Bug Summary

File:s/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
Warning:line 849, column 32
Access to field 'arena' results in a dereference of a null pointer (loaded from variable 'nameConstraints')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_pl_nameconstraints.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix_pl_nss/pki -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix_pl_nss/pki -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c pkix_pl_nameconstraints.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_pl_nameconstraints.c
6 *
7 * Name Constraints Object Functions Definitions
8 *
9 */
10
11#include "pkix_pl_nameconstraints.h"
12
13
14/* --Private-NameConstraints-Functions----------------------------- */
15
16/*
17 * FUNCTION: pkix_pl_CertNameConstraints_GetPermitted
18 * DESCRIPTION:
19 *
20 * This function retrieve name constraints permitted list from NSS
21 * data in "nameConstraints" and returns a PKIX_PL_GeneralName list
22 * in "pPermittedList".
23 *
24 * PARAMETERS
25 * "nameConstraints"
26 * Address of CertNameConstraints which has a pointer to
27 * CERTNameConstraints data. Must be non-NULL.
28 * "pPermittedList"
29 * Address where returned permitted name list is stored. Must be non-NULL.
30 * "plContext" - Platform-specific context pointer.
31 * THREAD SAFETY:
32 * Conditionally Thread Safe
33 * (see Thread Safety Definitions in Programmer's Guide)
34 * RETURNS:
35 * Returns NULL if the function succeeds.
36 * Returns a NameConstraints Error if the function fails in a
37 * non-fatal way.
38 * Returns a Fatal Error if the function fails in an unrecoverable way.
39 */
40static PKIX_Error *
41pkix_pl_CertNameConstraints_GetPermitted(
42 PKIX_PL_CertNameConstraints *nameConstraints,
43 PKIX_List **pPermittedList,
44 void *plContext)
45{
46 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
47 CERTNameConstraints **nssNameConstraintsList = NULL((void*)0);
48 CERTNameConstraint *nssPermitted = NULL((void*)0);
49 CERTNameConstraint *firstPermitted = NULL((void*)0);
50 PKIX_List *permittedList = NULL((void*)0);
51 PKIX_PL_GeneralName *name = NULL((void*)0);
52 PKIX_UInt32 numItems = 0;
53 PKIX_UInt32 i;
54
55 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_GetPermitted"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
56 "pkix_pl_CertNameConstraints_GetPermitted")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_GetPermitted"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
57 PKIX_NULLCHECK_TWO(nameConstraints, pPermittedList)do { if (((nameConstraints) == ((void*)0)) || ((pPermittedList
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
58
59 /*
60 * nssNameConstraints is an array of CERTNameConstraints
61 * pointers where CERTNameConstraints keep its permitted and excluded
62 * lists as pointer array of CERTNameConstraint.
63 */
64
65 if (nameConstraints->permittedList == NULL((void*)0)) {
66
67 PKIX_OBJECT_LOCK(nameConstraints)do { if (nameConstraints) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(nameConstraints), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(nameConstraints); } } while (0);
68
69 if (nameConstraints->permittedList == NULL((void*)0)) {
70
71 PKIX_CHECK(PKIX_List_Create(&permittedList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&permittedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
72 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&permittedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
73
74 numItems = nameConstraints->numNssNameConstraints;
75 nssNameConstraintsList =
76 nameConstraints->nssNameConstraintsList;
77
78 for (i = 0; i < numItems; i++) {
79
80 PKIX_NULLCHECK_ONE(nssNameConstraintsList)do { if ((nssNameConstraintsList) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
81 nssNameConstraints = *(nssNameConstraintsList + i);
82 PKIX_NULLCHECK_ONE(nssNameConstraints)do { if ((nssNameConstraints) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
83
84 if (nssNameConstraints->permited != NULL((void*)0)) {
85
86 nssPermitted = nssNameConstraints->permited;
87 firstPermitted = nssPermitted;
88
89 do {
90
91 PKIX_CHECK(pkix_pl_GeneralName_Createdo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
&nssPermitted->name, &name, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0)
92 (&nssPermitted->name, &name, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
&nssPermitted->name, &name, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0)
93 PKIX_GENERALNAMECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
&nssPermitted->name, &name, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0);
94
95 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (permittedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
96 (permittedList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (permittedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
97 (PKIX_PL_Object *)name,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (permittedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
98 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (permittedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
99 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (permittedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
100
101 PKIX_DECREF(name)do { if (name){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(name), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } name = ((void*)0);
} } while (0);
102
103 PKIX_CERTNAMECONSTRAINTS_DEBUG
104 ("\t\tCalling CERT_GetNextNameConstraint\n");
105 nssPermitted = CERT_GetNextNameConstraint
106 (nssPermitted);
107
108 } while (nssPermitted != firstPermitted);
109
110 }
111 }
112
113 PKIX_CHECK(PKIX_List_SetImmutable(permittedList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(permittedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
114 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(permittedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
115
116 nameConstraints->permittedList = permittedList;
117
118 }
119
120 PKIX_OBJECT_UNLOCK(nameConstraints)do { if (nameConstraints && stdVars.aLockedObject == (
PKIX_PL_Object *)(nameConstraints)){ stdVars.aPkixTempResult =
PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(nameConstraints), plContext
); if (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars
, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_nameconstraints.c",120)); } } while (0);
121
122 }
123
124 PKIX_INCREF(nameConstraints->permittedList)do { if (nameConstraints->permittedList){ stdVars.aPkixTempResult
= PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(nameConstraints->
permittedList), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
125
126 *pPermittedList = nameConstraints->permittedList;
127
128cleanup:
129
130 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
131}
132
133/*
134 * FUNCTION: pkix_pl_CertNameConstraints_GetExcluded
135 * DESCRIPTION:
136 *
137 * This function retrieve name constraints excluded list from NSS
138 * data in "nameConstraints" and returns a PKIX_PL_GeneralName list
139 * in "pExcludedList".
140 *
141 * PARAMETERS
142 * "nameConstraints"
143 * Address of CertNameConstraints which has a pointer to NSS data.
144 * Must be non-NULL.
145 * "pPermittedList"
146 * Address where returned excluded name list is stored. Must be non-NULL.
147 * "plContext" - Platform-specific context pointer.
148 * THREAD SAFETY:
149 * Conditionally Thread Safe
150 * (see Thread Safety Definitions in Programmer's Guide)
151 * RETURNS:
152 * Returns NULL if the function succeeds.
153 * Returns a NameConstraints Error if the function fails in a
154 * non-fatal way.
155 * Returns a Fatal Error if the function fails in an unrecoverable way.
156 */
157static PKIX_Error *
158pkix_pl_CertNameConstraints_GetExcluded(
159 PKIX_PL_CertNameConstraints *nameConstraints,
160 PKIX_List **pExcludedList,
161 void *plContext)
162{
163 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
164 CERTNameConstraints **nssNameConstraintsList = NULL((void*)0);
165 CERTNameConstraint *nssExcluded = NULL((void*)0);
166 CERTNameConstraint *firstExcluded = NULL((void*)0);
167 PKIX_List *excludedList = NULL((void*)0);
168 PKIX_PL_GeneralName *name = NULL((void*)0);
169 PKIX_UInt32 numItems = 0;
170 PKIX_UInt32 i;
171
172 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_GetExcluded"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
173 "pkix_pl_CertNameConstraints_GetExcluded")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_GetExcluded"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
174 PKIX_NULLCHECK_TWO(nameConstraints, pExcludedList)do { if (((nameConstraints) == ((void*)0)) || ((pExcludedList
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
175
176 if (nameConstraints->excludedList == NULL((void*)0)) {
177
178 PKIX_OBJECT_LOCK(nameConstraints)do { if (nameConstraints) { stdVars.aPkixTempResult = PKIX_PL_Object_Lock
((PKIX_PL_Object*)(nameConstraints), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); stdVars.aPkixErrorCode
= PKIX_OBJECTLOCKFAILED; goto cleanup; } stdVars.aLockedObject
= (PKIX_PL_Object *)(nameConstraints); } } while (0);
179
180 if (nameConstraints->excludedList == NULL((void*)0)) {
181
182 PKIX_CHECK(PKIX_List_Create(&excludedList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&excludedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
183 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&excludedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
184
185 numItems = nameConstraints->numNssNameConstraints;
186 nssNameConstraintsList =
187 nameConstraints->nssNameConstraintsList;
188
189 for (i = 0; i < numItems; i++) {
190
191 PKIX_NULLCHECK_ONE(nssNameConstraintsList)do { if ((nssNameConstraintsList) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
192 nssNameConstraints = *(nssNameConstraintsList + i);
193 PKIX_NULLCHECK_ONE(nssNameConstraints)do { if ((nssNameConstraints) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
194
195 if (nssNameConstraints->excluded != NULL((void*)0)) {
196
197 nssExcluded = nssNameConstraints->excluded;
198 firstExcluded = nssExcluded;
199
200 do {
201
202 PKIX_CHECK(pkix_pl_GeneralName_Createdo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
&nssExcluded->name, &name, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0)
203 (&nssExcluded->name, &name, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
&nssExcluded->name, &name, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0)
204 PKIX_GENERALNAMECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_Create (
&nssExcluded->name, &name, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_GENERALNAMECREATEFAILED
; goto cleanup; } } while (0);
205
206 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (excludedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
207 (excludedList,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (excludedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
208 (PKIX_PL_Object *)name,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (excludedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
209 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (excludedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
210 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (excludedList
, (PKIX_PL_Object *)name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
211
212 PKIX_DECREF(name)do { if (name){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(name), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } name = ((void*)0);
} } while (0);
213
214 PKIX_CERTNAMECONSTRAINTS_DEBUG
215 ("\t\tCalling CERT_GetNextNameConstraint\n");
216 nssExcluded = CERT_GetNextNameConstraint
217 (nssExcluded);
218
219 } while (nssExcluded != firstExcluded);
220
221 }
222
223 }
224 PKIX_CHECK(PKIX_List_SetImmutable(excludedList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(excludedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0)
225 PKIX_LISTSETIMMUTABLEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_SetImmutable(excludedList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTSETIMMUTABLEFAILED; goto cleanup; } } while (0);
226
227 nameConstraints->excludedList = excludedList;
228
229 }
230
231 PKIX_OBJECT_UNLOCK(nameConstraints)do { if (nameConstraints && stdVars.aLockedObject == (
PKIX_PL_Object *)(nameConstraints)){ stdVars.aPkixTempResult =
PKIX_PL_Object_Unlock ((PKIX_PL_Object *)(nameConstraints), plContext
); if (stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars
, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } stdVars.aLockedObject = ((void*)0); } else {
((stdVars.aLockedObject == ((void*)0))?((void)0):PR_Assert("lockedObject == NULL"
,"pkix_pl_nameconstraints.c",231)); } } while (0);
232 }
233
234 PKIX_INCREF(nameConstraints->excludedList)do { if (nameConstraints->excludedList){ stdVars.aPkixTempResult
= PKIX_PL_Object_IncRef ((PKIX_PL_Object *)(nameConstraints->
excludedList), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); goto cleanup; } } } while (0);
235
236 *pExcludedList = nameConstraints->excludedList;
237
238cleanup:
239
240 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
241}
242
243/*
244 * FUNCTION: pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
245 * DESCRIPTION:
246 *
247 * This function checks if CERTGeneralNames in "nssSubjectNames" comply
248 * with the permitted and excluded names in "nameConstraints". It returns
249 * PKIX_TRUE in "pCheckPass", if the Names satify the name space of the
250 * permitted list and if the Names are not in the excluded list. Otherwise,
251 * it returns PKIX_FALSE.
252 *
253 * PARAMETERS
254 * "nssSubjectNames"
255 * List of CERTGeneralName that nameConstraints verification is based on.
256 * "nameConstraints"
257 * Address of CertNameConstraints that provides lists of permitted
258 * and excluded names. Must be non-NULL.
259 * "pCheckPass"
260 * Address where PKIX_TRUE is returned if the all names in "nameList" are
261 * valid.
262 * "plContext" - Platform-specific context pointer.
263 * THREAD SAFETY:
264 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
265 * RETURNS:
266 * Returns NULL if the function succeeds.
267 * Returns a NameConstraints Error if the function fails in a
268 * non-fatal way.
269 * Returns a Fatal Error if the function fails in an unrecoverable way.
270 */
271PKIX_Error *
272pkix_pl_CertNameConstraints_CheckNameSpaceNssNames(
273 CERTGeneralName *nssSubjectNames,
274 PKIX_PL_CertNameConstraints *nameConstraints,
275 PKIX_Boolean *pCheckPass,
276 void *plContext)
277{
278 CERTNameConstraints **nssNameConstraintsList = NULL((void*)0);
279 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
280 CERTGeneralName *nssMatchName = NULL((void*)0);
281 PLArenaPool *arena = NULL((void*)0);
282 PKIX_UInt32 numItems = 0;
283 PKIX_UInt32 i;
284 SECStatus status = SECSuccess;
285
286 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_CheckNameSpaceNssNames"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
287 "pkix_pl_CertNameConstraints_CheckNameSpaceNssNames")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_CheckNameSpaceNssNames"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
288 PKIX_NULLCHECK_THREE(nssSubjectNames, nameConstraints, pCheckPass)do { if (((nssSubjectNames) == ((void*)0)) || ((nameConstraints
) == ((void*)0)) || ((pCheckPass) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
289
290 *pCheckPass = PKIX_TRUE((PKIX_Boolean) 1);
291
292 PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena\n");
293 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
294 if (arena == NULL((void*)0)) {
295 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
296 }
297
298 nssMatchName = nssSubjectNames;
299 nssNameConstraintsList = nameConstraints->nssNameConstraintsList;
300
301 /*
302 * CERTNameConstraint items in each permitted or excluded list
303 * is verified as OR condition. That means, if one item matched,
304 * then the checking on the remaining items on the list is skipped.
305 * (see NSS cert_CompareNameWithConstraints(...)).
306 * Items on PKIX_PL_NameConstraint's nssNameConstraints are verified
307 * as AND condition. PKIX_PL_NameConstraint keeps an array of pointers
308 * of CERTNameConstraints resulting from merging multiple
309 * PKIX_PL_NameConstraints. Since each CERTNameConstraint are created
310 * for different entity, a union condition of these entities then is
311 * performed.
312 */
313
314 do {
315
316 numItems = nameConstraints->numNssNameConstraints;
317
318 for (i = 0; i < numItems; i++) {
319
320 PKIX_NULLCHECK_ONE(nssNameConstraintsList)do { if ((nssNameConstraintsList) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
321 nssNameConstraints = *(nssNameConstraintsList + i);
322 PKIX_NULLCHECK_ONE(nssNameConstraints)do { if ((nssNameConstraints) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
323
324 PKIX_CERTNAMECONSTRAINTS_DEBUG
325 ("\t\tCalling CERT_CheckNameSpace\n");
326 status = CERT_CheckNameSpace
327 (arena, nssNameConstraints, nssMatchName);
328 if (status != SECSuccess) {
329 break;
330 }
331
332 }
333
334 if (status != SECSuccess) {
335 break;
336 }
337
338 PKIX_CERTNAMECONSTRAINTS_DEBUG
339 ("\t\tCalling CERT_GetNextGeneralName\n");
340 nssMatchName = CERT_GetNextGeneralName(nssMatchName);
341
342 } while (nssMatchName != nssSubjectNames);
343
344 if (status == SECFailure) {
345
346 *pCheckPass = PKIX_FALSE((PKIX_Boolean) 0);
347 }
348
349cleanup:
350
351 if (arena){
352 PKIX_CERTNAMECONSTRAINTS_DEBUG
353 ("\t\tCalling PORT_FreeArena).\n");
354 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
355 }
356
357 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
358}
359
360/*
361 * FUNCTION: pkix_pl_NameConstraints_Destroy
362 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
363 */
364static PKIX_Error *
365pkix_pl_CertNameConstraints_Destroy(
366 PKIX_PL_Object *object,
367 void *plContext)
368{
369 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
370
371 PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Destroy")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Destroy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
372 PKIX_NULLCHECK_ONE(object)do { if ((object) == ((void*)0)){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
373
374 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0)
375 (object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0)
376 PKIX_OBJECTNOTCERTNAMECONSTRAINTS)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0);
377
378 nameConstraints = (PKIX_PL_CertNameConstraints *)object;
379
380 PKIX_CHECK(PKIX_PL_Freedo { stdVars.aPkixErrorResult = (PKIX_PL_Free (nameConstraints
->nssNameConstraintsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FREEFAILED; goto cleanup; } }
while (0)
381 (nameConstraints->nssNameConstraintsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Free (nameConstraints
->nssNameConstraintsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FREEFAILED; goto cleanup; } }
while (0)
382 PKIX_FREEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Free (nameConstraints
->nssNameConstraintsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FREEFAILED; goto cleanup; } }
while (0);
383
384 if (nameConstraints->arena){
385 PKIX_CERTNAMECONSTRAINTS_DEBUG
386 ("\t\tCalling PORT_FreeArena).\n");
387 PORT_FreeArenaPORT_FreeArena_Util(nameConstraints->arena, PR_FALSE0);
388 nameConstraints->arena = NULL((void*)0);
389 }
390
391 PKIX_DECREF(nameConstraints->permittedList)do { if (nameConstraints->permittedList){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nameConstraints->
permittedList), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } nameConstraints->permittedList = ((void*)
0); } } while (0);
392 PKIX_DECREF(nameConstraints->excludedList)do { if (nameConstraints->excludedList){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(nameConstraints->
excludedList), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } nameConstraints->excludedList = ((void*)0
); } } while (0);
393
394cleanup:
395
396 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
397}
398
399/*
400 * FUNCTION: pkix_pl_CertNameConstraints_ToString_Helper
401 * DESCRIPTION:
402 *
403 * Helper function that creates a string representation of the object
404 * NameConstraints and stores it at "pString".
405 *
406 * PARAMETERS
407 * "nameConstraints"
408 * Address of CertNameConstraints whose string representation is
409 * desired. Must be non-NULL.
410 * "pString"
411 * Address where string object pointer will be stored. Must be non-NULL.
412 * "plContext" - Platform-specific context pointer.
413 * THREAD SAFETY:
414 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
415 * RETURNS:
416 * Returns NULL if the function succeeds.
417 * Returns a NameConstraints Error if the function fails in a
418 * non-fatal way.
419 * Returns a Fatal Error if the function fails in an unrecoverable way.
420 */
421static PKIX_Error *
422pkix_pl_CertNameConstraints_ToString_Helper(
423 PKIX_PL_CertNameConstraints *nameConstraints,
424 PKIX_PL_String **pString,
425 void *plContext)
426{
427 char *asciiFormat = NULL((void*)0);
428 PKIX_PL_String *formatString = NULL((void*)0);
429 PKIX_List *permittedList = NULL((void*)0);
430 PKIX_List *excludedList = NULL((void*)0);
431 PKIX_PL_String *permittedListString = NULL((void*)0);
432 PKIX_PL_String *excludedListString = NULL((void*)0);
433 PKIX_PL_String *nameConstraintsString = NULL((void*)0);
434
435 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_ToString_Helper"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
436 "pkix_pl_CertNameConstraints_ToString_Helper")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_ToString_Helper"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
437 PKIX_NULLCHECK_TWO(nameConstraints, pString)do { if (((nameConstraints) == ((void*)0)) || ((pString) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
438
439 asciiFormat =
440 "[\n"
441 "\t\tPermitted Name: %s\n"
442 "\t\tExcluded Name: %s\n"
443 "\t]\n";
444
445 PKIX_CHECK(PKIX_PL_String_Createdo { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
446 (PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
447 asciiFormat,do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
448 0,do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
449 &formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
450 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0)
451 PKIX_STRINGCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_Create (0, asciiFormat
, 0, &formatString, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_STRINGCREATEFAILED; goto cleanup
; } } while (0);
452
453 PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitteddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(nameConstraints, &permittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
454 (nameConstraints, &permittedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(nameConstraints, &permittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
455 PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(nameConstraints, &permittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0);
456
457 PKIX_TOSTRING(permittedList, &permittedListString, plContext,do { int descNum; if ((permittedList) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(permittedList), (&permittedListString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&permittedListString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
458 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((permittedList) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(permittedList), (&permittedListString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&permittedListString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
459
460 PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcludeddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(nameConstraints, &excludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
461 (nameConstraints, &excludedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(nameConstraints, &excludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
462 PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(nameConstraints, &excludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0);
463
464 PKIX_TOSTRING(excludedList, &excludedListString, plContext,do { int descNum; if ((excludedList) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(excludedList), (&excludedListString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&excludedListString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
465 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((excludedList) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(excludedList), (&excludedListString), (plContext)); descNum
= (PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&excludedListString
), (plContext)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars
.aPkixErrorResult = (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
466
467 PKIX_CHECK(PKIX_PL_Sprintfdo { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
468 (&nameConstraintsString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
469 plContext,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
470 formatString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
471 permittedListString,do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
472 excludedListString),do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0)
473 PKIX_SPRINTFFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Sprintf (&nameConstraintsString
, plContext, formatString, permittedListString, excludedListString
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_SPRINTFFAILED; goto cleanup; } } while (0);
474
475 *pString = nameConstraintsString;
476
477cleanup:
478
479 PKIX_DECREF(formatString)do { if (formatString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(formatString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } formatString = ((void
*)0); } } while (0);
480 PKIX_DECREF(permittedList)do { if (permittedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(permittedList), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } permittedList
= ((void*)0); } } while (0);
481 PKIX_DECREF(excludedList)do { if (excludedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(excludedList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } excludedList = ((void
*)0); } } while (0);
482 PKIX_DECREF(permittedListString)do { if (permittedListString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(permittedListString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } permittedListString
= ((void*)0); } } while (0);
483 PKIX_DECREF(excludedListString)do { if (excludedListString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(excludedListString), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } excludedListString
= ((void*)0); } } while (0);
484
485 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
486}
487
488/*
489 * FUNCTION: pkix_pl_CertNameConstraints_ToString
490 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
491 */
492static PKIX_Error *
493pkix_pl_CertNameConstraints_ToString(
494 PKIX_PL_Object *object,
495 PKIX_PL_String **pString,
496 void *plContext)
497{
498 PKIX_PL_String *nameConstraintsString = NULL((void*)0);
499 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
500
501 PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_ToString")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_ToString"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
502 PKIX_NULLCHECK_TWO(object, pString)do { if (((object) == ((void*)0)) || ((pString) == ((void*)0)
)){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
503
504 PKIX_CHECK(pkix_CheckType(do { stdVars.aPkixErrorResult = (pkix_CheckType( object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0)
505 object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType( object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0)
506 PKIX_OBJECTNOTCERTNAMECONSTRAINTS)do { stdVars.aPkixErrorResult = (pkix_CheckType( object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0);
507
508 nameConstraints = (PKIX_PL_CertNameConstraints *)object;
509
510 PKIX_CHECK(pkix_pl_CertNameConstraints_ToString_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_ToString_Helper
(nameConstraints, &nameConstraintsString, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED
; goto cleanup; } } while (0)
511 (nameConstraints, &nameConstraintsString, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_ToString_Helper
(nameConstraints, &nameConstraintsString, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED
; goto cleanup; } } while (0)
512 PKIX_CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_ToString_Helper
(nameConstraints, &nameConstraintsString, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED
; goto cleanup; } } while (0);
513
514 *pString = nameConstraintsString;
515
516cleanup:
517
518 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
519}
520
521/*
522 * FUNCTION: pkix_pl_CertNameConstraints_Hashcode
523 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
524 */
525static PKIX_Error *
526pkix_pl_CertNameConstraints_Hashcode(
527 PKIX_PL_Object *object,
528 PKIX_UInt32 *pHashcode,
529 void *plContext)
530{
531 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
532 PKIX_List *permittedList = NULL((void*)0);
533 PKIX_List *excludedList = NULL((void*)0);
534 PKIX_UInt32 permitHash = 0;
535 PKIX_UInt32 excludeHash = 0;
536
537 PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Hashcode")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Hashcode"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
538 PKIX_NULLCHECK_TWO(object, pHashcode)do { if (((object) == ((void*)0)) || ((pHashcode) == ((void*)
0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
539
540 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0)
541 (object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0)
542 PKIX_OBJECTNOTCERTNAMECONSTRAINTS)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_CERTNAMECONSTRAINTS_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTNAMECONSTRAINTS; goto cleanup; } } while
(0);
543
544 nameConstraints = (PKIX_PL_CertNameConstraints *)object;
545
546 PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitteddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(nameConstraints, &permittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
547 (nameConstraints, &permittedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(nameConstraints, &permittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
548 PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(nameConstraints, &permittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0);
549
550 PKIX_HASHCODE(permittedList, &permitHash, plContext,do { if ((permittedList) != ((void*)0)) { do { stdVars.aPkixErrorResult
= (PKIX_PL_Object_Hashcode ((PKIX_PL_Object *)(permittedList
), (&permitHash), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTHASHCODEFAILED); goto cleanup
; } } while (0); } else { *(&permitHash) = 0; } } while (
0)
551 PKIX_OBJECTHASHCODEFAILED)do { if ((permittedList) != ((void*)0)) { do { stdVars.aPkixErrorResult
= (PKIX_PL_Object_Hashcode ((PKIX_PL_Object *)(permittedList
), (&permitHash), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTHASHCODEFAILED); goto cleanup
; } } while (0); } else { *(&permitHash) = 0; } } while (
0);
552
553 PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcludeddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(nameConstraints, &excludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
554 (nameConstraints, &excludedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(nameConstraints, &excludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
555 PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(nameConstraints, &excludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0);
556
557 PKIX_HASHCODE(excludedList, &excludeHash, plContext,do { if ((excludedList) != ((void*)0)) { do { stdVars.aPkixErrorResult
= (PKIX_PL_Object_Hashcode ((PKIX_PL_Object *)(excludedList)
, (&excludeHash), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTHASHCODEFAILED); goto cleanup
; } } while (0); } else { *(&excludeHash) = 0; } } while (
0)
558 PKIX_OBJECTHASHCODEFAILED)do { if ((excludedList) != ((void*)0)) { do { stdVars.aPkixErrorResult
= (PKIX_PL_Object_Hashcode ((PKIX_PL_Object *)(excludedList)
, (&excludeHash), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTHASHCODEFAILED); goto cleanup
; } } while (0); } else { *(&excludeHash) = 0; } } while (
0);
559
560 *pHashcode = (((permitHash << 7) + excludeHash) << 7) +
561 nameConstraints->numNssNameConstraints;
562
563cleanup:
564
565 PKIX_DECREF(permittedList)do { if (permittedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(permittedList), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } permittedList
= ((void*)0); } } while (0);
566 PKIX_DECREF(excludedList)do { if (excludedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(excludedList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } excludedList = ((void
*)0); } } while (0);
567 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
568}
569
570/*
571 * FUNCTION: pkix_pl_CertNameConstraints_Equals
572 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
573 */
574static PKIX_Error *
575pkix_pl_CertNameConstraints_Equals(
576 PKIX_PL_Object *firstObject,
577 PKIX_PL_Object *secondObject,
578 PKIX_Boolean *pResult,
579 void *plContext)
580{
581 PKIX_PL_CertNameConstraints *firstNC = NULL((void*)0);
582 PKIX_PL_CertNameConstraints *secondNC = NULL((void*)0);
583 PKIX_List *firstPermittedList = NULL((void*)0);
584 PKIX_List *secondPermittedList = NULL((void*)0);
585 PKIX_List *firstExcludedList = NULL((void*)0);
586 PKIX_List *secondExcludedList = NULL((void*)0);
587 PKIX_UInt32 secondType;
588 PKIX_Boolean cmpResult = PKIX_FALSE((PKIX_Boolean) 0);
589
590 PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Equals")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Equals"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
591 PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult)do { if (((firstObject) == ((void*)0)) || ((secondObject) == (
(void*)0)) || ((pResult) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
592
593 /* test that firstObject is a CertNameConstraints */
594 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (firstObject,
PKIX_CERTNAMECONSTRAINTS_TYPE, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FIRSTOBJECTNOTCERTNAMECONSTRAINTS
; goto cleanup; } } while (0)
595 (firstObject, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (firstObject,
PKIX_CERTNAMECONSTRAINTS_TYPE, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FIRSTOBJECTNOTCERTNAMECONSTRAINTS
; goto cleanup; } } while (0)
596 PKIX_FIRSTOBJECTNOTCERTNAMECONSTRAINTS)do { stdVars.aPkixErrorResult = (pkix_CheckType (firstObject,
PKIX_CERTNAMECONSTRAINTS_TYPE, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FIRSTOBJECTNOTCERTNAMECONSTRAINTS
; goto cleanup; } } while (0);
597
598 firstNC = (PKIX_PL_CertNameConstraints *)firstObject;
599 secondNC = (PKIX_PL_CertNameConstraints *)secondObject;
600
601 /*
602 * Since we know firstObject is a CertNameConstraints, if both
603 * references are identical, they must be equal
604 */
605 if (firstNC == secondNC){
606 *pResult = PKIX_TRUE((PKIX_Boolean) 1);
607 goto cleanup;
608 }
609
610 /*
611 * If secondNC isn't a CertNameConstraints, we don't throw an error.
612 * We simply return a Boolean result of FALSE
613 */
614 *pResult = PKIX_FALSE((PKIX_Boolean) 0);
615
616 PKIX_CHECK(PKIX_PL_Object_GetTypedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType ((PKIX_PL_Object
*)secondNC, &secondType, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT
; goto cleanup; } } while (0)
617 ((PKIX_PL_Object *)secondNC, &secondType, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType ((PKIX_PL_Object
*)secondNC, &secondType, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT
; goto cleanup; } } while (0)
618 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType ((PKIX_PL_Object
*)secondNC, &secondType, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTGETTYPEOFSECONDARGUMENT
; goto cleanup; } } while (0);
619
620 if (secondType != PKIX_CERTNAMECONSTRAINTS_TYPE) {
621 goto cleanup;
622 }
623
624 PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitteddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(firstNC, &firstPermittedList, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
625 (firstNC, &firstPermittedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(firstNC, &firstPermittedList, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
626 PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(firstNC, &firstPermittedList, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0);
627
628 PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitteddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(secondNC, &secondPermittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
629 (secondNC, &secondPermittedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(secondNC, &secondPermittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0)
630 PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetPermitted
(secondNC, &secondPermittedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED
; goto cleanup; } } while (0);
631
632 PKIX_EQUALSdo { if ((firstPermittedList) != ((void*)0) && (secondPermittedList
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(firstPermittedList), (PKIX_PL_Object*)(secondPermittedList
), (&cmpResult), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((firstPermittedList) == ((void*)0
) && (secondPermittedList) == ((void*)0)) { *(&cmpResult
) = ((PKIX_Boolean) 1); } else { *(&cmpResult) = ((PKIX_Boolean
) 0); } } while (0)
633 (firstPermittedList, secondPermittedList, &cmpResult, plContext,do { if ((firstPermittedList) != ((void*)0) && (secondPermittedList
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(firstPermittedList), (PKIX_PL_Object*)(secondPermittedList
), (&cmpResult), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((firstPermittedList) == ((void*)0
) && (secondPermittedList) == ((void*)0)) { *(&cmpResult
) = ((PKIX_Boolean) 1); } else { *(&cmpResult) = ((PKIX_Boolean
) 0); } } while (0)
634 PKIX_OBJECTEQUALSFAILED)do { if ((firstPermittedList) != ((void*)0) && (secondPermittedList
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(firstPermittedList), (PKIX_PL_Object*)(secondPermittedList
), (&cmpResult), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((firstPermittedList) == ((void*)0
) && (secondPermittedList) == ((void*)0)) { *(&cmpResult
) = ((PKIX_Boolean) 1); } else { *(&cmpResult) = ((PKIX_Boolean
) 0); } } while (0);
635
636 if (cmpResult != PKIX_TRUE((PKIX_Boolean) 1)) {
637 goto cleanup;
638 }
639
640 PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcludeddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(firstNC, &firstExcludedList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
641 (firstNC, &firstExcludedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(firstNC, &firstExcludedList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
642 PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(firstNC, &firstExcludedList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0);
643
644 PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcludeddo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(secondNC, &secondExcludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
645 (secondNC, &secondExcludedList, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(secondNC, &secondExcludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0)
646 PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_GetExcluded
(secondNC, &secondExcludedList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED
; goto cleanup; } } while (0);
647
648 PKIX_EQUALSdo { if ((firstExcludedList) != ((void*)0) && (secondExcludedList
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(firstExcludedList), (PKIX_PL_Object*)(secondExcludedList
), (&cmpResult), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((firstExcludedList) == ((void*)0)
&& (secondExcludedList) == ((void*)0)) { *(&cmpResult
) = ((PKIX_Boolean) 1); } else { *(&cmpResult) = ((PKIX_Boolean
) 0); } } while (0)
649 (firstExcludedList, secondExcludedList, &cmpResult, plContext,do { if ((firstExcludedList) != ((void*)0) && (secondExcludedList
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(firstExcludedList), (PKIX_PL_Object*)(secondExcludedList
), (&cmpResult), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((firstExcludedList) == ((void*)0)
&& (secondExcludedList) == ((void*)0)) { *(&cmpResult
) = ((PKIX_Boolean) 1); } else { *(&cmpResult) = ((PKIX_Boolean
) 0); } } while (0)
650 PKIX_OBJECTEQUALSFAILED)do { if ((firstExcludedList) != ((void*)0) && (secondExcludedList
) != ((void*)0)) { do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Equals
((PKIX_PL_Object *)(firstExcludedList), (PKIX_PL_Object*)(secondExcludedList
), (&cmpResult), (plContext))); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = (PKIX_OBJECTEQUALSFAILED); goto cleanup
; } } while (0); } else if ((firstExcludedList) == ((void*)0)
&& (secondExcludedList) == ((void*)0)) { *(&cmpResult
) = ((PKIX_Boolean) 1); } else { *(&cmpResult) = ((PKIX_Boolean
) 0); } } while (0);
651
652 if (cmpResult != PKIX_TRUE((PKIX_Boolean) 1)) {
653 goto cleanup;
654 }
655
656 /*
657 * numNssNameConstraints is not checked because it is basically a
658 * merge count, it cannot determine the data equality.
659 */
660
661 *pResult = PKIX_TRUE((PKIX_Boolean) 1);
662
663cleanup:
664
665 PKIX_DECREF(firstPermittedList)do { if (firstPermittedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(firstPermittedList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } firstPermittedList
= ((void*)0); } } while (0);
666 PKIX_DECREF(secondPermittedList)do { if (secondPermittedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(secondPermittedList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } secondPermittedList
= ((void*)0); } } while (0);
667 PKIX_DECREF(firstExcludedList)do { if (firstExcludedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(firstExcludedList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } firstExcludedList
= ((void*)0); } } while (0);
668 PKIX_DECREF(secondExcludedList)do { if (secondExcludedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(secondExcludedList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } secondExcludedList
= ((void*)0); } } while (0);
669
670 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
671}
672
673/*
674 * FUNCTION: pkix_pl_CertNameConstraints_RegisterSelf
675 * DESCRIPTION:
676 * Registers PKIX_CERTNAMECONSTRAINTS_TYPE and its related functions with
677 * systemClasses[]
678 * THREAD SAFETY:
679 * Not Thread Safe - for performance and complexity reasons
680 *
681 * Since this function is only called by PKIX_PL_Initialize, which should
682 * only be called once, it is acceptable that this function is not
683 * thread-safe.
684 */
685PKIX_Error *
686pkix_pl_CertNameConstraints_RegisterSelf(void *plContext)
687{
688 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
689 pkix_ClassTable_Entry entry;
690
691 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
692 "pkix_pl_CertNameConstraints_RegisterSelf")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
693
694 entry.description = "CertNameConstraints";
695 entry.objCounter = 0;
696 entry.typeObjectSize = sizeof(PKIX_PL_CertNameConstraints);
697 entry.destructor = pkix_pl_CertNameConstraints_Destroy;
698 entry.equalsFunction = pkix_pl_CertNameConstraints_Equals;
699 entry.hashcodeFunction = pkix_pl_CertNameConstraints_Hashcode;
700 entry.toStringFunction = pkix_pl_CertNameConstraints_ToString;
701 entry.comparator = NULL((void*)0);
702 entry.duplicateFunction = pkix_duplicateImmutable;
703
704 systemClasses[PKIX_CERTNAMECONSTRAINTS_TYPE] = entry;
705
706 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
707}
708
709/*
710 * FUNCTION: pkix_pl_CertNameConstraints_Create_Helper
711 *
712 * DESCRIPTION:
713 * This function retrieves name constraints in "nssNameConstraints",
714 * converts and stores the result in a PKIX_PL_CertNameConstraints object.
715 *
716 * PARAMETERS
717 * "nssNameConstraints"
718 * Address of CERTNameConstraints that contains this object's data.
719 * Must be non-NULL.
720 * "pNameConstraints"
721 * Address where object pointer will be stored. Must be non-NULL.
722 * A NULL value will be returned if there is no Name Constraints extension.
723 * "plContext" - Platform-specific context pointer.
724 *
725 * THREAD SAFETY:
726 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
727 *
728 * RETURNS:
729 * Returns NULL if the function succeeds.
730 * Returns a NameConstraints Error if the function fails in a non-fatal way.
731 * Returns a Fatal Error if the function fails in an unrecoverable way.
732 */
733static PKIX_Error *
734pkix_pl_CertNameConstraints_Create_Helper(
735 CERTNameConstraints *nssNameConstraints,
736 PKIX_PL_CertNameConstraints **pNameConstraints,
737 void *plContext)
738{
739 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
740 CERTNameConstraints **nssNameConstraintPtr = NULL((void*)0);
741
742 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Create_Helper"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
17
Assuming 'pkixLoggersDebugTrace' is null
18
Taking false branch
743 "pkix_pl_CertNameConstraints_Create_Helper")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Create_Helper"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
744 PKIX_NULLCHECK_TWO(nssNameConstraints, pNameConstraints)do { if (((nssNameConstraints) == ((void*)0)) || ((pNameConstraints
) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
19
Loop condition is false. Exiting loop
20
Taking false branch
21
Loop condition is false. Exiting loop
745
746 PKIX_CHECK(PKIX_PL_Object_Allocdo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTNAMECONSTRAINTS_TYPE
, sizeof (PKIX_PL_CertNameConstraints), (PKIX_PL_Object **)&
nameConstraints, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT
; goto cleanup; } } while (0)
22
Assuming field 'aPkixErrorResult' is non-null
23
Taking true branch
747 (PKIX_CERTNAMECONSTRAINTS_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTNAMECONSTRAINTS_TYPE
, sizeof (PKIX_PL_CertNameConstraints), (PKIX_PL_Object **)&
nameConstraints, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT
; goto cleanup; } } while (0)
748 sizeof (PKIX_PL_CertNameConstraints),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTNAMECONSTRAINTS_TYPE
, sizeof (PKIX_PL_CertNameConstraints), (PKIX_PL_Object **)&
nameConstraints, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT
; goto cleanup; } } while (0)
749 (PKIX_PL_Object **)&nameConstraints,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTNAMECONSTRAINTS_TYPE
, sizeof (PKIX_PL_CertNameConstraints), (PKIX_PL_Object **)&
nameConstraints, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT
; goto cleanup; } } while (0)
750 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTNAMECONSTRAINTS_TYPE
, sizeof (PKIX_PL_CertNameConstraints), (PKIX_PL_Object **)&
nameConstraints, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT
; goto cleanup; } } while (0)
751 PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc (PKIX_CERTNAMECONSTRAINTS_TYPE
, sizeof (PKIX_PL_CertNameConstraints), (PKIX_PL_Object **)&
nameConstraints, plContext)); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT
; goto cleanup; } } while (0);
752
753 PKIX_CHECK(PKIX_PL_Mallocdo { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTNameConstraint
*), (void *)&nssNameConstraintPtr, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
754 (sizeof (CERTNameConstraint *),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTNameConstraint
*), (void *)&nssNameConstraintPtr, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
755 (void *)&nssNameConstraintPtr,do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTNameConstraint
*), (void *)&nssNameConstraintPtr, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
756 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTNameConstraint
*), (void *)&nssNameConstraintPtr, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0)
757 PKIX_MALLOCFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (sizeof (CERTNameConstraint
*), (void *)&nssNameConstraintPtr, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_MALLOCFAILED; goto
cleanup; } } while (0);
758
759 nameConstraints->numNssNameConstraints = 1;
760 nameConstraints->nssNameConstraintsList = nssNameConstraintPtr;
761 *nssNameConstraintPtr = nssNameConstraints;
762
763 nameConstraints->permittedList = NULL((void*)0);
764 nameConstraints->excludedList = NULL((void*)0);
765 nameConstraints->arena = NULL((void*)0);
766
767 *pNameConstraints = nameConstraints;
768
769cleanup:
770
771 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
24
Assuming field 'aPkixErrorReceived' is not equal to 0
772 PKIX_DECREF(nameConstraints)do { if (nameConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nameConstraints), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } nameConstraints
= ((void*)0); } } while (0);
25
Assuming 'nameConstraints' is null
26
Taking false branch
27
Loop condition is false. Exiting loop
773 }
774
775 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
28
Returning without writing to '*pNameConstraints'
29
Returning pointer, which participates in a condition later
776}
777
778/*
779 * FUNCTION: pkix_pl_CertNameConstraints_Create
780 *
781 * DESCRIPTION:
782 * function that allocates and initialize the object CertNameConstraints.
783 *
784 * PARAMETERS
785 * "nssCert"
786 * Address of CERT that contains this object's data.
787 * Must be non-NULL.
788 * "pNameConstraints"
789 * Address where object pointer will be stored. Must be non-NULL.
790 * A NULL value will be returned if there is no Name Constraints extension.
791 * "plContext" - Platform-specific context pointer.
792 *
793 * THREAD SAFETY:
794 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
795 *
796 * RETURNS:
797 * Returns NULL if the function succeeds.
798 * Returns a NameConstraints Error if the function fails in a non-fatal way.
799 * Returns a Fatal Error if the function fails in an unrecoverable way.
800 */
801PKIX_Error *
802pkix_pl_CertNameConstraints_Create(
803 CERTCertificate *nssCert,
804 PKIX_PL_CertNameConstraints **pNameConstraints,
805 void *plContext)
806{
807 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
1
'nameConstraints' initialized to a null pointer value
808 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
809 PLArenaPool *arena = NULL((void*)0);
810 SECStatus status;
811
812 PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Create")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Create"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
2
Assuming 'pkixLoggersDebugTrace' is null
3
Taking false branch
813 PKIX_NULLCHECK_THREE(nssCert, pNameConstraints, nssCert->arena)do { if (((nssCert) == ((void*)0)) || ((pNameConstraints) == (
(void*)0)) || ((nssCert->arena) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
4
Loop condition is false. Exiting loop
5
Assuming 'nssCert' is not equal to null
6
Assuming 'pNameConstraints' is not equal to null
7
Assuming field 'arena' is not equal to null
8
Taking false branch
9
Loop condition is false. Exiting loop
814
815 PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena).\n");
816 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
817 if (arena == NULL((void*)0)) {
10
Assuming 'arena' is not equal to NULL
11
Taking false branch
818 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
819 }
820
821 PKIX_CERTNAMECONSTRAINTS_DEBUG
822 ("\t\tCalling CERT_FindNameConstraintsExten\n");
823 status = CERT_FindNameConstraintsExten
824 (arena, nssCert, &nssNameConstraints);
825
826 if (status != SECSuccess) {
12
Assuming 'status' is equal to SECSuccess
13
Taking false branch
827 PKIX_ERROR(PKIX_DECODINGCERTNAMECONSTRAINTSFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_DECODINGCERTNAMECONSTRAINTSFAILED, ((void*)0), stdVars
.aPkixType, 2, plContext); } } stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_DECODINGCERTNAMECONSTRAINTSFAILED
; goto cleanup; };
828 }
829
830 if (nssNameConstraints == NULL((void*)0)) {
14
Assuming 'nssNameConstraints' is not equal to NULL
15
Taking false branch
831 *pNameConstraints = NULL((void*)0);
832 /* we free the arnea here because PKIX_ERROR_RECEIVED
833 * may not be set. Setting arena to NULL makes sure
834 * we don't try to free it again (and makes scanners
835 * happy). */
836 if (arena){
837 PKIX_CERTNAMECONSTRAINTS_DEBUG
838 ("\t\tCalling PORT_FreeArena).\n");
839 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
840 arena = NULL((void*)0);
841 }
842 goto cleanup;
843 }
844
845 PKIX_CHECK(pkix_pl_CertNameConstraints_Create_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create_Helper
(nssNameConstraints, &nameConstraints, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED
; goto cleanup; } } while (0)
16
Calling 'pkix_pl_CertNameConstraints_Create_Helper'
30
Returning from 'pkix_pl_CertNameConstraints_Create_Helper'
31
Assuming field 'aPkixErrorResult' is null
32
Taking false branch
33
Loop condition is false. Exiting loop
846 (nssNameConstraints, &nameConstraints, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create_Helper
(nssNameConstraints, &nameConstraints, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED
; goto cleanup; } } while (0)
847 PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create_Helper
(nssNameConstraints, &nameConstraints, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED
; goto cleanup; } } while (0);
848
849 nameConstraints->arena = arena;
34
Access to field 'arena' results in a dereference of a null pointer (loaded from variable 'nameConstraints')
850
851 *pNameConstraints = nameConstraints;
852
853cleanup:
854
855 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
856 if (arena){
857 PKIX_CERTNAMECONSTRAINTS_DEBUG
858 ("\t\tCalling PORT_FreeArena).\n");
859 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
860 }
861 }
862
863 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
864}
865
866/*
867 * FUNCTION: pkix_pl_CertNameConstraints_CreateByMerge
868 *
869 * DESCRIPTION:
870 *
871 * This function allocates and creates a PKIX_PL_NameConstraint object
872 * for merging. It also allocates CERTNameConstraints data space for the
873 * merged NSS NameConstraints data.
874 *
875 * PARAMETERS
876 * "pNameConstraints"
877 * Address where object pointer will be stored and returned.
878 * Must be non-NULL.
879 * "plContext" - Platform-specific context pointer.
880 *
881 * THREAD SAFETY:
882 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
883 *
884 * RETURNS:
885 * Returns NULL if the function succeeds.
886 * Returns a NameConstraints Error if the function fails in a non-fatal way.
887 * Returns a Fatal Error if the function fails in an unrecoverable way.
888 */
889static PKIX_Error *
890pkix_pl_CertNameConstraints_CreateByMerge(
891 PKIX_PL_CertNameConstraints **pNameConstraints,
892 void *plContext)
893{
894 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
895 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
896 PLArenaPool *arena = NULL((void*)0);
897
898 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_CreateByMerge"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
899 "pkix_pl_CertNameConstraints_CreateByMerge")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_CreateByMerge"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
900 PKIX_NULLCHECK_ONE(pNameConstraints)do { if ((pNameConstraints) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
901
902 PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena).\n");
903 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
904 if (arena == NULL((void*)0)) {
905 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
906 }
907
908 PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_ArenaZNew).\n");
909 nssNameConstraints = PORT_ArenaZNew(arena, CERTNameConstraints)(CERTNameConstraints *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTNameConstraints
));
910 if (nssNameConstraints == NULL((void*)0)) {
911 PKIX_ERROR(PKIX_PORTARENAALLOCFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_PORTARENAALLOCFAILED, ((void*)0), stdVars.aPkixType, 2
, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_PORTARENAALLOCFAILED; goto
cleanup; };
912 }
913
914 nssNameConstraints->permited = NULL((void*)0);
915 nssNameConstraints->excluded = NULL((void*)0);
916 nssNameConstraints->DERPermited = NULL((void*)0);
917 nssNameConstraints->DERExcluded = NULL((void*)0);
918
919 PKIX_CHECK(pkix_pl_CertNameConstraints_Create_Helperdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create_Helper
(nssNameConstraints, &nameConstraints, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED
; goto cleanup; } } while (0)
920 (nssNameConstraints, &nameConstraints, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create_Helper
(nssNameConstraints, &nameConstraints, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED
; goto cleanup; } } while (0)
921 PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_Create_Helper
(nssNameConstraints, &nameConstraints, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED
; goto cleanup; } } while (0);
922
923 nameConstraints->arena = arena;
924
925 *pNameConstraints = nameConstraints;
926
927cleanup:
928
929 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
930 if (arena){
931 PKIX_CERTNAMECONSTRAINTS_DEBUG
932 ("\t\tCalling PORT_FreeArena).\n");
933 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
934 }
935 }
936
937 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
938}
939
940/*
941 * FUNCTION: pkix_pl_CertNameConstraints_CopyNssNameConstraints
942 *
943 * DESCRIPTION:
944 *
945 * This function allocates and copies data to a NSS CERTNameConstraints from
946 * the NameConstraints given by "srcNC" and stores the result at "pDestNC". It
947 * copies items on both the permitted and excluded lists, but not the
948 * DERPermited and DERExcluded.
949 *
950 * PARAMETERS
951 * "arena"
952 * Memory pool where object data is allocated from. Must be non-NULL.
953 * "srcNC"
954 * Address of the NameConstraints to copy from. Must be non-NULL.
955 * "pDestNC"
956 * Address where new copied object is stored and returned.
957 * Must be non-NULL.
958 * "plContext" - Platform-specific context pointer.
959 *
960 * THREAD SAFETY:
961 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
962 *
963 * RETURNS:
964 * Returns NULL if the function succeeds.
965 * Returns a NameConstraints Error if the function fails in a non-fatal way.
966 * Returns a Fatal Error if the function fails in an unrecoverable way.
967 */
968static PKIX_Error *
969pkix_pl_CertNameConstraints_CopyNssNameConstraints(
970 PLArenaPool *arena,
971 CERTNameConstraints *srcNC,
972 CERTNameConstraints **pDestNC,
973 void *plContext)
974{
975 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
976 CERTNameConstraint *nssNameConstraintHead = NULL((void*)0);
977 CERTNameConstraint *nssCurrent = NULL((void*)0);
978 CERTNameConstraint *nssCopyTo = NULL((void*)0);
979 CERTNameConstraint *nssCopyFrom = NULL((void*)0);
980
981 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_CopyNssNameConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
982 "pkix_pl_CertNameConstraints_CopyNssNameConstraints")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_CopyNssNameConstraints"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
983 PKIX_NULLCHECK_THREE(arena, srcNC, pDestNC)do { if (((arena) == ((void*)0)) || ((srcNC) == ((void*)0)) ||
((pDestNC) == ((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
984
985 PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_ArenaZNew).\n");
986 nssNameConstraints = PORT_ArenaZNew(arena, CERTNameConstraints)(CERTNameConstraints *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTNameConstraints
));
987 if (nssNameConstraints == NULL((void*)0)) {
988 PKIX_ERROR(PKIX_PORTARENAALLOCFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_PORTARENAALLOCFAILED, ((void*)0), stdVars.aPkixType, 2
, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_PORTARENAALLOCFAILED; goto
cleanup; };
989 }
990
991 if (srcNC->permited) {
992
993 nssCopyFrom = srcNC->permited;
994
995 do {
996
997 nssCopyTo = NULL((void*)0);
998 PKIX_CERTNAMECONSTRAINTS_DEBUG
999 ("\t\tCalling CERT_CopyNameConstraint).\n");
1000 nssCopyTo = CERT_CopyNameConstraint
1001 (arena, nssCopyTo, nssCopyFrom);
1002 if (nssCopyTo == NULL((void*)0)) {
1003 PKIX_ERROR(PKIX_CERTCOPYNAMECONSTRAINTFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCOPYNAMECONSTRAINTFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTCOPYNAMECONSTRAINTFAILED
; goto cleanup; };
1004 }
1005 if (nssCurrent == NULL((void*)0)) {
1006 nssCurrent = nssNameConstraintHead = nssCopyTo;
1007 } else {
1008 PKIX_CERTNAMECONSTRAINTS_DEBUG
1009 ("\t\tCalling CERT_AddNameConstraint).\n");
1010 nssCurrent = CERT_AddNameConstraint
1011 (nssCurrent, nssCopyTo);
1012 }
1013
1014 PKIX_CERTNAMECONSTRAINTS_DEBUG
1015 ("\t\tCalling CERT_GetNextNameConstrain).\n");
1016 nssCopyFrom = CERT_GetNextNameConstraint(nssCopyFrom);
1017
1018 } while (nssCopyFrom != srcNC->permited);
1019
1020 nssNameConstraints->permited = nssNameConstraintHead;
1021 }
1022
1023 if (srcNC->excluded) {
1024
1025 nssCurrent = NULL((void*)0);
1026 nssCopyFrom = srcNC->excluded;
1027
1028 do {
1029
1030 /*
1031 * Cannot use CERT_DupGeneralNameList, which just increments
1032 * refcount. We need our own copy since arena is for each
1033 * PKIX_PL_NameConstraints. Perhaps contribute this code
1034 * as CERT_CopyGeneralNameList (in the future).
1035 */
1036 nssCopyTo = NULL((void*)0);
1037 PKIX_CERTNAMECONSTRAINTS_DEBUG
1038 ("\t\tCalling CERT_CopyNameConstraint).\n");
1039 nssCopyTo = CERT_CopyNameConstraint
1040 (arena, nssCopyTo, nssCopyFrom);
1041 if (nssCopyTo == NULL((void*)0)) {
1042 PKIX_ERROR(PKIX_CERTCOPYNAMECONSTRAINTFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CERTCOPYNAMECONSTRAINTFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CERTCOPYNAMECONSTRAINTFAILED
; goto cleanup; };
1043 }
1044 if (nssCurrent == NULL((void*)0)) {
1045 nssCurrent = nssNameConstraintHead = nssCopyTo;
1046 } else {
1047 PKIX_CERTNAMECONSTRAINTS_DEBUG
1048 ("\t\tCalling CERT_AddNameConstraint).\n");
1049 nssCurrent = CERT_AddNameConstraint
1050 (nssCurrent, nssCopyTo);
1051 }
1052
1053 PKIX_CERTNAMECONSTRAINTS_DEBUG
1054 ("\t\tCalling CERT_GetNextNameConstrain).\n");
1055 nssCopyFrom = CERT_GetNextNameConstraint(nssCopyFrom);
1056
1057 } while (nssCopyFrom != srcNC->excluded);
1058
1059 nssNameConstraints->excluded = nssNameConstraintHead;
1060 }
1061
1062 *pDestNC = nssNameConstraints;
1063
1064cleanup:
1065
1066 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
1067}
1068
1069/*
1070 * FUNCTION: pkix_pl_CertNameConstraints_Merge
1071 *
1072 * DESCRIPTION:
1073 *
1074 * This function merges two NameConstraints pointed to by "firstNC" and
1075 * "secondNC" and stores the result in "pMergedNC".
1076 *
1077 * PARAMETERS
1078 * "firstNC"
1079 * Address of the first NameConstraints to be merged. Must be non-NULL.
1080 * "secondNC"
1081 * Address of the second NameConstraints to be merged. Must be non-NULL.
1082 * "pMergedNC"
1083 * Address where the merge result is stored and returned. Must be non-NULL.
1084 * "plContext" - Platform-specific context pointer.
1085 *
1086 * THREAD SAFETY:
1087 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1088 *
1089 * RETURNS:
1090 * Returns NULL if the function succeeds.
1091 * Returns a NameConstraints Error if the function fails in a non-fatal way.
1092 * Returns a Fatal Error if the function fails in an unrecoverable way.
1093 */
1094PKIX_Error *
1095pkix_pl_CertNameConstraints_Merge(
1096 PKIX_PL_CertNameConstraints *firstNC,
1097 PKIX_PL_CertNameConstraints *secondNC,
1098 PKIX_PL_CertNameConstraints **pMergedNC,
1099 void *plContext)
1100{
1101 PKIX_PL_CertNameConstraints *nameConstraints = NULL((void*)0);
1102 CERTNameConstraints **nssNCto = NULL((void*)0);
1103 CERTNameConstraints **nssNCfrom = NULL((void*)0);
1104 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
1105 PKIX_UInt32 numNssItems = 0;
1106 PKIX_UInt32 i;
1107
1108 PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Merge")static const char cMyFuncName[] = {"pkix_pl_CertNameConstraints_Merge"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1109 PKIX_NULLCHECK_THREE(firstNC, secondNC, pMergedNC)do { if (((firstNC) == ((void*)0)) || ((secondNC) == ((void*)
0)) || ((pMergedNC) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1110
1111 PKIX_CHECK(pkix_pl_CertNameConstraints_CreateByMergedo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CreateByMerge
(&nameConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEBYMERGEFAILED
; goto cleanup; } } while (0)
1112 (&nameConstraints, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CreateByMerge
(&nameConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEBYMERGEFAILED
; goto cleanup; } } while (0)
1113 PKIX_CERTNAMECONSTRAINTSCREATEBYMERGEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CreateByMerge
(&nameConstraints, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTNAMECONSTRAINTSCREATEBYMERGEFAILED
; goto cleanup; } } while (0);
1114
1115 /* Merge NSSCertConstraint lists */
1116
1117 numNssItems = firstNC->numNssNameConstraints +
1118 secondNC->numNssNameConstraints;
1119
1120 /* Free the default space (only one entry) allocated by create */
1121 PKIX_CHECK(PKIX_PL_Freedo { stdVars.aPkixErrorResult = (PKIX_PL_Free (nameConstraints
->nssNameConstraintsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FREEFAILED; goto cleanup; } }
while (0)
1122 (nameConstraints->nssNameConstraintsList, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Free (nameConstraints
->nssNameConstraintsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FREEFAILED; goto cleanup; } }
while (0)
1123 PKIX_FREEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Free (nameConstraints
->nssNameConstraintsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_FREEFAILED; goto cleanup; } }
while (0);
1124
1125 /* Reallocate the size we need */
1126 PKIX_CHECK(PKIX_PL_Mallocdo { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (numNssItems *
sizeof (CERTNameConstraint *), (void *)&nssNCto, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_MALLOCFAILED; goto cleanup; } } while (0)
1127 (numNssItems * sizeof (CERTNameConstraint *),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (numNssItems *
sizeof (CERTNameConstraint *), (void *)&nssNCto, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_MALLOCFAILED; goto cleanup; } } while (0)
1128 (void *)&nssNCto,do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (numNssItems *
sizeof (CERTNameConstraint *), (void *)&nssNCto, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_MALLOCFAILED; goto cleanup; } } while (0)
1129 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (numNssItems *
sizeof (CERTNameConstraint *), (void *)&nssNCto, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_MALLOCFAILED; goto cleanup; } } while (0)
1130 PKIX_MALLOCFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Malloc (numNssItems *
sizeof (CERTNameConstraint *), (void *)&nssNCto, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_MALLOCFAILED; goto cleanup; } } while (0);
1131
1132 nameConstraints->nssNameConstraintsList = nssNCto;
1133
1134 nssNCfrom = firstNC->nssNameConstraintsList;
1135
1136 for (i = 0; i < firstNC->numNssNameConstraints; i++) {
1137
1138 PKIX_CHECK(pkix_pl_CertNameConstraints_CopyNssNameConstraintsdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1139 (nameConstraints->arena,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1140 *nssNCfrom,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1141 &nssNameConstraints,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1142 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1143 PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0);
1144
1145 *nssNCto = nssNameConstraints;
1146
1147 nssNCto++;
1148 nssNCfrom++;
1149 }
1150
1151 nssNCfrom = secondNC->nssNameConstraintsList;
1152
1153 for (i = 0; i < secondNC->numNssNameConstraints; i++) {
1154
1155 PKIX_CHECK(pkix_pl_CertNameConstraints_CopyNssNameConstraintsdo { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1156 (nameConstraints->arena,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1157 *nssNCfrom,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1158 &nssNameConstraints,do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1159 plContext),do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0)
1160 PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_CertNameConstraints_CopyNssNameConstraints
(nameConstraints->arena, *nssNCfrom, &nssNameConstraints
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED; goto
cleanup; } } while (0);
1161
1162 *nssNCto = nssNameConstraints;
1163
1164 nssNCto++;
1165 nssNCfrom++;
1166 }
1167
1168 nameConstraints->numNssNameConstraints = numNssItems;
1169 nameConstraints->permittedList = NULL((void*)0);
1170 nameConstraints->excludedList = NULL((void*)0);
1171
1172 *pMergedNC = nameConstraints;
1173
1174cleanup:
1175
1176 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
1177 PKIX_DECREF(nameConstraints)do { if (nameConstraints){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nameConstraints), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } nameConstraints
= ((void*)0); } } while (0);
1178 }
1179
1180 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
1181}
1182
1183/* --Public-NameConstraints-Functions-------------------------------- */
1184
1185/*
1186 * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
1187 * (see comments in pkix_pl_system.h)
1188 */
1189PKIX_Error *
1190PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
1191 PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
1192 PKIX_PL_CertNameConstraints *nameConstraints,
1193 PKIX_Boolean *pCheckPass,
1194 void *plContext)
1195{
1196 CERTNameConstraints **nssNameConstraintsList = NULL((void*)0);
1197 CERTNameConstraints *nssNameConstraints = NULL((void*)0);
1198 CERTGeneralName *nssMatchName = NULL((void*)0);
1199 PLArenaPool *arena = NULL((void*)0);
1200 PKIX_PL_GeneralName *name = NULL((void*)0);
1201 PKIX_UInt32 numNameItems = 0;
1202 PKIX_UInt32 numNCItems = 0;
1203 PKIX_UInt32 i, j;
1204 SECStatus status = SECSuccess;
1205
1206 PKIX_ENTER(CERTNAMECONSTRAINTS,static const char cMyFuncName[] = {"PKIX_PL_CertNameConstraints_CheckNamesInNameSpace"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);
1207 "PKIX_PL_CertNameConstraints_CheckNamesInNameSpace")static const char cMyFuncName[] = {"PKIX_PL_CertNameConstraints_CheckNamesInNameSpace"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_CERTNAMECONSTRAINTS_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
1208 PKIX_NULLCHECK_TWO(nameConstraints, pCheckPass)do { if (((nameConstraints) == ((void*)0)) || ((pCheckPass) ==
((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1
); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1209
1210 *pCheckPass = PKIX_TRUE((PKIX_Boolean) 1);
1211
1212 if (nameList != NULL((void*)0)) {
1213
1214 PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena\n");
1215 arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048));
1216 if (arena == NULL((void*)0)) {
1217 PKIX_ERROR(PKIX_OUTOFMEMORY){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_OUTOFMEMORY, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_OUTOFMEMORY; goto cleanup; };
1218 }
1219
1220 nssNameConstraintsList =
1221 nameConstraints->nssNameConstraintsList;
1222 PKIX_NULLCHECK_ONE(nssNameConstraintsList)do { if ((nssNameConstraintsList) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1223 numNCItems = nameConstraints->numNssNameConstraints;
1224
1225 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (nameList
, &numNameItems, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1226 (nameList, &numNameItems, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (nameList
, &numNameItems, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1227 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (nameList
, &numNameItems, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1228
1229 for (i = 0; i < numNameItems; i++) {
1230
1231 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nameList,
i, (PKIX_PL_Object **) &name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1232 (nameList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nameList,
i, (PKIX_PL_Object **) &name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1233 i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nameList,
i, (PKIX_PL_Object **) &name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1234 (PKIX_PL_Object **) &name,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nameList,
i, (PKIX_PL_Object **) &name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1235 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nameList,
i, (PKIX_PL_Object **) &name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1236 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (nameList,
i, (PKIX_PL_Object **) &name, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
1237
1238 PKIX_CHECK(pkix_pl_GeneralName_GetNssGeneralNamedo { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_GetNssGeneralName
(name, &nssMatchName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GENERALNAMEGETNSSGENERALNAMEFAILED
; goto cleanup; } } while (0)
1239 (name, &nssMatchName, plContext),do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_GetNssGeneralName
(name, &nssMatchName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GENERALNAMEGETNSSGENERALNAMEFAILED
; goto cleanup; } } while (0)
1240 PKIX_GENERALNAMEGETNSSGENERALNAMEFAILED)do { stdVars.aPkixErrorResult = (pkix_pl_GeneralName_GetNssGeneralName
(name, &nssMatchName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_GENERALNAMEGETNSSGENERALNAMEFAILED
; goto cleanup; } } while (0);
1241
1242 PKIX_DECREF(name)do { if (name){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(name), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } name = ((void*)0);
} } while (0);
1243
1244 for (j = 0; j < numNCItems; j++) {
1245
1246 nssNameConstraints = *(nssNameConstraintsList + j);
1247 PKIX_NULLCHECK_ONE(nssNameConstraints)do { if ((nssNameConstraints) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1248
1249 PKIX_CERTNAMECONSTRAINTS_DEBUG
1250 ("\t\tCalling CERT_CheckNameSpace\n");
1251 status = CERT_CheckNameSpace
1252 (arena, nssNameConstraints, nssMatchName);
1253 if (status != SECSuccess) {
1254 break;
1255 }
1256
1257 }
1258
1259 if (status != SECSuccess) {
1260 break;
1261 }
1262
1263 }
1264 }
1265
1266 if (status == SECFailure) {
1267 *pCheckPass = PKIX_FALSE((PKIX_Boolean) 0);
1268 }
1269
1270cleanup:
1271
1272 if (arena){
1273 PKIX_CERTNAMECONSTRAINTS_DEBUG
1274 ("\t\tCalling PORT_FreeArena).\n");
1275 PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0);
1276 }
1277
1278 PKIX_RETURN(CERTNAMECONSTRAINTS)return PKIX_DoReturn(&stdVars, (PKIX_CERTNAMECONSTRAINTS_ERROR
), ((PKIX_Boolean) 1), plContext);;
1279}