Lines Matching refs:ret
108 KMF_RETURN ret = KMF_OK;
127 CLEAR_ERROR(handle, ret);
129 ret = test_attributes(num_req_attrs, required_attrs,
131 if (ret != KMF_OK)
132 return (ret);
142 ret = get_keyalg_from_cert(cert, &keyalg);
143 if (ret != KMF_OK)
144 return (ret);
152 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
154 if (ret != KMF_OK)
155 return (ret);
173 KMF_RETURN ret = KMF_OK;
181 ret = kmf_get_cert_ku(cert, &keyusage);
182 if (ret != KMF_OK)
187 return (ret);
204 ret = kmf_get_cert_basic_constraint(cert,
207 if (ret != KMF_OK)
208 return (ret);
248 KMF_RETURN ret = KMF_OK;
260 CLEAR_ERROR(handle, ret);
262 ret = test_attributes(num_req_attrs, required_attrs,
264 if (ret != KMF_OK)
265 return (ret);
267 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
269 if (ret != KMF_OK)
270 return (ret);
284 KMF_RETURN ret;
308 ret = DerEncodeSignedCertificate(CertData, encodedCert);
310 return (ret);
510 KMF_RETURN ret;
533 CLEAR_ERROR(handle, ret);
535 ret = test_attributes(num_req_attrs, required_attrs,
537 if (ret != KMF_OK)
538 return (ret);
560 ret = kmf_get_attr(KMF_ALGORITHM_INDEX_ATTR, attrlist, numattr,
562 if (ret == KMF_OK)
568 ret = check_key_usage(handle, signer_cert, KMF_KU_SIGN_CERT);
569 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
570 ret = KMF_OK;
571 if (ret != KMF_OK)
572 return (ret);
578 ret = setup_findprikey_attrlist(attrlist, numattr,
580 if (ret != KMF_OK)
583 ret = kmf_find_prikey_by_cert(handle, new_numattr,
585 if (ret != KMF_OK) {
598 ret = KMF_ERR_BAD_PARAMETER;
602 ret = kmf_encode_cert_record(x509cert, &unsignedCert);
603 if (ret != KMF_OK)
613 ret = check_for_basic_constraint(tbs_cert);
614 if (ret)
628 ret = KMF_ERR_BAD_PARAMETER;
632 ret = sign_cert(handle, tbs_cert, sign_key_ptr, oid, signed_cert);
646 return (ret);
661 KMF_RETURN ret = KMF_OK;
684 CLEAR_ERROR(handle, ret);
686 ret = test_attributes(num_req_attrs, required_attrs,
688 if (ret != KMF_OK)
689 return (ret);
705 ret = check_key_usage(handle, signer_cert, KMF_KU_SIGN_DATA);
712 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
713 ret = KMF_OK;
714 if (ret != KMF_OK)
715 return (ret);
720 ret = setup_findprikey_attrlist(attrlist, numattr,
722 if (ret != KMF_OK) {
726 ret = kmf_find_prikey_by_cert(handle, new_numattr,
728 if (ret != KMF_OK) {
737 ret = KMF_ERR_BAD_PARAMETER;
743 ret = KMF_ERR_BAD_PARAMETER;
753 ret = kmf_get_attr(KMF_ALGORITHM_INDEX_ATTR, attrlist,
756 if (ret != KMF_OK)
762 ret = KMF_ERR_BAD_PARAMETER;
769 ret = KMF_ERR_PLUGIN_NOTFOUND;
773 ret = plugin->funclist->SignData(handle, sign_key_ptr, oid, tbs_data,
775 if (ret != KMF_OK)
785 ret = DerDecodeDSASignature(output, &signature);
786 if (ret != KMF_OK)
803 return (ret);
830 KMF_RETURN ret = KMF_OK;
857 CLEAR_ERROR(handle, ret);
859 ret = test_attributes(num_req_attrs, required_attrs,
862 if (ret != KMF_OK)
863 return (ret);
866 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, num_args,
868 if (ret != KMF_OK)
869 return (ret);
879 ret = kmf_get_attr(KMF_ALGORITHM_INDEX_ATTR, attrlist, num_args,
883 if (ret != KMF_OK && signer_cert == NULL)
884 return (ret);
899 ret = check_key_usage(handle, signer_cert, KMF_KU_SIGN_DATA);
900 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
901 ret = KMF_OK;
902 if (ret != KMF_OK)
903 return (ret);
906 ret = DerDecodeSignedCertificate(signer_cert, &SignerCert);
907 if (ret != KMF_OK)
908 return (ret);
928 ret = PKCS_VerifyData(handle, sigAlg,
939 ret = plugin->funclist->EncodePubkeyData(handle,
945 ret = DerDecodeSPKI(&derkey, &spki);
946 if (ret == KMF_OK)
947 ret = PKCS_VerifyData(handle, sigAlg, &spki,
957 return (ret);
985 KMF_RETURN ret;
998 CLEAR_ERROR(handle, ret);
999 if (ret != KMF_OK)
1000 return (ret);
1002 ret = test_attributes(num_req_attrs, required_attrs,
1004 if (ret != KMF_OK)
1005 return (ret);
1024 ret = verify_cert_with_cert(handle, CertToBeVerified,
1036 ret = plugin->funclist->EncodePubkeyData(handle,
1042 if (ret == KMF_OK && derkey.Length > 0) {
1043 ret = verify_cert_with_key(handle, &derkey,
1051 return (ret);
1079 KMF_RETURN ret;
1100 CLEAR_ERROR(handle, ret);
1101 if (ret != KMF_OK)
1102 return (ret);
1104 ret = test_attributes(num_req_attrs, required_attrs,
1106 if (ret != KMF_OK)
1107 return (ret);
1121 ret = check_key_usage(handle, cert, KMF_KU_ENCRYPT_DATA);
1122 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
1123 ret = KMF_OK;
1124 if (ret != KMF_OK)
1125 return (ret);
1128 if ((ret = DerDecodeSignedCertificate(cert, &x509cert)) != KMF_OK)
1129 return (ret);
1156 ret = PKCS_EncryptData(handle, algid, pubkey, plaintext, ciphertext);
1161 return (ret);
1174 KMF_RETURN ret;
1199 CLEAR_ERROR(handle, ret);
1201 ret = test_attributes(num_req_attrs, required_attrs,
1203 if (ret != KMF_OK)
1204 return (ret);
1215 ret = check_key_usage(handle, cert, KMF_KU_ENCRYPT_DATA);
1216 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
1217 ret = KMF_OK;
1218 if (ret != KMF_OK)
1219 return (ret);
1236 ret = setup_findprikey_attrlist(attrlist, numattr, &new_attrlist,
1238 if (ret != KMF_OK)
1241 ret = kmf_find_prikey_by_cert(handle, new_numattr, new_attrlist);
1242 if (ret != KMF_OK)
1246 ret = DerDecodeSignedCertificate(cert, &x509cert);
1247 if (ret != KMF_OK)
1257 ret = KMF_ERR_BAD_ALGORITHM;
1264 ret = plugin->funclist->DecryptData(handle,
1268 ret = KMF_ERR_PLUGIN_NOTFOUND;
1279 return (ret);
1286 KMF_RETURN ret = KMF_OK;
1300 CLEAR_ERROR(handle, ret);
1302 ret = test_attributes(num_req_attrs, required_attrs,
1304 if (ret != KMF_OK)
1305 return (ret);
1307 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
1309 if (ret != KMF_OK)
1310 return (ret);
1323 KMF_RETURN ret = KMF_OK;
1337 CLEAR_ERROR(handle, ret);
1339 ret = test_attributes(num_req_attrs, required_attrs, 0, NULL,
1341 if (ret != KMF_OK)
1342 return (ret);
1344 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
1346 if (ret != KMF_OK)
1347 return (ret);
1361 KMF_RETURN ret = KMF_OK;
1372 CLEAR_ERROR(handle, ret);
1374 ret = test_attributes(num_req_attrs, required_attrs,
1376 if (ret != KMF_OK)
1377 return (ret);
1379 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
1381 if (ret != KMF_OK)
1382 return (ret);
1402 KMF_RETURN ret = KMF_OK;
1434 ret = kmf_get_cert_crl_dist_pts((const KMF_DATA *)cert,
1436 if (ret != KMF_OK)
1450 ret = kmf_download_crl(handle, uri, proxyname,
1452 if (ret == KMF_OK) {
1456 ret = KMF_ERR_MEMORY;
1468 return (ret);
1475 KMF_RETURN ret = KMF_OK;
1496 ret = kmf_verify_crl_file(handle, crlfilename,
1498 if (ret != KMF_OK)
1499 return (ret);
1505 ret = kmf_check_crl_date(handle, crlfilename);
1506 if (ret != KMF_OK)
1507 return (ret);
1510 return (ret);
1518 KMF_RETURN ret = KMF_OK;
1565 ret = KMF_ERR_BAD_CRLFILE;
1575 if ((ret = check_crl_validity(handle, *kstype,
1587 ret = KMF_ERR_INTERNAL;
1596 ret = cert_get_crl(handle, user_cert, proxy, crlfile_tmp,
1598 if (ret != KMF_OK) {
1605 if ((ret = check_crl_validity(handle, *kstype, crlfile_tmp,
1607 return (ret);
1630 ret = kmf_import_crl(handle, numattr, attrlist);
1632 if (ret != KMF_OK)
1637 ret = KMF_ERR_WRITE_FILE;
1648 ret = KMF_ERR_BAD_PARAMETER;
1655 ret = KMF_ERR_BAD_CRLFILE;
1661 if ((ret = check_crl_validity(handle, *kstype,
1663 return (ret);
1691 ret = KMF_ERR_INTERNAL;
1695 ret = kmf_create_cert_file(user_cert, KMF_FORMAT_ASN1,
1697 if (ret != KMF_OK) {
1712 ret = KMF_ERR_PLUGIN_NOTFOUND;
1716 ret = kmf_find_cert_in_crl(handle, numattr, attrlist);
1717 if (ret == KMF_ERR_NOT_REVOKED) {
1718 ret = KMF_OK;
1730 return (ret);
1738 KMF_RETURN ret = KMF_OK;
1791 ret = KMF_ERR_MEMORY;
1797 ret = kmf_hexstr_to_bytes(
1800 if (ret != KMF_OK || bytes == NULL) {
1801 ret = KMF_ERR_OCSP_POLICY;
1845 ret = kmf_find_cert(handle, fc_numattr, fc_attrlist);
1846 if (ret != KMF_OK || num != 1) {
1848 ret = KMF_ERR_CERT_NOT_FOUND;
1850 ret = KMF_ERR_CERT_MULTIPLE_FOUND;
1860 ret = kmf_find_cert(handle, fc_numattr, fc_attrlist);
1861 if (ret == KMF_OK) {
1878 ret = KMF_ERR_MEMORY;
1884 ret = kmf_get_ocsp_for_cert(handle, user_cert, issuer_cert,
1886 if (ret != KMF_OK)
1933 ret = kmf_get_ocsp_status_for_cert(handle, numattr, attrlist);
1934 if (ret == KMF_OK) {
1939 ret = KMF_ERR_OCSP_UNKNOWN_CERT;
1942 ret = KMF_ERR_OCSP_REVOKED;
1961 return (ret);
1969 KMF_RETURN ret = KMF_OK;
1978 ret = kmf_get_cert_ku(cert, &keyusage);
1980 if (ret == KMF_ERR_EXTENSION_NOT_FOUND) {
1990 if (ret != KMF_OK) {
1992 return (ret);
2001 ret = kmf_get_cert_basic_constraint(cert,
2004 if (ret != KMF_OK) {
2006 return (ret);
2028 KMF_RETURN ret = KMF_OK;
2044 ret = kmf_get_cert_eku(cert, &eku);
2045 if ((ret != KMF_ERR_EXTENSION_NOT_FOUND) && (ret != KMF_OK)) {
2047 return (ret);
2050 if (ret == KMF_ERR_EXTENSION_NOT_FOUND) {
2125 KMF_RETURN ret = KMF_OK;
2174 ret = kmf_find_cert(handle, fc_numattr, fc_attrlist);
2176 if (ret == KMF_OK && num > 0) {
2181 ret = KMF_ERR_MEMORY;
2190 ret = kmf_find_cert(handle, fc_numattr, fc_attrlist);
2191 if (ret != KMF_OK) {
2211 ret = kmf_get_cert_validity(&certlist[i].certificate,
2213 if (ret != KMF_OK) {
2214 ret = KMF_ERR_VALIDITY_PERIOD;
2232 ret = KMF_ERR_MEMORY;
2245 return (ret);
2255 KMF_RETURN ret = KMF_OK;
2282 ret = kmf_hexstr_to_bytes((uchar_t *)policy->ta_serial,
2284 if (ret != KMF_OK || bytes == NULL) {
2285 ret = KMF_ERR_TA_POLICY;
2322 ret = kmf_find_cert(handle, fc_numattr, fc_attrlist);
2323 if (ret != KMF_OK || num != 1) {
2325 ret = KMF_ERR_CERT_NOT_FOUND;
2327 ret = KMF_ERR_CERT_MULTIPLE_FOUND;
2335 ret = kmf_find_cert(handle, fc_numattr, fc_attrlist);
2336 if (ret == KMF_OK) {
2340 ret = KMF_ERR_MEMORY;
2355 ret = kmf_get_cert_subject_str(handle, ta_cert, &ta_subject);
2356 if (ret != KMF_OK)
2359 ret = kmf_dn_parser(ta_subject, &ta_subjectDN);
2360 if (ret != KMF_OK)
2364 ret = KMF_ERR_CERT_NOT_FOUND;
2369 if (ret == KMF_OK) {
2370 ret = check_key_usage(handle, ta_cert, KMF_KU_SIGN_CERT);
2371 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
2372 ret = KMF_OK;
2378 if ((ret != KMF_OK))
2387 return (ret);
2393 KMF_RETURN ret = KMF_OK;
2418 CLEAR_ERROR(handle, ret);
2420 ret = test_attributes(num_req_attrs, required_attrs,
2422 if (ret != KMF_OK)
2423 return (ret);
2445 if ((ret = kmf_get_cert_issuer_str(handle, pcert,
2448 } else if ((ret = kmf_dn_parser(user_issuer, &user_issuerDN)) !=
2456 if ((ret = kmf_get_cert_subject_str(handle, pcert,
2459 } else if ((ret = kmf_dn_parser(user_subject, &user_subjectDN)) !=
2477 ret = cert_ku_check(handle, pcert);
2478 if (ret != KMF_OK) {
2485 ret = cert_eku_check(handle, pcert);
2486 if (ret != KMF_OK) {
2500 ret = kmf_check_cert_date(handle, pcert);
2501 if (ret != KMF_OK)
2528 ret = verify_cert_with_cert(handle, pcert, pcert);
2529 if (ret != KMF_OK)
2534 ret = find_issuer_cert(handle, kstype, user_issuer,
2536 if (ret != KMF_OK) {
2546 ret = find_ta_cert(handle, kstype, &ta_cert,
2549 if (ret != KMF_OK) {
2555 ret = verify_cert_with_cert(handle, pcert,
2557 if (ret != KMF_OK)
2595 ret = find_issuer_cert(handle, kstype, user_issuer,
2597 if (ret != KMF_OK) {
2604 ret = cert_crl_check(handle, kstype, pcert, &issuer_cert);
2605 if (ret != KMF_OK) {
2612 ret = cert_ocsp_check(handle, kstype, pcert, &issuer_cert,
2614 if (ret != KMF_OK) {
2642 ret = KMF_ERR_CERT_VALIDATION;
2644 return (ret);
2753 KMF_RETURN ret;
2756 CLEAR_ERROR(handle, ret);
2757 if (ret != KMF_OK)
2758 return (ret);
2763 ret = kmf_read_input_file(handle, filename, &filedata);
2764 if (ret != KMF_OK)
2765 return (ret);
2767 ret = kmf_is_cert_data(&filedata, pformat);
2768 if (ret == KMF_ERR_BAD_CERT_FORMAT)
2769 ret = KMF_ERR_BAD_CERTFILE;
2772 return (ret);
2835 KMF_RETURN ret = KMF_OK;
2849 CLEAR_ERROR(handle, ret);
2851 ret = test_attributes(num_req_attrs, required_attrs, 0, NULL,
2853 if (ret != KMF_OK)
2854 return (ret);
2856 ret = kmf_get_attr(KMF_KEYSTORE_TYPE_ATTR, attrlist, numattr,
2858 if (ret != KMF_OK)
2859 return (ret);
2974 KMF_RETURN ret = KMF_OK;
2997 return (ret);
3010 KMF_RETURN ret = KMF_OK;
3032 ret = ExtractX509CertParts((KMF_DATA *)SubjectCert,
3034 if (ret != KMF_OK) {
3042 ret = KMF_ERR_MEMORY;
3050 ret = DerDecodeSignedCertificate(SubjectCert, &subj_cert);
3051 if (ret != KMF_OK) {
3059 ret = set_algoid(&subj_cert->signature.algorithmIdentifier,
3061 if (ret != KMF_OK)
3063 ret = set_algoid(&subj_cert->certificate.signature,
3065 if (ret)
3075 ret = DerEncodeTbsCertificate(&subj_cert->certificate,
3077 if (ret != KMF_OK)
3097 ret = kmf_sign_data(handle, i, attrlist);
3099 if (ret != KMF_OK)
3111 ret = DerEncodeECDSASignature(&signed_data, &signature);
3114 if (ret != KMF_OK)
3126 ret = DerEncodeDSASignature(&signed_data, &signature);
3129 if (ret != KMF_OK)
3134 ret = copy_data(&subj_cert->signature.encrypted, &signed_data);
3137 if (ret != KMF_OK)
3142 ret = DerEncodeSignedCertificate(subj_cert, SignedCert);
3146 if (ret != KMF_OK)
3156 return (ret);
3164 KMF_RETURN ret = KMF_OK;
3179 ret = ExtractX509CertParts((KMF_DATA *)CertToBeVerified,
3182 if (ret != KMF_OK)
3185 ret = DerDecodeSPKI(derkey, &spki);
3186 if (ret != KMF_OK)
3190 ret = DerDecodeSignedCertificate(CertToBeVerified, &signed_cert);
3191 if (ret != KMF_OK)
3192 return (ret);
3201 ret = DerDecodeDSASignature(&signed_data, &signature);
3202 if (ret != KMF_OK)
3208 ret = DerDecodeECDSASignature(&signed_data, &signature);
3209 if (ret != KMF_OK)
3216 ret = PKCS_VerifyData(handle, algid, &spki,
3242 return (ret);
3255 KMF_RETURN ret = KMF_OK;
3278 ret = check_key_usage(handle, SignerCertData, KMF_KU_SIGN_CERT);
3279 if (ret == KMF_ERR_EXTENSION_NOT_FOUND && policy->ku_bits == 0)
3280 ret = KMF_OK;
3281 if (ret != KMF_OK)
3282 return (ret);
3285 ret = ExtractX509CertParts((KMF_DATA *)CertToBeVerifiedData,
3287 if (ret != KMF_OK)
3291 ret = DerDecodeSignedCertificate(CertToBeVerifiedData,
3293 if (ret != KMF_OK)
3300 ret = DerDecodeDSASignature(&signed_data, &signature);
3301 if (ret != KMF_OK)
3307 ret = DerDecodeECDSASignature(&signed_data, &signature);
3308 if (ret != KMF_OK)
3315 ret = DerDecodeSignedCertificate(SignerCertData, &SignerCert);
3316 if (ret != KMF_OK)
3323 ret = PKCS_VerifyData(handle, algid,
3350 return (ret);