Bug Summary

File:s/lib/libpkix/pkix/top/pkix_validate.c
Warning:line 1078, column 23
The right operand of '<' is a garbage value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pkix_validate.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/top -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/lib/libpkix/pkix/top -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../../../dist/public/nss -I ../../../../../dist/private/nss -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c pkix_validate.c
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/*
5 * pkix_validate.c
6 *
7 * Top level validateChain function
8 *
9 */
10
11#include "pkix_validate.h"
12#include "pkix_pl_common.h"
13
14/* --Private-Functions-------------------------------------------- */
15
16/*
17 * FUNCTION: pkix_AddToVerifyLog
18 * DESCRIPTION:
19 *
20 * This function returns immediately if the address for the VerifyNode tree
21 * pointed to by "pVerifyTree" is NULL. Otherwise it creates a new VerifyNode
22 * from the Cert pointed to by "cert" and the Error pointed to by "error",
23 * and inserts it at the depth in the VerifyNode tree determined by "depth". A
24 * depth of zero means that this function creates the root node of a new tree.
25 *
26 * Note: this function does not include the means of choosing among branches
27 * of a tree. It is intended for non-branching trees, that is, where each
28 * parent node has only a single child node.
29 *
30 * PARAMETERS:
31 * "cert"
32 * The address of the Cert to be included in the new VerifyNode. Must be
33 * non-NULL.
34 * "depth"
35 * The UInt32 value of the depth.
36 * "error"
37 * The address of the Error to be included in the new VerifyNode.
38 * "pVerifyTree"
39 * The address of the VerifyNode tree into which the created VerifyNode
40 * is to be inserted. The node is not created if VerifyTree is NULL.
41 * "plContext"
42 * Platform-specific context pointer.
43 * THREAD SAFETY:
44 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
45 * RETURNS:
46 * Returns NULL if the function succeeds.
47 * Returns a Validate Error if the function fails in a non-fatal way.
48 * Returns a Fatal Error if the function fails in an unrecoverable way.
49 */
50static PKIX_Error *
51pkix_AddToVerifyLog(
52 PKIX_PL_Cert *cert,
53 PKIX_UInt32 depth,
54 PKIX_Error *error,
55 PKIX_VerifyNode **pVerifyTree,
56 void *plContext)
57{
58
59 PKIX_VerifyNode *verifyNode = NULL((void*)0);
60
61 PKIX_ENTER(VALIDATE, "pkix_AddToVerifyLog")static const char cMyFuncName[] = {"pkix_AddToVerifyLog"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
62 PKIX_NULLCHECK_ONE(cert)do { if ((cert) == ((void*)0)){ stdVars.aPkixErrorReceived = (
(PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
63
64 if (pVerifyTree) { /* nothing to do if no address given for log */
65
66 PKIX_CHECK(pkix_VerifyNode_Createdo { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (cert
, depth, error, &verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED; goto cleanup
; } } while (0)
67 (cert, depth, error, &verifyNode, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (cert
, depth, error, &verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED; goto cleanup
; } } while (0)
68 PKIX_VERIFYNODECREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_Create (cert
, depth, error, &verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VERIFYNODECREATEFAILED; goto cleanup
; } } while (0);
69
70 if (depth == 0) {
71 /* We just created the root node */
72 *pVerifyTree = verifyNode;
73 } else {
74 PKIX_CHECK(pkix_VerifyNode_AddToChaindo { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToChain (
*pVerifyTree, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VERIFYNODEADDTOCHAINFAILED; goto
cleanup; } } while (0)
75 (*pVerifyTree, verifyNode, plContext),do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToChain (
*pVerifyTree, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VERIFYNODEADDTOCHAINFAILED; goto
cleanup; } } while (0)
76 PKIX_VERIFYNODEADDTOCHAINFAILED)do { stdVars.aPkixErrorResult = (pkix_VerifyNode_AddToChain (
*pVerifyTree, verifyNode, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VERIFYNODEADDTOCHAINFAILED; goto
cleanup; } } while (0);
77 }
78 }
79
80cleanup:
81
82 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
83
84}
85
86/*
87 * FUNCTION: pkix_CheckCert
88 * DESCRIPTION:
89 *
90 * Checks whether the Cert pointed to by "cert" successfully validates
91 * using the List of CertChainCheckers pointed to by "checkers". If the
92 * certificate does not validate, an Error pointer is returned.
93 *
94 * This function should be called initially with the UInt32 pointed to by
95 * "pCheckerIndex" containing zero, and the pointer at "pNBIOContext"
96 * containing NULL. If a checker does non-blocking I/O, this function will
97 * return with the index of that checker stored at "pCheckerIndex" and a
98 * platform-dependent non-blocking I/O context stored at "pNBIOContext".
99 * A subsequent call to this function with those values intact will allow the
100 * checking to resume where it left off. This should be repeated until the
101 * function returns with NULL stored at "pNBIOContext".
102 *
103 * PARAMETERS:
104 * "cert"
105 * Address of Cert to validate. Must be non-NULL.
106 * "checkers"
107 * List of CertChainCheckers which must each validate the certificate.
108 * Must be non-NULL.
109 * "checkedExtOIDs"
110 * List of PKIX_PL_OID that has been processed. If called from building
111 * chain, it is the list of critical extension OIDs that has been
112 * processed prior to validation. May be NULL.
113 * "pCheckerIndex"
114 * Address at which is stored the the index, within the List "checkers",
115 * of a checker whose processing was interrupted by non-blocking I/O.
116 * Must be non-NULL.
117 * "pNBIOContext"
118 * Address at which is stored platform-specific non-blocking I/O context.
119 * Must be non-NULL.
120 * "plContext"
121 * Platform-specific context pointer.
122 * THREAD SAFETY:
123 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
124 * RETURNS:
125 * Returns NULL if the function succeeds.
126 * Returns a Validate Error if the function fails in a non-fatal way.
127 * Returns a Fatal Error if the function fails in an unrecoverable way.
128 */
129static PKIX_Error *
130pkix_CheckCert(
131 PKIX_PL_Cert *cert,
132 PKIX_List *checkers,
133 PKIX_List *checkedExtOIDsList,
134 PKIX_UInt32 *pCheckerIndex,
135 void **pNBIOContext,
136 void *plContext)
137{
138 PKIX_CertChainChecker_CheckCallback checkerCheck = NULL((void*)0);
139 PKIX_CertChainChecker *checker = NULL((void*)0);
140 PKIX_List *unresCritExtOIDs = NULL((void*)0);
141 PKIX_UInt32 numCheckers;
142 PKIX_UInt32 numUnresCritExtOIDs = 0;
143 PKIX_UInt32 checkerIndex = 0;
144 void *nbioContext = NULL((void*)0);
145
146 PKIX_ENTER(VALIDATE, "pkix_CheckCert")static const char cMyFuncName[] = {"pkix_CheckCert"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
147 PKIX_NULLCHECK_FOUR(cert, checkers, pCheckerIndex, pNBIOContext)do { if (((cert) == ((void*)0)) || ((checkers) == ((void*)0))
|| ((pCheckerIndex) == ((void*)0)) || ((pNBIOContext) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
148
149 nbioContext = *pNBIOContext;
150 *pNBIOContext = NULL((void*)0); /* prepare for case of error exit */
151
152 PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDsdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs
(cert, &unresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0)
153 (cert, &unresCritExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs
(cert, &unresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0)
154 PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCriticalExtensionOIDs
(cert, &unresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED
; goto cleanup; } } while (0);
155
156 PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers
, &numCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
157 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers
, &numCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
158
159 for (checkerIndex = *pCheckerIndex;
160 checkerIndex < numCheckers;
161 checkerIndex++) {
162
163 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
164 (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
165 checkerIndex,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
166 (PKIX_PL_Object **)&checker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
167 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
168 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
checkerIndex, (PKIX_PL_Object **)&checker, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
169
170 PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallbackdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback
(checker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED
; goto cleanup; } } while (0)
171 (checker, &checkerCheck, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback
(checker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED
; goto cleanup; } } while (0)
172 PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCheckCallback
(checker, &checkerCheck, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED
; goto cleanup; } } while (0);
173
174 PKIX_CHECK(checkerCheck(checker, cert, unresCritExtOIDs,do { stdVars.aPkixErrorResult = (checkerCheck(checker, cert, unresCritExtOIDs
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERCHECKFAILED; goto
cleanup; } } while (0)
175 &nbioContext, plContext),do { stdVars.aPkixErrorResult = (checkerCheck(checker, cert, unresCritExtOIDs
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERCHECKFAILED; goto
cleanup; } } while (0)
176 PKIX_CERTCHAINCHECKERCHECKFAILED)do { stdVars.aPkixErrorResult = (checkerCheck(checker, cert, unresCritExtOIDs
, &nbioContext, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERCHECKFAILED; goto
cleanup; } } while (0);
177
178 if (nbioContext != NULL((void*)0)) {
179 *pCheckerIndex = checkerIndex;
180 *pNBIOContext = nbioContext;
181 goto cleanup;
182 }
183
184 PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
185 }
186
187 if (unresCritExtOIDs){
188
189#ifdef PKIX_VALIDATEDEBUG
190 {
191 PKIX_PL_String *oidString = NULL((void*)0);
192 PKIX_UInt32 length;
193 char *oidAscii = NULL((void*)0);
194 PKIX_TOSTRING(unresCritExtOIDs, &oidString, plContext,do { int descNum; if ((unresCritExtOIDs) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(unresCritExtOIDs), (&oidString), (plContext)); descNum =
(PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&oidString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0)
195 PKIX_LISTTOSTRINGFAILED)do { int descNum; if ((unresCritExtOIDs) != ((void*)0)) { stdVars
.aPkixErrorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *
)(unresCritExtOIDs), (&oidString), (plContext)); descNum =
(PKIX_LISTTOSTRINGFAILED); } else { stdVars.aPkixErrorResult
= PKIX_PL_String_Create(0, "(null)", 0, (&oidString), (plContext
)); descNum = PKIX_STRINGCREATEFAILED; } do { stdVars.aPkixErrorResult
= (stdVars.aPkixErrorResult); if (stdVars.aPkixErrorResult) {
stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = descNum; goto cleanup; } } while (
0); } while (0);
196 PKIX_CHECK(PKIX_PL_String_GetEncodeddo { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
197 (oidString,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
198 PKIX_ESCASCII,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
199 (void **) &oidAscii,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
200 &length,do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
201 plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0)
202 PKIX_STRINGGETENCODEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_String_GetEncoded (oidString
, 0, (void **) &oidAscii, &length, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_STRINGGETENCODEDFAILED
; goto cleanup; } } while (0);
203 PKIX_VALIDATE_DEBUG_ARG
204 ("unrecognized critical extension OIDs:"
205 " %s\n", oidAscii);
206 PKIX_DECREF(oidString)do { if (oidString){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(oidString), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } oidString = ((void
*)0); } } while (0);
207 PKIX_PL_Free(oidAscii, plContext);
208 }
209#endif
210
211 if (checkedExtOIDsList != NULL((void*)0)) {
212 /* Take out OID's that had been processed, if any */
213 PKIX_CHECK(pkix_List_RemoveItemsdo { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs
, checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup
; } } while (0)
214 (unresCritExtOIDs,do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs
, checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup
; } } while (0)
215 checkedExtOIDsList,do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs
, checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup
; } } while (0)
216 plContext),do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs
, checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup
; } } while (0)
217 PKIX_LISTREMOVEITEMSFAILED)do { stdVars.aPkixErrorResult = (pkix_List_RemoveItems (unresCritExtOIDs
, checkedExtOIDsList, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTREMOVEITEMSFAILED; goto cleanup
; } } while (0);
218 }
219
220 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (unresCritExtOIDs
, &numUnresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
221 (unresCritExtOIDs, &numUnresCritExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (unresCritExtOIDs
, &numUnresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
222 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (unresCritExtOIDs
, &numUnresCritExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
223
224 if (numUnresCritExtOIDs != 0){
225 PKIX_ERROR(PKIX_UNRECOGNIZEDCRITICALEXTENSION){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_UNRECOGNIZEDCRITICALEXTENSION, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_UNRECOGNIZEDCRITICALEXTENSION
; goto cleanup; };
226 }
227
228 }
229
230cleanup:
231
232 PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
233 PKIX_DECREF(unresCritExtOIDs)do { if (unresCritExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(unresCritExtOIDs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } unresCritExtOIDs
= ((void*)0); } } while (0);
234
235 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
236
237}
238
239/*
240 * FUNCTION: pkix_InitializeCheckers
241 * DESCRIPTION:
242 *
243 * Creates several checkers and initializes them with values derived from the
244 * TrustAnchor pointed to by "anchor", the ProcessingParams pointed to by
245 * "procParams", and the number of Certs in the Chain, represented by
246 * "numCerts". The List of checkers is stored at "pCheckers".
247 *
248 * PARAMETERS:
249 * "anchor"
250 * Address of TrustAnchor used to initialize the SignatureChecker and
251 * NameChainingChecker. Must be non-NULL.
252 * "procParams"
253 * Address of ProcessingParams used to initialize the ExpirationChecker
254 * and TargetCertChecker. Must be non-NULL.
255 * "numCerts"
256 * Number of certificates in the CertChain.
257 * "pCheckers"
258 * Address where object pointer will be stored. Must be non-NULL.
259 * "plContext"
260 * Platform-specific context pointer.
261 * THREAD SAFETY:
262 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
263 * RETURNS:
264 * Returns NULL if the function succeeds.
265 * Returns a Validate Error if the function fails in a non-fatal way.
266 * Returns a Fatal Error if the function fails in an unrecoverable way.
267 */
268static PKIX_Error *
269pkix_InitializeCheckers(
270 PKIX_TrustAnchor *anchor,
271 PKIX_ProcessingParams *procParams,
272 PKIX_UInt32 numCerts,
273 PKIX_List **pCheckers,
274 void *plContext)
275{
276 PKIX_CertChainChecker *targetCertChecker = NULL((void*)0);
277 PKIX_CertChainChecker *expirationChecker = NULL((void*)0);
278 PKIX_CertChainChecker *nameChainingChecker = NULL((void*)0);
279 PKIX_CertChainChecker *nameConstraintsChecker = NULL((void*)0);
280 PKIX_CertChainChecker *basicConstraintsChecker = NULL((void*)0);
281 PKIX_CertChainChecker *policyChecker = NULL((void*)0);
282 PKIX_CertChainChecker *sigChecker = NULL((void*)0);
283 PKIX_CertChainChecker *defaultCrlChecker = NULL((void*)0);
284 PKIX_CertChainChecker *userChecker = NULL((void*)0);
285 PKIX_PL_X500Name *trustedCAName = NULL((void*)0);
286 PKIX_PL_PublicKey *trustedPubKey = NULL((void*)0);
287 PKIX_List *checkers = NULL((void*)0);
288 PKIX_PL_Date *testDate = NULL((void*)0);
289 PKIX_CertSelector *certSelector = NULL((void*)0);
290 PKIX_PL_Cert *trustedCert = NULL((void*)0);
291 PKIX_PL_CertNameConstraints *trustedNC = NULL((void*)0);
292 PKIX_List *initialPolicies = NULL((void*)0);
293 PKIX_Boolean policyQualifiersRejected = PKIX_FALSE((PKIX_Boolean) 0);
294 PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE((PKIX_Boolean) 0);
295 PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE((PKIX_Boolean) 0);
296 PKIX_Boolean initialExplicitPolicy = PKIX_FALSE((PKIX_Boolean) 0);
297 PKIX_List *userCheckersList = NULL((void*)0);
298 PKIX_List *certStores = NULL((void*)0);
299 PKIX_UInt32 numCertCheckers = 0;
300 PKIX_UInt32 i;
301
302 PKIX_ENTER(VALIDATE, "pkix_InitializeCheckers")static const char cMyFuncName[] = {"pkix_InitializeCheckers"}
; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
303 PKIX_NULLCHECK_THREE(anchor, procParams, pCheckers)do { if (((anchor) == ((void*)0)) || ((procParams) == ((void*
)0)) || ((pCheckers) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
304 PKIX_CHECK(PKIX_List_Create(&checkers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&checkers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
305 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&checkers
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
306
307 /*
308 * The TrustAnchor may have been created using CreateWithCert
309 * (in which case GetCAPublicKey and GetCAName will return NULL)
310 * or may have been created using CreateWithNameKeyPair (in which
311 * case GetTrustedCert will return NULL. So we call GetTrustedCert
312 * and populate trustedPubKey and trustedCAName accordingly.
313 */
314
315 PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
316 (anchor, &trustedCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
317 PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &trustedCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0);
318
319 if (trustedCert){
320 PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeydo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
(trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
321 (trustedCert, &trustedPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
(trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0)
322 PKIX_CERTGETSUBJECTPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubjectPublicKey
(trustedCert, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTPUBLICKEYFAILED
; goto cleanup; } } while (0);
323
324 PKIX_CHECK(PKIX_PL_Cert_GetSubjectdo { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject (trustedCert
, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup
; } } while (0)
325 (trustedCert, &trustedCAName, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject (trustedCert
, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup
; } } while (0)
326 PKIX_CERTGETSUBJECTFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetSubject (trustedCert
, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETSUBJECTFAILED; goto cleanup
; } } while (0);
327 } else {
328 PKIX_CHECK(PKIX_TrustAnchor_GetCAPublicKeydo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAPublicKey
(anchor, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED
; goto cleanup; } } while (0)
329 (anchor, &trustedPubKey, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAPublicKey
(anchor, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED
; goto cleanup; } } while (0)
330 PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAPublicKey
(anchor, &trustedPubKey, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED
; goto cleanup; } } while (0);
331
332 PKIX_CHECK(PKIX_TrustAnchor_GetCANamedo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAName (
anchor, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCANAMEFAILED; goto
cleanup; } } while (0)
333 (anchor, &trustedCAName, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAName (
anchor, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCANAMEFAILED; goto
cleanup; } } while (0)
334 PKIX_TRUSTANCHORGETCANAMEFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetCAName (
anchor, &trustedCAName, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETCANAMEFAILED; goto
cleanup; } } while (0);
335 }
336
337 PKIX_NULLCHECK_TWO(trustedPubKey, trustedCAName)do { if (((trustedPubKey) == ((void*)0)) || ((trustedCAName) ==
((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1
); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
338
339 PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraintsdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints
(anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED
; goto cleanup; } } while (0)
340 (anchor, &trustedNC, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints
(anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED
; goto cleanup; } } while (0)
341 PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetNameConstraints
(anchor, &trustedNC, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED
; goto cleanup; } } while (0);
342
343 PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraintsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
(procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0)
344 (procParams, &certSelector, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
(procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0)
345 PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTargetCertConstraints
(procParams, &certSelector, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED
; goto cleanup; } } while (0);
346
347 PKIX_CHECK(PKIX_ProcessingParams_GetDatedo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate
(procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED
; goto cleanup; } } while (0)
348 (procParams, &testDate, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate
(procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED
; goto cleanup; } } while (0)
349 PKIX_PROCESSINGPARAMSGETDATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetDate
(procParams, &testDate, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETDATEFAILED
; goto cleanup; } } while (0);
350
351 PKIX_CHECK(PKIX_ProcessingParams_GetInitialPoliciesdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies
(procParams, &initialPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED
; goto cleanup; } } while (0)
352 (procParams, &initialPolicies, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies
(procParams, &initialPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED
; goto cleanup; } } while (0)
353 PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetInitialPolicies
(procParams, &initialPolicies, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED
; goto cleanup; } } while (0);
354
355 PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejecteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected
(procParams, &policyQualifiersRejected, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED
; goto cleanup; } } while (0)
356 (procParams, &policyQualifiersRejected, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected
(procParams, &policyQualifiersRejected, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED
; goto cleanup; } } while (0)
357 PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetPolicyQualifiersRejected
(procParams, &policyQualifiersRejected, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED
; goto cleanup; } } while (0);
358
359 PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibiteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited
(procParams, &initialPolicyMappingInhibit, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
360 (procParams, &initialPolicyMappingInhibit, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited
(procParams, &initialPolicyMappingInhibit, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0)
361 PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsPolicyMappingInhibited
(procParams, &initialPolicyMappingInhibit, plContext)); if
(stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED
; goto cleanup; } } while (0);
362
363 PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibiteddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited
(procParams, &initialAnyPolicyInhibit, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED
; goto cleanup; } } while (0)
364 (procParams, &initialAnyPolicyInhibit, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited
(procParams, &initialAnyPolicyInhibit, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED
; goto cleanup; } } while (0)
365 PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsAnyPolicyInhibited
(procParams, &initialAnyPolicyInhibit, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED
; goto cleanup; } } while (0);
366
367 PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequireddo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired
(procParams, &initialExplicitPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED
; goto cleanup; } } while (0)
368 (procParams, &initialExplicitPolicy, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired
(procParams, &initialExplicitPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED
; goto cleanup; } } while (0)
369 PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_IsExplicitPolicyRequired
(procParams, &initialExplicitPolicy, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED
; goto cleanup; } } while (0);
370
371 PKIX_CHECK(PKIX_ProcessingParams_GetCertStoresdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
372 (procParams, &certStores, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0)
373 PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertStores
(procParams, &certStores, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED
; goto cleanup; } } while (0);
374
375 PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckersList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
376 (procParams, &userCheckersList, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckersList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
377 PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckersList, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0);
378
379 /* now, initialize all the checkers */
380 PKIX_CHECK(pkix_TargetCertChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize
(certSelector, numCerts, &targetCertChecker, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TARGETCERTCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
381 (certSelector, numCerts, &targetCertChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize
(certSelector, numCerts, &targetCertChecker, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TARGETCERTCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
382 PKIX_TARGETCERTCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_TargetCertChecker_Initialize
(certSelector, numCerts, &targetCertChecker, plContext))
; if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_TARGETCERTCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
383
384 PKIX_CHECK(pkix_ExpirationChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize
(testDate, &expirationChecker, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
385 (testDate, &expirationChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize
(testDate, &expirationChecker, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
386 PKIX_EXPIRATIONCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_ExpirationChecker_Initialize
(testDate, &expirationChecker, plContext)); if (stdVars.
aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_EXPIRATIONCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
387
388 PKIX_CHECK(pkix_NameChainingChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_NameChainingChecker_Initialize
(trustedCAName, &nameChainingChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_NAMECHAININGCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
389 (trustedCAName, &nameChainingChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_NameChainingChecker_Initialize
(trustedCAName, &nameChainingChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_NAMECHAININGCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
390 PKIX_NAMECHAININGCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_NameChainingChecker_Initialize
(trustedCAName, &nameChainingChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_NAMECHAININGCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
391
392 PKIX_CHECK(pkix_NameConstraintsChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
(trustedNC, numCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
} } while (0)
393 (trustedNC, numCerts, &nameConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
(trustedNC, numCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
} } while (0)
394 PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_NameConstraintsChecker_Initialize
(trustedNC, numCerts, &nameConstraintsChecker, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED; goto cleanup;
} } while (0);
395
396 PKIX_CHECK(pkix_BasicConstraintsChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_BasicConstraintsChecker_Initialize
(numCerts, &basicConstraintsChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
397 (numCerts, &basicConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_BasicConstraintsChecker_Initialize
(numCerts, &basicConstraintsChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
398 PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_BasicConstraintsChecker_Initialize
(numCerts, &basicConstraintsChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
399
400 PKIX_CHECK(pkix_PolicyChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
401 (initialPolicies,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
402 policyQualifiersRejected,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
403 initialPolicyMappingInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
404 initialExplicitPolicy,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
405 initialAnyPolicyInhibit,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
406 numCerts,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
407 &policyChecker,do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
408 plContext),do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0)
409 PKIX_POLICYCHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_PolicyChecker_Initialize
(initialPolicies, policyQualifiersRejected, initialPolicyMappingInhibit
, initialExplicitPolicy, initialAnyPolicyInhibit, numCerts, &
policyChecker, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_POLICYCHECKERINITIALIZEFAILED; goto cleanup
; } } while (0);
410
411 PKIX_CHECK(pkix_SignatureChecker_Initializedo { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
(trustedPubKey, numCerts, &sigChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
412 (trustedPubKey, numCerts, &sigChecker, plContext),do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
(trustedPubKey, numCerts, &sigChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0)
413 PKIX_SIGNATURECHECKERINITIALIZEFAILED)do { stdVars.aPkixErrorResult = (pkix_SignatureChecker_Initialize
(trustedPubKey, numCerts, &sigChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_SIGNATURECHECKERINITIALIZEFAILED
; goto cleanup; } } while (0);
414
415 if (userCheckersList != NULL((void*)0)) {
416
417 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckersList
, &numCertCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
418 (userCheckersList, &numCertCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckersList
, &numCertCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
419 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckersList
, &numCertCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
420
421 for (i = 0; i < numCertCheckers; i++) {
422
423 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
424 (userCheckersList,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
425 i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
426 (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
427 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
428 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckersList
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
429
430 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
431 (checkers,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
432 (PKIX_PL_Object *)userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
433 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
434 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)userChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
435
436 PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
437 }
438 }
439
440 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)targetCertChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
441 (checkers, (PKIX_PL_Object *)targetCertChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)targetCertChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
442 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)targetCertChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
443
444 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)expirationChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
445 (checkers, (PKIX_PL_Object *)expirationChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)expirationChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
446 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)expirationChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
447
448 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameChainingChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
449 (checkers, (PKIX_PL_Object *)nameChainingChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameChainingChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
450 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameChainingChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
451
452 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
453 (checkers, (PKIX_PL_Object *)nameConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
454 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)nameConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
455
456 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)basicConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
457 (checkers, (PKIX_PL_Object *)basicConstraintsChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)basicConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0)
458 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)basicConstraintsChecker, plContext)); if (
stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED
; goto cleanup; } } while (0);
459
460 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
461 (checkers, (PKIX_PL_Object *)policyChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
462 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)policyChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
463
464 PKIX_CHECK(PKIX_List_AppendItemdo { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
465 (checkers, (PKIX_PL_Object *)sigChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0)
466 PKIX_LISTAPPENDITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_AppendItem (checkers
, (PKIX_PL_Object *)sigChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDITEMFAILED; goto cleanup
; } } while (0);
467
468 *pCheckers = checkers;
469
470cleanup:
471
472 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
473 PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void*
)0); } } while (0);
474 }
475
476 PKIX_DECREF(certSelector)do { if (certSelector){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certSelector), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certSelector = ((void
*)0); } } while (0);
477 PKIX_DECREF(testDate)do { if (testDate){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(testDate), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } testDate = ((void*
)0); } } while (0);
478 PKIX_DECREF(initialPolicies)do { if (initialPolicies){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(initialPolicies), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } initialPolicies
= ((void*)0); } } while (0);
479 PKIX_DECREF(targetCertChecker)do { if (targetCertChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(targetCertChecker), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } targetCertChecker
= ((void*)0); } } while (0);
480 PKIX_DECREF(expirationChecker)do { if (expirationChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(expirationChecker), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } expirationChecker
= ((void*)0); } } while (0);
481 PKIX_DECREF(nameChainingChecker)do { if (nameChainingChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nameChainingChecker), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } nameChainingChecker
= ((void*)0); } } while (0);
482 PKIX_DECREF(nameConstraintsChecker)do { if (nameConstraintsChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(nameConstraintsChecker), plContext); if (
stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } nameConstraintsChecker = ((void*)0); } } while (0);
483 PKIX_DECREF(basicConstraintsChecker)do { if (basicConstraintsChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(basicConstraintsChecker), plContext); if
(stdVars.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars
.aPkixTempResult, plContext); stdVars.aPkixTempResult = ((void
*)0); } basicConstraintsChecker = ((void*)0); } } while (0);
484 PKIX_DECREF(policyChecker)do { if (policyChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(policyChecker), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } policyChecker
= ((void*)0); } } while (0);
485 PKIX_DECREF(sigChecker)do { if (sigChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(sigChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } sigChecker = ((void
*)0); } } while (0);
486 PKIX_DECREF(trustedCAName)do { if (trustedCAName){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(trustedCAName), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } trustedCAName
= ((void*)0); } } while (0);
487 PKIX_DECREF(trustedPubKey)do { if (trustedPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(trustedPubKey), plContext); if (stdVars.
aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } trustedPubKey
= ((void*)0); } } while (0);
488 PKIX_DECREF(trustedNC)do { if (trustedNC){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(trustedNC), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedNC = ((void
*)0); } } while (0);
489 PKIX_DECREF(trustedCert)do { if (trustedCert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(trustedCert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } trustedCert = ((void
*)0); } } while (0);
490 PKIX_DECREF(defaultCrlChecker)do { if (defaultCrlChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(defaultCrlChecker), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } defaultCrlChecker
= ((void*)0); } } while (0);
491 PKIX_DECREF(userCheckersList)do { if (userCheckersList){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCheckersList), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckersList
= ((void*)0); } } while (0);
492 PKIX_DECREF(certStores)do { if (certStores){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certStores), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certStores = ((void
*)0); } } while (0);
493 PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
494
495 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
496}
497
498/*
499 * FUNCTION: pkix_RetrieveOutputs
500 * DESCRIPTION:
501 *
502 * This function queries the respective states of the List of checkers in
503 * "checkers" to to obtain the final public key from the SignatureChecker
504 * and the policy tree from the PolicyChecker, storing those values at
505 * "pFinalSubjPubKey" and "pPolicyTree", respectively.
506 *
507 * PARAMETERS:
508 * "checkers"
509 * Address of List of checkers to be queried. Must be non-NULL.
510 * "pFinalSubjPubKey"
511 * Address where final public key will be stored. Must be non-NULL.
512 * "pPolicyTree"
513 * Address where policy tree will be stored. Must be non-NULL.
514 * "plContext"
515 * Platform-specific context pointer.
516 * THREAD SAFETY:
517 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
518 * RETURNS:
519 * Returns NULL if the function succeeds.
520 * Returns a Validate Error if the function fails in a non-fatal way.
521 * Returns a Fatal Error if the function fails in an unrecoverable way.
522 */
523static PKIX_Error *
524pkix_RetrieveOutputs(
525 PKIX_List *checkers,
526 PKIX_PL_PublicKey **pFinalSubjPubKey,
527 PKIX_PolicyNode **pPolicyTree,
528 void *plContext)
529{
530 PKIX_PL_PublicKey *finalSubjPubKey = NULL((void*)0);
531 PKIX_PolicyNode *validPolicyTree = NULL((void*)0);
532 PKIX_CertChainChecker *checker = NULL((void*)0);
533 PKIX_PL_Object *state = NULL((void*)0);
534 PKIX_UInt32 numCheckers = 0;
535 PKIX_UInt32 type;
536 PKIX_Int32 j;
537
538 PKIX_ENTER(VALIDATE, "pkix_RetrieveOutputs")static const char cMyFuncName[] = {"pkix_RetrieveOutputs"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
539
540 PKIX_NULLCHECK_TWO(checkers, pPolicyTree)do { if (((checkers) == ((void*)0)) || ((pPolicyTree) == ((void
*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
541
542 /*
543 * To optimize the search, we guess that the sigChecker is
544 * last in the tree and is preceded by the policyChecker. We
545 * search toward the front of the chain. Remember that List
546 * items are indexed 0..(numItems - 1).
547 */
548
549 PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers
, &numCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
550 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(checkers
, &numCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
551
552 for (j = numCheckers - 1; j >= 0; j--){
553 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
j, (PKIX_PL_Object **)&checker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
554 (checkers, j, (PKIX_PL_Object **)&checker, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
j, (PKIX_PL_Object **)&checker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
555 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (checkers,
j, (PKIX_PL_Object **)&checker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
556
557 PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerStatedo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState
(checker, &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0)
558 (checker, &state, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState
(checker, &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0)
559 PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetCertChainCheckerState
(checker, &state, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED
; goto cleanup; } } while (0);
560
561 /* user defined checker may have no state */
562 if (state != NULL((void*)0)) {
563
564 PKIX_CHECK(PKIX_PL_Object_GetType(state, &type, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType(state
, &type, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_OBJECTGETTYPEFAILED; goto cleanup; } }
while (0)
565 PKIX_OBJECTGETTYPEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Object_GetType(state
, &type, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_OBJECTGETTYPEFAILED; goto cleanup; } }
while (0);
566
567 if (type == PKIX_SIGNATURECHECKERSTATE_TYPE){
568 /* final pubKey will include any inherited DSA params */
569 finalSubjPubKey =
570 ((pkix_SignatureCheckerState *)state)->
571 prevPublicKey;
572 PKIX_INCREF(finalSubjPubKey)do { if (finalSubjPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(finalSubjPubKey), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
573 *pFinalSubjPubKey = finalSubjPubKey;
574 }
575
576 if (type == PKIX_CERTPOLICYCHECKERSTATE_TYPE) {
577 validPolicyTree =
578 ((PKIX_PolicyCheckerState *)state)->validPolicyTree;
579 break;
580 }
581 }
582
583 PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
584 PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
585 }
586
587 PKIX_INCREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); goto cleanup
; } } } while (0);
588 *pPolicyTree = validPolicyTree;
589
590cleanup:
591
592 PKIX_DECREF(checker)do { if (checker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checker = ((void*)
0); } } while (0);
593 PKIX_DECREF(state)do { if (state){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(state), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } state = ((void*)0)
; } } while (0);
594
595 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
596
597}
598
599/*
600 * FUNCTION: pkix_CheckChain
601 * DESCRIPTION:
602 *
603 * Checks whether the List of Certs pointed to by "certs", containing
604 * "numCerts" entries, successfully validates using each CertChainChecker in
605 * the List pointed to by "checkers" and has not been revoked, according to any
606 * of the Revocation Checkers in the List pointed to by "revChecker". Checkers
607 * are expected to remove from "removeCheckedExtOIDs" and extensions that they
608 * process. Indices to the certChain and the checkerChain are obtained and
609 * returned in "pCertCheckedIndex" and "pCheckerIndex", respectively. These
610 * should be set to zero prior to the initial call, but may be changed (and
611 * must be supplied on subsequent calls) if processing is suspended for non-
612 * blocking I/O. Each time a Cert passes from being validated by one of the
613 * CertChainCheckers to being checked by a Revocation Checker, the Boolean
614 * stored at "pRevChecking" is changed from FALSE to TRUE. If the Cert is
615 * rejected by a Revocation Checker, its reason code is returned at
616 * "pReasonCode. If the List of Certs successfully validates, the public key i
617 * the final certificate is obtained and stored at "pFinalSubjPubKey" and the
618 * validPolicyTree, which could be NULL, is stored at pPolicyTree. If the List
619 * of Certs fails to validate, an Error pointer is returned.
620 *
621 * If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
622 * tracks the results of the validation. That is, either each node in the
623 * chain has a NULL Error component, or the last node contains an Error
624 * which indicates why the validation failed.
625 *
626 * The number of Certs in the List, represented by "numCerts", is used to
627 * determine which Cert is the final Cert.
628 *
629 * PARAMETERS:
630 * "certs"
631 * Address of List of Certs to validate. Must be non-NULL.
632 * "numCerts"
633 * Number of certificates in the List of certificates.
634 * "checkers"
635 * List of CertChainCheckers which must each validate the List of
636 * certificates. Must be non-NULL.
637 * "revChecker"
638 * List of RevocationCheckers which must each not reject the List of
639 * certificates. May be empty, but must be non-NULL.
640 * "removeCheckedExtOIDs"
641 * List of PKIX_PL_OID that has been processed. If called from building
642 * chain, it is the list of critical extension OIDs that has been
643 * processed prior to validation. Extension OIDs that may be processed by
644 * user defined checker processes are also in the list. May be NULL.
645 * "procParams"
646 * Address of ProcessingParams used to initialize various checkers. Must
647 * be non-NULL.
648 * "pCertCheckedIndex"
649 * Address where Int32 index to the Cert chain is obtained and
650 * returned. Must be non-NULL.
651 * "pCheckerIndex"
652 * Address where Int32 index to the CheckerChain is obtained and
653 * returned. Must be non-NULL.
654 * "pRevChecking"
655 * Address where Boolean is obtained and returned, indicating, if FALSE,
656 * that CertChainCheckers are being called; or, if TRUE, that RevChecker
657 * are being called. Must be non-NULL.
658 * "pReasonCode"
659 * Address where UInt32 results of revocation checking are stored. Must be
660 * non-NULL.
661 * "pNBIOContext"
662 * Address where platform-dependent context is stored if checking is
663 * suspended for non-blocking I/O. Must be non-NULL.
664 * "pFinalSubjPubKey"
665 * Address where the final public key will be stored. Must be non-NULL.
666 * "pPolicyTree"
667 * Address where the final validPolicyTree is stored. Must be non-NULL.
668 * "pVerifyTree"
669 * Address where a VerifyTree is stored, if non-NULL.
670 * "plContext"
671 * Platform-specific context pointer.
672 * THREAD SAFETY:
673 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
674 * RETURNS:
675 * Returns NULL if the function succeeds.
676 * Returns a Validate Error if the function fails in a non-fatal way.
677 * Returns a Fatal Error if the function fails in an unrecoverable way.
678 */
679PKIX_Error *
680pkix_CheckChain(
681 PKIX_List *certs,
682 PKIX_UInt32 numCerts,
683 PKIX_TrustAnchor *anchor,
684 PKIX_List *checkers,
685 PKIX_RevocationChecker *revChecker,
686 PKIX_List *removeCheckedExtOIDs,
687 PKIX_ProcessingParams *procParams,
688 PKIX_UInt32 *pCertCheckedIndex,
689 PKIX_UInt32 *pCheckerIndex,
690 PKIX_Boolean *pRevChecking,
691 PKIX_UInt32 *pReasonCode,
692 void **pNBIOContext,
693 PKIX_PL_PublicKey **pFinalSubjPubKey,
694 PKIX_PolicyNode **pPolicyTree,
695 PKIX_VerifyNode **pVerifyTree,
696 void *plContext)
697{
698 PKIX_UInt32 j = 0;
699 PKIX_Boolean revChecking = PKIX_FALSE((PKIX_Boolean) 0);
700 PKIX_Error *checkCertError = NULL((void*)0);
701 void *nbioContext = NULL((void*)0);
702 PKIX_PL_Cert *cert = NULL((void*)0);
703 PKIX_PL_Cert *issuer = NULL((void*)0);
704 PKIX_PL_NssContext *nssContext = NULL((void*)0);
705 CERTCertList *certList = NULL((void*)0);
706 const CERTChainVerifyCallback *chainVerifyCallback = NULL((void*)0);
707 CERTCertificate *nssCert = NULL((void*)0);
708
709 PKIX_ENTER(VALIDATE, "pkix_CheckChain")static const char cMyFuncName[] = {"pkix_CheckChain"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
710 PKIX_NULLCHECK_FOUR(certs, checkers, revChecker, pCertCheckedIndex)do { if (((certs) == ((void*)0)) || ((checkers) == ((void*)0)
) || ((revChecker) == ((void*)0)) || ((pCertCheckedIndex) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
711 PKIX_NULLCHECK_FOUR(pCheckerIndex, pRevChecking, pReasonCode, anchor)do { if (((pCheckerIndex) == ((void*)0)) || ((pRevChecking) ==
((void*)0)) || ((pReasonCode) == ((void*)0)) || ((anchor) ==
((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1
); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
712 PKIX_NULLCHECK_THREE(pNBIOContext, pFinalSubjPubKey, pPolicyTree)do { if (((pNBIOContext) == ((void*)0)) || ((pFinalSubjPubKey
) == ((void*)0)) || ((pPolicyTree) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
713
714 nbioContext = *pNBIOContext;
715 *pNBIOContext = NULL((void*)0);
716 revChecking = *pRevChecking;
717 nssContext = (PKIX_PL_NssContext *)plContext;
718 chainVerifyCallback = &nssContext->chainVerifyCallback;
719
720 if (chainVerifyCallback->isChainValid != NULL((void*)0)) {
721 PRBool chainOK = PR_FALSE0; /*assume failure*/
722 SECStatus rv;
723
724 certList = CERT_NewCertList();
725 if (certList == NULL((void*)0)) {
726 PKIX_ERROR_ALLOC_ERROR(){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorResult = PKIX_ALLOC_ERROR(); goto cleanup; };
727 }
728
729 /* Add the trust anchor to the list */
730 PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
731 (anchor, &cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
732 PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0);
733
734 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate
(cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED;
goto cleanup; } } while (0)
735 PKIX_PL_Cert_GetCERTCertificate(cert, &nssCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate
(cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED;
goto cleanup; } } while (0)
736 PKIX_CERTGETCERTCERTIFICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate
(cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED;
goto cleanup; } } while (0);
737
738 rv = CERT_AddCertToListHead(certList, nssCert);
739 if (rv != SECSuccess) {
740 PKIX_ERROR_ALLOC_ERROR(){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorResult = PKIX_ALLOC_ERROR(); goto cleanup; };
741 }
742 /* the certList takes ownership of nssCert on success */
743 nssCert = NULL((void*)0);
744 PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0);
} } while (0);
745
746 /* Add the rest of the chain to the list */
747 for (j = *pCertCheckedIndex; j < numCerts; j++) {
748 PKIX_CHECK(PKIX_List_GetItem(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j,
(PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
749 certs, j, (PKIX_PL_Object **)&cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j,
(PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
750 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j,
(PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
751
752 PKIX_CHECK(do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate
(cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED;
goto cleanup; } } while (0)
753 PKIX_PL_Cert_GetCERTCertificate(cert, &nssCert, plContext),do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate
(cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED;
goto cleanup; } } while (0)
754 PKIX_CERTGETCERTCERTIFICATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_PL_Cert_GetCERTCertificate
(cert, &nssCert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_CERTGETCERTCERTIFICATEFAILED;
goto cleanup; } } while (0);
755
756 rv = CERT_AddCertToListHead(certList, nssCert);
757 if (rv != SECSuccess) {
758 PKIX_ERROR_ALLOC_ERROR(){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_ALLOCERROR, ((void*)0), stdVars.aPkixType, 2, plContext
); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorResult = PKIX_ALLOC_ERROR(); goto cleanup; };
759 }
760 /* the certList takes ownership of nssCert on success */
761 nssCert = NULL((void*)0);
762 PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0);
} } while (0);
763 }
764
765 rv = (*chainVerifyCallback->isChainValid)
766 (chainVerifyCallback->isChainValidArg, certList, &chainOK);
767 if (rv != SECSuccess) {
768 PKIX_ERROR_FATAL(PKIX_CHAINVERIFYCALLBACKFAILED){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.aPkixErrorCode
= PKIX_CHAINVERIFYCALLBACKFAILED; stdVars.aPkixErrorClass = PKIX_FATAL_ERROR
; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, stdVars.aPkixErrorCode, ((void*)0), stdVars.aPkixType, 1, plContext
); } }; goto cleanup; };
769 }
770
771 if (!chainOK) {
772 PKIX_ERROR(PKIX_CHAINVERIFYCALLBACKFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_CHAINVERIFYCALLBACKFAILED, ((void*)0), stdVars.aPkixType
, 2, plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean
) 1); stdVars.aPkixErrorCode = PKIX_CHAINVERIFYCALLBACKFAILED
; goto cleanup; };
773 }
774
775 }
776
777 PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCertdo { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
778 (anchor, &cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0)
779 PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED)do { stdVars.aPkixErrorResult = (PKIX_TrustAnchor_GetTrustedCert
(anchor, &cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED
; goto cleanup; } } while (0);
780
781 for (j = *pCertCheckedIndex; j < numCerts; j++) {
782
783 PORT_Assert(cert)((cert)?((void)0):PR_Assert("cert","pkix_validate.c",783));
784 PKIX_DECREF(issuer)do { if (issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuer), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } issuer = ((void*)0
); } } while (0);
785 issuer = cert;
786 cert = NULL((void*)0);
787
788 PKIX_CHECK(PKIX_List_GetItem(do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j,
(PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
789 certs, j, (PKIX_PL_Object **)&cert, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j,
(PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
790 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem( certs, j,
(PKIX_PL_Object **)&cert, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
791
792 /* check if cert pointer is valid */
793 PORT_Assert(cert)((cert)?((void)0):PR_Assert("cert","pkix_validate.c",793));
794 if (cert == NULL((void*)0)) {
795 continue;
796 }
797
798 if (revChecking == PKIX_FALSE((PKIX_Boolean) 0)) {
799
800 PKIX_CHECK(pkix_CheckCertdo { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
801 (cert,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
802 checkers,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
803 removeCheckedExtOIDs,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
804 pCheckerIndex,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
805 &nbioContext,do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
806 plContext),do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0)
807 PKIX_CHECKCERTFAILED)do { stdVars.aPkixErrorResult = (pkix_CheckCert (cert, checkers
, removeCheckedExtOIDs, pCheckerIndex, &nbioContext, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_CHECKCERTFAILED; goto cleanup; } } while (0);
808
809 if (nbioContext != NULL((void*)0)) {
810 *pCertCheckedIndex = j;
811 *pRevChecking = revChecking;
812 *pNBIOContext = nbioContext;
813 goto cleanup;
814 }
815
816 revChecking = PKIX_TRUE((PKIX_Boolean) 1);
817 *pCheckerIndex = 0;
818 }
819
820 if (revChecking == PKIX_TRUE((PKIX_Boolean) 1)) {
821 PKIX_RevocationStatus revStatus;
822 pkixErrorResultstdVars.aPkixErrorResult =
823 PKIX_RevocationChecker_Check(
824 cert, issuer, revChecker,
825 procParams, PKIX_TRUE((PKIX_Boolean) 1),
826 (j == numCerts - 1) ? PKIX_TRUE((PKIX_Boolean) 1) : PKIX_FALSE((PKIX_Boolean) 0),
827 &revStatus, pReasonCode,
828 &nbioContext, plContext);
829 if (nbioContext != NULL((void*)0)) {
830 *pCertCheckedIndex = j;
831 *pRevChecking = revChecking;
832 *pNBIOContext = nbioContext;
833 goto cleanup;
834 }
835 if (revStatus == PKIX_RevStatus_Revoked ||
836 pkixErrorResultstdVars.aPkixErrorResult) {
837 if (!pkixErrorResultstdVars.aPkixErrorResult) {
838 /* if pkixErrorResult is returned then
839 * use it as it has a detailed revocation
840 * error code. Otherwise create a new error */
841 PKIX_ERROR_CREATE(VALIDATE,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_VALIDATE_ERROR
, stdVars.aMyFuncName, PKIX_CERTIFICATEREVOKED, PKIX_VALIDATE_ERROR
, stdVars.aPkixErrorResult, &stdVars.aPkixErrorResult, plContext
); if (stdVars.aPkixTempResult) { stdVars.aPkixErrorResult = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
842 PKIX_CERTIFICATEREVOKED,{ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_VALIDATE_ERROR
, stdVars.aMyFuncName, PKIX_CERTIFICATEREVOKED, PKIX_VALIDATE_ERROR
, stdVars.aPkixErrorResult, &stdVars.aPkixErrorResult, plContext
); if (stdVars.aPkixTempResult) { stdVars.aPkixErrorResult = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } }
843 pkixErrorResult){ stdVars.aPkixTempResult = (PKIX_Error*)pkix_Throw (PKIX_VALIDATE_ERROR
, stdVars.aMyFuncName, PKIX_CERTIFICATEREVOKED, PKIX_VALIDATE_ERROR
, stdVars.aPkixErrorResult, &stdVars.aPkixErrorResult, plContext
); if (stdVars.aPkixTempResult) { stdVars.aPkixErrorResult = stdVars
.aPkixTempResult; stdVars.aPkixTempResult = ((void*)0); } };
844 }
845 goto cleanup;
846 }
847 revChecking = PKIX_FALSE((PKIX_Boolean) 0);
848 *pCheckerIndex = 0;
849 }
850
851 PKIX_CHECK(pkix_AddToVerifyLogdo { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog (cert, j
, ((void*)0), pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; goto cleanup
; } } while (0)
852 (cert, j, NULL, pVerifyTree, plContext),do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog (cert, j
, ((void*)0), pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; goto cleanup
; } } while (0)
853 PKIX_ADDTOVERIFYLOGFAILED)do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog (cert, j
, ((void*)0), pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; goto cleanup
; } } while (0);
854 }
855
856 PKIX_CHECK(pkix_RetrieveOutputsdo { stdVars.aPkixErrorResult = (pkix_RetrieveOutputs (checkers
, pFinalSubjPubKey, pPolicyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_RETRIEVEOUTPUTSFAILED; goto cleanup
; } } while (0)
857 (checkers, pFinalSubjPubKey, pPolicyTree, plContext),do { stdVars.aPkixErrorResult = (pkix_RetrieveOutputs (checkers
, pFinalSubjPubKey, pPolicyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_RETRIEVEOUTPUTSFAILED; goto cleanup
; } } while (0)
858 PKIX_RETRIEVEOUTPUTSFAILED)do { stdVars.aPkixErrorResult = (pkix_RetrieveOutputs (checkers
, pFinalSubjPubKey, pPolicyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_RETRIEVEOUTPUTSFAILED; goto cleanup
; } } while (0);
859
860 *pNBIOContext = NULL((void*)0);
861
862cleanup:
863 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList) && cert) {
864 checkCertError = pkixErrorResultstdVars.aPkixErrorResult;
865
866 PKIX_CHECK_FATAL(do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j,
checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass
= PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
867 pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree,do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j,
checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass
= PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
868 plContext),do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j,
checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass
= PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0)
869 PKIX_ADDTOVERIFYLOGFAILED)do { stdVars.aPkixErrorResult = (pkix_AddToVerifyLog(cert, j,
checkCertError, pVerifyTree, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars.
aPkixErrorCode = PKIX_ADDTOVERIFYLOGFAILED; stdVars.aPkixErrorClass
= PKIX_FATAL_ERROR; { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode
(pkixLoggersErrors, stdVars.aPkixErrorCode, ((void*)0), stdVars
.aPkixType, 1, plContext); } }; goto fatal; } } while (0);
870 pkixErrorResultstdVars.aPkixErrorResult = checkCertError;
871 pkixErrorCodestdVars.aPkixErrorCode = pkixErrorResultstdVars.aPkixErrorResult->errCode;
872 checkCertError = NULL((void*)0);
873 }
874
875fatal:
876 if (nssCert) {
877 CERT_DestroyCertificate(nssCert);
878 }
879
880 if (certList) {
881 CERT_DestroyCertList(certList);
882 }
883
884 PKIX_DECREF(checkCertError)do { if (checkCertError){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkCertError), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } checkCertError
= ((void*)0); } } while (0);
885 PKIX_DECREF(cert)do { if (cert){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(cert), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } cert = ((void*)0);
} } while (0);
886 PKIX_DECREF(issuer)do { if (issuer){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(issuer), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } issuer = ((void*)0
); } } while (0);
887
888 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
889}
890
891/*
892 * FUNCTION: pkix_ExtractParameters
893 * DESCRIPTION:
894 *
895 * Extracts several parameters from the ValidateParams object pointed to by
896 * "valParams" and stores the CertChain at "pChain", the List of Certs at
897 * "pCerts", the number of Certs in the chain at "pNumCerts", the
898 * ProcessingParams object at "pProcParams", the List of TrustAnchors at
899 * "pAnchors", and the number of TrustAnchors at "pNumAnchors".
900 *
901 * PARAMETERS:
902 * "valParams"
903 * Address of ValidateParams from which the parameters are extracted.
904 * Must be non-NULL.
905 * "pCerts"
906 * Address where object pointer for List of Certs will be stored.
907 * Must be non-NULL.
908 * "pNumCerts"
909 * Address where number of Certs will be stored. Must be non-NULL.
910 * "pProcParams"
911 * Address where object pointer for ProcessingParams will be stored.
912 * Must be non-NULL.
913 * "pAnchors"
914 * Address where object pointer for List of Anchors will be stored.
915 * Must be non-NULL.
916 * "pNumAnchors"
917 * Address where number of Anchors will be stored. Must be non-NULL.
918 * "plContext"
919 * Platform-specific context pointer.
920 * THREAD SAFETY:
921 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
922 * RETURNS:
923 * Returns NULL if the function succeeds.
924 * Returns a Validate Error if the function fails in a non-fatal way.
925 * Returns a Fatal Error if the function fails in an unrecoverable way.
926 */
927static PKIX_Error *
928pkix_ExtractParameters(
929 PKIX_ValidateParams *valParams,
930 PKIX_List **pCerts,
931 PKIX_UInt32 *pNumCerts,
932 PKIX_ProcessingParams **pProcParams,
933 PKIX_List **pAnchors,
934 PKIX_UInt32 *pNumAnchors,
935 void *plContext)
936{
937 PKIX_ENTER(VALIDATE, "pkix_ExtractParameters")static const char cMyFuncName[] = {"pkix_ExtractParameters"};
PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
10
Taking false branch
938 PKIX_NULLCHECK_THREE(valParams, pCerts, pNumCerts)do { if (((valParams) == ((void*)0)) || ((pCerts) == ((void*)
0)) || ((pNumCerts) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
11
Loop condition is false. Exiting loop
12
Taking false branch
939 PKIX_NULLCHECK_THREE(pProcParams, pAnchors, pNumAnchors)do { if (((pProcParams) == ((void*)0)) || ((pAnchors) == ((void
*)0)) || ((pNumAnchors) == ((void*)0))){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
13
Loop condition is false. Exiting loop
14
Taking false branch
15
Loop condition is false. Exiting loop
940
941 /* extract relevant parameters from chain */
942 PKIX_CHECK(PKIX_ValidateParams_GetCertChaindo { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetCertChain
(valParams, pCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETCERTCHAINFAILED
; goto cleanup; } } while (0)
16
Assuming field 'aPkixErrorResult' is non-null
17
Taking true branch
18
Control jumps to line 963
943 (valParams, pCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetCertChain
(valParams, pCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETCERTCHAINFAILED
; goto cleanup; } } while (0)
944 PKIX_VALIDATEPARAMSGETCERTCHAINFAILED)do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetCertChain
(valParams, pCerts, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETCERTCHAINFAILED
; goto cleanup; } } while (0);
945
946 PKIX_CHECK(PKIX_List_GetLength(*pCerts, pNumCerts, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pCerts,
pNumCerts, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } }
while (0)
947 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pCerts,
pNumCerts, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } }
while (0);
948
949 /* extract relevant parameters from procParams */
950 PKIX_CHECK(PKIX_ValidateParams_GetProcessingParamsdo { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetProcessingParams
(valParams, pProcParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED
; goto cleanup; } } while (0)
951 (valParams, pProcParams, plContext),do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetProcessingParams
(valParams, pProcParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED
; goto cleanup; } } while (0)
952 PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ValidateParams_GetProcessingParams
(valParams, pProcParams, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED
; goto cleanup; } } while (0);
953
954 PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchorsdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors
(*pProcParams, pAnchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED
; goto cleanup; } } while (0)
955 (*pProcParams, pAnchors, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors
(*pProcParams, pAnchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED
; goto cleanup; } } while (0)
956 PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetTrustAnchors
(*pProcParams, pAnchors, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED
; goto cleanup; } } while (0);
957
958 PKIX_CHECK(PKIX_List_GetLength(*pAnchors, pNumAnchors, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pAnchors
, pNumAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } }
while (0)
959 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength(*pAnchors
, pNumAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup; } }
while (0);
960
961cleanup:
962
963 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
19
Returning without writing to '*pNumAnchors'
20
Returning pointer, which participates in a condition later
964}
965
966/* --Public-Functions--------------------------------------------- */
967
968/*
969 * FUNCTION: PKIX_ValidateChain (see comments in pkix.h)
970 */
971PKIX_Error *
972PKIX_ValidateChain(
973 PKIX_ValidateParams *valParams,
974 PKIX_ValidateResult **pResult,
975 PKIX_VerifyNode **pVerifyTree,
976 void *plContext)
977{
978 PKIX_Error *chainFailed = NULL((void*)0);
979
980 PKIX_ProcessingParams *procParams = NULL((void*)0);
981 PKIX_CertChainChecker *userChecker = NULL((void*)0);
982 PKIX_RevocationChecker *revChecker = NULL((void*)0);
983 PKIX_List *certs = NULL((void*)0);
984 PKIX_List *checkers = NULL((void*)0);
985 PKIX_List *anchors = NULL((void*)0);
986 PKIX_List *userCheckers = NULL((void*)0);
987 PKIX_List *userCheckerExtOIDs = NULL((void*)0);
988 PKIX_List *validateCheckedCritExtOIDsList = NULL((void*)0);
989 PKIX_TrustAnchor *anchor = NULL((void*)0);
990 PKIX_ValidateResult *valResult = NULL((void*)0);
991 PKIX_PL_PublicKey *finalPubKey = NULL((void*)0);
992 PKIX_PolicyNode *validPolicyTree = NULL((void*)0);
993 PKIX_Boolean supportForwarding = PKIX_FALSE((PKIX_Boolean) 0);
994 PKIX_Boolean revChecking = PKIX_FALSE((PKIX_Boolean) 0);
995 PKIX_UInt32 i, numCerts, numAnchors;
1
'numAnchors' declared without an initial value
996 PKIX_UInt32 numUserCheckers = 0;
997 PKIX_UInt32 certCheckedIndex = 0;
998 PKIX_UInt32 checkerIndex = 0;
999 PKIX_UInt32 reasonCode = 0;
1000 void *nbioContext = NULL((void*)0);
1001
1002 PKIX_ENTER(VALIDATE, "PKIX_ValidateChain")static const char cMyFuncName[] = {"PKIX_ValidateChain"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
2
Assuming 'pkixLoggersDebugTrace' is null
3
Taking false branch
1003 PKIX_NULLCHECK_TWO(valParams, pResult)do { if (((valParams) == ((void*)0)) || ((pResult) == ((void*
)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1); stdVars
.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn(&
stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext);;
} } while (0);
4
Loop condition is false. Exiting loop
5
Assuming 'valParams' is not equal to null
6
Assuming 'pResult' is not equal to null
7
Taking false branch
8
Loop condition is false. Exiting loop
1004
1005 /* extract various parameters from valParams */
1006 PKIX_CHECK(pkix_ExtractParametersdo { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
9
Calling 'pkix_ExtractParameters'
21
Returning from 'pkix_ExtractParameters'
22
Assuming field 'aPkixErrorResult' is null
23
Taking false branch
24
Loop condition is false. Exiting loop
1007 (valParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1008 &certs,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1009 &numCerts,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1010 &procParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1011 &anchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1012 &numAnchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1013 plContext),do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1014 PKIX_EXTRACTPARAMETERSFAILED)do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0);
1015
1016 /*
1017 * setup an extension OID list that user had defined for his checker
1018 * processing. User checker is not responsible for taking out OIDs
1019 * from unresolved critical extension list as the libpkix checker
1020 * is doing. Here we add those user checkers' OIDs to the removal
1021 * list to be taken out by CheckChain
1022 */
1023 PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
25
Assuming field 'aPkixErrorResult' is null
26
Taking false branch
27
Loop condition is false. Exiting loop
1024 (procParams, &userCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
1025 PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0);
1026
1027 if (userCheckers != NULL((void*)0)) {
28
Assuming 'userCheckers' is equal to NULL
29
Taking false branch
1028
1029 PKIX_CHECK(PKIX_List_Createdo { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1030 (&validateCheckedCritExtOIDsList,do { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1031 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1032 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create (&validateCheckedCritExtOIDsList
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1033
1034 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1035 (userCheckers, &numUserCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1036 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1037
1038 for (i = 0; i < numUserCheckers; i++) {
1039
1040 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1041 (userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1042 i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1043 (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1044 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1045 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1046
1047 PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
1048 (PKIX_CertChainChecker_IsForwardCheckingSupporteddo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
1049 (userChecker, &supportForwarding, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
1050 PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0);
1051
1052 if (supportForwarding == PKIX_FALSE((PKIX_Boolean) 0)) {
1053
1054 PKIX_CHECKdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1055 (PKIX_CertChainChecker_GetSupportedExtensionsdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1056 (userChecker, &userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1057 PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0);
1058
1059 if (userCheckerExtOIDs != NULL((void*)0)) {
1060 PKIX_CHECK(pkix_List_AppendListdo { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1061 (validateCheckedCritExtOIDsList,do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1062 userCheckerExtOIDs,do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1063 plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1064 PKIX_LISTAPPENDLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendList (validateCheckedCritExtOIDsList
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0);
1065 }
1066 }
1067
1068 PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs
= ((void*)0); } } while (0);
1069 PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
1070 }
1071 }
1072
1073 PKIX_CHECK(PKIX_ProcessingParams_GetRevocationCheckerdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
(procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0)
30
Assuming field 'aPkixErrorResult' is null
31
Taking false branch
32
Loop condition is false. Exiting loop
1074 (procParams, &revChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
(procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0)
1075 PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
(procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0);
1076
1077 /* try to validate the chain with each anchor */
1078 for (i = 0; i < numAnchors; i++){
33
The right operand of '<' is a garbage value
1079
1080 /* get trust anchor */
1081 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i
, (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1082 (anchors, i, (PKIX_PL_Object **)&anchor, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i
, (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1083 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i
, (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
1084
1085 /* initialize checkers using information from trust anchor */
1086 PKIX_CHECK(pkix_InitializeCheckersdo { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1087 (anchor, procParams, numCerts, &checkers, plContext),do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1088 PKIX_INITIALIZECHECKERSFAILED)do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0);
1089
1090 /*
1091 * Validate the chain using this trust anchor and these
1092 * checkers. (WARNING: checkers that use non-blocking I/O
1093 * are not currently supported.)
1094 */
1095 certCheckedIndex = 0;
1096 checkerIndex = 0;
1097 revChecking = PKIX_FALSE((PKIX_Boolean) 0);
1098 chainFailed = pkix_CheckChain
1099 (certs,
1100 numCerts,
1101 anchor,
1102 checkers,
1103 revChecker,
1104 validateCheckedCritExtOIDsList,
1105 procParams,
1106 &certCheckedIndex,
1107 &checkerIndex,
1108 &revChecking,
1109 &reasonCode,
1110 &nbioContext,
1111 &finalPubKey,
1112 &validPolicyTree,
1113 pVerifyTree,
1114 plContext);
1115
1116 if (chainFailed) {
1117
1118 /* cert chain failed to validate */
1119
1120 PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void
*)0); } } while (0);
1121 PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0
); } } while (0);
1122 PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void*
)0); } } while (0);
1123 PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree
= ((void*)0); } } while (0);
1124
1125 /* if last anchor, we fail; else, we try next anchor */
1126 if (i == (numAnchors - 1)) { /* last anchor */
1127 PKIX_ERROR(PKIX_VALIDATECHAINFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_VALIDATECHAINFAILED, ((void*)0), stdVars.aPkixType, 2,
plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean)
1); stdVars.aPkixErrorCode = PKIX_VALIDATECHAINFAILED; goto cleanup
; };
1128 }
1129
1130 } else {
1131
1132 /* XXX Remove this assertion after 2014-12-31.
1133 * See bug 946984. */
1134 PORT_Assert(reasonCode == 0)((reasonCode == 0)?((void)0):PR_Assert("reasonCode == 0","pkix_validate.c"
,1134));
1135
1136 /* cert chain successfully validated! */
1137 PKIX_CHECK(pkix_ValidateResult_Createdo { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1138 (finalPubKey,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1139 anchor,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1140 validPolicyTree,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1141 &valResult,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1142 plContext),do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1143 PKIX_VALIDATERESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0);
1144
1145 *pResult = valResult;
1146
1147 /* no need to try any more anchors in the loop */
1148 goto cleanup;
1149 }
1150 }
1151
1152cleanup:
1153
1154 PKIX_DECREF(finalPubKey)do { if (finalPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(finalPubKey), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalPubKey = ((void
*)0); } } while (0);
1155 PKIX_DECREF(certs)do { if (certs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certs = ((void*)0)
; } } while (0);
1156 PKIX_DECREF(anchors)do { if (anchors){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anchors), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchors = ((void*)
0); } } while (0);
1157 PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0
); } } while (0);
1158 PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void*
)0); } } while (0);
1159 PKIX_DECREF(revChecker)do { if (revChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(revChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } revChecker = ((void
*)0); } } while (0);
1160 PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree
= ((void*)0); } } while (0);
1161 PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void
*)0); } } while (0);
1162 PKIX_DECREF(procParams)do { if (procParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(procParams), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } procParams = ((void
*)0); } } while (0);
1163 PKIX_DECREF(userCheckers)do { if (userCheckers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCheckers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userCheckers = ((void
*)0); } } while (0);
1164 PKIX_DECREF(validateCheckedCritExtOIDsList)do { if (validateCheckedCritExtOIDsList){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validateCheckedCritExtOIDsList
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } validateCheckedCritExtOIDsList = ((void*)0);
} } while (0);
1165
1166 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
1167}
1168
1169/*
1170 * FUNCTION: pkix_Validate_BuildUserOIDs
1171 * DESCRIPTION:
1172 *
1173 * This function creates a List of the OIDs that are processed by the user
1174 * checkers in the List pointed to by "userCheckers", storing the resulting
1175 * List at "pUserCritOIDs". If the List of userCheckers is NULL, the output
1176 * List will be NULL. Otherwise the output List will be non-NULL, but may be
1177 * empty.
1178 *
1179 * PARAMETERS:
1180 * "userCheckers"
1181 * The address of the List of userCheckers.
1182 * "pUserCritOIDs"
1183 * The address at which the List is stored. Must be non-NULL.
1184 * "plContext"
1185 * Platform-specific context pointer.
1186 * THREAD SAFETY:
1187 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
1188 * RETURNS:
1189 * Returns NULL if the function succeeds.
1190 * Returns a VALIDATE Error if the function fails in a non-fatal way.
1191 * Returns a Fatal Error if the function fails in an unrecoverable way.
1192 */
1193static PKIX_Error *
1194pkix_Validate_BuildUserOIDs(
1195 PKIX_List *userCheckers,
1196 PKIX_List **pUserCritOIDs,
1197 void *plContext)
1198{
1199 PKIX_UInt32 numUserCheckers = 0;
1200 PKIX_UInt32 i = 0;
1201 PKIX_List *userCritOIDs = NULL((void*)0);
1202 PKIX_List *userCheckerExtOIDs = NULL((void*)0);
1203 PKIX_Boolean supportForwarding = PKIX_FALSE((PKIX_Boolean) 0);
1204 PKIX_CertChainChecker *userChecker = NULL((void*)0);
1205
1206 PKIX_ENTER(VALIDATE, "pkix_Validate_BuildUserOIDs")static const char cMyFuncName[] = {"pkix_Validate_BuildUserOIDs"
}; PKIX_StdVars stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName
; stdVars.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1207 PKIX_NULLCHECK_ONE(pUserCritOIDs)do { if ((pUserCritOIDs) == ((void*)0)){ stdVars.aPkixErrorReceived
= ((PKIX_Boolean) 1); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT
; return PKIX_DoReturn(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean
) 1), plContext);; } } while (0);
1208
1209 if (userCheckers != NULL((void*)0)) {
1210 PKIX_CHECK(PKIX_List_Create(&userCritOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_Create(&userCritOIDs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0)
1211 PKIX_LISTCREATEFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_Create(&userCritOIDs
, plContext)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass
= stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_LISTCREATEFAILED; goto cleanup; } } while (0);
1212
1213 PKIX_CHECK(PKIX_List_GetLengthdo { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1214 (userCheckers, &numUserCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0)
1215 PKIX_LISTGETLENGTHFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetLength (userCheckers
, &numUserCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETLENGTHFAILED; goto cleanup
; } } while (0);
1216
1217 for (i = 0; i < numUserCheckers; i++) {
1218 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1219 (userCheckers,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1220 i,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1221 (PKIX_PL_Object **) &userChecker,do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1222 plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0)
1223 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (userCheckers
, i, (PKIX_PL_Object **) &userChecker, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED
; goto cleanup; } } while (0);
1224
1225 PKIX_CHECK(PKIX_CertChainChecker_IsForwardCheckingSupporteddo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
1226 (userChecker, &supportForwarding, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0)
1227 PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_IsForwardCheckingSupported
(userChecker, &supportForwarding, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED
; goto cleanup; } } while (0);
1228
1229 if (supportForwarding == PKIX_FALSE((PKIX_Boolean) 0)) {
1230
1231 PKIX_CHECK(PKIX_CertChainChecker_GetSupportedExtensionsdo { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1232 (userChecker, &userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0)
1233 PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED)do { stdVars.aPkixErrorResult = (PKIX_CertChainChecker_GetSupportedExtensions
(userChecker, &userCheckerExtOIDs, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED
; goto cleanup; } } while (0);
1234
1235 if (userCheckerExtOIDs != NULL((void*)0)) {
1236 PKIX_CHECK(pkix_List_AppendListdo { stdVars.aPkixErrorResult = (pkix_List_AppendList (userCritOIDs
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1237 (userCritOIDs, userCheckerExtOIDs, plContext),do { stdVars.aPkixErrorResult = (pkix_List_AppendList (userCritOIDs
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0)
1238 PKIX_LISTAPPENDLISTFAILED)do { stdVars.aPkixErrorResult = (pkix_List_AppendList (userCritOIDs
, userCheckerExtOIDs, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTAPPENDLISTFAILED; goto cleanup
; } } while (0);
1239 }
1240 }
1241
1242 PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs
= ((void*)0); } } while (0);
1243 PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
1244 }
1245 }
1246
1247 *pUserCritOIDs = userCritOIDs;
1248
1249cleanup:
1250
1251 if (PKIX_ERROR_RECEIVED(stdVars.aPkixErrorReceived || stdVars.aPkixErrorResult || stdVars
.aPkixTempErrorReceived || stdVars.aPkixErrorList)){
1252 PKIX_DECREF(userCritOIDs)do { if (userCritOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCritOIDs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userCritOIDs = ((void
*)0); } } while (0);
1253 }
1254
1255 PKIX_DECREF(userCheckerExtOIDs)do { if (userCheckerExtOIDs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCheckerExtOIDs), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } userCheckerExtOIDs
= ((void*)0); } } while (0);
1256 PKIX_DECREF(userChecker)do { if (userChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userChecker = ((void
*)0); } } while (0);
1257
1258 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
1259}
1260
1261/*
1262 * FUNCTION: PKIX_ValidateChain_nb (see comments in pkix.h)
1263 */
1264PKIX_Error *
1265PKIX_ValidateChain_NB(
1266 PKIX_ValidateParams *valParams,
1267 PKIX_UInt32 *pCertIndex,
1268 PKIX_UInt32 *pAnchorIndex,
1269 PKIX_UInt32 *pCheckerIndex,
1270 PKIX_Boolean *pRevChecking,
1271 PKIX_List **pCheckers,
1272 void **pNBIOContext,
1273 PKIX_ValidateResult **pResult,
1274 PKIX_VerifyNode **pVerifyTree,
1275 void *plContext)
1276{
1277 PKIX_UInt32 numCerts = 0;
1278 PKIX_UInt32 numAnchors = 0;
1279 PKIX_UInt32 i = 0;
1280 PKIX_UInt32 certIndex = 0;
1281 PKIX_UInt32 anchorIndex = 0;
1282 PKIX_UInt32 checkerIndex = 0;
1283 PKIX_UInt32 reasonCode = 0;
1284 PKIX_Boolean revChecking = PKIX_FALSE((PKIX_Boolean) 0);
1285 PKIX_List *certs = NULL((void*)0);
1286 PKIX_List *anchors = NULL((void*)0);
1287 PKIX_List *checkers = NULL((void*)0);
1288 PKIX_List *userCheckers = NULL((void*)0);
1289 PKIX_List *validateCheckedCritExtOIDsList = NULL((void*)0);
1290 PKIX_TrustAnchor *anchor = NULL((void*)0);
1291 PKIX_ValidateResult *valResult = NULL((void*)0);
1292 PKIX_PL_PublicKey *finalPubKey = NULL((void*)0);
1293 PKIX_PolicyNode *validPolicyTree = NULL((void*)0);
1294 PKIX_ProcessingParams *procParams = NULL((void*)0);
1295 PKIX_RevocationChecker *revChecker = NULL((void*)0);
1296 PKIX_Error *chainFailed = NULL((void*)0);
1297 void *nbioContext = NULL((void*)0);
1298
1299 PKIX_ENTER(VALIDATE, "PKIX_ValidateChain_NB")static const char cMyFuncName[] = {"PKIX_ValidateChain_NB"}; PKIX_StdVars
stdVars = zeroStdVars; stdVars.aMyFuncName = cMyFuncName; stdVars
.aPkixType = PKIX_VALIDATE_ERROR; ; do { if (pkixLoggersDebugTrace
) { pkix_Logger_Check(pkixLoggersDebugTrace, stdVars.aMyFuncName
, ">>>", stdVars.aPkixType, 5, plContext); } } while
(0);;
1300 PKIX_NULLCHECK_FOURdo { if (((valParams) == ((void*)0)) || ((pCertIndex) == ((void
*)0)) || ((pAnchorIndex) == ((void*)0)) || ((pCheckerIndex) ==
((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1
); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0)
1301 (valParams, pCertIndex, pAnchorIndex, pCheckerIndex)do { if (((valParams) == ((void*)0)) || ((pCertIndex) == ((void
*)0)) || ((pAnchorIndex) == ((void*)0)) || ((pCheckerIndex) ==
((void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1
); stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1302 PKIX_NULLCHECK_FOUR(pRevChecking, pCheckers, pNBIOContext, pResult)do { if (((pRevChecking) == ((void*)0)) || ((pCheckers) == ((
void*)0)) || ((pNBIOContext) == ((void*)0)) || ((pResult) == (
(void*)0))){ stdVars.aPkixErrorReceived = ((PKIX_Boolean) 1);
stdVars.aPkixErrorCode = PKIX_NULLARGUMENT; return PKIX_DoReturn
(&stdVars, (PKIX_FATAL_ERROR), ((PKIX_Boolean) 1), plContext
);; } } while (0);
1303
1304 nbioContext = *pNBIOContext;
1305 *pNBIOContext = NULL((void*)0);
1306
1307 /* extract various parameters from valParams */
1308 PKIX_CHECK(pkix_ExtractParametersdo { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1309 (valParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1310 &certs,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1311 &numCerts,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1312 &procParams,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1313 &anchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1314 &numAnchors,do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1315 plContext),do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0)
1316 PKIX_EXTRACTPARAMETERSFAILED)do { stdVars.aPkixErrorResult = (pkix_ExtractParameters (valParams
, &certs, &numCerts, &procParams, &anchors, &
numAnchors, plContext)); if (stdVars.aPkixErrorResult) { stdVars
.aPkixErrorClass = stdVars.aPkixErrorResult->errClass; stdVars
.aPkixErrorCode = PKIX_EXTRACTPARAMETERSFAILED; goto cleanup;
} } while (0);
1317
1318 /*
1319 * Create a List of the OIDs that will be processed by the user
1320 * checkers. User checkers are not responsible for removing OIDs from
1321 * the List of unresolved critical extensions, as libpkix checkers are.
1322 * So we add those user checkers' OIDs to the removal list to be taken
1323 * out by CheckChain.
1324 */
1325 PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckersdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
1326 (procParams, &userCheckers, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0)
1327 PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetCertChainCheckers
(procParams, &userCheckers, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED
; goto cleanup; } } while (0);
1328
1329 PKIX_CHECK(pkix_Validate_BuildUserOIDsdo { stdVars.aPkixErrorResult = (pkix_Validate_BuildUserOIDs (
userCheckers, &validateCheckedCritExtOIDsList, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATEBUILDUSEROIDSFAILED
; goto cleanup; } } while (0)
1330 (userCheckers, &validateCheckedCritExtOIDsList, plContext),do { stdVars.aPkixErrorResult = (pkix_Validate_BuildUserOIDs (
userCheckers, &validateCheckedCritExtOIDsList, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATEBUILDUSEROIDSFAILED
; goto cleanup; } } while (0)
1331 PKIX_VALIDATEBUILDUSEROIDSFAILED)do { stdVars.aPkixErrorResult = (pkix_Validate_BuildUserOIDs (
userCheckers, &validateCheckedCritExtOIDsList, plContext)
); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars
.aPkixErrorResult->errClass; stdVars.aPkixErrorCode = PKIX_VALIDATEBUILDUSEROIDSFAILED
; goto cleanup; } } while (0);
1332
1333 PKIX_CHECK(PKIX_ProcessingParams_GetRevocationCheckerdo { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
(procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0)
1334 (procParams, &revChecker, plContext),do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
(procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0)
1335 PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED)do { stdVars.aPkixErrorResult = (PKIX_ProcessingParams_GetRevocationChecker
(procParams, &revChecker, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED
; goto cleanup; } } while (0);
1336
1337 /* Are we resuming after a WOULDBLOCK return, or starting anew ? */
1338 if (nbioContext != NULL((void*)0)) {
1339 /* Resuming */
1340 certIndex = *pCertIndex;
1341 anchorIndex = *pAnchorIndex;
1342 checkerIndex = *pCheckerIndex;
1343 revChecking = *pRevChecking;
1344 checkers = *pCheckers;
1345 *pCheckers = NULL((void*)0);
1346 }
1347
1348 /* try to validate the chain with each anchor */
1349 for (i = anchorIndex; i < numAnchors; i++) {
1350
1351 /* get trust anchor */
1352 PKIX_CHECK(PKIX_List_GetItemdo { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i
, (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1353 (anchors, i, (PKIX_PL_Object **)&anchor, plContext),do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i
, (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0)
1354 PKIX_LISTGETITEMFAILED)do { stdVars.aPkixErrorResult = (PKIX_List_GetItem (anchors, i
, (PKIX_PL_Object **)&anchor, plContext)); if (stdVars.aPkixErrorResult
) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult->errClass
; stdVars.aPkixErrorCode = PKIX_LISTGETITEMFAILED; goto cleanup
; } } while (0);
1355
1356 /* initialize checkers using information from trust anchor */
1357 if (nbioContext == NULL((void*)0)) {
1358 PKIX_CHECK(pkix_InitializeCheckersdo { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1359 (anchor,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1360 procParams,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1361 numCerts,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1362 &checkers,do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1363 plContext),do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0)
1364 PKIX_INITIALIZECHECKERSFAILED)do { stdVars.aPkixErrorResult = (pkix_InitializeCheckers (anchor
, procParams, numCerts, &checkers, plContext)); if (stdVars
.aPkixErrorResult) { stdVars.aPkixErrorClass = stdVars.aPkixErrorResult
->errClass; stdVars.aPkixErrorCode = PKIX_INITIALIZECHECKERSFAILED
; goto cleanup; } } while (0);
1365 }
1366
1367 /*
1368 * Validate the chain using this trust anchor and these
1369 * checkers.
1370 */
1371 chainFailed = pkix_CheckChain
1372 (certs,
1373 numCerts,
1374 anchor,
1375 checkers,
1376 revChecker,
1377 validateCheckedCritExtOIDsList,
1378 procParams,
1379 &certIndex,
1380 &checkerIndex,
1381 &revChecking,
1382 &reasonCode,
1383 &nbioContext,
1384 &finalPubKey,
1385 &validPolicyTree,
1386 pVerifyTree,
1387 plContext);
1388
1389 if (nbioContext != NULL((void*)0)) {
1390 *pCertIndex = certIndex;
1391 *pAnchorIndex = anchorIndex;
1392 *pCheckerIndex = checkerIndex;
1393 *pRevChecking = revChecking;
1394 PKIX_INCREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_IncRef
((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); goto cleanup; } } } while
(0);
1395 *pCheckers = checkers;
1396 *pNBIOContext = nbioContext;
1397 goto cleanup;
1398 }
1399
1400 if (chainFailed) {
1401
1402 /* cert chain failed to validate */
1403
1404 PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void
*)0); } } while (0);
1405 PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0
); } } while (0);
1406 PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void*
)0); } } while (0);
1407 PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree
= ((void*)0); } } while (0);
1408
1409 /* if last anchor, we fail; else, we try next anchor */
1410 if (i == (numAnchors - 1)) { /* last anchor */
1411 PKIX_ERROR(PKIX_VALIDATECHAINFAILED){ { if (pkixLoggersErrors) { pkix_Logger_CheckWithCode(pkixLoggersErrors
, PKIX_VALIDATECHAINFAILED, ((void*)0), stdVars.aPkixType, 2,
plContext); } } stdVars.aPkixErrorReceived = ((PKIX_Boolean)
1); stdVars.aPkixErrorCode = PKIX_VALIDATECHAINFAILED; goto cleanup
; };
1412 }
1413
1414 } else {
1415
1416 /* XXX Remove this assertion after 2014-12-31.
1417 * See bug 946984. */
1418 PORT_Assert(reasonCode == 0)((reasonCode == 0)?((void)0):PR_Assert("reasonCode == 0","pkix_validate.c"
,1418));
1419
1420 /* cert chain successfully validated! */
1421 PKIX_CHECK(pkix_ValidateResult_Createdo { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1422 (finalPubKey,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1423 anchor,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1424 validPolicyTree,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1425 &valResult,do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1426 plContext),do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0)
1427 PKIX_VALIDATERESULTCREATEFAILED)do { stdVars.aPkixErrorResult = (pkix_ValidateResult_Create (
finalPubKey, anchor, validPolicyTree, &valResult, plContext
)); if (stdVars.aPkixErrorResult) { stdVars.aPkixErrorClass =
stdVars.aPkixErrorResult->errClass; stdVars.aPkixErrorCode
= PKIX_VALIDATERESULTCREATEFAILED; goto cleanup; } } while (
0);
1428
1429 *pResult = valResult;
1430
1431 /* no need to try any more anchors in the loop */
1432 goto cleanup;
1433 }
1434 }
1435
1436cleanup:
1437
1438 PKIX_DECREF(finalPubKey)do { if (finalPubKey){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(finalPubKey), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } finalPubKey = ((void
*)0); } } while (0);
1439 PKIX_DECREF(certs)do { if (certs){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(certs), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } certs = ((void*)0)
; } } while (0);
1440 PKIX_DECREF(anchors)do { if (anchors){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anchors), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchors = ((void*)
0); } } while (0);
1441 PKIX_DECREF(anchor)do { if (anchor){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(anchor), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } anchor = ((void*)0
); } } while (0);
1442 PKIX_DECREF(checkers)do { if (checkers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(checkers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } checkers = ((void*
)0); } } while (0);
1443 PKIX_DECREF(revChecker)do { if (revChecker){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(revChecker), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } revChecker = ((void
*)0); } } while (0);
1444 PKIX_DECREF(validPolicyTree)do { if (validPolicyTree){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(validPolicyTree), plContext); if (stdVars
.aPkixTempResult) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult
, plContext); stdVars.aPkixTempResult = ((void*)0); } validPolicyTree
= ((void*)0); } } while (0);
1445 PKIX_DECREF(chainFailed)do { if (chainFailed){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(chainFailed), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } chainFailed = ((void
*)0); } } while (0);
1446 PKIX_DECREF(procParams)do { if (procParams){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(procParams), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } procParams = ((void
*)0); } } while (0);
1447 PKIX_DECREF(userCheckers)do { if (userCheckers){ stdVars.aPkixTempResult = PKIX_PL_Object_DecRef
((PKIX_PL_Object *)(userCheckers), plContext); if (stdVars.aPkixTempResult
) { PKIX_DoAddError(&stdVars, stdVars.aPkixTempResult, plContext
); stdVars.aPkixTempResult = ((void*)0); } userCheckers = ((void
*)0); } } while (0);
1448 PKIX_DECREF(validateCheckedCritExtOIDsList)do { if (validateCheckedCritExtOIDsList){ stdVars.aPkixTempResult
= PKIX_PL_Object_DecRef ((PKIX_PL_Object *)(validateCheckedCritExtOIDsList
), plContext); if (stdVars.aPkixTempResult) { PKIX_DoAddError
(&stdVars, stdVars.aPkixTempResult, plContext); stdVars.aPkixTempResult
= ((void*)0); } validateCheckedCritExtOIDsList = ((void*)0);
} } while (0);
1449
1450 PKIX_RETURN(VALIDATE)return PKIX_DoReturn(&stdVars, (PKIX_VALIDATE_ERROR), ((PKIX_Boolean
) 1), plContext);;
1451}