
 (certSel, certSelParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
1542               (certSel, certSelParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_SetCommonCertSelectorParams
 (certSel, certSelParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
1543               PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_SetCommonCertSelectorParams
 (certSel, certSelParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0);
1544    PKIX_CHECK(PKIX_CertSelector_GetMatchCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetMatchCallback
 (certSel, &selectorMatchCB, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETMATCHCALLBACKFAILED
; goto cleanup; } } while (0)
1545               (certSel, &selectorMatchCB, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetMatchCallback
 (certSel, &selectorMatchCB, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETMATCHCALLBACKFAILED
; goto cleanup; } } while (0)
1546               PKIX_CERTSELECTORGETMATCHCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetMatchCallback
 (certSel, &selectorMatchCB, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETMATCHCALLBACKFAILED
; goto cleanup; } } while (0);
1547 
1548    for (anchorIndex = 0;anchorIndex < trustAnchorsList->length; anchorIndex++) {
1549        PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustAnchorsList
, anchorIndex, (PKIX_PL_Object **)&anchor, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1550            PKIX_List_GetItem(trustAnchorsList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustAnchorsList
, anchorIndex, (PKIX_PL_Object **)&anchor, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1551                              anchorIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustAnchorsList
, anchorIndex, (PKIX_PL_Object **)&anchor, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1552                              (PKIX_PL_Object **)&anchor,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustAnchorsList
, anchorIndex, (PKIX_PL_Object **)&anchor, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1553                              plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustAnchorsList
, anchorIndex, (PKIX_PL_Object **)&anchor, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1554            PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustAnchorsList
, anchorIndex, (PKIX_PL_Object **)&anchor, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1555        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
1556                   (anchor, &trustedCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
1557                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0);
1558        pkixErrorResultstdVars.aPkixErrorResult =
1559            (*selectorMatchCB)(certSel, trustedCert, plContext);
1560        if (!pkixErrorResultstdVars.aPkixErrorResult) {
1561            if (!matchList) {
1562                PKIX_CHECK(PKIX_List_Create(&matchList,do { stdVars.aPkixErrorResult = (PKIX_List_Create(&matchList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1563                                            plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&matchList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1564                           PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&matchList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1565            }
1566            PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(matchList
, (PKIX_PL_Object*)trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1567                PKIX_List_AppendItem(matchList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(matchList
, (PKIX_PL_Object*)trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1568                    (PKIX_PL_Object*)trustedCert,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(matchList
, (PKIX_PL_Object*)trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1569                                     plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(matchList
, (PKIX_PL_Object*)trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
1570                PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(matchList
, (PKIX_PL_Object*)trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
1571        } else {
1572            PKIX_DECREF(pkixErrorResult)do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0);
1573        }
1574        PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
1575        PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0
); } } while (0);
1576     }
1577    
1578    *pMatchList = matchList;
1579    matchList = NULL((void*)0);
1580 
1581cleanup:
1582    PKIX_DECREF(matchList)do { if (matchList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(matchList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } matchList = ((void
*)0); } } while (0);
1583    PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
1584    PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0
); } } while (0);
1585    PKIX_DECREF(certSel)do { if (certSel){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSel), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSel = ((void*)
0); } } while (0);
1586    
1587    PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1588}
1589 
1590 
1591static PKIX_Error*
1592pkix_Build_RemoveDupUntrustedCerts(
1593    PKIX_List *trustedCertList,
1594    PKIX_List *certsFound,
1595    void *plContext)
1596{
1597    PKIX_UInt32 trustIndex;
1598    PKIX_PL_Cert *trustCert = NULL((void*)0), *cert = NULL((void*)0);
1599 
1600    PKIX_ENTER(BUILD, "pkix_Build_RemoveDupUntrustedCerts")static const char cMyFuncName[] = {"pkix_Build_RemoveDupUntrustedCerts"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1601    if (trustedCertList == NULL((void*)0) || certsFound == NULL((void*)0)) {
1602        goto cleanup;
1603    }
1604    for (trustIndex = 0;trustIndex < trustedCertList->length;
1605        trustIndex++) {
1606        PKIX_UInt32 certIndex = 0;
1607        PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustedCertList
, trustIndex, (PKIX_PL_Object **)&trustCert, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1608            PKIX_List_GetItem(trustedCertList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustedCertList
, trustIndex, (PKIX_PL_Object **)&trustCert, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1609                              trustIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustedCertList
, trustIndex, (PKIX_PL_Object **)&trustCert, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1610                              (PKIX_PL_Object **)&trustCert,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustedCertList
, trustIndex, (PKIX_PL_Object **)&trustCert, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1611                              plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustedCertList
, trustIndex, (PKIX_PL_Object **)&trustCert, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1612            PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(trustedCertList
, trustIndex, (PKIX_PL_Object **)&trustCert, plContext));
 if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1613        
1614        while (certIndex < certsFound->length) {
1615            PKIX_Boolean result = PKIX_FALSE((PKIX_Boolean) 0);
1616            PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0);
 } } while (0);
1617            PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(certsFound
, certIndex, (PKIX_PL_Object **)&cert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1618                PKIX_List_GetItem(certsFound, certIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(certsFound
, certIndex, (PKIX_PL_Object **)&cert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1619                                  (PKIX_PL_Object **)&cert,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(certsFound
, certIndex, (PKIX_PL_Object **)&cert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1620                                  plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(certsFound
, certIndex, (PKIX_PL_Object **)&cert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1621                PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(certsFound
, certIndex, (PKIX_PL_Object **)&cert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1622            PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals((PKIX_PL_Object
 *)trustCert, (PKIX_PL_Object *)cert, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
1623                PKIX_PL_Object_Equals((PKIX_PL_Object *)trustCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals((PKIX_PL_Object
 *)trustCert, (PKIX_PL_Object *)cert, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
1624                                      (PKIX_PL_Object *)cert,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals((PKIX_PL_Object
 *)trustCert, (PKIX_PL_Object *)cert, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
1625                                      &result,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals((PKIX_PL_Object
 *)trustCert, (PKIX_PL_Object *)cert, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
1626                                      plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals((PKIX_PL_Object
 *)trustCert, (PKIX_PL_Object *)cert, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
1627                PKIX_OBJECTEQUALSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals((PKIX_PL_Object
 *)trustCert, (PKIX_PL_Object *)cert, &result, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0);
1628            if (!result) {
1629                certIndex += 1;
1630                continue;
1631            }
1632            PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem(certsFound
, certIndex, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup; } }
 while (0)
1633                PKIX_List_DeleteItem(certsFound, certIndex,do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem(certsFound
, certIndex, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup; } }
 while (0)
1634                                     plContext),do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem(certsFound
, certIndex, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup; } }
 while (0)
1635                PKIX_LISTDELETEITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem(certsFound
, certIndex, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup; } }
 while (0);
1636        }
1637        PKIX_DECREF(trustCert)do { if (trustCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustCert = ((void
*)0); } } while (0);
1638    }
1639cleanup:
1640    PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0);
 } } while (0);
1641    PKIX_DECREF(trustCert)do { if (trustCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustCert = ((void
*)0); } } while (0);
1642 
1643    PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1644}
1645 
1646 
1647/*
1648 * FUNCTION: pkix_Build_GatherCerts
1649 * DESCRIPTION:
1650 *
1651 *  This function traverses the CertStores in the List of CertStores contained
1652 *  in "state",  using the certSelector and other parameters contained in
1653 *  "state", to obtain a List of all available Certs that satisfy the criteria.
1654 *  If a CertStore has a cache, "certSelParams" is used both to query the cache
1655 *  and, if an actual CertStore search occurred, to update the cache. (Behavior
1656 *  is undefined if "certSelParams" is different from the parameters that were
1657 *  used to initialize the certSelector in "state".)
1658 * 
1659 *  If a CertStore using non-blocking I/O returns with an indication that I/O is
1660 *  in progress and the checking has not been completed, this function stores
1661 *  platform-dependent information at "pNBIOContext". Otherwise it stores NULL
1662 *  at "pNBIOContext", and state is updated with the results of the search.
1663 *
1664 * PARAMETERS:
1665 *  "state"
1666 *      Address of ForwardBuilderState to be used. Must be non-NULL.
1667 *  "certSelParams"
1668 *      Address of ComCertSelParams which were used in creating the current
1669 *      CertSelector, and to be used in querying and updating any caches that
1670 *      may be associated with with the CertStores.
1671 *  "pNBIOContext"
1672 *      Address at which platform-dependent information is returned if request
1673 *      is suspended for non-blocking I/O. Must be non-NULL.
1674 *  "plContext"
1675 *      Platform-specific context pointer.
1676 * THREAD SAFETY:
1677 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1678 * RETURNS:
1679 *  Returns NULL if the function succeeds.
1680 *  Returns a Build Error if the function fails in a non-fatal way
1681 *  Returns a Fatal Error if the function fails in an unrecoverable way.
1682 */
1683/* return NULL if wouldblock, empty list if none found, else list of found */
1684static PKIX_Error *
1685pkix_Build_GatherCerts(
1686        PKIX_ForwardBuilderState *state,
1687        PKIX_ComCertSelParams *certSelParams,
1688        void **pNBIOContext,
1689        void *plContext)
1690{
1691        PKIX_Boolean certStoreIsCached = PKIX_FALSE((PKIX_Boolean) 0);
1692        PKIX_Boolean certStoreIsLocal = PKIX_FALSE((PKIX_Boolean) 0);
1693        PKIX_Boolean foundInCache = PKIX_FALSE((PKIX_Boolean) 0);
1694        PKIX_CertStore *certStore = NULL((void*)0);
1695        PKIX_CertStore_CertCallback getCerts = NULL((void*)0);
1696        PKIX_List *certsFound = NULL((void*)0);
1697        PKIX_List *trustedCertList = NULL((void*)0);
1698        void *nbioContext = NULL((void*)0);
1699 
1700        PKIX_ENTER(BUILD, "pkix_Build_GatherCerts")static const char cMyFuncName[] = {"pkix_Build_GatherCerts"};
 PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1701        PKIX_NULLCHECK_THREE(state, certSelParams, pNBIOContext)do { if (((state) == ((void*)0)) || ((certSelParams) == ((void
*)0)) || ((pNBIOContext) == ((void*)0))){ stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1702 
1703        nbioContext = *pNBIOContext;
1704        *pNBIOContext = NULL((void*)0);
1705 
1706        PKIX_DECREF(state->candidateCerts)do { if (state->candidateCerts){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->candidateCerts
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->candidateCerts = ((void*)0); } } while
 (0);
1707 
1708        while (state->certStoreIndex < state->buildConstants.numCertStores) {
1709 
1710                /* Get the current CertStore */
1711                PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.certStores, state->certStoreIndex, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1712                        (state->buildConstants.certStores,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.certStores, state->certStoreIndex, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1713                        state->certStoreIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.certStores, state->certStoreIndex, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1714                        (PKIX_PL_Object **)&certStore,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.certStores, state->certStoreIndex, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1715                        plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.certStores, state->certStoreIndex, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1716                        PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.certStores, state->certStoreIndex, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
1717 
1718                PKIX_CHECK(PKIX_CertStore_GetLocalFlagdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetLocalFlag (
certStore, &certStoreIsLocal, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETLOCALFLAGFAILED; goto
 cleanup; } } while (0)
1719                           (certStore, &certStoreIsLocal, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetLocalFlag (
certStore, &certStoreIsLocal, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETLOCALFLAGFAILED; goto
 cleanup; } } while (0)
1720                           PKIX_CERTSTOREGETLOCALFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetLocalFlag (
certStore, &certStoreIsLocal, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETLOCALFLAGFAILED; goto
 cleanup; } } while (0);
1721 
1722                if (state->useOnlyLocal == certStoreIsLocal) {
1723                    /* If GATHERPENDING, we've already checked the cache */
1724                    if (state->status == BUILD_GATHERPENDING) {
1725                        certStoreIsCached = PKIX_FALSE((PKIX_Boolean) 0);
1726                        foundInCache = PKIX_FALSE((PKIX_Boolean) 0);
1727                    } else {
1728                        PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlagdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
 (certStore, &certStoreIsCached, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0)
1729                                (certStore, &certStoreIsCached, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
 (certStore, &certStoreIsCached, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0)
1730                                PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertStoreCacheFlag
 (certStore, &certStoreIsCached, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED
; goto cleanup; } } while (0);
1731 
1732                        if (certStoreIsCached) {
1733                        /*
1734                         * Look for Certs in the cache, using the SubjectName as
1735                         * the key. Then the ComCertSelParams are used to filter
1736                         * for qualified certs. If none are found, then the
1737                         * certStores are queried. When we eventually add items
1738                         * to the cache, we will only add items that passed the
1739                         * ComCertSelParams filter, rather than all Certs which
1740                         * matched the SubjectName.
1741                         */
1742 
1743                                PKIX_CHECK(pkix_CacheCert_Lookupdo { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1744                                        (certStore,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1745                                        certSelParams,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1746                                        state->buildConstants.testDate,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1747                                        &foundInCache,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1748                                        &certsFound,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1749                                        plContext),do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0)
1750                                        PKIX_CACHECERTCHAINLOOKUPFAILED)do { stdVars.aPkixErrorResult = (pkix_CacheCert_Lookup (certStore
, certSelParams, state->buildConstants.testDate, &foundInCache
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINLOOKUPFAILED; goto
 cleanup; } } while (0);
1751 
1752                        }
1753                    }
1754 
1755                    /*
1756                     * XXX need to verify if Cert is trusted, hence may not
1757                     * be worth it to have the Cert Cached or
1758                     * If it is trusted, don't cache, but once there is cached
1759                     * certs, we won't get certs from database any more.
1760                     * can use flag to force not getting certs from cache
1761                     */
1762                    if (!foundInCache) {
1763 
1764                        if (nbioContext == NULL((void*)0)) {
1765                                PKIX_CHECK(PKIX_CertStore_GetCertCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertCallback
 (certStore, &getCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTCALLBACKFAILED
; goto cleanup; } } while (0)
1766                                        (certStore, &getCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertCallback
 (certStore, &getCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTCALLBACKFAILED
; goto cleanup; } } while (0)
1767                                        PKIX_CERTSTOREGETCERTCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_GetCertCallback
 (certStore, &getCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTOREGETCERTCALLBACKFAILED
; goto cleanup; } } while (0);
1768 
1769                                PKIX_CHECK(getCertsdo { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1770                                        (certStore,do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1771                                        state->certSel,do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1772                                        state->verifyNode,do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1773                                        &nbioContext,do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1774                                        &certsFound,do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1775                                        plContext),do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0)
1776                                        PKIX_GETCERTSFAILED)do { stdVars.aPkixErrorResult = (getCerts (certStore, state->
certSel, state->verifyNode, &nbioContext, &certsFound
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_GETCERTSFAILED; goto cleanup; } } while (0);
1777                        } else {
1778                                PKIX_CHECK(PKIX_CertStore_CertContinuedo { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1779                                        (certStore,do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1780                                        state->certSel,do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1781                                        state->verifyNode,do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1782                                        &nbioContext,do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1783                                        &certsFound,do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1784                                        plContext),do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0)
1785                                        PKIX_CERTSTORECERTCONTINUEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertStore_CertContinue (
certStore, state->certSel, state->verifyNode, &nbioContext
, &certsFound, plContext)); if (stdVars.aPkixErrorResult)
 { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTSTORECERTCONTINUEFAILED; goto
 cleanup; } } while (0);
1786                        }
1787 
1788                        if (certStoreIsCached && certsFound) {
1789 
1790                                PKIX_CHECK(pkix_CacheCert_Adddo { stdVars.aPkixErrorResult = (pkix_CacheCert_Add (certStore
, certSelParams, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTADDFAILED; goto cleanup
; } } while (0)
1791                                        (certStore,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Add (certStore
, certSelParams, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTADDFAILED; goto cleanup
; } } while (0)
1792                                        certSelParams,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Add (certStore
, certSelParams, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTADDFAILED; goto cleanup
; } } while (0)
1793                                        certsFound,do { stdVars.aPkixErrorResult = (pkix_CacheCert_Add (certStore
, certSelParams, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTADDFAILED; goto cleanup
; } } while (0)
1794                                        plContext),do { stdVars.aPkixErrorResult = (pkix_CacheCert_Add (certStore
, certSelParams, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTADDFAILED; goto cleanup
; } } while (0)
1795                                        PKIX_CACHECERTADDFAILED)do { stdVars.aPkixErrorResult = (pkix_CacheCert_Add (certStore
, certSelParams, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CACHECERTADDFAILED; goto cleanup
; } } while (0);
1796                        }
1797                    }
1798 
1799                    /*
1800                     * getCerts returns an empty list for "NONE FOUND",
1801                     * a NULL list for "would block"
1802                     */
1803                    if (certsFound == NULL((void*)0)) {
1804                        state->status = BUILD_GATHERPENDING;
1805                        *pNBIOContext = nbioContext;
1806                        goto cleanup;
1807                    }
1808                }
1809 
1810                /* Are there any more certStores to query? */
1811                PKIX_DECREF(certStore)do { if (certStore){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certStore), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStore = ((void
*)0); } } while (0);
1812                ++(state->certStoreIndex);
1813        }
1814 
1815        if (certsFound && certsFound->length > 1) {
1816            PKIX_List *sorted = NULL((void*)0);
1817            
1818            /* sort Certs to try to optimize search */
1819            PKIX_CHECK(pkix_Build_SortCandidateCertsdo { stdVars.aPkixErrorResult = (pkix_Build_SortCandidateCerts
 (certsFound, &sorted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSORTCANDIDATECERTSFAILED
; goto cleanup; } } while (0)
1820                       (certsFound, &sorted, plContext),do { stdVars.aPkixErrorResult = (pkix_Build_SortCandidateCerts
 (certsFound, &sorted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSORTCANDIDATECERTSFAILED
; goto cleanup; } } while (0)
1821                       PKIX_BUILDSORTCANDIDATECERTSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_SortCandidateCerts
 (certsFound, &sorted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSORTCANDIDATECERTSFAILED
; goto cleanup; } } while (0);
1822            PKIX_DECREF(certsFound)do { if (certsFound){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certsFound), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certsFound = ((void
*)0); } } while (0);
1823            certsFound = sorted;
1824        }
1825 
1826        PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_Build_SelectCertsFromTrustAnchors
( state->buildConstants.anchors, certSelParams, &trustedCertList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_FAILTOSELECTCERTSFROMANCHORS; goto cleanup; } } while
 (0)
1827            pkix_Build_SelectCertsFromTrustAnchors(do { stdVars.aPkixErrorResult = (pkix_Build_SelectCertsFromTrustAnchors
( state->buildConstants.anchors, certSelParams, &trustedCertList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_FAILTOSELECTCERTSFROMANCHORS; goto cleanup; } } while
 (0)
1828                state->buildConstants.anchors,do { stdVars.aPkixErrorResult = (pkix_Build_SelectCertsFromTrustAnchors
( state->buildConstants.anchors, certSelParams, &trustedCertList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_FAILTOSELECTCERTSFROMANCHORS; goto cleanup; } } while
 (0)
1829                certSelParams, &trustedCertList,do { stdVars.aPkixErrorResult = (pkix_Build_SelectCertsFromTrustAnchors
( state->buildConstants.anchors, certSelParams, &trustedCertList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_FAILTOSELECTCERTSFROMANCHORS; goto cleanup; } } while
 (0)
1830                plContext),do { stdVars.aPkixErrorResult = (pkix_Build_SelectCertsFromTrustAnchors
( state->buildConstants.anchors, certSelParams, &trustedCertList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_FAILTOSELECTCERTSFROMANCHORS; goto cleanup; } } while
 (0)
1831            PKIX_FAILTOSELECTCERTSFROMANCHORS)do { stdVars.aPkixErrorResult = (pkix_Build_SelectCertsFromTrustAnchors
( state->buildConstants.anchors, certSelParams, &trustedCertList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_FAILTOSELECTCERTSFROMANCHORS; goto cleanup; } } while
 (0);
1832        PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_Build_RemoveDupUntrustedCerts
(trustedCertList, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED
; goto cleanup; } } while (0)
1833            pkix_Build_RemoveDupUntrustedCerts(trustedCertList,do { stdVars.aPkixErrorResult = (pkix_Build_RemoveDupUntrustedCerts
(trustedCertList, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED
; goto cleanup; } } while (0)
1834                                               certsFound,do { stdVars.aPkixErrorResult = (pkix_Build_RemoveDupUntrustedCerts
(trustedCertList, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED
; goto cleanup; } } while (0)
1835                                               plContext),do { stdVars.aPkixErrorResult = (pkix_Build_RemoveDupUntrustedCerts
(trustedCertList, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED
; goto cleanup; } } while (0)
1836            PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_RemoveDupUntrustedCerts
(trustedCertList, certsFound, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED
; goto cleanup; } } while (0);
1837 
1838        PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_List_MergeLists(trustedCertList
, certsFound, &state->candidateCerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTMERGEFAILED
; goto cleanup; } } while (0)
1839            pkix_List_MergeLists(trustedCertList,do { stdVars.aPkixErrorResult = (pkix_List_MergeLists(trustedCertList
, certsFound, &state->candidateCerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTMERGEFAILED
; goto cleanup; } } while (0)
1840                                 certsFound,do { stdVars.aPkixErrorResult = (pkix_List_MergeLists(trustedCertList
, certsFound, &state->candidateCerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTMERGEFAILED
; goto cleanup; } } while (0)
1841                                 &state->candidateCerts,do { stdVars.aPkixErrorResult = (pkix_List_MergeLists(trustedCertList
, certsFound, &state->candidateCerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTMERGEFAILED
; goto cleanup; } } while (0)
1842                                 plContext),do { stdVars.aPkixErrorResult = (pkix_List_MergeLists(trustedCertList
, certsFound, &state->candidateCerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTMERGEFAILED
; goto cleanup; } } while (0)
1843            PKIX_LISTMERGEFAILED)do { stdVars.aPkixErrorResult = (pkix_List_MergeLists(trustedCertList
, certsFound, &state->candidateCerts, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTMERGEFAILED
; goto cleanup; } } while (0);
1844 
1845        /* No, return the list we have gathered */
1846        PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
candidateCerts, &state->numCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1847                (state->candidateCerts, &state->numCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
candidateCerts, &state->numCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0)
1848                PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
candidateCerts, &state->numCerts, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED
; goto cleanup; } } while (0);
1849 
1850        state->certIndex = 0;
1851 
1852cleanup:
1853        PKIX_DECREF(trustedCertList)do { if (trustedCertList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCertList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } trustedCertList
 = ((void*)0); } } while (0);
1854        PKIX_DECREF(certStore)do { if (certStore){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certStore), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStore = ((void
*)0); } } while (0);
1855        PKIX_DECREF(certsFound)do { if (certsFound){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certsFound), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certsFound = ((void
*)0); } } while (0);
1856 
1857        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1858}
1859 
1860/*
1861 * FUNCTION: pkix_Build_UpdateDate
1862 * DESCRIPTION:
1863 *
1864 *  This function updates the validityDate contained in "state", for the current
1865 *  CertChain contained in "state", to include the validityDate of the
1866 *  candidateCert contained in "state". The validityDate of a chain is the
1867 *  earliest of all the notAfter dates contained in the respective Certificates.
1868 *
1869 * PARAMETERS:
1870 *  "state"
1871 *      Address of ForwardBuilderState to be used. Must be non-NULL.
1872 *  "plContext"
1873 *      Platform-specific context pointer.
1874 * THREAD SAFETY:
1875 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1876 * RETURNS:
1877 *  Returns NULL if the function succeeds.
1878 *  Returns a Build Error if the function fails in a non-fatal way
1879 *  Returns a Fatal Error if the function fails in an unrecoverable way.
1880 */
1881static PKIX_Error *
1882pkix_Build_UpdateDate(
1883        PKIX_ForwardBuilderState *state,
1884        void *plContext)
1885{
1886        PKIX_Boolean canBeCached = PKIX_FALSE((PKIX_Boolean) 0);
1887        PKIX_Int32 comparison = 0;
1888        PKIX_PL_Date *notAfter = NULL((void*)0);
1889 
1890        PKIX_ENTER(BUILD, "pkix_Build_UpdateDate")static const char cMyFuncName[] = {"pkix_Build_UpdateDate"}; PKIX_StdVars
 stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1891        PKIX_NULLCHECK_ONE(state)do { if ((state) == ((void*)0)){ stdVars.aPkixErrorReceived =
 ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1892 
1893        PKIX_CHECK(PKIX_PL_Cert_GetCacheFlagdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCacheFlag (state
->candidateCert, &canBeCached, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETCACHEFLAGFAILED
; goto cleanup; } } while (0)
1894                (state->candidateCert, &canBeCached, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCacheFlag (state
->candidateCert, &canBeCached, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETCACHEFLAGFAILED
; goto cleanup; } } while (0)
1895                PKIX_CERTGETCACHEFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCacheFlag (state
->candidateCert, &canBeCached, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETCACHEFLAGFAILED
; goto cleanup; } } while (0);
1896 
1897        state->canBeCached = state->canBeCached && canBeCached;
1898        if (state->canBeCached == PKIX_TRUE((PKIX_Boolean) 1)) {
1899 
1900                /*
1901                 * So far, all certs can be cached. Update cert
1902                 * chain validity time, which is the earliest of
1903                 * all certs' notAfter times.
1904                 */
1905                PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfterdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 (state->candidateCert, &notAfter, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0)
1906                        (state->candidateCert, &notAfter, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 (state->candidateCert, &notAfter, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0)
1907                        PKIX_CERTGETVALIDITYNOTAFTERFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetValidityNotAfter
 (state->candidateCert, &notAfter, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETVALIDITYNOTAFTERFAILED
; goto cleanup; } } while (0);
1908 
1909                if (state->validityDate == NULL((void*)0)) {
1910                        state->validityDate = notAfter;
1911                        notAfter = NULL((void*)0);
1912                } else {
1913                        PKIX_CHECK(PKIX_PL_Object_Comparedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->validityDate, (PKIX_PL_Object *)notAfter, &comparison
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTCOMPARATORFAILED; goto cleanup; } } while (0)
1914                                ((PKIX_PL_Object *)state->validityDate,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->validityDate, (PKIX_PL_Object *)notAfter, &comparison
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTCOMPARATORFAILED; goto cleanup; } } while (0)
1915                                (PKIX_PL_Object *)notAfter,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->validityDate, (PKIX_PL_Object *)notAfter, &comparison
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTCOMPARATORFAILED; goto cleanup; } } while (0)
1916                                &comparison,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->validityDate, (PKIX_PL_Object *)notAfter, &comparison
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTCOMPARATORFAILED; goto cleanup; } } while (0)
1917                                plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->validityDate, (PKIX_PL_Object *)notAfter, &comparison
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTCOMPARATORFAILED; goto cleanup; } } while (0)
1918                                PKIX_OBJECTCOMPARATORFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->validityDate, (PKIX_PL_Object *)notAfter, &comparison
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTCOMPARATORFAILED; goto cleanup; } } while (0);
1919                        if (comparison > 0) {
1920                                PKIX_DECREF(state->validityDate)do { if (state->validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->validityDate), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->validityDate = ((void*)0); } } while (0);
1921                                state->validityDate = notAfter;
1922                                notAfter = NULL((void*)0);
1923                        }
1924                }
1925        }
1926 
1927cleanup:
1928 
1929        PKIX_DECREF(notAfter)do { if (notAfter){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(notAfter), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } notAfter = ((void*
)0); } } while (0);
1930 
1931        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
1932}
1933 
1934/* Prepare 'state' for the AIA round. */
1935static void
1936pkix_PrepareForwardBuilderStateForAIA(
1937        PKIX_ForwardBuilderState *state)
1938{
1939        PORT_Assert(state->useOnlyLocal == PKIX_TRUE)((state->useOnlyLocal == ((PKIX_Boolean) 1))?((void)0):PR_Assert
("state->useOnlyLocal == PKIX_TRUE","pkix_build.c",1939));
1940        state->useOnlyLocal = PKIX_FALSE((PKIX_Boolean) 0);
1941        state->certStoreIndex = 0;
1942        state->numFanout = state->buildConstants.maxFanout;
1943        state->status = BUILD_TRYAIA;
1944}
1945 
1946extern SECStatus
1947isIssuerCertAllowedAtCertIssuanceTime(CERTCertificate *issuerCert,
1948                                      CERTCertificate *referenceCert);
1949 
1950/*
1951 * FUNCTION: pkix_BuildForwardDepthFirstSearch
1952 * DESCRIPTION:
1953 *
1954 *  This function performs a depth first search in the "forward" direction (from
1955 *  the target Cert to the trust anchor). A non-NULL targetCert must be stored
1956 *  in the ForwardBuilderState before this function is called. It is not written
1957 *  recursively since execution may be suspended in in any of several places
1958 *  pending completion of non-blocking I/O. This iterative structure makes it
1959 *  much easier to resume where it left off.
1960 *
1961 *  Since the nature of the search is recursive, the recursion is handled by
1962 *  chaining states. That is, each new step involves creating a new
1963 *  ForwardBuilderState linked to its predecessor. If a step turns out to be
1964 *  fruitless, the state of the predecessor is restored and the next alternative
1965 *  is tried. When a search is successful, values needed from the last state
1966 *  (canBeCached and validityDate) are copied to the state provided by the
1967 *  caller, so that the caller can retrieve those values.
1968 *
1969 *  There are three return arguments, the NBIOContext, the ValidateResult and
1970 *  the ForwardBuilderState. If NBIOContext is non-NULL, it means the search is
1971 *  suspended until the results of a non-blocking IO become available. The
1972 *  caller may wait for the completion using platform-dependent methods and then
1973 *  call this function again, allowing it to resume the search. If NBIOContext
1974 *  is NULL and the ValidateResult is non-NULL, it means the search has
1975 *  concluded successfully. If the NBIOContext is NULL but the ValidateResult is
1976 *  NULL, it means the search was unsuccessful.
1977 *
1978 *  This function performs several steps at each node in the constructed chain:
1979 *
1980 *  1) It retrieves Certs from the registered CertStores that match the
1981 *  criteria established by the ForwardBuilderState pointed to by "state", such
1982 *  as a subject name matching the issuer name of the previous Cert. If there
1983 *  are no matching Certs, the function returns to the previous, or "parent",
1984 *  state and tries to continue the chain building with another of the Certs
1985 *  obtained from the CertStores as possible issuers for that parent Cert.
1986 *
1987 *  2) For each candidate Cert returned by the CertStores, this function checks
1988 *  whether the Cert is valid. If it is trusted, this function checks whether
1989 *  this Cert might serve as a TrustAnchor for a complete chain.
1990 *
1991 *  3) It determines whether this Cert, in conjunction with any of the
1992 *  TrustAnchors, might complete a chain. A complete chain, from this or the
1993 *  preceding step, is checked to see whether it is valid as a complete
1994 *  chain, including the checks that cannot be done in the forward direction.
1995 *
1996 *  4) If this Cert chains successfully, but is not a complete chain, that is,
1997 *  we have not reached a trusted Cert, a new ForwardBuilderState is created
1998 *  with this Cert as the immediate predecessor, and we continue in step (1),
1999 *  attempting to get Certs from the CertStores with this Certs "issuer" as
2000 *  their subject.
2001 *
2002 *  5) If an entire chain validates successfully, then we are done. A
2003 *  ValidateResult is created containing the Public Key of the target
2004 *  certificate (including DSA parameter inheritance, if any) and the
2005 *  PolicyNode representing the policy tree output by the validation algorithm,
2006 *  and stored at pValResult, and the function exits returning NULL.
2007 *
2008 *  5) If the entire chain does not validate successfully, the algorithm
2009 *  discards the latest Cert and continues in step 2 with the next candidate
2010 *  Cert, backing up to a parent state when no more possibilities exist at a
2011 *  given level, and returning failure when we try to back up but discover we
2012 *  are at the top level.
2013 *
2014 * PARAMETERS:
2015 *  "pNBIOContext"
2016 *      Address at which platform-dependent information is returned if building
2017 *      is suspended for non-blocking I/O. Must be non-NULL.
2018 *  "pState"
2019 *      Address at which input ForwardBuilderState is found, and at which output
2020 *      ForwardBuilderState is stored. Must be non-NULL.
2021 *  "pValResult"
2022 *      Address at which the ValidateResult is stored. Must be non-NULL.
2023 *  "plContext"
2024 *      Platform-specific context pointer.
2025 * THREAD SAFETY:
2026 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2027 * RETURNS:
2028 *  Returns NULL if the function succeeds.
2029 *  Returns a Build Error if the function fails in a non-fatal way.
2030 *  Returns a Fatal Error if the function fails in an unrecoverable way.
2031 */
2032static PKIX_Error *
2033pkix_BuildForwardDepthFirstSearch(
2034        void **pNBIOContext,
2035        PKIX_ForwardBuilderState *state,
2036        PKIX_ValidateResult **pValResult,
2037        void *plContext)
2038{
2039        PKIX_Boolean outOfOptions = PKIX_FALSE((PKIX_Boolean) 0);
2040        PKIX_Boolean trusted = PKIX_FALSE((PKIX_Boolean) 0);
2041        PKIX_Boolean isSelfIssued = PKIX_FALSE((PKIX_Boolean) 0);
2042        PKIX_Boolean canBeCached = PKIX_FALSE((PKIX_Boolean) 0);
2043        PKIX_Boolean ioPending = PKIX_FALSE((PKIX_Boolean) 0);
2044        PKIX_PL_Date *validityDate = NULL((void*)0);
2045        PKIX_PL_Date *currTime  = NULL((void*)0);
2046        PKIX_Int32 childTraversedCACerts = 0;
2047        PKIX_UInt32 numSubjectNames = 0;
2048        PKIX_UInt32 numChained = 0;
2049        PKIX_Int32 cmpTimeResult = 0;
2050        PKIX_UInt32 i = 0;
2051        PKIX_UInt32 certsSoFar = 0;
2052        PKIX_List *childTraversedSubjNames = NULL((void*)0);
2053        PKIX_List *subjectNames = NULL((void*)0);
2054        PKIX_List *unfilteredCerts = NULL((void*)0);
2055        PKIX_List *filteredCerts = NULL((void*)0);
2056        PKIX_PL_Object *subjectName = NULL((void*)0);
2057        PKIX_ValidateResult *valResult = NULL((void*)0);
2058        PKIX_ForwardBuilderState *childState = NULL((void*)0);
2059        PKIX_ForwardBuilderState *parentState = NULL((void*)0);
2060        PKIX_PL_Object *revCheckerState = NULL((void*)0);
2061        PKIX_ComCertSelParams *certSelParams = NULL((void*)0);
2062        PKIX_TrustAnchor *trustAnchor = NULL((void*)0);
2063        PKIX_PL_Cert *trustedCert = NULL((void*)0);
2064        PKIX_PL_Cert *targetCert = NULL((void*)0);
2065        PKIX_VerifyNode *verifyNode = NULL((void*)0);
2066        PKIX_Error *verifyError = NULL((void*)0);
2067        PKIX_Error *finalError = NULL((void*)0);
2068        void *nbio = NULL((void*)0);
2069        PKIX_UInt32 numIterations = 0;
2070 
2071        PKIX_ENTER(BUILD, "pkix_BuildForwardDepthFirstSearch")static const char cMyFuncName[] = {"pkix_BuildForwardDepthFirstSearch"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
2072        PKIX_NULLCHECK_THREE(pNBIOContext, state, pValResult)do { if (((pNBIOContext) == ((void*)0)) || ((state) == ((void
*)0)) || ((pValResult) == ((void*)0))){ stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
2073 
2074        nbio = *pNBIOContext;
2075        *pNBIOContext = NULL((void*)0);
2076        PKIX_INCREF(state->validityDate)do { if (state->validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->validityDate), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2077        validityDate = state->validityDate;
2078        canBeCached = state->canBeCached;
2079        PKIX_DECREF(*pValResult)do { if (*pValResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(*pValResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } *pValResult = ((void
*)0); } } while (0);
2080        targetCert = state->buildConstants.targetCert;
2081 
2082        /*
2083         * We return if successful; if we fall off the end
2084         * of this "while" clause our search has failed.
2085         */
2086        while (outOfOptions == PKIX_FALSE((PKIX_Boolean) 0)) {
2087            /*
2088             * The maximum number of iterations works around a bug that
2089             * causes this while loop to never exit when AIA and cross
2090             * certificates are involved.  See bug xxxxx.
2091             */
2092            if (numIterations++ > 250)
2093                    PKIX_ERROR(PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS
; goto cleanup; };
2094 
2095            if (state->buildConstants.maxTime != 0) {
2096                    PKIX_DECREF(currTime)do { if (currTime){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(currTime), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } currTime = ((void*
)0); } } while (0);
2097                    PKIX_CHECK(PKIX_PL_Date_Create_UTCTimedo { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_UTCTime (
((void*)0), &currTime, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATECREATEUTCTIMEFAILED; goto
 cleanup; } } while (0)
2098                            (NULL, &currTime, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_UTCTime (
((void*)0), &currTime, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATECREATEUTCTIMEFAILED; goto
 cleanup; } } while (0)
2099                            PKIX_DATECREATEUTCTIMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_UTCTime (
((void*)0), &currTime, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_DATECREATEUTCTIMEFAILED; goto
 cleanup; } } while (0);
2100 
2101                    PKIX_CHECK(PKIX_PL_Object_Comparedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->buildConstants.timeLimit, (PKIX_PL_Object *)currTime
, &cmpTimeResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED; goto cleanup
; } } while (0)
2102                             ((PKIX_PL_Object *)state->buildConstants.timeLimit,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->buildConstants.timeLimit, (PKIX_PL_Object *)currTime
, &cmpTimeResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED; goto cleanup
; } } while (0)
2103                             (PKIX_PL_Object *)currTime,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->buildConstants.timeLimit, (PKIX_PL_Object *)currTime
, &cmpTimeResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED; goto cleanup
; } } while (0)
2104                             &cmpTimeResult,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->buildConstants.timeLimit, (PKIX_PL_Object *)currTime
, &cmpTimeResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED; goto cleanup
; } } while (0)
2105                             plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->buildConstants.timeLimit, (PKIX_PL_Object *)currTime
, &cmpTimeResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED; goto cleanup
; } } while (0)
2106                             PKIX_OBJECTCOMPARATORFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Compare ((PKIX_PL_Object
 *)state->buildConstants.timeLimit, (PKIX_PL_Object *)currTime
, &cmpTimeResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_OBJECTCOMPARATORFAILED; goto cleanup
; } } while (0);
2107 
2108                    if (cmpTimeResult < 0) {
2109                        if (state->verifyNode != NULL((void*)0)) {
2110                                PKIX_ERROR_CREATE{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS
, PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
2111                                    (BUILD,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS
, PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
2112                                    PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS
, PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
2113                                    verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS
, PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } };
2114                                PKIX_CHECK_FATAL(pkix_VerifyNode_SetErrordo { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2115                                    (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2116                                    verifyError,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2117                                    plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2118                                    PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2119                                PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2120                                finalError = verifyError;
2121                                verifyError = NULL((void*)0);
2122                        }
2123                        /* Even if we logged error, we still have to abort */
2124                        PKIX_ERROR(PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS
; goto cleanup; };
2125                    }
2126            }
2127 
2128            if (state->status == BUILD_INITIAL) {
2129 
2130                PKIX_CHECK(pkix_Build_BuildSelectorAndParams(state, plContext),do { stdVars.aPkixErrorResult = (pkix_Build_BuildSelectorAndParams
(state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.
aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDBUILDSELECTORANDPARAMSFAILED; goto
 cleanup; } } while (0)
2131                        PKIX_BUILDBUILDSELECTORANDPARAMSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_BuildSelectorAndParams
(state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.
aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDBUILDSELECTORANDPARAMSFAILED; goto
 cleanup; } } while (0);
2132 
2133                /*
2134                 * If the caller supplied a partial certChain (hintCerts) try
2135                 * the next one from that List before we go to the certStores.
2136                 */
2137                if (state->buildConstants.numHintCerts > 0) {
2138                        /* How many Certs does our trust chain have already? */
2139                        PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
trustChain, &certsSoFar, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2140                                (state->trustChain, &certsSoFar, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
trustChain, &certsSoFar, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2141                                PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
trustChain, &certsSoFar, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
2142 
2143                        /* That includes the target Cert. Don't count it. */
2144                        certsSoFar--;
2145 
2146                        /* Are we still within range of the partial chain? */
2147                        if (certsSoFar >= state->buildConstants.numHintCerts) {
2148                                state->status = BUILD_TRYAIA;
2149                        } else {
2150                                /*
2151                                 * If we already have n certs, we want the n+1th
2152                                 * (i.e., index = n) from the list of hints.
2153                                 */
2154                                PKIX_DECREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->candidateCert = ((void*)0); } } while (0);
2155                                PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.hintCerts, certsSoFar, (PKIX_PL_Object **)&
state->candidateCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2156                                    (state->buildConstants.hintCerts,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.hintCerts, certsSoFar, (PKIX_PL_Object **)&
state->candidateCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2157                                    certsSoFar,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.hintCerts, certsSoFar, (PKIX_PL_Object **)&
state->candidateCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2158                                    (PKIX_PL_Object **)&state->candidateCert,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.hintCerts, certsSoFar, (PKIX_PL_Object **)&
state->candidateCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2159                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.hintCerts, certsSoFar, (PKIX_PL_Object **)&
state->candidateCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2160                                    PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
buildConstants.hintCerts, certsSoFar, (PKIX_PL_Object **)&
state->candidateCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
2161 
2162                                PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
candidateCerts, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2163                                    (state->candidateCerts,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
candidateCerts, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2164                                    (PKIX_PL_Object *)state->candidateCert,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
candidateCerts, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2165                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
candidateCerts, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2166                                    PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
candidateCerts, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0);
2167 
2168                                state->numCerts = 1;
2169                                state->usingHintCerts = PKIX_TRUE((PKIX_Boolean) 1);
2170                                state->status = BUILD_CERTVALIDATING;
2171                        }
2172                } else {
2173                        state->status = BUILD_TRYAIA;
2174                }
2175 
2176            }
2177 
2178            if (state->status == BUILD_TRYAIA) {
2179                if (state->useOnlyLocal == PKIX_TRUE((PKIX_Boolean) 1)) {
2180                        state->status = BUILD_COLLECTINGCERTS;
2181                } else {
2182                        state->status = BUILD_AIAPENDING;
2183                }
2184            }
2185 
2186            if (state->status == BUILD_AIAPENDING &&
2187                state->buildConstants.aiaMgr) {
2188                pkixErrorResultstdVars.aPkixErrorResult = PKIX_PL_AIAMgr_GetAIACerts
2189                        (state->buildConstants.aiaMgr,
2190                        state->prevCert,
2191                        &nbio,
2192                        &unfilteredCerts,
2193                         plContext);
2194 
2195                if (nbio != NULL((void*)0)) {
2196                        /* IO still pending, resume later */
2197                        *pNBIOContext = nbio;
2198                        goto cleanup;
2199                }
2200                state->numCerts = 0;
2201                if (pkixErrorResultstdVars.aPkixErrorResult) {
2202                    pkixErrorClassstdVars.aPkixErrorClass = pkixErrorResultstdVars.aPkixErrorResult->errClass;
2203                    if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) {
2204                        goto fatal;
2205                    }
2206                    PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2207                    finalError = pkixErrorResultstdVars.aPkixErrorResult;
2208                    pkixErrorResultstdVars.aPkixErrorResult = NULL((void*)0);
2209                    if (state->verifyNode != NULL((void*)0)) {
2210                        /* state->verifyNode is the object that contains a list
2211                         * of verifyNodes. verifyNodes contains cert chain
2212                         * build failures that occurred on this level of chain
2213                         * building.  Here, creating new verify node
2214                         * to log the failure and adding it to the list. */
2215                        PKIX_CHECK_FATAL(pkix_VerifyNode_Createdo { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->prevCert, 0, ((void*)0), &verifyNode, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2216                                         (state->prevCert,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->prevCert, 0, ((void*)0), &verifyNode, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2217                                          0, NULL,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->prevCert, 0, ((void*)0), &verifyNode, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2218                                          &verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->prevCert, 0, ((void*)0), &verifyNode, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2219                                          plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->prevCert, 0, ((void*)0), &verifyNode, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2220                                         PKIX_VERIFYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->prevCert, 0, ((void*)0), &verifyNode, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0);
2221                        PKIX_CHECK_FATAL(pkix_VerifyNode_SetErrordo { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, finalError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0)
2222                                         (verifyNode, finalError, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, finalError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0)
2223                                         PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, finalError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0);
2224                        PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTreedo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2225                                         (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2226                                          verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2227                                          plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2228                                         PKIX_VERIFYNODEADDTOTREEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2229                        PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2230                    }
2231                }
2232#ifdef PKIX_BUILDDEBUG
2233                /* Turn this on to trace the List of Certs, before CertSelect */
2234                {
2235                                PKIX_PL_String *unString;
2236                                char *unAscii;
2237                                PKIX_UInt32 length;
2238                                PKIX_TOSTRINGdo { int descNum; if (((PKIX_PL_Object*)unfilteredCerts) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)((PKIX_PL_Object*)unfilteredCerts), (&
unString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&unString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
2239                                        ((PKIX_PL_Object*)unfilteredCerts,do { int descNum; if (((PKIX_PL_Object*)unfilteredCerts) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)((PKIX_PL_Object*)unfilteredCerts), (&
unString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&unString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
2240                                        &unString,do { int descNum; if (((PKIX_PL_Object*)unfilteredCerts) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)((PKIX_PL_Object*)unfilteredCerts), (&
unString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&unString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
2241                                        plContext,do { int descNum; if (((PKIX_PL_Object*)unfilteredCerts) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)((PKIX_PL_Object*)unfilteredCerts), (&
unString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&unString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0)
2242                                        PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if (((PKIX_PL_Object*)unfilteredCerts) != (
(void*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object *)((PKIX_PL_Object*)unfilteredCerts), (&
unString), (plContext)); descNum = (PKIX_OBJECTTOSTRINGFAILED
); } else { stdVars.aPkixErrorResult = PKIX_PL_String_Create(
0, "(null)", 0, (&unString), (plContext)); descNum = PKIX_STRINGCREATEFAILED
; } do { stdVars.aPkixErrorResult = (stdVars.aPkixErrorResult
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = descNum
; goto cleanup; } } while (0); } while (0);
2243 
2244                                PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2245                                        (unString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2246                                        PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2247                                        (void **)&unAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2248                                        &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2249                                        plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2250                                        PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2251 
2252                                PKIX_DEBUG_ARGdo { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("unfilteredCerts = %s\n", unAscii); } while (0)
2253                                        ("unfilteredCerts = %s\n", unAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("unfilteredCerts = %s\n", unAscii); } while (0);
2254                                PKIX_DECREF(unString)do { if (unString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(unString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } unString = ((void*
)0); } } while (0);
2255                                PKIX_FREE(unAscii)do { if (unAscii) { stdVars.aPkixTempResult = PKIX_PL_Free((unAscii
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } unAscii = ((void*)0); } } while (0);
2256                }
2257#endif
2258 
2259                /* Note: Certs winnowed here don't get into VerifyTree. */
2260                if (unfilteredCerts) {
2261                        PKIX_CHECK(pkix_CertSelector_Selectdo { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (state
->certSel, unfilteredCerts, &filteredCerts, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
2262                                (state->certSel,do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (state
->certSel, unfilteredCerts, &filteredCerts, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
2263                                unfilteredCerts,do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (state
->certSel, unfilteredCerts, &filteredCerts, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
2264                                &filteredCerts,do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (state
->certSel, unfilteredCerts, &filteredCerts, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
2265                                plContext),do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (state
->certSel, unfilteredCerts, &filteredCerts, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0)
2266                                PKIX_CERTSELECTORSELECTFAILED)do { stdVars.aPkixErrorResult = (pkix_CertSelector_Select (state
->certSel, unfilteredCerts, &filteredCerts, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORSELECTFAILED
; goto cleanup; } } while (0);
2267 
2268                        PKIX_DECREF(unfilteredCerts)do { if (unfilteredCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(unfilteredCerts), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unfilteredCerts
 = ((void*)0); } } while (0);
2269 
2270                        PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (filteredCerts
, &(state->numCerts), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2271                                (filteredCerts, &(state->numCerts), plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (filteredCerts
, &(state->numCerts), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2272                                PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (filteredCerts
, &(state->numCerts), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
2273 
2274#ifdef PKIX_BUILDDEBUG
2275                /* Turn this on to trace the List of Certs, after CertSelect */
2276                {
2277                        PKIX_PL_String *unString;
2278                        char *unAscii;
2279                        PKIX_UInt32 length;
2280                        PKIX_TOSTRINGdo { int descNum; if (((PKIX_PL_Object*)filteredCerts) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)((PKIX_PL_Object*)filteredCerts), (&unString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&unString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
 = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
2281                                ((PKIX_PL_Object*)filteredCerts,do { int descNum; if (((PKIX_PL_Object*)filteredCerts) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)((PKIX_PL_Object*)filteredCerts), (&unString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&unString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
 = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
2282                                &unString,do { int descNum; if (((PKIX_PL_Object*)filteredCerts) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)((PKIX_PL_Object*)filteredCerts), (&unString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&unString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
 = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
2283                                plContext,do { int descNum; if (((PKIX_PL_Object*)filteredCerts) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)((PKIX_PL_Object*)filteredCerts), (&unString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&unString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
 = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
2284                                PKIX_OBJECTTOSTRINGFAILED)do { int descNum; if (((PKIX_PL_Object*)filteredCerts) != ((void
*)0)) { stdVars.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object
 *)((PKIX_PL_Object*)filteredCerts), (&unString), (plContext
)); descNum = (PKIX_OBJECTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
 = PKIX_PL_String_Create(0, "(null)", 0, (&unString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
 = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
2285 
2286                        PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2287                                    (unString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2288                                    PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2289                                    (void **)&unAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2290                                    &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2291                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
2292                                    PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (unString
, 0, (void **)&unAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
2293 
2294                        PKIX_DEBUG_ARG("filteredCerts = %s\n", unAscii)do { (void) printf("(%s: ", stdVars.aMyFuncName); (void) printf
("filteredCerts = %s\n", unAscii); } while (0);
2295                        PKIX_DECREF(unString)do { if (unString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(unString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } unString = ((void*
)0); } } while (0);
2296                        PKIX_FREE(unAscii)do { if (unAscii) { stdVars.aPkixTempResult = PKIX_PL_Free((unAscii
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } unAscii = ((void*)0); } } while (0);
2297                }
2298#endif
2299 
2300                        PKIX_DECREF(state->candidateCerts)do { if (state->candidateCerts){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->candidateCerts
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->candidateCerts = ((void*)0); } } while
 (0);
2301                        state->candidateCerts = filteredCerts;
2302                        state->certIndex = 0;
2303                        filteredCerts = NULL((void*)0);
2304                }
2305 
2306                /* Are there any Certs to try? */
2307                if (state->numCerts > 0) {
2308                        state->status = BUILD_CERTVALIDATING;
2309                } else {
2310                        state->status = BUILD_COLLECTINGCERTS;
2311                }
2312            }
2313 
2314            PKIX_DECREF(certSelParams)do { if (certSelParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSelParams), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certSelParams
 = ((void*)0); } } while (0);
2315            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (state->certSel, &certSelParams, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
2316                (state->certSel, &certSelParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (state->certSel, &certSelParams, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
2317                PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (state->certSel, &certSelParams, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0);
2318 
2319            /* **** Querying the CertStores ***** */
2320            if ((state->status == BUILD_COLLECTINGCERTS) ||
2321                (state->status == BUILD_GATHERPENDING)) {
2322 
2323#if PKIX_FORWARDBUILDERSTATEDEBUG
2324                PKIX_CHECK(pkix_ForwardBuilderState_DumpStatedo { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_DumpState
 (state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED; goto
 cleanup; } } while (0)
2325                        (state, plContext),do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_DumpState
 (state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED; goto
 cleanup; } } while (0)
2326                        PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_DumpState
 (state, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED; goto
 cleanup; } } while (0);
2327#endif
2328 
2329                PKIX_CHECK(pkix_Build_GatherCertsdo { stdVars.aPkixErrorResult = (pkix_Build_GatherCerts (state
, certSelParams, &nbio, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDGATHERCERTSFAILED; goto cleanup
; } } while (0)
2330                        (state, certSelParams, &nbio, plContext),do { stdVars.aPkixErrorResult = (pkix_Build_GatherCerts (state
, certSelParams, &nbio, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDGATHERCERTSFAILED; goto cleanup
; } } while (0)
2331                        PKIX_BUILDGATHERCERTSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_GatherCerts (state
, certSelParams, &nbio, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDGATHERCERTSFAILED; goto cleanup
; } } while (0);
2332 
2333                if (nbio != NULL((void*)0)) {
2334                        /* IO still pending, resume later */
2335                        *pNBIOContext = nbio;
2336                        goto cleanup;
2337                }
2338 
2339                /* Are there any Certs to try? */
2340                if (state->numCerts > 0) {
2341                        state->status = BUILD_CERTVALIDATING;
2342                } else {
2343                        state->status = BUILD_ABANDONNODE;
2344                }
2345            }
2346 
2347            /* ****Phase 2 - Chain building***** */
2348 
2349#if PKIX_FORWARDBUILDERSTATEDEBUG
2350            PKIX_CHECK(pkix_ForwardBuilderState_DumpState(state, plContext),do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_DumpState
(state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.
aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED; goto
 cleanup; } } while (0)
2351                    PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_DumpState
(state, plContext)); if (stdVars.aPkixErrorResult) { stdVars.
aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED; goto
 cleanup; } } while (0);
2352#endif
2353 
2354            if (state->status == BUILD_CERTVALIDATING) {
2355                    PKIX_DECREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->candidateCert = ((void*)0); } } while (0);
2356                    PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
candidateCerts, state->certIndex, (PKIX_PL_Object **)&
(state->candidateCert), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2357                            (state->candidateCerts,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
candidateCerts, state->certIndex, (PKIX_PL_Object **)&
(state->candidateCert), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2358                            state->certIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
candidateCerts, state->certIndex, (PKIX_PL_Object **)&
(state->candidateCert), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2359                            (PKIX_PL_Object **)&(state->candidateCert),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
candidateCerts, state->certIndex, (PKIX_PL_Object **)&
(state->candidateCert), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2360                            plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
candidateCerts, state->certIndex, (PKIX_PL_Object **)&
(state->candidateCert), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2361                            PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (state->
candidateCerts, state->certIndex, (PKIX_PL_Object **)&
(state->candidateCert), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
2362 
2363                    if (isIssuerCertAllowedAtCertIssuanceTime(
2364                          state->candidateCert->nssCert, targetCert->nssCert)
2365                            != SECSuccess) {
2366                        PKIX_ERROR(PKIX_CERTISBLOCKLISTEDATISSUANCETIME){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTISBLOCKLISTEDATISSUANCETIME, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTISBLOCKLISTEDATISSUANCETIME
; goto cleanup; };
2367                    }
2368 
2369                    if ((state->verifyNode) != NULL((void*)0)) {
2370                            PKIX_CHECK_FATAL(pkix_VerifyNode_Createdo { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2371                                    (state->candidateCert,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2372                                    0,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2373                                    NULL,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2374                                    &verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2375                                    plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2376                                    PKIX_VERIFYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (state
->candidateCert, 0, ((void*)0), &verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0);
2377                    }
2378 
2379                    /* If failure, this function sets Error in verifyNode */
2380                    verifyError = pkix_Build_VerifyCertificate
2381                            (state,
2382                            state->buildConstants.userCheckers,
2383                            &trusted,
2384                            verifyNode,
2385                            plContext);
2386 
2387                    if (verifyError) {
2388                            pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_TRUE((PKIX_Boolean) 1);
2389                            pkixErrorClassstdVars.aPkixErrorClass = verifyError->errClass;
2390                            if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) {
2391                                pkixErrorResultstdVars.aPkixErrorResult = verifyError;
2392                                verifyError = NULL((void*)0);
2393                                goto fatal;
2394                            }
2395                    }
2396 
2397                    if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
2398                            if (state->verifyNode != NULL((void*)0)) {
2399                                PKIX_CHECK_FATAL(pkix_VerifyNode_SetErrordo { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, verifyError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0)
2400                                    (verifyNode, verifyError, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, verifyError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0)
2401                                    PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, verifyError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0);
2402                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTreedo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2403                                        (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2404                                        verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2405                                        plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2406                                        PKIX_VERIFYNODEADDTOTREEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2407                                PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2408                            }
2409                            pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_FALSE((PKIX_Boolean) 0);
2410                            PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2411                            finalError = verifyError;
2412                            verifyError = NULL((void*)0);
2413                            if (state->certLoopingDetected) {
2414                                PKIX_ERROR{ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED, ((void*)0), stdVars.
aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED
; goto cleanup; }
2415                                    (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED, ((void*)0), stdVars.
aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = ((
PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED
; goto cleanup; };
2416                            }
2417                            state->status = BUILD_GETNEXTCERT;
2418                    } else {
2419                            state->status = BUILD_DATEPREP;
2420                    }
2421            }
2422 
2423            if (state->status == BUILD_DATEPREP) {
2424                    /* Keep track of whether this chain can be cached */
2425                    PKIX_CHECK(pkix_Build_UpdateDate(state, plContext),do { stdVars.aPkixErrorResult = (pkix_Build_UpdateDate(state,
 plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDUPDATEDATEFAILED; goto cleanup; } } while (0)
2426                            PKIX_BUILDUPDATEDATEFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_UpdateDate(state,
 plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDUPDATEDATEFAILED; goto cleanup; } } while (0);
2427    
2428                    canBeCached = state->canBeCached;
2429                    PKIX_DECREF(validityDate)do { if (validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(validityDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } validityDate = ((void
*)0); } } while (0);
2430                    PKIX_INCREF(state->validityDate)do { if (state->validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->validityDate), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2431                    validityDate = state->validityDate;
2432                    if (trusted == PKIX_TRUE((PKIX_Boolean) 1)) {
2433                            state->status = BUILD_CHECKTRUSTED;
2434                    } else {
2435                            state->status = BUILD_ADDTOCHAIN;
2436                    }
2437            }
2438 
2439            if (state->status == BUILD_CHECKTRUSTED) {
2440 
2441                    /*
2442                     * If this cert is trusted, try to validate the entire
2443                     * chain using this certificate as trust anchor.
2444                     */
2445                    PKIX_CHECK(PKIX_TrustAnchor_CreateWithCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_CreateWithCert
 (state->candidateCert, &trustAnchor, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORCREATEWITHCERTFAILED
; goto cleanup; } } while (0)
2446                      (state->candidateCert,do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_CreateWithCert
 (state->candidateCert, &trustAnchor, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORCREATEWITHCERTFAILED
; goto cleanup; } } while (0)
2447                      &trustAnchor,do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_CreateWithCert
 (state->candidateCert, &trustAnchor, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORCREATEWITHCERTFAILED
; goto cleanup; } } while (0)
2448                      plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_CreateWithCert
 (state->candidateCert, &trustAnchor, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORCREATEWITHCERTFAILED
; goto cleanup; } } while (0)
2449                      PKIX_TRUSTANCHORCREATEWITHCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_CreateWithCert
 (state->candidateCert, &trustAnchor, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORCREATEWITHCERTFAILED
; goto cleanup; } } while (0);
2450 
2451                    PKIX_CHECK(pkix_Build_ValidationCheckersdo { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2452                      (state,do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2453                      state->trustChain,do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2454                      trustAnchor,do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2455                      PKIX_FALSE, /* do not add eku checkerdo { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2456                                   * since eku was alreadydo { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2457                                   * checked */do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2458                      plContext),do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
2459                      PKIX_BUILDVALIDATIONCHECKERSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, state->trustChain, trustAnchor, ((PKIX_Boolean) 0
), plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0);
2460 
2461                    state->status = BUILD_CHECKTRUSTED2;
2462            }
2463 
2464            if (state->status == BUILD_CHECKTRUSTED2) {
2465                    verifyError = 
2466                        pkix_Build_ValidateEntireChain(state,
2467                                                       trustAnchor,
2468                                                       &nbio, &valResult,
2469                                                       verifyNode,
2470                                                       plContext);
2471                    if (nbio != NULL((void*)0)) {
2472                            /* IO still pending, resume later */
2473                            goto cleanup;
2474                    } else {
2475                            /* checking the error for fatal status */
2476                            if (verifyError) {
2477                                pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_TRUE((PKIX_Boolean) 1);
2478                                pkixErrorClassstdVars.aPkixErrorClass = verifyError->errClass;
2479                                if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) {
2480                                    pkixErrorResultstdVars.aPkixErrorResult = verifyError;
2481                                    verifyError = NULL((void*)0);
2482                                    goto fatal;
2483                                }
2484                            }
2485                            if (state->verifyNode != NULL((void*)0)) {
2486                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTreedo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2487                                        (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2488                                        verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2489                                        plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2490                                        PKIX_VERIFYNODEADDTOTREEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2491                                PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2492                            }
2493                            if (!PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
2494                                *pValResult = valResult;
2495                                valResult = NULL((void*)0);
2496                                /* Change state so IsIOPending is FALSE */
2497                                state->status = BUILD_CHECKTRUSTED;
2498                                goto cleanup;
2499                            }
2500                            PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2501                            finalError = verifyError;
2502                            verifyError = NULL((void*)0);
2503                            /* Reset temp error that was set by 
2504                             * PKIX_CHECK_ONLY_FATAL and continue */
2505                            pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_FALSE((PKIX_Boolean) 0);
2506                            PKIX_DECREF(trustAnchor)do { if (trustAnchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustAnchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustAnchor = ((void
*)0); } } while (0);
2507                    }
2508 
2509                    /*
2510                     * If chain doesn't validate with a trusted Cert,
2511                     * adding more Certs to it can't help.
2512                     */
2513                    if (state->certLoopingDetected) {
2514                            PKIX_DECREF(verifyError)do { if (verifyError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyError = ((void
*)0); } } while (0);
2515                            PKIX_ERROR_CREATE(BUILD,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } } 
2516                                         PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
2517                                         verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
 PKIX_BUILD_ERROR, stdVars.aPkixErrorResult, &verifyError
, plContext); if (stdVars.aPkixTempResult) { verifyError = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } };
2518                            PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2519                                pkix_VerifyNode_SetError(state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2520                                                         verifyError,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2521                                                         plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2522                                PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2523                            PKIX_DECREF(verifyError)do { if (verifyError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyError = ((void
*)0); } } while (0);
2524                    }
2525                    state->status = BUILD_GETNEXTCERT;
2526            }
2527 
2528            /*
2529             * This Cert was not trusted. Add it to our chain, and
2530             * continue building. If we don't reach a trust anchor,
2531             * we'll take it off later and continue without it.
2532             */
2533            if (state->status == BUILD_ADDTOCHAIN) {
2534                    PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
trustChain, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2535                            (state->trustChain,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
trustChain, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2536                            (PKIX_PL_Object *)state->candidateCert,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
trustChain, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2537                            plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
trustChain, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0)
2538                            PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
trustChain, (PKIX_PL_Object *)state->candidateCert, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTAPPENDITEMFAILED; goto cleanup; } } while (0);
2539 
2540                    state->status = BUILD_EXTENDCHAIN;
2541            }
2542 
2543            if (state->status == BUILD_EXTENDCHAIN) {
2544 
2545                    /* Check whether we are allowed to extend the chain */
2546                    if ((state->buildConstants.maxDepth != 0) &&
2547                        (state->numDepth <= 1)) {
2548 
2549                        if (state->verifyNode != NULL((void*)0)) {
2550                                PKIX_ERROR_CREATE{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2551                                    (BUILD,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2552                                    PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2553                                    verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } };
2554                                PKIX_CHECK_FATAL(pkix_VerifyNode_SetErrordo { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, verifyError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0)
2555                                    (verifyNode, verifyError, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, verifyError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0)
2556                                    PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (verifyNode
, verifyError, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto fatal; } } while (0);
2557                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTreedo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2558                                    (state->verifyNode, verifyNode, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2559                                    PKIX_VERIFYNODEADDTOTREEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2560                                PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2561                                PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2562                                finalError = verifyError;
2563                                verifyError = NULL((void*)0);
2564                        }
2565                        /* Even if error logged, still need to abort */
2566                        PKIX_ERROR(PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS
; goto cleanup; };
2567                    }
2568 
2569                    PKIX_CHECK(pkix_IsCertSelfIssueddo { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (state
->candidateCert, &isSelfIssued, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED
; goto cleanup; } } while (0)
2570                            (state->candidateCert, &isSelfIssued, plContext),do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (state
->candidateCert, &isSelfIssued, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED
; goto cleanup; } } while (0)
2571                            PKIX_ISCERTSELFISSUEDFAILED)do { stdVars.aPkixErrorResult = (pkix_IsCertSelfIssued (state
->candidateCert, &isSelfIssued, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_ISCERTSELFISSUEDFAILED
; goto cleanup; } } while (0);
2572                 
2573                    PKIX_CHECK(PKIX_PL_Object_Duplicatedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
 *)state->traversedSubjNames, (PKIX_PL_Object **)&childTraversedSubjNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
2574                            ((PKIX_PL_Object *)state->traversedSubjNames,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
 *)state->traversedSubjNames, (PKIX_PL_Object **)&childTraversedSubjNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
2575                            (PKIX_PL_Object **)&childTraversedSubjNames,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
 *)state->traversedSubjNames, (PKIX_PL_Object **)&childTraversedSubjNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
2576                            plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
 *)state->traversedSubjNames, (PKIX_PL_Object **)&childTraversedSubjNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
2577                            PKIX_OBJECTDUPLICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
 *)state->traversedSubjNames, (PKIX_PL_Object **)&childTraversedSubjNames
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0);
2578         
2579                    if (isSelfIssued) {
2580                            childTraversedCACerts = state->traversedCACerts;
2581                    } else {
2582                            childTraversedCACerts = state->traversedCACerts + 1;
2583                 
2584                            PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNamesdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->candidateCert, &subjectNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
2585                                (state->candidateCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->candidateCert, &subjectNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
2586                                &subjectNames,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->candidateCert, &subjectNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
2587                                plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->candidateCert, &subjectNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
2588                                PKIX_CERTGETALLSUBJECTNAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->candidateCert, &subjectNames, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0);
2589                 
2590                            if (subjectNames) {
2591                                PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (subjectNames
, &numSubjectNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2592                                    (subjectNames,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (subjectNames
, &numSubjectNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2593                                    &numSubjectNames,do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (subjectNames
, &numSubjectNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2594                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (subjectNames
, &numSubjectNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2595                                    PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (subjectNames
, &numSubjectNames, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
2596         
2597                            } else {
2598                                numSubjectNames = 0;
2599                            }
2600 
2601                            for (i = 0; i < numSubjectNames; i++) {
2602                                PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (subjectNames
, i, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2603                                    (subjectNames,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (subjectNames
, i, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2604                                    i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (subjectNames
, i, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2605                                    &subjectName,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (subjectNames
, i, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2606                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (subjectNames
, i, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
2607                                    PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (subjectNames
, i, &subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
2608                                PKIX_NULLCHECK_ONEdo { if ((state->traversedSubjNames) == ((void*)0)){ stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0)
2609                                    (state->traversedSubjNames)do { if ((state->traversedSubjNames) == ((void*)0)){ stdVars
.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
 = PKIX_NULLARGUMENT; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR
), ((PKIX_Boolean) 1), plContext);; } } while (0);
2610                                PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
traversedSubjNames, subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2611                                    (state->traversedSubjNames,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
traversedSubjNames, subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2612                                    subjectName,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
traversedSubjNames, subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2613                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
traversedSubjNames, subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
2614                                    PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (state->
traversedSubjNames, subjectName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
2615                                PKIX_DECREF(subjectName)do { if (subjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(subjectName), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjectName = ((void
*)0); } } while (0);
2616                            }
2617                            PKIX_DECREF(subjectNames)do { if (subjectNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(subjectNames), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjectNames = ((void
*)0); } } while (0);
2618                        }
2619            
2620                        PKIX_CHECK(pkix_ForwardBuilderState_Createdo { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2621                            (childTraversedCACerts,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2622                            state->buildConstants.maxFanout,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2623                            state->numDepth - 1,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2624                            canBeCached,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2625                            validityDate,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2626                            state->candidateCert,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2627                            childTraversedSubjNames,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2628                            state->trustChain,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2629                            state,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2630                            &childState,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2631                            plContext),do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
2632                            PKIX_FORWARDBUILDSTATECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (childTraversedCACerts, state->buildConstants.maxFanout, state
->numDepth - 1, canBeCached, validityDate, state->candidateCert
, childTraversedSubjNames, state->trustChain, state, &
childState, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_FORWARDBUILDSTATECREATEFAILED; goto cleanup
; } } while (0);
2633 
2634                        PKIX_DECREF(childTraversedSubjNames)do { if (childTraversedSubjNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(childTraversedSubjNames), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } childTraversedSubjNames = ((void*)0); } } while (0);
2635                        PKIX_DECREF(certSelParams)do { if (certSelParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSelParams), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certSelParams
 = ((void*)0); } } while (0);
2636                        childState->verifyNode = verifyNode;
2637                        verifyNode = NULL((void*)0);
2638                        PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
2639                        state = childState; /* state->status == BUILD_INITIAL */
2640                        childState = NULL((void*)0);
2641                        continue; /* with while (!outOfOptions) */
2642            }
2643 
2644            if (state->status == BUILD_GETNEXTCERT) {
2645                    pkixTempErrorReceivedstdVars.aPkixTempErrorReceived = PKIX_FALSE((PKIX_Boolean) 0);
2646                    PKIX_DECREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->candidateCert = ((void*)0); } } while (0);
2647 
2648                    /*
2649                     * If we were using a Cert from the callier-supplied partial
2650                     * chain, delete it and go to the certStores.
2651                     */
2652                    if (state->usingHintCerts == PKIX_TRUE((PKIX_Boolean) 1)) {
2653                            PKIX_DECREF(state->candidateCerts)do { if (state->candidateCerts){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(state->candidateCerts
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } state->candidateCerts = ((void*)0); } } while
 (0);
2654                            PKIX_CHECK(PKIX_List_Createdo { stdVars.aPkixErrorResult = (PKIX_List_Create (&state
->candidateCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup
; } } while (0)
2655                                (&state->candidateCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create (&state
->candidateCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup
; } } while (0)
2656                                PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create (&state
->candidateCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTCREATEFAILED; goto cleanup
; } } while (0);
2657 
2658                            state->numCerts = 0;
2659                            state->usingHintCerts = PKIX_FALSE((PKIX_Boolean) 0);
2660                            state->status = BUILD_TRYAIA;
2661                            continue;
2662                    } else if (++(state->certIndex) < (state->numCerts)) {
2663                            if ((state->buildConstants.maxFanout != 0) &&
2664                                (--(state->numFanout) == 0)) {
2665 
2666                                if (state->verifyNode != NULL((void*)0)) {
2667                                        PKIX_ERROR_CREATE{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_FANOUTEXCEEDSRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2668                                            (BUILD,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_FANOUTEXCEEDSRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2669                                            PKIX_FANOUTEXCEEDSRESOURCELIMITS,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_FANOUTEXCEEDSRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2670                                            verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_FANOUTEXCEEDSRESOURCELIMITS, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } };
2671                                        PKIX_CHECK_FATALdo { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2672                                            (pkix_VerifyNode_SetErrordo { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2673                                            (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2674                                            verifyError,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2675                                            plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2676                                            PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError (state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2677                                        PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2678                                        finalError = verifyError;
2679                                        verifyError = NULL((void*)0);
2680                                }
2681                                /* Even if error logged, still need to abort */
2682                                PKIX_ERROR{ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_FANOUTEXCEEDSRESOURCELIMITS, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_FANOUTEXCEEDSRESOURCELIMITS
; goto cleanup; }
2683                                        (PKIX_FANOUTEXCEEDSRESOURCELIMITS){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_FANOUTEXCEEDSRESOURCELIMITS, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_FANOUTEXCEEDSRESOURCELIMITS
; goto cleanup; };
2684                            }
2685                            state->status = BUILD_CERTVALIDATING;
2686                            continue;
2687                    }
2688            }
2689 
2690            /*
2691             * Adding the current cert to the chain didn't help. If our search
2692             * has been restricted to local certStores, try opening up the
2693             * search and see whether that helps. Otherwise, back up to the
2694             * parent cert, and see if there are any more to try.
2695             */
2696            if (state->useOnlyLocal == PKIX_TRUE((PKIX_Boolean) 1)) {
2697                pkix_PrepareForwardBuilderStateForAIA(state);
2698            } else do {
2699                if (state->parentState == NULL((void*)0)) {
2700                        /* We are at the top level, and can't back up! */
2701                        outOfOptions = PKIX_TRUE((PKIX_Boolean) 1);
2702                } else {
2703                        /*
2704                         * Try the next cert, if any, for this parent.
2705                         * Otherwise keep backing up until we reach a
2706                         * parent with more certs to try.
2707                         */
2708                        PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
trustChain, &numChained, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2709                                (state->trustChain, &numChained, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
trustChain, &numChained, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
2710                                PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (state->
trustChain, &numChained, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
2711                        PKIX_CHECK(PKIX_List_DeleteItemdo { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (state->
trustChain, numChained - 1, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup
; } } while (0)
2712                                (state->trustChain, numChained - 1, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (state->
trustChain, numChained - 1, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup
; } } while (0)
2713                                PKIX_LISTDELETEITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (state->
trustChain, numChained - 1, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTDELETEITEMFAILED; goto cleanup
; } } while (0);
2714                        
2715                        /* local and aia fetching returned no good certs.
2716                         * Creating a verify node in the parent that tells
2717                         * us this. */
2718                        if (!state->verifyNode) {
2719                            PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create(state
->prevCert, 0, ((void*)0), &state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2720                                pkix_VerifyNode_Create(state->prevCert,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create(state
->prevCert, 0, ((void*)0), &state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2721                                                       0, NULL,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create(state
->prevCert, 0, ((void*)0), &state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0) 
2722                                                       &state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create(state
->prevCert, 0, ((void*)0), &state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2723                                                       plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create(state
->prevCert, 0, ((void*)0), &state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2724                                PKIX_VERIFYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create(state
->prevCert, 0, ((void*)0), &state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED
; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors
) { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0);
2725                        }
2726                        /* Updating the log with the error. */
2727                        PKIX_DECREF(verifyError)do { if (verifyError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyError = ((void
*)0); } } while (0);
2728                        PKIX_ERROR_CREATE(BUILD, PKIX_SECERRORUNKNOWNISSUER,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_SECERRORUNKNOWNISSUER, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2729                                          verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_SECERRORUNKNOWNISSUER, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } };
2730                        PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2731                            pkix_VerifyNode_SetError(state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2732                                                     verifyError,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2733                                                     plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2734                            PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2735                        PKIX_DECREF(verifyError)do { if (verifyError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyError = ((void
*)0); } } while (0);
2736 
2737                        PKIX_INCREF(state->parentState)do { if (state->parentState){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->parentState), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2738                        parentState = state->parentState;
2739                        PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2740                        verifyNode = state->verifyNode;
2741                        state->verifyNode = NULL((void*)0);
2742                        PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
2743                        state = parentState;
2744                        parentState = NULL((void*)0);
2745                        if (state->verifyNode != NULL((void*)0) && verifyNode) {
2746                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTreedo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2747                                        (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2748                                        verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2749                                        plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2750                                        PKIX_VERIFYNODEADDTOTREEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2751                                PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2752                        }
2753                        PKIX_DECREF(validityDate)do { if (validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(validityDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } validityDate = ((void
*)0); } } while (0);
2754                        PKIX_INCREF(state->validityDate)do { if (state->validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->validityDate), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2755                        validityDate = state->validityDate;
2756                        canBeCached = state->canBeCached;
2757 
2758                        /* Are there any more Certs to try? */
2759                        if (++(state->certIndex) < (state->numCerts)) {
2760                                state->status = BUILD_CERTVALIDATING;
2761                                PKIX_DECREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->candidateCert = ((void*)0); } } while (0);
2762                                break;
2763                        }
2764                        if (state->useOnlyLocal == PKIX_TRUE((PKIX_Boolean) 1)) {
2765                            /* Clean up and go for AIA round. */
2766                            pkix_PrepareForwardBuilderStateForAIA(state);
2767                            break;
2768                        }
2769                }
2770                PKIX_DECREF(state->candidateCert)do { if (state->candidateCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->candidateCert), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->candidateCert = ((void*)0); } } while (0);
2771            } while (outOfOptions == PKIX_FALSE((PKIX_Boolean) 0));
2772 
2773        } /* while (outOfOptions == PKIX_FALSE) */
2774 
2775cleanup:
2776 
2777        if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) {
2778            goto fatal;
2779        }
2780 
2781        /* verifyNode should be equal to NULL at this point. Assert it.
2782         * Temporarelly use verifyError to store an error ref to which we
2783         * have in pkixErrorResult. This is done to prevent error cloberring
2784         * while using macros below. */
2785        PORT_Assert(verifyError == NULL)((verifyError == ((void*)0))?((void)0):PR_Assert("verifyError == NULL"
,"pkix_build.c",2785));
2786        verifyError = pkixErrorResultstdVars.aPkixErrorResult;
2787 
2788        /*
2789         * We were called with an initialState that had no parent. If we are
2790         * returning with an error or with a result, we must destroy any state
2791         * that we created (any state with a parent).
2792         */
2793 
2794        PKIX_CHECK_FATAL(pkix_ForwardBuilderState_IsIOPendingdo { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_IsIOPending
 (state, &ioPending, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_FORWARDBUILDERSTATEISIOPENDINGFAILED; stdVars
.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors)
 { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2795                         (state, &ioPending, plContext),do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_IsIOPending
 (state, &ioPending, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_FORWARDBUILDERSTATEISIOPENDINGFAILED; stdVars
.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors)
 { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0)
2796                PKIX_FORWARDBUILDERSTATEISIOPENDINGFAILED)do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_IsIOPending
 (state, &ioPending, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_FORWARDBUILDERSTATEISIOPENDINGFAILED; stdVars
.aPkixErrorClass = PKIX_FATAL_ERROR; { if (pkixLoggersErrors)
 { pkix_Logger_CheckWithCode(pkixLoggersErrors, stdVars.aPkixErrorCode
, ((void*)0), stdVars.aPkixType, 1, plContext); } }; goto fatal
; } } while (0);
2797 
2798        if (ioPending == PKIX_FALSE((PKIX_Boolean) 0)) {
2799                while (state->parentState) {
2800                        PKIX_INCREF(state->parentState)do { if (state->parentState){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->parentState), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
2801                        parentState = state->parentState;
2802                        PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2803                        verifyNode = state->verifyNode;
2804                        state->verifyNode = NULL((void*)0);
2805                        PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
2806                        state = parentState;
2807                        parentState = NULL((void*)0);
2808                        if (state->verifyNode != NULL((void*)0) && verifyNode) {
2809                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTreedo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2810                                        (state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2811                                        verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2812                                        plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2813                                        PKIX_VERIFYNODEADDTOTREEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToTree (state
->verifyNode, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEADDTOTREEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2814                                PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2815                        }
2816                }
2817                state->canBeCached = canBeCached;
2818                PKIX_DECREF(state->validityDate)do { if (state->validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state->validityDate), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } state->validityDate = ((void*)0); } } while (0);
2819                state->validityDate = validityDate;
2820                validityDate = NULL((void*)0);
2821        }
2822        if (!*pValResult && !verifyError) {
2823            if (!finalError) {
2824                PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_VerifyNode_FindError(state
->verifyNode, &finalError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEFINDERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2825                    pkix_VerifyNode_FindError(state->verifyNode,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_FindError(state
->verifyNode, &finalError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEFINDERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2826                                              &finalError,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_FindError(state
->verifyNode, &finalError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEFINDERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2827                                              plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_FindError(state
->verifyNode, &finalError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEFINDERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2828                    PKIX_VERIFYNODEFINDERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_FindError(state
->verifyNode, &finalError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODEFINDERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2829            }
2830            if (finalError) {
2831                pkixErrorResultstdVars.aPkixErrorResult = finalError;
2832                pkixErrorCodestdVars.aPkixErrorCode = PKIX_BUILDFORWARDDEPTHFIRSTSEARCHFAILED;
2833                finalError = NULL((void*)0);
2834                goto fatal;
2835            }
2836            pkixErrorCodestdVars.aPkixErrorCode = PKIX_SECERRORUNKNOWNISSUER;
2837            pkixErrorReceivedstdVars.aPkixErrorReceived = PKIX_TRUE((PKIX_Boolean) 1);
2838            PKIX_ERROR_CREATE(BUILD, PKIX_SECERRORUNKNOWNISSUER,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_SECERRORUNKNOWNISSUER, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } }
2839                              verifyError){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_BUILD_ERROR
, stdVars.aMyFuncName, PKIX_SECERRORUNKNOWNISSUER, PKIX_BUILD_ERROR
, stdVars.aPkixErrorResult, &verifyError, plContext); if (
stdVars.aPkixTempResult) { verifyError = stdVars.aPkixTempResult
; stdVars.aPkixTempResult = ((void*)0); } };
2840            PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2841                pkix_VerifyNode_SetError(state->verifyNode, verifyError,do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2842                                         plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
2843                PKIX_VERIFYNODESETERRORFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_SetError(state
->verifyNode, verifyError, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_VERIFYNODESETERRORFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
2844        } else {
2845            pkixErrorResultstdVars.aPkixErrorResult = verifyError;
2846            verifyError = NULL((void*)0);
2847        }
2848 
2849fatal:
2850        if (state->parentState) {
2851            /* parentState in "state" object should be NULL at this point.
2852             * If itn't, that means that we got fatal error(we have jumped to
2853             * "fatal" label) and we should destroy all state except the top one. */
2854            while (state->parentState) {
2855                PKIX_Error *error = NULL((void*)0);
2856                PKIX_ForwardBuilderState *prntState = state->parentState;
2857                /* Dumb: need to increment parentState to avoid destruction
2858                 * of "build constants"(they get destroyed when parentState is
2859                 * set to NULL. */
2860                PKIX_INCREF(prntState)do { if (prntState){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(prntState), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
 (0);
2861                error = PKIX_PL_Object_DecRef((PKIX_PL_Object*)state, plContext);
2862                if (error) {
2863                    PKIX_PL_Object_DecRef((PKIX_PL_Object*)error, plContext);
2864                }
2865                /* No need to decref the parent state. It was already done by
2866                 * pkix_ForwardBuilderState_Destroy function. */
2867                state = prntState;
2868            }
2869        }
2870        PKIX_DECREF(parentState)do { if (parentState){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(parentState), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } parentState = ((void
*)0); } } while (0);
2871        PKIX_DECREF(childState)do { if (childState){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(childState), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } childState = ((void
*)0); } } while (0);
2872        PKIX_DECREF(valResult)do { if (valResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(valResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } valResult = ((void
*)0); } } while (0);
2873        PKIX_DECREF(verifyError)do { if (verifyError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyError = ((void
*)0); } } while (0);
2874        PKIX_DECREF(finalError)do { if (finalError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(finalError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalError = ((void
*)0); } } while (0);
2875        PKIX_DECREF(verifyNode)do { if (verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(verifyNode), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } verifyNode = ((void
*)0); } } while (0);
2876        PKIX_DECREF(childTraversedSubjNames)do { if (childTraversedSubjNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(childTraversedSubjNames), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } childTraversedSubjNames = ((void*)0); } } while (0);
2877        PKIX_DECREF(certSelParams)do { if (certSelParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certSelParams), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } certSelParams
 = ((void*)0); } } while (0);
2878        PKIX_DECREF(subjectNames)do { if (subjectNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(subjectNames), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjectNames = ((void
*)0); } } while (0);
2879        PKIX_DECREF(subjectName)do { if (subjectName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(subjectName), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } subjectName = ((void
*)0); } } while (0);
2880        PKIX_DECREF(trustAnchor)do { if (trustAnchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustAnchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustAnchor = ((void
*)0); } } while (0);
2881        PKIX_DECREF(validityDate)do { if (validityDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(validityDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } validityDate = ((void
*)0); } } while (0);
2882        PKIX_DECREF(revCheckerState)do { if (revCheckerState){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(revCheckerState), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } revCheckerState
 = ((void*)0); } } while (0);
2883        PKIX_DECREF(currTime)do { if (currTime){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(currTime), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } currTime = ((void*
)0); } } while (0);
2884        PKIX_DECREF(filteredCerts)do { if (filteredCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(filteredCerts), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } filteredCerts
 = ((void*)0); } } while (0);
2885        PKIX_DECREF(unfilteredCerts)do { if (unfilteredCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(unfilteredCerts), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unfilteredCerts
 = ((void*)0); } } while (0);
2886        PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
2887 
2888        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
2889}
2890 
2891/*
2892 * FUNCTION: pkix_Build_CheckInCache
2893 * DESCRIPTION:
2894 *
2895 * The function tries to locate a chain for a cert in the cert chain cache.
2896 * If found, the chain goes through revocation chacking and returned back to
2897 * caller. Chains that fail revocation check get removed from cache.
2898 * 
2899 * PARAMETERS:
2900 *  "state"
2901 *      Address of ForwardBuilderState to be used. Must be non-NULL.
2902 *  "pBuildResult"
2903 *      Address at which the BuildResult is stored, after a successful build.
2904 *      Must be non-NULL.
2905 *  "pNBIOContext"
2906 *      Address at which the NBIOContext is stored indicating whether the
2907 *      validation is complete. Must be non-NULL.
2908 *  "plContext"
2909 *      Platform-specific context pointer.
2910 * THREAD SAFETY:
2911 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
2912 * RETURNS:
2913 *  Returns NULL if the function succeeds.
2914 *  Returns a Build Error if the function fails in a non-fatal way
2915 *  Returns a Fatal Error if the function fails in an unrecoverable way.
2916 */
2917static PKIX_Error*
2918pkix_Build_CheckInCache(
2919        PKIX_ForwardBuilderState *state,
2920        PKIX_BuildResult **pBuildResult,
2921        void **pNBIOContext,
2922        void *plContext)
2923{
2924        PKIX_PL_Cert *targetCert = NULL((void*)0);
2925        PKIX_List *anchors = NULL((void*)0);
2926        PKIX_PL_Date *testDate = NULL((void*)0);
2927        PKIX_BuildResult *buildResult = NULL((void*)0);
2928        PKIX_ValidateResult *valResult = NULL((void*)0);
2929        PKIX_Error *buildError = NULL((void*)0);
2930        PKIX_TrustAnchor *matchingAnchor = NULL((void*)0);
2931        PKIX_PL_Cert *trustedCert = NULL((void*)0);
2932        PKIX_List *certList = NULL((void*)0);
2933        PKIX_Boolean cacheHit = PKIX_FALSE((PKIX_Boolean) 0);
2934        PKIX_Boolean trusted = PKIX_FALSE((PKIX_Boolean) 0);
2935        PKIX_Boolean stillValid = PKIX_FALSE((PKIX_Boolean) 0);
2936        void *nbioContext = NULL((void*)0);
2937 
2938        PKIX_ENTER(BUILD, "pkix_Build_CheckInCache")static const char cMyFuncName[] = {"pkix_Build_CheckInCache"}
; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
2939 
2940        nbioContext = *pNBIOContext;
2941        *pNBIOContext = NULL((void*)0);
2942 
2943        targetCert = state->buildConstants.targetCert;
2944        anchors = state->buildConstants.anchors;
2945        testDate = state->buildConstants.testDate;
2946 
2947        /* Check whether this cert verification has been cached. */
2948        PKIX_CHECK(pkix_CacheCertChain_Lookupdo { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2949                   (targetCert,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2950                    anchors,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2951                    testDate,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2952                    &cacheHit,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2953                    &buildResult,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2954                    plContext),do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0)
2955                   PKIX_CACHECERTCHAINLOOKUPFAILED)do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Lookup (
targetCert, anchors, testDate, &cacheHit, &buildResult
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CACHECERTCHAINLOOKUPFAILED; goto cleanup; } } while (
0);
2956        
2957        if (!cacheHit) {
2958            goto cleanup;
2959        }
2960        
2961        /*
2962         * We found something in cache. Verify that the anchor
2963         * cert is still trusted,
2964         */
2965        PKIX_CHECK(PKIX_BuildResult_GetValidateResultdo { stdVars.aPkixErrorResult = (PKIX_BuildResult_GetValidateResult
 (buildResult, &valResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDRESULTGETVALIDATERESULTFAILED
; goto cleanup; } } while (0)
2966                   (buildResult, &valResult, plContext),do { stdVars.aPkixErrorResult = (PKIX_BuildResult_GetValidateResult
 (buildResult, &valResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDRESULTGETVALIDATERESULTFAILED
; goto cleanup; } } while (0)
2967                   PKIX_BUILDRESULTGETVALIDATERESULTFAILED)do { stdVars.aPkixErrorResult = (PKIX_BuildResult_GetValidateResult
 (buildResult, &valResult, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDRESULTGETVALIDATERESULTFAILED
; goto cleanup; } } while (0);
2968        
2969        PKIX_CHECK(PKIX_ValidateResult_GetTrustAnchordo { stdVars.aPkixErrorResult = (PKIX_ValidateResult_GetTrustAnchor
 (valResult, &matchingAnchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTGETTRUSTANCHORFAILED
; goto cleanup; } } while (0)
2970                       (valResult, &matchingAnchor, plContext),do { stdVars.aPkixErrorResult = (PKIX_ValidateResult_GetTrustAnchor
 (valResult, &matchingAnchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTGETTRUSTANCHORFAILED
; goto cleanup; } } while (0)
2971                   PKIX_VALIDATERESULTGETTRUSTANCHORFAILED)do { stdVars.aPkixErrorResult = (PKIX_ValidateResult_GetTrustAnchor
 (valResult, &matchingAnchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATERESULTGETTRUSTANCHORFAILED
; goto cleanup; } } while (0);
2972        
2973        PKIX_DECREF(valResult)do { if (valResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(valResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } valResult = ((void
*)0); } } while (0);
2974        
2975        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (matchingAnchor, &trustedCert, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
2976                   (matchingAnchor, &trustedCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (matchingAnchor, &trustedCert, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
2977                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
 (matchingAnchor, &trustedCert, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0);
2978        
2979        if (anchors && state->buildConstants.numAnchors) {
2980            /* Check if it is one of the trust anchors */
2981            PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_List_Contains(anchors, (
PKIX_PL_Object *)matchingAnchor, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
2982                pkix_List_Contains(anchors,do { stdVars.aPkixErrorResult = (pkix_List_Contains(anchors, (
PKIX_PL_Object *)matchingAnchor, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
2983                                   (PKIX_PL_Object *)matchingAnchor,do { stdVars.aPkixErrorResult = (pkix_List_Contains(anchors, (
PKIX_PL_Object *)matchingAnchor, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
2984                                   &trusted,do { stdVars.aPkixErrorResult = (pkix_List_Contains(anchors, (
PKIX_PL_Object *)matchingAnchor, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
2985                                   plContext),do { stdVars.aPkixErrorResult = (pkix_List_Contains(anchors, (
PKIX_PL_Object *)matchingAnchor, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0)
2986                PKIX_LISTCONTAINSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_Contains(anchors, (
PKIX_PL_Object *)matchingAnchor, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTCONTAINSFAILED
; goto cleanup; } } while (0);
2987        }
2988 
2989        if ((!trusted && !state->buildConstants.trustOnlyUserAnchors) ||
2990            !state->buildConstants.numAnchors) {
2991            /* If it is not one of the trust anchors and the trust anchors
2992             * are supplemental, or if there are no trust anchors, then check
2993             * if the cert is trusted directly.
2994             */
2995            PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(trustedCert
, PKIX_PL_TrustAnchorMode_Ignore, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED
; goto cleanup; } } while (0)
2996                PKIX_PL_Cert_IsCertTrusted(trustedCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(trustedCert
, PKIX_PL_TrustAnchorMode_Ignore, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED
; goto cleanup; } } while (0)
2997                                           PKIX_PL_TrustAnchorMode_Ignore,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(trustedCert
, PKIX_PL_TrustAnchorMode_Ignore, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED
; goto cleanup; } } while (0)
2998                                           &trusted, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(trustedCert
, PKIX_PL_TrustAnchorMode_Ignore, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED
; goto cleanup; } } while (0)
2999                PKIX_CERTISCERTTRUSTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsCertTrusted(trustedCert
, PKIX_PL_TrustAnchorMode_Ignore, &trusted, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED
; goto cleanup; } } while (0);
3000        }
3001 
3002        if (!trusted) {
3003            goto cleanup;
3004        }
3005        /*
3006         * Since the key usage may vary for different
3007         * applications, we need to verify the chain again.
3008         * Reverification will be improved with a fix for 397805.
3009         */
3010        PKIX_CHECK(PKIX_BuildResult_GetCertChaindo { stdVars.aPkixErrorResult = (PKIX_BuildResult_GetCertChain
 (buildResult, &certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDRESULTGETCERTCHAINFAILED
; goto cleanup; } } while (0)
3011                   (buildResult, &certList, plContext),do { stdVars.aPkixErrorResult = (PKIX_BuildResult_GetCertChain
 (buildResult, &certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDRESULTGETCERTCHAINFAILED
; goto cleanup; } } while (0)
3012                   PKIX_BUILDRESULTGETCERTCHAINFAILED)do { stdVars.aPkixErrorResult = (PKIX_BuildResult_GetCertChain
 (buildResult, &certList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDRESULTGETCERTCHAINFAILED
; goto cleanup; } } while (0);
3013        
3014        PKIX_CHECK(pkix_Build_ValidationCheckersdo { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
3015                   (state,do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
3016                    certList,do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
3017                    matchingAnchor,do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
3018                    PKIX_TRUE,  /* Chain revalidation stage. */do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
3019                    plContext),do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0)
3020                   PKIX_BUILDVALIDATIONCHECKERSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_ValidationCheckers
 (state, certList, matchingAnchor, ((PKIX_Boolean) 1), plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDVALIDATIONCHECKERSFAILED; goto cleanup; } } while
 (0);
3021 
3022        PKIX_CHECK_ONLY_FATAL(do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_ValidateEntireChain(state, matchingAnchor
, &nbioContext, &valResult, state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } do { if (stdVars.aPkixErrorResult){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
 = ((void*)0); } } while (0); } } while (0)
3023            pkix_Build_ValidateEntireChain(state, matchingAnchor,do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_ValidateEntireChain(state, matchingAnchor
, &nbioContext, &valResult, state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } do { if (stdVars.aPkixErrorResult){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
 = ((void*)0); } } while (0); } } while (0)
3024                                           &nbioContext, &valResult,do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_ValidateEntireChain(state, matchingAnchor
, &nbioContext, &valResult, state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } do { if (stdVars.aPkixErrorResult){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
 = ((void*)0); } } while (0); } } while (0)
3025                                           state->verifyNode, plContext),do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_ValidateEntireChain(state, matchingAnchor
, &nbioContext, &valResult, state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } do { if (stdVars.aPkixErrorResult){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
 = ((void*)0); } } while (0); } } while (0)
3026            PKIX_BUILDVALIDATEENTIRECHAINFAILED)do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_ValidateEntireChain(state, matchingAnchor
, &nbioContext, &valResult, state->verifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixTempErrorReceived
 = ((PKIX_Boolean) 1); stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; if (stdVars.aPkixErrorClass == PKIX_FATAL_ERROR
) { goto cleanup; } do { if (stdVars.aPkixErrorResult){ stdVars
.aPkixTempResult = PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(
stdVars.aPkixErrorResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } stdVars.aPkixErrorResult
 = ((void*)0); } } while (0); } } while (0);
3027 
3028        if (nbioContext != NULL((void*)0)) {
3029            /* IO still pending, resume later */
3030            *pNBIOContext = nbioContext;
3031            goto cleanup;
3032        }
3033        if (!PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)) {
3034            /* The result from cache is still valid. But we replace an old*/
3035            *pBuildResult = buildResult;
3036            buildResult = NULL((void*)0);
3037            stillValid = PKIX_TRUE((PKIX_Boolean) 1);
3038        }
3039 
3040cleanup:
3041 
3042        if (!nbioContext && cacheHit && !(trusted && stillValid)) {
3043            /* The anchor of this chain is no longer trusted or
3044             * chain cert(s) has been revoked.
3045             * Invalidate this result in the cache */
3046            buildError = pkixErrorResultstdVars.aPkixErrorResult;
3047            PKIX_CHECK_FATAL(pkix_CacheCertChain_Removedo { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Remove (
targetCert, anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_CACHECERTCHAINREMOVEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
3048                       (targetCert,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Remove (
targetCert, anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_CACHECERTCHAINREMOVEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
3049                        anchors,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Remove (
targetCert, anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_CACHECERTCHAINREMOVEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
3050                        plContext),do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Remove (
targetCert, anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_CACHECERTCHAINREMOVEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
3051                       PKIX_CACHECERTCHAINREMOVEFAILED)do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Remove (
targetCert, anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_CACHECERTCHAINREMOVEFAILED; stdVars.aPkixErrorClass
 = PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
3052            pkixErrorResultstdVars.aPkixErrorResult = buildError;
3053            buildError = NULL((void*)0);
3054        }
3055 
3056fatal:
3057       PKIX_DECREF(buildResult)do { if (buildResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(buildResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } buildResult = ((void
*)0); } } while (0);
3058       PKIX_DECREF(valResult)do { if (valResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(valResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } valResult = ((void
*)0); } } while (0);
3059       PKIX_DECREF(buildError)do { if (buildError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(buildError), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } buildError = ((void
*)0); } } while (0);
3060       PKIX_DECREF(certList)do { if (certList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certList = ((void*
)0); } } while (0);
3061       PKIX_DECREF(matchingAnchor)do { if (matchingAnchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(matchingAnchor), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } matchingAnchor
 = ((void*)0); } } while (0);
3062       PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
3063 
3064       
3065       PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
3066}
3067 
3068/*
3069 * FUNCTION: pkix_Build_InitiateBuildChain
3070 * DESCRIPTION:
3071 *
3072 *  This function initiates the search for a BuildChain, using the parameters
3073 *  provided in "procParams" and, if continuing a search that was suspended
3074 *  for I/O, using the ForwardBuilderState pointed to by "pState".
3075 *
3076 *  If a successful chain is built, this function stores the BuildResult at
3077 *  "pBuildResult". Alternatively, if an operation using non-blocking I/O
3078 *  is in progress and the operation has not been completed, this function
3079 *  stores the platform-dependent non-blocking I/O context (nbioContext) at
3080 *  "pNBIOContext", the FowardBuilderState at "pState", and NULL at
3081 *  "pBuildResult". Finally, if chain building was unsuccessful, this function
3082 *  stores NULL at both "pState" and at "pBuildResult".
3083 *
3084 *  Note: This function is re-entered only for the case of non-blocking I/O
3085 *  in the "short-cut" attempt to build a chain using the target Certificate
3086 *  directly with one of the trustAnchors. For all other cases, resumption
3087 *  after non-blocking I/O is via pkix_Build_ResumeBuildChain.
3088 *
3089 * PARAMETERS:
3090 *  "procParams"
3091 *      Address of the ProcessingParams for the search. Must be non-NULL.
3092 *  "pNBIOContext"
3093 *      Address at which the NBIOContext is stored indicating whether the
3094 *      validation is complete. Must be non-NULL.
3095 *  "pState"
3096 *      Address at which the ForwardBuilderState is stored, if the chain
3097 *      building is suspended for waiting I/O; also, the address at which the
3098 *      ForwardBuilderState is provided for resumption of the chain building
3099 *      attempt. Must be non-NULL.
3100 *  "pBuildResult"
3101 *      Address at which the BuildResult is stored, after a successful build.
3102 *      Must be non-NULL.
3103 *  "pVerifyNode"
3104 *      Address at which a VerifyNode chain is returned, if non-NULL.
3105 *  "plContext"
3106 *      Platform-specific context pointer.
3107 * THREAD SAFETY:
3108 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
3109 * RETURNS:
3110 *  Returns NULL if the function succeeds.
3111 *  Returns a Build Error if the function fails in a non-fatal way
3112 *  Returns a Fatal Error if the function fails in an unrecoverable way.
3113 */
3114static PKIX_Error *
3115pkix_Build_InitiateBuildChain(
3116        PKIX_ProcessingParams *procParams,
3117        void **pNBIOContext,
3118        PKIX_ForwardBuilderState **pState,
3119        PKIX_BuildResult **pBuildResult,
3120        PKIX_VerifyNode **pVerifyNode,
3121        void *plContext)
3122{
3123        PKIX_UInt32 numAnchors = 0;
3124        PKIX_UInt32 numCertStores = 0;
3125        PKIX_UInt32 numHintCerts = 0;
3126        PKIX_UInt32 i = 0;
3127        PKIX_Boolean isDuplicate = PKIX_FALSE((PKIX_Boolean) 0);
3128        PKIX_PL_Cert *trustedCert = NULL((void*)0);
3129        PKIX_CertSelector *targetConstraints = NULL((void*)0);
3130        PKIX_ComCertSelParams *targetParams = NULL((void*)0);
3131        PKIX_List *anchors = NULL((void*)0);
3132        PKIX_List *targetSubjNames = NULL((void*)0);
3133        PKIX_PL_Cert *targetCert = NULL((void*)0);
3134        PKIX_PL_Object *firstHintCert = NULL((void*)0);
3135        PKIX_RevocationChecker *revChecker = NULL((void*)0);
3136        PKIX_List *certStores = NULL((void*)0);
3137        PKIX_CertStore *certStore = NULL((void*)0);
3138        PKIX_List *userCheckers = NULL((void*)0);
3139        PKIX_List *hintCerts = NULL((void*)0);
3140        PKIX_PL_Date *testDate = NULL((void*)0);
3141        PKIX_PL_PublicKey *targetPubKey = NULL((void*)0);
3142        void *nbioContext = NULL((void*)0);
3143        BuildConstants buildConstants;
3144 
3145        PKIX_List *tentativeChain = NULL((void*)0);
3146        PKIX_ValidateResult *valResult = NULL((void*)0);
3147        PKIX_BuildResult *buildResult = NULL((void*)0);
3148        PKIX_List *certList = NULL((void*)0);
3149        PKIX_ForwardBuilderState *state = NULL((void*)0);
3150        PKIX_CertStore_CheckTrustCallback trustCallback = NULL((void*)0);
3151        PKIX_CertSelector_MatchCallback selectorCallback = NULL((void*)0);
3152        PKIX_Boolean trusted = PKIX_FALSE((PKIX_Boolean) 0);
3153        PKIX_PL_AIAMgr *aiaMgr = NULL((void*)0);
3154 
3155        PKIX_ENTER(BUILD, "pkix_Build_InitiateBuildChain")static const char cMyFuncName[] = {"pkix_Build_InitiateBuildChain"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
1
Assuming 'pkixLoggersDebugTrace' is null→
2
←
Taking false branch→
3156        PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult)do { if (((procParams) == ((void*)0)) || ((pNBIOContext) == (
(void*)0)) || ((pState) == ((void*)0)) || ((pBuildResult) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
 stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
3
←
Loop condition is false.  Exiting loop→
4
←
Assuming 'procParams' is not equal to null→
5
←
Assuming 'pNBIOContext' is not equal to null→
6
←
Assuming 'pState' is not equal to null→
7
←
Assuming 'pBuildResult' is not equal to null→
8
←
Taking false branch→
9
←
Loop condition is false.  Exiting loop→
3157 
3158        nbioContext = *pNBIOContext;
3159        *pNBIOContext = NULL((void*)0);
3160 
3161        state = *pState;
3162        *pState = NULL((void*)0); /* no net change in reference count */
3163 
3164        if (state == NULL((void*)0)) {
10
←
Assuming 'state' is equal to NULL→
11
←
Taking true branch→
3165            PKIX_CHECK(PKIX_ProcessingParams_GetDatedo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate
 (procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED
; goto cleanup; } } while (0)
12
←
Assuming field 'aPkixErrorResult' is null→
13
←
Taking false branch→
14
←
Loop condition is false.  Exiting loop→
3166                    (procParams, &testDate, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate
 (procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED
; goto cleanup; } } while (0)
3167                    PKIX_PROCESSINGPARAMSGETDATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate
 (procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED
; goto cleanup; } } while (0);
3168    
3169            PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchorsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors
 (procParams, &anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED
; goto cleanup; } } while (0)
15
←
Assuming field 'aPkixErrorResult' is null→
16
←
Taking false branch→
17
←
Loop condition is false.  Exiting loop→
3170                    (procParams, &anchors, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors
 (procParams, &anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED
; goto cleanup; } } while (0)
3171                    PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors
 (procParams, &anchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED
; goto cleanup; } } while (0);
3172    
3173            PKIX_CHECK(PKIX_List_GetLength(anchors, &numAnchors, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(anchors,
 &numAnchors, plContext)); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
18
←
Assuming field 'aPkixErrorResult' is null→
19
←
Taking false branch→
20
←
Loop condition is false.  Exiting loop→
3174                    PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(anchors,
 &numAnchors, plContext)); if (stdVars.aPkixErrorResult) {
 stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
3175    
3176            /* retrieve stuff from targetCertConstraints */
3177            PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (procParams, &targetConstraints, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0)
21
←
Assuming field 'aPkixErrorResult' is null→
22
←
Taking false branch→
23
←
Loop condition is false.  Exiting loop→
3178                       (procParams, &targetConstraints, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (procParams, &targetConstraints, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0)
3179                       PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
 (procParams, &targetConstraints, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0);
3180    
3181            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParamsdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (targetConstraints, &targetParams, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
24
←
Assuming field 'aPkixErrorResult' is null→
25
←
Taking false branch→
26
←
Loop condition is false.  Exiting loop→
3182                    (targetConstraints, &targetParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (targetConstraints, &targetParams, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0)
3183                    PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetCommonCertSelectorParams
 (targetConstraints, &targetParams, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED
; goto cleanup; } } while (0);
3184    
3185            PKIX_CHECK(PKIX_ComCertSelParams_GetCertificatedo { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetCertificate
 (targetParams, &targetCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED
; goto cleanup; } } while (0)
27
←
Assuming field 'aPkixErrorResult' is null→
28
←
Taking false branch→
29
←
Loop condition is false.  Exiting loop→
3186                    (targetParams, &targetCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetCertificate
 (targetParams, &targetCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED
; goto cleanup; } } while (0)
3187                    PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_GetCertificate
 (targetParams, &targetCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED
; goto cleanup; } } while (0);
3188    
3189            PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetLeafCertFlag
(targetParams, ((PKIX_Boolean) 1), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED
; goto cleanup; } } while (0)
30
←
Assuming field 'aPkixErrorResult' is null→
31
←
Taking false branch→
32
←
Loop condition is false.  Exiting loop→
3190                PKIX_ComCertSelParams_SetLeafCertFlag(targetParams,do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetLeafCertFlag
(targetParams, ((PKIX_Boolean) 1), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED
; goto cleanup; } } while (0)
3191                                                      PKIX_TRUE, plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetLeafCertFlag
(targetParams, ((PKIX_Boolean) 1), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED
; goto cleanup; } } while (0)
3192                PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetLeafCertFlag
(targetParams, ((PKIX_Boolean) 1), plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED
; goto cleanup; } } while (0);
3193 
3194            PKIX_CHECK(PKIX_ProcessingParams_GetHintCertsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetHintCerts
 (procParams, &hintCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETHINTCERTSFAILED
; goto cleanup; } } while (0)
33
←
Assuming field 'aPkixErrorResult' is null→
34
←
Taking false branch→
35
←
Loop condition is false.  Exiting loop→
3195                        (procParams, &hintCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetHintCerts
 (procParams, &hintCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETHINTCERTSFAILED
; goto cleanup; } } while (0)
3196                        PKIX_PROCESSINGPARAMSGETHINTCERTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetHintCerts
 (procParams, &hintCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETHINTCERTSFAILED
; goto cleanup; } } while (0);
3197    
3198            if (hintCerts != NULL((void*)0)) {
36
←
Assuming 'hintCerts' is equal to NULL→
37
←
Taking false branch→
3199                    PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (hintCerts
, &numHintCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
3200                            (hintCerts, &numHintCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (hintCerts
, &numHintCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
3201                            PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (hintCerts
, &numHintCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
3202            }
3203 
3204            /*
3205             * Caller must provide either a target Cert
3206             * (in ComCertSelParams->Certificate) or a partial Cert
3207             * chain (in ProcParams->HintCerts).
3208             */
3209 
3210            if (targetCert == NULL((void*)0)) {
38
←
Assuming 'targetCert' is not equal to NULL→
39
←
Taking false branch→
3211 
3212                    /* Use first cert of hintCerts as the targetCert */
3213                    if (numHintCerts == 0) {
3214                            PKIX_ERROR(PKIX_NOTARGETCERTSUPPLIED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_NOTARGETCERTSUPPLIED, ((void*)0), stdVars.aPkixType, 2
, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NOTARGETCERTSUPPLIED; goto
 cleanup; };
3215                    }
3216 
3217                    PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, (PKIX_PL_Object **)&targetCert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
3218                            (hintCerts,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, (PKIX_PL_Object **)&targetCert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
3219                            0,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, (PKIX_PL_Object **)&targetCert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
3220                            (PKIX_PL_Object **)&targetCert,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, (PKIX_PL_Object **)&targetCert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
3221                            plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, (PKIX_PL_Object **)&targetCert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
3222                            PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, (PKIX_PL_Object **)&targetCert, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
3223 
3224                    PKIX_CHECK(PKIX_List_DeleteItem(hintCerts, 0, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem(hintCerts
, 0, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
3225                            PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem(hintCerts
, 0, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0);
3226            } else {
3227 
3228                    /*
3229                     * If the first hintCert is the same as the targetCert,
3230                     * delete it from hintCerts.
3231                     */ 
3232                    if (numHintCerts39.1
'numHintCerts' is equal to 0
 != 0) {
40
←
Taking false branch→
3233                            PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, &firstHintCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
3234                                    (hintCerts, 0, &firstHintCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, &firstHintCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
3235                                    PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (hintCerts
, 0, &firstHintCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
3236 
3237                            PKIX_CHECK(PKIX_PL_Object_Equalsdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object
 *)targetCert, firstHintCert, &isDuplicate, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
3238                                    ((PKIX_PL_Object *)targetCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object
 *)targetCert, firstHintCert, &isDuplicate, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
3239                                    firstHintCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object
 *)targetCert, firstHintCert, &isDuplicate, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
3240                                    &isDuplicate,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object
 *)targetCert, firstHintCert, &isDuplicate, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
3241                                    plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object
 *)targetCert, firstHintCert, &isDuplicate, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0)
3242                                    PKIX_OBJECTEQUALSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals ((PKIX_PL_Object
 *)targetCert, firstHintCert, &isDuplicate, plContext)); if
 (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_OBJECTEQUALSFAILED
; goto cleanup; } } while (0);
3243 
3244                            if (isDuplicate) {
3245                                    PKIX_CHECK(PKIX_List_DeleteItemdo { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (hintCerts
, 0, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
3246                                    (hintCerts, 0, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (hintCerts
, 0, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0)
3247                                    PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (hintCerts
, 0, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTGETITEMFAILED; goto cleanup; } } while (0);
3248                            }
3249                            PKIX_DECREF(firstHintCert)do { if (firstHintCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(firstHintCert), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } firstHintCert
 = ((void*)0); } } while (0);
3250                    }
3251 
3252            }
3253 
3254            if (targetCert40.1
'targetCert' is not equal to NULL
 == NULL((void*)0)) {
41
←
Taking false branch→
3255                PKIX_ERROR(PKIX_NOTARGETCERTSUPPLIED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_NOTARGETCERTSUPPLIED, ((void*)0), stdVars.aPkixType, 2
, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NOTARGETCERTSUPPLIED; goto
 cleanup; };
3256            }
3257 
3258            PKIX_CHECK(PKIX_PL_Cert_IsLeafCertTrusteddo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsLeafCertTrusted
 (targetCert, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0)
42
←
Assuming field 'aPkixErrorResult' is null→
43
←
Taking false branch→
44
←
Loop condition is false.  Exiting loop→
3259                    (targetCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsLeafCertTrusted
 (targetCert, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0)
3260                    &trusted,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsLeafCertTrusted
 (targetCert, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0) 
3261                    plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsLeafCertTrusted
 (targetCert, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0)
3262                    PKIX_CERTISCERTTRUSTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_IsLeafCertTrusted
 (targetCert, &trusted, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTISCERTTRUSTEDFAILED; goto
 cleanup; } } while (0);
3263 
3264            PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNamesdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (targetCert, &targetSubjNames, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
45
←
Assuming field 'aPkixErrorResult' is null→
46
←
Taking false branch→
47
←
Loop condition is false.  Exiting loop→
3265                    (targetCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (targetCert, &targetSubjNames, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
3266                    &targetSubjNames,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (targetCert, &targetSubjNames, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
3267                    plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (targetCert, &targetSubjNames, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0)
3268                    PKIX_CERTGETALLSUBJECTNAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (targetCert, &targetSubjNames, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTGETALLSUBJECTNAMESFAILED
; goto cleanup; } } while (0);
3269    
3270            PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (targetCert, &targetPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
48
←
Assuming field 'aPkixErrorResult' is null→
49
←
Taking false branch→
50
←
Loop condition is false.  Exiting loop→
3271                    (targetCert, &targetPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (targetCert, &targetPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
3272                    PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
 (targetCert, &targetPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0);
3273    
3274            PKIX_CHECK(PKIX_List_Create(&tentativeChain, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&tentativeChain
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
51
←
Assuming field 'aPkixErrorResult' is null→
52
←
Taking false branch→
53
←
Loop condition is false.  Exiting loop→
3275                    PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&tentativeChain
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
3276    
3277            PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (tentativeChain
, (PKIX_PL_Object *)targetCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
54
←
Assuming field 'aPkixErrorResult' is null→
55
←
Taking false branch→
56
←
Loop condition is false.  Exiting loop→
3278                    (tentativeChain, (PKIX_PL_Object *)targetCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (tentativeChain
, (PKIX_PL_Object *)targetCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
3279                    PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (tentativeChain
, (PKIX_PL_Object *)targetCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
3280    
3281            if (procParams->qualifyTargetCert) {
57
←
Assuming field 'qualifyTargetCert' is 0→
3282                /* EE cert validation */
3283                /* Sync up the time on the target selector parameter struct. */
3284                PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
(targetParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0)
3285                    PKIX_ComCertSelParams_SetCertificateValid(targetParams,do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
(targetParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0)
3286                                                              testDate,do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
(targetParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0)
3287                                                              plContext),do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
(targetParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0)
3288                    PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ComCertSelParams_SetCertificateValid
(targetParams, testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED
; goto cleanup; } } while (0);
3289                
3290                PKIX_CHECK(PKIX_CertSelector_GetMatchCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetMatchCallback
 (targetConstraints, &selectorCallback, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETMATCHCALLBACKFAILED
; goto cleanup; } } while (0)
3291                           (targetConstraints, &selectorCallback, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetMatchCallback
 (targetConstraints, &selectorCallback, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETMATCHCALLBACKFAILED
; goto cleanup; } } while (0)
3292                           PKIX_CERTSELECTORGETMATCHCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertSelector_GetMatchCallback
 (targetConstraints, &selectorCallback, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTSELECTORGETMATCHCALLBACKFAILED
; goto cleanup; } } while (0);
3293                
3294                pkixErrorResultstdVars.aPkixErrorResult =
3295                    (*selectorCallback)(targetConstraints, targetCert,
3296                                        plContext);
3297                if (pkixErrorResultstdVars.aPkixErrorResult) {
3298                    pkixErrorClassstdVars.aPkixErrorClass = pkixErrorResultstdVars.aPkixErrorResult->errClass;
3299                    if (pkixErrorClassstdVars.aPkixErrorClass == PKIX_FATAL_ERROR) {
3300                        goto cleanup;
3301                    }
3302                    if (pVerifyNode != NULL((void*)0)) {
3303                            PKIX_Error *tempResult =
3304                                pkix_VerifyNode_Create(targetCert, 0,
3305                                                       pkixErrorResultstdVars.aPkixErrorResult,
3306                                                       pVerifyNode,
3307                                                       plContext);
3308                            if (tempResult) {
3309                                PKIX_DECREF(pkixErrorResult)do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0);
3310                                pkixErrorResultstdVars.aPkixErrorResult = tempResult;
3311                                pkixErrorCodestdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
3312                                pkixErrorClassstdVars.aPkixErrorClass = PKIX_FATAL_ERROR;
3313                                goto cleanup;
3314                            }
3315                    }
3316                    pkixErrorCodestdVars.aPkixErrorCode = PKIX_CERTCHECKVALIDITYFAILED;
3317                    goto cleanup;
3318                }
3319            }
3320 
3321            /* If the EE cert is trusted, force success. We only want to do
3322             * this if we aren't validating against a policy (like EV). */
3323            if (trusted && procParams->initialPolicies == NULL((void*)0)) {
58
←
Assuming 'trusted' is 0→
3324                if (pVerifyNode != NULL((void*)0)) {
3325                    PKIX_Error *tempResult =
3326                        pkix_VerifyNode_Create(targetCert, 0, NULL((void*)0),
3327                                               pVerifyNode,
3328                                               plContext);
3329                    if (tempResult) {
3330                        pkixErrorResultstdVars.aPkixErrorResult = tempResult;
3331                        pkixErrorCodestdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
3332                        pkixErrorClassstdVars.aPkixErrorClass = PKIX_FATAL_ERROR;
3333                        goto cleanup;
3334                    }
3335                }
3336                PKIX_CHECK(pkix_ValidateResult_Createdo { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
targetPubKey, ((void*)0) , ((void*)0) , &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
3337                        (targetPubKey, NULL /* anchor */,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
targetPubKey, ((void*)0) , ((void*)0) , &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
3338                         NULL /* policyTree */, &valResult, plContext),do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
targetPubKey, ((void*)0) , ((void*)0) , &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
3339                        PKIX_VALIDATERESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
targetPubKey, ((void*)0) , ((void*)0) , &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0);
3340                PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, tentativeChain, &buildResult, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3341                    pkix_BuildResult_Create(valResult, tentativeChain,do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, tentativeChain, &buildResult, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3342                                            &buildResult, plContext),do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, tentativeChain, &buildResult, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3343                    PKIX_BUILDRESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, tentativeChain, &buildResult, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0);
3344                *pBuildResult = buildResult;
3345                /* Note that *pState is NULL.   The only side effect is that
3346                 * the cert chain won't be cached in PKIX_BuildChain, which
3347                 * is fine. */
3348                goto cleanup;
3349            }
3350    
3351            PKIX_CHECK(PKIX_ProcessingParams_GetCertStoresdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
 (procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
59
←
Assuming field 'aPkixErrorResult' is null→
60
←
Taking false branch→
61
←
Loop condition is false.  Exiting loop→
3352                    (procParams, &certStores, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
 (procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
3353                    PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
 (procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0);
3354    
3355            PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certStores
, &numCertStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
62
←
Assuming field 'aPkixErrorResult' is null→
63
←
Taking false branch→
64
←
Loop condition is false.  Exiting loop→
3356                    (certStores, &numCertStores, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certStores
, &numCertStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
3357                    PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (certStores
, &numCertStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
3358    
3359            /* Reorder CertStores so trusted are at front of the List */
3360            if (numCertStores > 1) {
65
←
Assuming 'numCertStores' is <= 1→
66
←
Taking false branch→
3361                for (i = numCertStores - 1; i > 0; i--) {
3362                    PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItemdo { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_List_GetItem (certStores, i, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3363                        (certStores,do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_List_GetItem (certStores, i, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3364                        i,do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_List_GetItem (certStores, i, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3365                        (PKIX_PL_Object **)&certStore,do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_List_GetItem (certStores, i, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3366                        plContext),do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_List_GetItem (certStores, i, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3367                        PKIX_LISTGETITEMFAILED)do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_List_GetItem (certStores, i, (PKIX_PL_Object
 **)&certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0);
3368                    PKIX_CHECK_ONLY_FATAL(PKIX_CertStore_GetTrustCallbackdo { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback (certStore
, &trustCallback, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3369                        (certStore, &trustCallback, plContext),do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback (certStore
, &trustCallback, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3370                        PKIX_CERTSTOREGETTRUSTCALLBACKFAILED)do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (PKIX_CertStore_GetTrustCallback (certStore
, &trustCallback, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0);
3371    
3372                    if (trustCallback != NULL((void*)0)) {
3373                        /* Is a trusted Cert, move CertStore to front */
3374                        PKIX_CHECK(PKIX_List_DeleteItemdo { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (certStores
, i, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTDELETEITEMFAILED; goto cleanup; } } while (0)
3375                            (certStores, i, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (certStores
, i, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTDELETEITEMFAILED; goto cleanup; } } while (0)
3376                            PKIX_LISTDELETEITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_DeleteItem (certStores
, i, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_LISTDELETEITEMFAILED; goto cleanup; } } while (0);
3377                        PKIX_CHECK(PKIX_List_InsertItemdo { stdVars.aPkixErrorResult = (PKIX_List_InsertItem (certStores
, 0, (PKIX_PL_Object *)certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTINSERTITEMFAILED; goto cleanup
; } } while (0)
3378                            (certStores,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem (certStores
, 0, (PKIX_PL_Object *)certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTINSERTITEMFAILED; goto cleanup
; } } while (0)
3379                            0,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem (certStores
, 0, (PKIX_PL_Object *)certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTINSERTITEMFAILED; goto cleanup
; } } while (0)
3380                            (PKIX_PL_Object *)certStore,do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem (certStores
, 0, (PKIX_PL_Object *)certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTINSERTITEMFAILED; goto cleanup
; } } while (0)
3381                            plContext),do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem (certStores
, 0, (PKIX_PL_Object *)certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTINSERTITEMFAILED; goto cleanup
; } } while (0)
3382                        PKIX_LISTINSERTITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_InsertItem (certStores
, 0, (PKIX_PL_Object *)certStore, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTINSERTITEMFAILED; goto cleanup
; } } while (0);
3383    
3384                    }
3385    
3386                    PKIX_DECREF(certStore)do { if (certStore){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certStore), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStore = ((void
*)0); } } while (0);
3387                }
3388            }
3389    
3390            PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
 (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
67
←
Assuming field 'aPkixErrorResult' is null→
68
←
Taking false branch→
69
←
Loop condition is false.  Exiting loop→
3391                        (procParams, &userCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
 (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
3392                        PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
 (procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0);
3393    
3394            PKIX_CHECK(PKIX_ProcessingParams_GetRevocationCheckerdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
 (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0)
70
←
Assuming field 'aPkixErrorResult' is null→
71
←
Taking false branch→
72
←
Loop condition is false.  Exiting loop→
3395                        (procParams, &revChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
 (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0)
3396                       PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
 (procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0);
3397            /* Do not initialize AIA manager if we are not going to fetch
3398             * cert using aia url. */
3399            if (procParams->useAIAForCertFetching) {
73
←
Assuming field 'useAIAForCertFetching' is 0→
74
←
Taking false branch→
3400                PKIX_CHECK(PKIX_PL_AIAMgr_Create(&aiaMgr, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_AIAMgr_Create(&aiaMgr
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_AIAMGRCREATEFAILED; goto cleanup; } } while (0)
3401                           PKIX_AIAMGRCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_AIAMgr_Create(&aiaMgr
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_AIAMGRCREATEFAILED; goto cleanup; } } while (0);
3402            }
3403 
3404            /*
3405             * We initialize all the fields of buildConstants here, in one place,
3406             * just to help keep track and ensure that we got everything.
3407             */
3408    
3409            buildConstants.numAnchors = numAnchors;
3410            buildConstants.numCertStores = numCertStores;
3411            buildConstants.numHintCerts = numHintCerts;
3412            buildConstants.procParams = procParams;
3413            buildConstants.testDate = testDate;
3414            buildConstants.timeLimit = NULL((void*)0);
3415            buildConstants.targetCert = targetCert;
3416            buildConstants.targetPubKey = targetPubKey;
3417            buildConstants.certStores = certStores;
3418            buildConstants.anchors = anchors;
3419            buildConstants.userCheckers = userCheckers;
3420            buildConstants.hintCerts = hintCerts;
3421            buildConstants.revChecker = revChecker;
3422            buildConstants.aiaMgr = aiaMgr;
3423            buildConstants.trustOnlyUserAnchors =
3424                    procParams->useOnlyTrustAnchors;
3425 
3426            PKIX_CHECK(pkix_Build_GetResourceLimits(&buildConstants, plContext),do { stdVars.aPkixErrorResult = (pkix_Build_GetResourceLimits
(&buildConstants, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDGETRESOURCELIMITSFAILED;
 goto cleanup; } } while (0)
75
←
Calling 'pkix_Build_GetResourceLimits'→
89
←
Returning from 'pkix_Build_GetResourceLimits'→
90
←
Assuming field 'aPkixErrorResult' is null→
91
←
Taking false branch→
92
←
Loop condition is false.  Exiting loop→
3427                    PKIX_BUILDGETRESOURCELIMITSFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_GetResourceLimits
(&buildConstants, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDGETRESOURCELIMITSFAILED;
 goto cleanup; } } while (0);
3428    
3429            PKIX_CHECK(pkix_ForwardBuilderState_Createdo { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
93
←
2nd function call argument is an uninitialized value
3430                    (0,              /* PKIX_UInt32 traversedCACerts */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3431                    buildConstants.maxFanout,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3432                    buildConstants.maxDepth,do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3433                    PKIX_TRUE,       /* PKIX_Boolean canBeCached */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3434                    NULL,            /* PKIX_Date *validityDate */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3435                    targetCert,      /* PKIX_PL_Cert *prevCert */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3436                    targetSubjNames, /* PKIX_List *traversedSubjNames */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3437                    tentativeChain,  /* PKIX_List *trustChain */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3438                    NULL,            /* PKIX_ForwardBuilderState *parent */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3439                    &state,          /* PKIX_ForwardBuilderState **pState */do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3440                    plContext),do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0)
3441                    PKIX_BUILDSTATECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ForwardBuilderState_Create
 (0, buildConstants.maxFanout, buildConstants.maxDepth, ((PKIX_Boolean
) 1), ((void*)0), targetCert, targetSubjNames, tentativeChain
, ((void*)0), &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_BUILDSTATECREATEFAILED; goto cleanup
; } } while (0);
3442    
3443            state->buildConstants.numAnchors = buildConstants.numAnchors;
3444            state->buildConstants.numCertStores = buildConstants.numCertStores; 
3445            state->buildConstants.numHintCerts = buildConstants.numHintCerts;
3446            state->buildConstants.maxFanout = buildConstants.maxFanout;
3447            state->buildConstants.maxDepth = buildConstants.maxDepth;
3448            state->buildConstants.maxTime = buildConstants.maxTime;
3449            state->buildConstants.procParams = buildConstants.procParams; 
3450            PKIX_INCREF(buildConstants.testDate)do { if (buildConstants.testDate){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(buildConstants.testDate), plContext); if
 (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
3451            state->buildConstants.testDate = buildConstants.testDate;
3452            state->buildConstants.timeLimit = buildConstants.timeLimit;
3453            PKIX_INCREF(buildConstants.targetCert)do { if (buildConstants.targetCert){ stdVars.aPkixTempResult =
 PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildConstants.targetCert
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
3454            state->buildConstants.targetCert = buildConstants.targetCert;
3455            PKIX_INCREF(buildConstants.targetPubKey)do { if (buildConstants.targetPubKey){ stdVars.aPkixTempResult
 = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildConstants.targetPubKey
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
3456            state->buildConstants.targetPubKey =
3457                    buildConstants.targetPubKey;
3458            PKIX_INCREF(buildConstants.certStores)do { if (buildConstants.certStores){ stdVars.aPkixTempResult =
 PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildConstants.certStores
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
3459            state->buildConstants.certStores = buildConstants.certStores;
3460            PKIX_INCREF(buildConstants.anchors)do { if (buildConstants.anchors){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(buildConstants.anchors), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); goto cleanup; } } } while (0);
3461            state->buildConstants.anchors = buildConstants.anchors;
3462            PKIX_INCREF(buildConstants.userCheckers)do { if (buildConstants.userCheckers){ stdVars.aPkixTempResult
 = PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildConstants.userCheckers
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
3463            state->buildConstants.userCheckers =
3464                    buildConstants.userCheckers;
3465            PKIX_INCREF(buildConstants.hintCerts)do { if (buildConstants.hintCerts){ stdVars.aPkixTempResult =
 PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildConstants.hintCerts
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
3466            state->buildConstants.hintCerts = buildConstants.hintCerts;
3467            PKIX_INCREF(buildConstants.revChecker)do { if (buildConstants.revChecker){ stdVars.aPkixTempResult =
 PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(buildConstants.revChecker
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); goto cleanup; } } } while (0);
3468            state->buildConstants.revChecker = buildConstants.revChecker;
3469            state->buildConstants.aiaMgr = buildConstants.aiaMgr;
3470            aiaMgr = NULL((void*)0);
3471            state->buildConstants.trustOnlyUserAnchors =
3472                    buildConstants.trustOnlyUserAnchors;
3473 
3474            if (buildConstants.maxTime != 0) {
3475                    PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySecondsdo { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_CurrentOffBySeconds
 (buildConstants.maxTime, &state->buildConstants.timeLimit
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_DATECREATECURRENTOFFBYSECONDSFAILED; goto cleanup; } }
 while (0)
3476                            (buildConstants.maxTime,do { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_CurrentOffBySeconds
 (buildConstants.maxTime, &state->buildConstants.timeLimit
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_DATECREATECURRENTOFFBYSECONDSFAILED; goto cleanup; } }
 while (0)
3477                            &state->buildConstants.timeLimit,do { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_CurrentOffBySeconds
 (buildConstants.maxTime, &state->buildConstants.timeLimit
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_DATECREATECURRENTOFFBYSECONDSFAILED; goto cleanup; } }
 while (0)
3478                            plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_CurrentOffBySeconds
 (buildConstants.maxTime, &state->buildConstants.timeLimit
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_DATECREATECURRENTOFFBYSECONDSFAILED; goto cleanup; } }
 while (0)
3479                            PKIX_DATECREATECURRENTOFFBYSECONDSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Date_Create_CurrentOffBySeconds
 (buildConstants.maxTime, &state->buildConstants.timeLimit
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
 = stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_DATECREATECURRENTOFFBYSECONDSFAILED; goto cleanup; } }
 while (0);
3480            }
3481 
3482            if (pVerifyNode != NULL((void*)0)) {
3483                PKIX_Error *tempResult =
3484                    pkix_VerifyNode_Create(targetCert, 0, NULL((void*)0),
3485                                           &(state->verifyNode),
3486                                           plContext);
3487                if (tempResult) {
3488                    pkixErrorResultstdVars.aPkixErrorResult = tempResult;
3489                    pkixErrorCodestdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
3490                    pkixErrorClassstdVars.aPkixErrorClass = PKIX_FATAL_ERROR;
3491                    goto cleanup;
3492                }
3493            }
3494 
3495            PKIX_CHECK_ONLY_FATAL(do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_CheckInCache(state, &buildResult
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3496                pkix_Build_CheckInCache(state, &buildResult,do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_CheckInCache(state, &buildResult
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3497                                        &nbioContext, plContext),do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_CheckInCache(state, &buildResult
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0)
3498                PKIX_UNABLETOBUILDCHAIN)do { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 0); stdVars
.aPkixErrorResult = (pkix_Build_CheckInCache(state, &buildResult
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixTempErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; if (
stdVars.aPkixErrorClass == PKIX_FATAL_ERROR) { goto cleanup; }
 do { if (stdVars.aPkixErrorResult){ stdVars.aPkixTempResult =
 PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(stdVars.aPkixErrorResult
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
 = ((void*)0); } stdVars.aPkixErrorResult = ((void*)0); } } while
 (0); } } while (0);
3499            if (nbioContext) {
3500                *pNBIOContext = nbioContext;
3501                *pState = state;
3502                state = NULL((void*)0);
3503                goto cleanup;
3504            }
3505            if (buildResult) {
3506                *pBuildResult = buildResult;
3507                if (pVerifyNode != NULL((void*)0)) {
3508                    *pVerifyNode = state->verifyNode;
3509                    state->verifyNode = NULL((void*)0);
3510                }
3511                goto cleanup;
3512            }
3513        }
3514 
3515        /* If we're resuming after non-blocking I/O we need to get SubjNames */
3516        if (targetSubjNames == NULL((void*)0)) {
3517            PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNamesdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->buildConstants.targetCert, &targetSubjNames, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CERTGETALLSUBJECTNAMESFAILED; goto cleanup; } } while
 (0)
3518                    (state->buildConstants.targetCert,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->buildConstants.targetCert, &targetSubjNames, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CERTGETALLSUBJECTNAMESFAILED; goto cleanup; } } while
 (0)
3519                    &targetSubjNames,do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->buildConstants.targetCert, &targetSubjNames, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CERTGETALLSUBJECTNAMESFAILED; goto cleanup; } } while
 (0)
3520                    plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->buildConstants.targetCert, &targetSubjNames, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CERTGETALLSUBJECTNAMESFAILED; goto cleanup; } } while
 (0)
3521                    PKIX_CERTGETALLSUBJECTNAMESFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetAllSubjectNames
 (state->buildConstants.targetCert, &targetSubjNames, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_CERTGETALLSUBJECTNAMESFAILED; goto cleanup; } } while
 (0);
3522        }
3523 
3524        state->status = BUILD_INITIAL;
3525 
3526        pkixErrorResultstdVars.aPkixErrorResult =
3527            pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
3528                                              &valResult, plContext);
3529 
3530        /* non-null nbioContext means the build would block */
3531        if (pkixErrorResultstdVars.aPkixErrorResult == NULL((void*)0) && nbioContext != NULL((void*)0)) {
3532 
3533                *pNBIOContext = nbioContext;
3534                *pBuildResult = NULL((void*)0);
3535 
3536        /* no valResult means the build has failed */
3537        } else {
3538                if (pVerifyNode != NULL((void*)0)) {
3539                        PKIX_INCREF(state->verifyNode)do { if (state->verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->verifyNode), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
3540                        *pVerifyNode = state->verifyNode;
3541                }
3542 
3543                if (valResult == NULL((void*)0) || pkixErrorResultstdVars.aPkixErrorResult)
3544                        PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_UNABLETOBUILDCHAIN, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_UNABLETOBUILDCHAIN; goto cleanup; };
3545                PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3546                    pkix_BuildResult_Create(valResult, state->trustChain,do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3547                                            &buildResult, plContext),do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3548                    PKIX_BUILDRESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0);
3549                *pBuildResult = buildResult;
3550        }
3551 
3552        *pState = state;
3553        state = NULL((void*)0);
3554 
3555cleanup:
3556 
3557        PKIX_DECREF(targetConstraints)do { if (targetConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(targetConstraints), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } targetConstraints
 = ((void*)0); } } while (0);
3558        PKIX_DECREF(targetParams)do { if (targetParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(targetParams), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } targetParams = ((void
*)0); } } while (0);
3559        PKIX_DECREF(anchors)do { if (anchors){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(anchors), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchors = ((void*)
0); } } while (0);
3560        PKIX_DECREF(targetSubjNames)do { if (targetSubjNames){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(targetSubjNames), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } targetSubjNames
 = ((void*)0); } } while (0);
3561        PKIX_DECREF(targetCert)do { if (targetCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(targetCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } targetCert = ((void
*)0); } } while (0);
3562        PKIX_DECREF(revChecker)do { if (revChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(revChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } revChecker = ((void
*)0); } } while (0);
3563        PKIX_DECREF(certStores)do { if (certStores){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certStores), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStores = ((void
*)0); } } while (0);
3564        PKIX_DECREF(certStore)do { if (certStore){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certStore), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStore = ((void
*)0); } } while (0);
3565        PKIX_DECREF(userCheckers)do { if (userCheckers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(userCheckers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userCheckers = ((void
*)0); } } while (0);
3566        PKIX_DECREF(hintCerts)do { if (hintCerts){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(hintCerts), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } hintCerts = ((void
*)0); } } while (0);
3567        PKIX_DECREF(firstHintCert)do { if (firstHintCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(firstHintCert), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } firstHintCert
 = ((void*)0); } } while (0);
3568        PKIX_DECREF(testDate)do { if (testDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(testDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } testDate = ((void*
)0); } } while (0);
3569        PKIX_DECREF(targetPubKey)do { if (targetPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(targetPubKey), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } targetPubKey = ((void
*)0); } } while (0);
3570        PKIX_DECREF(tentativeChain)do { if (tentativeChain){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(tentativeChain), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } tentativeChain
 = ((void*)0); } } while (0);
3571        PKIX_DECREF(valResult)do { if (valResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(valResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } valResult = ((void
*)0); } } while (0);
3572        PKIX_DECREF(certList)do { if (certList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(certList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certList = ((void*
)0); } } while (0);
3573        PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
3574        PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
3575        PKIX_DECREF(aiaMgr)do { if (aiaMgr){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(aiaMgr), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } aiaMgr = ((void*)0
); } } while (0);
3576 
3577        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
3578}
3579 
3580/*
3581 * FUNCTION: pkix_Build_ResumeBuildChain
3582 * DESCRIPTION:
3583 *
3584 *  This function continues the search for a BuildChain, using the parameters
3585 *  provided in "procParams" and the ForwardBuilderState pointed to by "state".
3586 *
3587 *  If a successful chain is built, this function stores the BuildResult at
3588 *  "pBuildResult". Alternatively, if an operation using non-blocking I/O
3589 *  is in progress and the operation has not been completed, this function
3590 *  stores the FowardBuilderState at "pState" and NULL at "pBuildResult".
3591 *  Finally, if chain building was unsuccessful, this function stores NULL
3592 *  at both "pState" and at "pBuildResult".
3593 *
3594 * PARAMETERS:
3595 *  "pNBIOContext"
3596 *      Address at which the NBIOContext is stored indicating whether the
3597 *      validation is complete. Must be non-NULL.
3598 *  "pState"
3599 *     Address at which the ForwardBuilderState is provided for resumption of
3600 *     the chain building attempt; also, the address at which the
3601 *     ForwardBuilderStateis stored, if the chain building is suspended for
3602 *     waiting I/O. Must be non-NULL.
3603 *  "pBuildResult"
3604 *      Address at which the BuildResult is stored, after a successful build.
3605 *      Must be non-NULL.
3606 *  "plContext"
3607 *      Platform-specific context pointer.
3608 * THREAD SAFETY:
3609 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
3610 * RETURNS:
3611 *  Returns NULL if the function succeeds.
3612 *  Returns a Build Error if the function fails in a non-fatal way
3613 *  Returns a Fatal Error if the function fails in an unrecoverable way.
3614 */
3615static PKIX_Error *
3616pkix_Build_ResumeBuildChain(
3617        void **pNBIOContext,
3618        PKIX_ForwardBuilderState *state,
3619        PKIX_BuildResult **pBuildResult,
3620        PKIX_VerifyNode **pVerifyNode,
3621        void *plContext)
3622{
3623        PKIX_ValidateResult *valResult = NULL((void*)0);
3624        PKIX_BuildResult *buildResult = NULL((void*)0);
3625        void *nbioContext = NULL((void*)0);
3626 
3627        PKIX_ENTER(BUILD, "pkix_Build_ResumeBuildChain")static const char cMyFuncName[] = {"pkix_Build_ResumeBuildChain"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
3628        PKIX_NULLCHECK_TWO(state, pBuildResult)do { if (((state) == ((void*)0)) || ((pBuildResult) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
 } } while (0);
3629 
3630        nbioContext = *pNBIOContext;
3631        *pNBIOContext = NULL((void*)0);
3632 
3633        pkixErrorResultstdVars.aPkixErrorResult =
3634            pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
3635                                              &valResult, plContext);
3636 
3637        /* non-null nbioContext means the build would block */
3638        if (pkixErrorResultstdVars.aPkixErrorResult == NULL((void*)0) && nbioContext != NULL((void*)0)) {
3639 
3640                *pNBIOContext = nbioContext;
3641                *pBuildResult = NULL((void*)0);
3642 
3643        /* no valResult means the build has failed */
3644        } else {
3645                if (pVerifyNode != NULL((void*)0)) {
3646                    PKIX_INCREF(state->verifyNode)do { if (state->verifyNode){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
 ((PKIX_PL_Object *)(state->verifyNode), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
3647                    *pVerifyNode = state->verifyNode;
3648                }
3649 
3650                if (valResult == NULL((void*)0) || pkixErrorResultstdVars.aPkixErrorResult)
3651                    PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_UNABLETOBUILDCHAIN, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_UNABLETOBUILDCHAIN; goto cleanup; };
3652 
3653                PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3654                    pkix_BuildResult_Create(valResult, state->trustChain,do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3655                                            &buildResult, plContext),do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0)
3656                    PKIX_BUILDRESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_BuildResult_Create(valResult
, state->trustChain, &buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BUILDRESULTCREATEFAILED
; goto cleanup; } } while (0);
3657                *pBuildResult = buildResult;
3658        }
3659 
3660cleanup:
3661 
3662        PKIX_DECREF(valResult)do { if (valResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(valResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } valResult = ((void
*)0); } } while (0);
3663 
3664        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
3665}
3666 
3667/* --Public-Functions--------------------------------------------- */
3668 
3669/*
3670 * FUNCTION: PKIX_BuildChain (see comments in pkix.h)
3671 */
3672PKIX_Error *
3673PKIX_BuildChain(
3674        PKIX_ProcessingParams *procParams,
3675        void **pNBIOContext,
3676        void **pState,
3677        PKIX_BuildResult **pBuildResult,
3678        PKIX_VerifyNode **pVerifyNode,
3679        void *plContext)
3680{
3681        PKIX_ForwardBuilderState *state = NULL((void*)0);
3682        PKIX_BuildResult *buildResult = NULL((void*)0);
3683        void *nbioContext = NULL((void*)0);
3684 
3685        PKIX_ENTER(BUILD, "PKIX_BuildChain")static const char cMyFuncName[] = {"PKIX_BuildChain"}; PKIX_StdVars
 stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
 (0);;
3686        PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult)do { if (((procParams) == ((void*)0)) || ((pNBIOContext) == (
(void*)0)) || ((pState) == ((void*)0)) || ((pBuildResult) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
 stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
3687 
3688        nbioContext = *pNBIOContext;
3689        *pNBIOContext = NULL((void*)0);
3690 
3691        if (*pState == NULL((void*)0)) {
3692                PKIX_CHECK(pkix_Build_InitiateBuildChaindo { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3693                        (procParams,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3694                        &nbioContext,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3695                        &state,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3696                        &buildResult,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3697                        pVerifyNode,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3698                        plContext),do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3699                        PKIX_BUILDINITIATEBUILDCHAINFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0);
3700        } else {
3701                state = (PKIX_ForwardBuilderState *)(*pState);
3702                *pState = NULL((void*)0); /* no net change in reference count */
3703                if (state->status == BUILD_SHORTCUTPENDING) {
3704                        PKIX_CHECK(pkix_Build_InitiateBuildChaindo { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3705                                (procParams,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3706                                &nbioContext,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3707                                &state,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3708                                &buildResult,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3709                                pVerifyNode,do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3710                                plContext),do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0)
3711                                PKIX_BUILDINITIATEBUILDCHAINFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_InitiateBuildChain
 (procParams, &nbioContext, &state, &buildResult,
 pVerifyNode, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup
; } } while (0);
3712                } else {
3713                        PKIX_CHECK(pkix_Build_ResumeBuildChaindo { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0)
3714                                (&nbioContext,do { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0)
3715                                state,do { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0)
3716                                &buildResult,do { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0)
3717                                pVerifyNode,do { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0)
3718                                plContext),do { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0)
3719                                PKIX_BUILDINITIATEBUILDCHAINFAILED)do { stdVars.aPkixErrorResult = (pkix_Build_ResumeBuildChain (
&nbioContext, state, &buildResult, pVerifyNode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
 stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
 = PKIX_BUILDINITIATEBUILDCHAINFAILED; goto cleanup; } } while
 (0);
3720                }
3721        }
3722 
3723        /* non-null nbioContext means the build would block */
3724        if (nbioContext != NULL((void*)0)) {
3725 
3726                *pNBIOContext = nbioContext;
3727                *pState = state;
3728                state = NULL((void*)0);
3729                *pBuildResult = NULL((void*)0);
3730 
3731        /* no buildResult means the build has failed */
3732        } else if (buildResult == NULL((void*)0)) {
3733                PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_UNABLETOBUILDCHAIN, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_UNABLETOBUILDCHAIN; goto cleanup; };
3734        } else {
3735                /*
3736                 * If we made a successful chain by combining the target Cert
3737                 * with one of the Trust Anchors, we may have never created a
3738                 * validityDate. We treat this situation as
3739                 * canBeCached = PKIX_FALSE.
3740                 */
3741                if ((state != NULL((void*)0)) &&
3742                    ((state->validityDate) != NULL((void*)0)) &&
3743                    (state->canBeCached)) {
3744                        PKIX_CHECK(pkix_CacheCertChain_Adddo { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0)
3745                                (state->buildConstants.targetCert,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0)
3746                                state->buildConstants.anchors,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0)
3747                                state->validityDate,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0)
3748                                buildResult,do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0)
3749                                plContext),do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0)
3750                                PKIX_CACHECERTCHAINADDFAILED)do { stdVars.aPkixErrorResult = (pkix_CacheCertChain_Add (state
->buildConstants.targetCert, state->buildConstants.anchors
, state->validityDate, buildResult, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CACHECERTCHAINADDFAILED
; goto cleanup; } } while (0);
3751                }
3752 
3753                *pState = NULL((void*)0);
3754                *pBuildResult = buildResult;
3755                buildResult = NULL((void*)0);
3756        }
3757 
3758cleanup:
3759        PKIX_DECREF(buildResult)do { if (buildResult){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(buildResult), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } buildResult = ((void
*)0); } } while (0);
3760        PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
 ((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
3761 
3762        PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
3763}