Bug Summary

File:s/lib/libpkix/pkix/checker/pkix_revocationchecker.c
Warning:line 91, column 42
Access to field 'leafMethodList' results in a dereference of a null pointer (loaded from variable 'checkerDuplicate')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_revocationchecker.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/checker -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/checker -resource-dir /usr/lib/llvm-19/lib/clang/19 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux6.12_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-01-06-222215-268153-1 -x c pkix_revocationchecker.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_revocationchecker.c
6 *
7 * RevocationChecker Object Functions
8 *
9 */
10
11#include "pkix_revocationchecker.h"
12#include "pkix_tools.h"
13
14/* --Private-Functions-------------------------------------------- */
15
16/*
17 * FUNCTION: pkix_RevocationChecker_Destroy
18 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
19 */
20static PKIX_Error *
21pkix_RevocationChecker_Destroy(
22 PKIX_PL_Object *object,
23 void *plContext)
24{
25 PKIX_RevocationChecker *checker = NULL((void*)0);
26
27 PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Destroy")static const char cMyFuncName[] = {"pkix_RevocationChecker_Destroy"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_REVOCATIONCHECKER_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
28 PKIX_NULLCHECK_ONE(object)do { if ((object) == ((void*)0)){ stdVars.aPkixErrorReceived =
((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
29
30 /* Check that this object is a revocation checker */
31 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTREVOCATIONCHECKER; goto cleanup; } } while (
0)
32 (object, PKIX_REVOCATIONCHECKER_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTREVOCATIONCHECKER; goto cleanup; } } while (
0)
33 PKIX_OBJECTNOTREVOCATIONCHECKER)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTREVOCATIONCHECKER; goto cleanup; } } while (
0);
34
35 checker = (PKIX_RevocationChecker *)object;
36
37 PKIX_DECREF(checker->leafMethodList)do { if (checker->leafMethodList){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checker->leafMethodList
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } checker->leafMethodList = ((void*)0); } }
while (0);
38 PKIX_DECREF(checker->chainMethodList)do { if (checker->chainMethodList){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(checker->chainMethodList
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } checker->chainMethodList = ((void*)0); } }
while (0);
39
40cleanup:
41
42 PKIX_RETURN(REVOCATIONCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_REVOCATIONCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
43}
44
45/*
46 * FUNCTION: pkix_RevocationChecker_Duplicate
47 * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
48 */
49static PKIX_Error *
50pkix_RevocationChecker_Duplicate(
51 PKIX_PL_Object *object,
52 PKIX_PL_Object **pNewObject,
53 void *plContext)
54{
55 PKIX_RevocationChecker *checker = NULL((void*)0);
56 PKIX_RevocationChecker *checkerDuplicate = NULL((void*)0);
1
'checkerDuplicate' initialized to a null pointer value
57 PKIX_List *dupLeafList = NULL((void*)0);
58 PKIX_List *dupChainList = NULL((void*)0);
59
60 PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate")static const char cMyFuncName[] = {"pkix_RevocationChecker_Duplicate"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_REVOCATIONCHECKER_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
2
Assuming 'pkixLoggersDebugTrace' is null
3
Taking false branch
61 PKIX_NULLCHECK_TWO(object, pNewObject)do { if (((object) == ((void*)0)) || ((pNewObject) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
4
Loop condition is false. Exiting loop
5
Assuming 'object' is not equal to null
6
Assuming 'pNewObject' is not equal to null
7
Taking false branch
8
Loop condition is false. Exiting loop
62
63 PKIX_CHECK(pkix_CheckTypedo { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTCHAINCHECKER; goto cleanup; } } while (0
)
9
Assuming field 'aPkixErrorResult' is null
10
Taking false branch
11
Loop condition is false. Exiting loop
64 (object, PKIX_REVOCATIONCHECKER_TYPE, plContext),do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTCHAINCHECKER; goto cleanup; } } while (0
)
65 PKIX_OBJECTNOTCERTCHAINCHECKER)do { stdVars.aPkixErrorResult = (pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTNOTCERTCHAINCHECKER; goto cleanup; } } while (0
);
66
67 checker = (PKIX_RevocationChecker *)object;
68
69 if (checker->leafMethodList){
12
Assuming field 'leafMethodList' is null
13
Taking false branch
70 PKIX_CHECK(PKIX_PL_Object_Duplicatedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->leafMethodList, (PKIX_PL_Object **)&dupLeafList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
71 ((PKIX_PL_Object *)checker->leafMethodList,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->leafMethodList, (PKIX_PL_Object **)&dupLeafList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
72 (PKIX_PL_Object **)&dupLeafList,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->leafMethodList, (PKIX_PL_Object **)&dupLeafList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
73 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->leafMethodList, (PKIX_PL_Object **)&dupLeafList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
74 PKIX_OBJECTDUPLICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->leafMethodList, (PKIX_PL_Object **)&dupLeafList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0);
75 }
76 if (checker->chainMethodList){
14
Assuming field 'chainMethodList' is null
15
Taking false branch
77 PKIX_CHECK(PKIX_PL_Object_Duplicatedo { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->chainMethodList, (PKIX_PL_Object **)&dupChainList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
78 ((PKIX_PL_Object *)checker->chainMethodList,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->chainMethodList, (PKIX_PL_Object **)&dupChainList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
79 (PKIX_PL_Object **)&dupChainList,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->chainMethodList, (PKIX_PL_Object **)&dupChainList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
80 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->chainMethodList, (PKIX_PL_Object **)&dupChainList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0)
81 PKIX_OBJECTDUPLICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Duplicate ((PKIX_PL_Object
*)checker->chainMethodList, (PKIX_PL_Object **)&dupChainList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_OBJECTDUPLICATEFAILED; goto cleanup; } } while (0);
82 }
83
84 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_RevocationChecker_Create
(checker->leafMethodListFlags, checker->chainMethodListFlags
, &checkerDuplicate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REVOCATIONCHECKERCREATEFAILED
; goto cleanup; } } while (0)
16
Calling 'PKIX_RevocationChecker_Create'
30
Returning from 'PKIX_RevocationChecker_Create'
31
Assuming field 'aPkixErrorResult' is null
32
Taking false branch
33
Loop condition is false. Exiting loop
85 PKIX_RevocationChecker_Create(checker->leafMethodListFlags,do { stdVars.aPkixErrorResult = (PKIX_RevocationChecker_Create
(checker->leafMethodListFlags, checker->chainMethodListFlags
, &checkerDuplicate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REVOCATIONCHECKERCREATEFAILED
; goto cleanup; } } while (0)
86 checker->chainMethodListFlags,do { stdVars.aPkixErrorResult = (PKIX_RevocationChecker_Create
(checker->leafMethodListFlags, checker->chainMethodListFlags
, &checkerDuplicate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REVOCATIONCHECKERCREATEFAILED
; goto cleanup; } } while (0)
87 &checkerDuplicate,do { stdVars.aPkixErrorResult = (PKIX_RevocationChecker_Create
(checker->leafMethodListFlags, checker->chainMethodListFlags
, &checkerDuplicate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REVOCATIONCHECKERCREATEFAILED
; goto cleanup; } } while (0)
88 plContext),do { stdVars.aPkixErrorResult = (PKIX_RevocationChecker_Create
(checker->leafMethodListFlags, checker->chainMethodListFlags
, &checkerDuplicate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REVOCATIONCHECKERCREATEFAILED
; goto cleanup; } } while (0)
89 PKIX_REVOCATIONCHECKERCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_RevocationChecker_Create
(checker->leafMethodListFlags, checker->chainMethodListFlags
, &checkerDuplicate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_REVOCATIONCHECKERCREATEFAILED
; goto cleanup; } } while (0);
90
91 checkerDuplicate->leafMethodList = dupLeafList;
34
Access to field 'leafMethodList' results in a dereference of a null pointer (loaded from variable 'checkerDuplicate')
92 checkerDuplicate->chainMethodList = dupChainList;
93 dupLeafList = NULL((void*)0);
94 dupChainList = NULL((void*)0);
95
96 *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
97
98cleanup:
99 PKIX_DECREF(dupLeafList)do { if (dupLeafList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(dupLeafList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } dupLeafList = ((void
*)0); } } while (0);
100 PKIX_DECREF(dupChainList)do { if (dupChainList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(dupChainList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } dupChainList = ((void
*)0); } } while (0);
101
102 PKIX_RETURN(REVOCATIONCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_REVOCATIONCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
103}
104
105/*
106 * FUNCTION: pkix_RevocationChecker_RegisterSelf
107 * DESCRIPTION:
108 * Registers PKIX_REVOCATIONCHECKER_TYPE and its related functions with
109 * systemClasses[]
110 * THREAD SAFETY:
111 * Not Thread Safe - for performance and complexity reasons
112 *
113 * Since this function is only called by PKIX_PL_Initialize, which should
114 * only be called once, it is acceptable that this function is not
115 * thread-safe.
116 */
117PKIX_Error *
118pkix_RevocationChecker_RegisterSelf(void *plContext)
119{
120 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
121 pkix_ClassTable_Entry entry;
122
123 PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_RegisterSelf")static const char cMyFuncName[] = {"pkix_RevocationChecker_RegisterSelf"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_REVOCATIONCHECKER_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
124
125 entry.description = "RevocationChecker";
126 entry.objCounter = 0;
127 entry.typeObjectSize = sizeof(PKIX_RevocationChecker);
128 entry.destructor = pkix_RevocationChecker_Destroy;
129 entry.equalsFunction = NULL((void*)0);
130 entry.hashcodeFunction = NULL((void*)0);
131 entry.toStringFunction = NULL((void*)0);
132 entry.comparator = NULL((void*)0);
133 entry.duplicateFunction = pkix_RevocationChecker_Duplicate;
134
135 systemClasses[PKIX_REVOCATIONCHECKER_TYPE] = entry;
136
137 PKIX_RETURN(REVOCATIONCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_REVOCATIONCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
138}
139
140/* Sort methods by their priorities (lower priority = higher preference) */
141static PKIX_Error *
142pkix_RevocationChecker_SortComparator(
143 PKIX_PL_Object *obj1,
144 PKIX_PL_Object *obj2,
145 PKIX_Int32 *pResult,
146 void *plContext)
147{
148 pkix_RevocationMethod *method1 = NULL((void*)0), *method2 = NULL((void*)0);
149
150 PKIX_ENTER(BUILD, "pkix_RevocationChecker_SortComparator")static const char cMyFuncName[] = {"pkix_RevocationChecker_SortComparator"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_BUILD_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
151
152 method1 = (pkix_RevocationMethod *)obj1;
153 method2 = (pkix_RevocationMethod *)obj2;
154
155 if (method1->priority < method2->priority) {
156 *pResult = -1;
157 } else if (method1->priority > method2->priority) {
158 *pResult = 1;
159 } else {
160 *pResult = 0;
161 }
162
163 PKIX_RETURN(BUILD)return PKIX_DoReturn(&stdVars, (PKIX_BUILD_ERROR), ((PKIX_Boolean
) 1), plContext);;
164}
165
166
167/* --Public-Functions--------------------------------------------- */
168
169
170/*
171 * FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_revchecker.h)
172 */
173PKIX_Error *
174PKIX_RevocationChecker_Create(
175 PKIX_UInt32 leafMethodListFlags,
176 PKIX_UInt32 chainMethodListFlags,
177 PKIX_RevocationChecker **pChecker,
178 void *plContext)
179{
180 PKIX_RevocationChecker *checker = NULL((void*)0);
181
182 PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create")static const char cMyFuncName[] = {"PKIX_RevocationChecker_Create"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_REVOCATIONCHECKER_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
17
Assuming 'pkixLoggersDebugTrace' is null
18
Taking false branch
19
Loop condition is false. Exiting loop
183 PKIX_NULLCHECK_ONE(pChecker)do { if ((pChecker) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
20
Taking false branch
21
Loop condition is false. Exiting loop
184
185 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE
, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT; goto cleanup; }
} while (0)
22
Assuming field 'aPkixErrorResult' is non-null
23
Taking true branch
24
Control jumps to line 201
186 PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE
, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT; goto cleanup; }
} while (0)
187 sizeof (PKIX_RevocationChecker),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE
, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT; goto cleanup; }
} while (0)
188 (PKIX_PL_Object **)&checker,do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE
, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT; goto cleanup; }
} while (0)
189 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE
, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT; goto cleanup; }
} while (0)
190 PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE
, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT; goto cleanup; }
} while (0);
191
192 checker->leafMethodListFlags = leafMethodListFlags;
193 checker->chainMethodListFlags = chainMethodListFlags;
194 checker->leafMethodList = NULL((void*)0);
195 checker->chainMethodList = NULL((void*)0);
196
197 *pChecker = checker;
198 checker = NULL((void*)0);
199
200cleanup:
201 PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
25
Assuming 'checker' is null
26
Taking false branch
27
Loop condition is false. Exiting loop
202
203 PKIX_RETURN(REVOCATIONCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_REVOCATIONCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
28
Returning without writing to '*pChecker'
29
Returning pointer, which participates in a condition later
204}
205
206/*
207 * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
208 */
209PKIX_Error *
210PKIX_RevocationChecker_CreateAndAddMethod(
211 PKIX_RevocationChecker *revChecker,
212 PKIX_ProcessingParams *params,
213 PKIX_RevocationMethodType methodType,
214 PKIX_UInt32 flags,
215 PKIX_UInt32 priority,
216 PKIX_PL_VerifyCallback verificationFn,
217 PKIX_Boolean isLeafMethod,
218 void *plContext)
219{
220 PKIX_List **methodList = NULL((void*)0);
221 PKIX_List *unsortedList = NULL((void*)0);
222 PKIX_List *certStores = NULL((void*)0);
223 pkix_RevocationMethod *method = NULL((void*)0);
224 pkix_LocalRevocationCheckFn *localRevChecker = NULL((void*)0);
225 pkix_ExternalRevocationCheckFn *externRevChecker = NULL((void*)0);
226 PKIX_UInt32 miFlags;
227
228 PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_CreateAndAddMethod")static const char cMyFuncName[] = {"PKIX_RevocationChecker_CreateAndAddMethod"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_REVOCATIONCHECKER_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
229 PKIX_NULLCHECK_ONE(revChecker)do { if ((revChecker) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
230
231 /* If the caller has said "Either one is sufficient, then don't let the
232 * absence of any one method's info lead to an overall failure.
233 */
234 miFlags = isLeafMethod ? revChecker->leafMethodListFlags
235 : revChecker->chainMethodListFlags;
236 if (miFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE0x02L)
237 flags &= ~PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO0x10L;
238
239 switch (methodType) {
240 case PKIX_RevocationMethod_CRL:
241 localRevChecker = pkix_CrlChecker_CheckLocal;
242 externRevChecker = pkix_CrlChecker_CheckExternal;
243 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(params, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
244 PKIX_ProcessingParams_GetCertStores(params, &certStores,do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(params, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
245 plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(params, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
246 PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(params, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0);
247 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0)
248 pkix_CrlChecker_Create(methodType, flags, priority,do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0)
249 localRevChecker, externRevChecker,do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0)
250 certStores, verificationFn,do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0)
251 &method,do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0)
252 plContext),do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0)
253 PKIX_COULDNOTCREATECRLCHECKEROBJECT)do { stdVars.aPkixErrorResult = (pkix_CrlChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, certStores
, verificationFn, &method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_COULDNOTCREATECRLCHECKEROBJECT
; goto cleanup; } } while (0);
254 break;
255 case PKIX_RevocationMethod_OCSP:
256 localRevChecker = pkix_OcspChecker_CheckLocal;
257 externRevChecker = pkix_OcspChecker_CheckExternal;
258 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0)
259 pkix_OcspChecker_Create(methodType, flags, priority,do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0)
260 localRevChecker, externRevChecker,do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0)
261 verificationFn,do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0)
262 &method,do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0)
263 plContext),do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0)
264 PKIX_COULDNOTCREATEOCSPCHECKEROBJECT)do { stdVars.aPkixErrorResult = (pkix_OcspChecker_Create(methodType
, flags, priority, localRevChecker, externRevChecker, verificationFn
, &method, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_COULDNOTCREATEOCSPCHECKEROBJECT; goto cleanup
; } } while (0);
265 break;
266 default:
267 PKIX_ERROR(PKIX_INVALIDREVOCATIONMETHOD){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_INVALIDREVOCATIONMETHOD, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_INVALIDREVOCATIONMETHOD; goto
cleanup; };
268 }
269
270 if (isLeafMethod) {
271 methodList = &revChecker->leafMethodList;
272 } else {
273 methodList = &revChecker->chainMethodList;
274 }
275
276 if (*methodList == NULL((void*)0)) {
277 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_Create(methodList,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
278 PKIX_List_Create(methodList, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(methodList,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
279 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(methodList,
plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
280 }
281 unsortedList = *methodList;
282 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(unsortedList
, (PKIX_PL_Object*)method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
283 PKIX_List_AppendItem(unsortedList, (PKIX_PL_Object*)method, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(unsortedList
, (PKIX_PL_Object*)method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
284 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem(unsortedList
, (PKIX_PL_Object*)method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
285 PKIX_CHECK(do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort(unsortedList
, pkix_RevocationChecker_SortComparator, methodList, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTBUBBLESORTFAILED; goto cleanup; } } while (0)
286 pkix_List_BubbleSort(unsortedList,do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort(unsortedList
, pkix_RevocationChecker_SortComparator, methodList, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTBUBBLESORTFAILED; goto cleanup; } } while (0)
287 pkix_RevocationChecker_SortComparator,do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort(unsortedList
, pkix_RevocationChecker_SortComparator, methodList, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTBUBBLESORTFAILED; goto cleanup; } } while (0)
288 methodList, plContext),do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort(unsortedList
, pkix_RevocationChecker_SortComparator, methodList, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTBUBBLESORTFAILED; goto cleanup; } } while (0)
289 PKIX_LISTBUBBLESORTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_BubbleSort(unsortedList
, pkix_RevocationChecker_SortComparator, methodList, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTBUBBLESORTFAILED; goto cleanup; } } while (0);
290
291cleanup:
292 PKIX_DECREF(method)do { if (method){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(method), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } method = ((void*)0
); } } while (0);
293 PKIX_DECREF(unsortedList)do { if (unsortedList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(unsortedList), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } unsortedList = ((void
*)0); } } while (0);
294 PKIX_DECREF(certStores)do { if (certStores){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certStores), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStores = ((void
*)0); } } while (0);
295
296 PKIX_RETURN(REVOCATIONCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_REVOCATIONCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
297}
298
299/*
300 * FUNCTION: PKIX_RevocationChecker_Check
301 */
302PKIX_Error *
303PKIX_RevocationChecker_Check(
304 PKIX_PL_Cert *cert,
305 PKIX_PL_Cert *issuer,
306 PKIX_RevocationChecker *revChecker,
307 PKIX_ProcessingParams *procParams,
308 PKIX_Boolean chainVerificationState,
309 PKIX_Boolean testingLeafCert,
310 PKIX_RevocationStatus *pRevStatus,
311 PKIX_UInt32 *pReasonCode,
312 void **pNbioContext,
313 void *plContext)
314{
315 PKIX_RevocationStatus overallStatus = PKIX_RevStatus_NoInfo;
316 PKIX_RevocationStatus methodStatus[PKIX_RevocationMethod_MAX];
317 PKIX_Boolean onlyUseRemoteMethods = PKIX_FALSE((PKIX_Boolean) 0);
318 PKIX_UInt32 revFlags = 0;
319 PKIX_List *revList = NULL((void*)0);
320 PKIX_PL_Date *date = NULL((void*)0);
321 pkix_RevocationMethod *method = NULL((void*)0);
322 void *nbioContext;
323 int tries;
324
325 PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Check")static const char cMyFuncName[] = {"PKIX_RevocationChecker_Check"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_REVOCATIONCHECKER_ERROR; ; do { if
(pkixLoggersDebugTrace) { pkix_Logger_Check(pkixLoggersDebugTrace
, stdVars.aMyFuncName, ">>>", stdVars.aPkixType, 5, plContext
); } } while (0);;
326 PKIX_NULLCHECK_TWO(revChecker, procParams)do { if (((revChecker) == ((void*)0)) || ((procParams) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
327
328 nbioContext = *pNbioContext;
329 *pNbioContext = NULL((void*)0);
330
331 if (testingLeafCert) {
332 revList = revChecker->leafMethodList;
333 revFlags = revChecker->leafMethodListFlags;
334 } else {
335 revList = revChecker->chainMethodList;
336 revFlags = revChecker->chainMethodListFlags;
337 }
338 if (!revList) {
339 /* Return NoInfo status */
340 goto cleanup;
341 }
342
343 PORT_Memsetmemset(methodStatus, PKIX_RevStatus_NoInfo,
344 sizeof(PKIX_RevocationStatus) * PKIX_RevocationMethod_MAX);
345
346 date = procParams->date;
347
348 /* Need to have two loops if we testing all local info first:
349 * first we are going to test all local(cached) info
350 * second, all remote info(fetching) */
351 for (tries = 0;tries < 2;tries++) {
352 unsigned int methodNum = 0;
353 for (;methodNum < revList->length;methodNum++) {
354 PKIX_UInt32 methodFlags = 0;
355
356 PKIX_DECREF(method)do { if (method){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(method), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } method = ((void*)0
); } } while (0);
357 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(revList, methodNum
, (PKIX_PL_Object**)&method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
358 PKIX_List_GetItem(revList, methodNum,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(revList, methodNum
, (PKIX_PL_Object**)&method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
359 (PKIX_PL_Object**)&method, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(revList, methodNum
, (PKIX_PL_Object**)&method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
360 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem(revList, methodNum
, (PKIX_PL_Object**)&method, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
361 methodFlags = method->flags;
362 if (!(methodFlags & PKIX_REV_M_TEST_USING_THIS_METHOD0x01L)) {
363 /* Will not check with this method. Skipping... */
364 continue;
365 }
366 if (!onlyUseRemoteMethods &&
367 methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
368 PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
369 PKIX_CHECK_NO_GOTO(do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
370 (*method->localRevChecker)(cert, issuer, date,do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
371 method, procParams,do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
372 methodFlags,do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
373 chainVerificationState,do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
374 &revStatus,do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
375 (CERTCRLEntryReasonCode *)pReasonCode,do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
376 plContext),do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
377 PKIX_REVCHECKERCHECKFAILED)do { stdVars.aPkixErrorResult = ((*method->localRevChecker
)(cert, issuer, date, method, procParams, methodFlags, chainVerificationState
, &revStatus, (CERTCRLEntryReasonCode *)pReasonCode, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0);
378 methodStatus[methodNum] = revStatus;
379 if (revStatus == PKIX_RevStatus_Revoked) {
380 /* if error was generated use it as final error. */
381 overallStatus = PKIX_RevStatus_Revoked;
382 goto cleanup;
383 }
384 if (pkixErrorResultstdVars.aPkixErrorResult) {
385 /* Disregard errors. Only returned revStatus matters. */
386 PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResultstdVars.aPkixErrorResult,
387 plContext);
388 pkixErrorResultstdVars.aPkixErrorResult = NULL((void*)0);
389 }
390 }
391 if ((!(revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST0x01L) ||
392 onlyUseRemoteMethods) &&
393 chainVerificationState &&
394 methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
395 if (!(methodFlags & PKIX_REV_M_FORBID_NETWORK_FETCHING0x02L)) {
396 PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
397 PKIX_CHECK_NO_GOTO(do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
398 (*method->externalRevChecker)(cert, issuer, date,do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
399 method,do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
400 procParams, methodFlags,do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
401 &revStatus,do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
402 (CERTCRLEntryReasonCode *)pReasonCode,do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
403 &nbioContext, plContext),do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0)
404 PKIX_REVCHECKERCHECKFAILED)do { stdVars.aPkixErrorResult = ((*method->externalRevChecker
)(cert, issuer, date, method, procParams, methodFlags, &revStatus
, (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_REVCHECKERCHECKFAILED; } } while (0);
405 methodStatus[methodNum] = revStatus;
406 if (revStatus == PKIX_RevStatus_Revoked) {
407 /* if error was generated use it as final error. */
408 overallStatus = PKIX_RevStatus_Revoked;
409 goto cleanup;
410 }
411 if (pkixErrorResultstdVars.aPkixErrorResult) {
412 /* Disregard errors. Only returned revStatus matters. */
413 PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResultstdVars.aPkixErrorResult,
414 plContext);
415 pkixErrorResultstdVars.aPkixErrorResult = NULL((void*)0);
416 }
417 } else if (methodFlags &
418 PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO0x10L) {
419 /* Info is not in the local cache. Network fetching is not
420 * allowed. If need to fail on missing fresh info for the
421 * the method, then we should fail right here.*/
422 overallStatus = PKIX_RevStatus_Revoked;
423 goto cleanup;
424 }
425 }
426 /* If success and we should not check the next method, then
427 * return a success. */
428 if (methodStatus[methodNum] == PKIX_RevStatus_Success &&
429 !(methodFlags & PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO0x20L)) {
430 overallStatus = PKIX_RevStatus_Success;
431 goto cleanup;
432 }
433 } /* inner loop */
434 if (!onlyUseRemoteMethods &&
435 revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST0x01L &&
436 chainVerificationState) {
437 onlyUseRemoteMethods = PKIX_TRUE((PKIX_Boolean) 1);
438 continue;
439 }
440 break;
441 } /* outer loop */
442
443 if (overallStatus == PKIX_RevStatus_NoInfo &&
444 chainVerificationState) {
445 /* The following check makes sence only for chain
446 * validation step, sinse we do not fetch info while
447 * in the process of finding trusted anchor.
448 * For chain building step it is enough to know, that
449 * the cert was not directly revoked by any of the
450 * methods. */
451
452 /* Still have no info. But one of the method could
453 * have returned success status(possible if CONTINUE
454 * TESTING ON FRESH INFO flag was used).
455 * If any of the methods have returned Success status,
456 * the overallStatus should be success. */
457 int methodNum = 0;
458 for (;methodNum < PKIX_RevocationMethod_MAX;methodNum++) {
459 if (methodStatus[methodNum] == PKIX_RevStatus_Success) {
460 overallStatus = PKIX_RevStatus_Success;
461 goto cleanup;
462 }
463 }
464 if (revFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE0x02L) {
465 overallStatus = PKIX_RevStatus_Revoked;
466 }
467 }
468
469cleanup:
470 *pRevStatus = overallStatus;
471 PKIX_DECREF(method)do { if (method){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(method), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } method = ((void*)0
); } } while (0);
472
473 PKIX_RETURN(REVOCATIONCHECKER)return PKIX_DoReturn(&stdVars, (PKIX_REVOCATIONCHECKER_ERROR
), ((PKIX_Boolean) 1), plContext);;
474}
475