Lines Matching refs:retval
108 krb5_error_code retval = KRB5KRB_ERR_GENERIC; in pkinit_create_edata() local
114 retval = pkinit_create_td_trusted_certifiers(context, in pkinit_create_edata()
118 retval = pkinit_create_td_dh_parameters(context, plg_cryptoctx, in pkinit_create_edata()
123 retval = pkinit_create_td_invalid_certificate(context, in pkinit_create_edata()
129 retval = 0; in pkinit_create_edata()
135 return retval; in pkinit_create_edata()
148 krb5_error_code retval = 0; in pkinit_server_get_edata() local
160 retval = EINVAL; in pkinit_server_get_edata()
162 return retval; in pkinit_server_get_edata()
172 krb5_error_code retval; in verify_client_san() local
180 retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx, in verify_client_san()
185 if (retval) { in verify_client_san()
187 retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH; in verify_client_san()
192 retval = call_san_checking_plugins(context, plgctx, reqctx, princs, in verify_client_san()
196 if (retval) { in verify_client_san()
197 retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH; in verify_client_san()
203 retval = plugin_decision; in verify_client_san()
222 retval = 0; in verify_client_san()
235 retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH; in verify_client_san()
250 retval = 0; in verify_client_san()
261 retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH; in verify_client_san()
263 retval = 0; in verify_client_san()
281 __FUNCTION__, retval, *valid_san); in verify_client_san()
282 return retval; in verify_client_san()
291 krb5_error_code retval; in verify_client_eku() local
298 retval = 0; in verify_client_eku()
302 retval = crypto_check_cert_eku(context, plgctx->cryptoctx, in verify_client_eku()
307 if (retval) { in verify_client_eku()
309 __FUNCTION__, retval, error_message(retval)); in verify_client_eku()
315 __FUNCTION__, retval, *eku_accepted); in verify_client_eku()
316 return retval; in verify_client_eku()
333 krb5_error_code retval = 0; in pkinit_server_verify_padata() local
370 retval = pkinit_init_kdc_req_context(context, (void **)&reqctx); in pkinit_server_verify_padata()
371 if (retval) in pkinit_server_verify_padata()
380 retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp); in pkinit_server_verify_padata()
381 if (retval) { in pkinit_server_verify_padata()
390 retval = cms_signeddata_verify(context, plgctx->cryptoctx, in pkinit_server_verify_padata()
400 retval = k5int_decode_krb5_pa_pk_as_req_draft9(&k5data, &reqp9); in pkinit_server_verify_padata()
401 if (retval) { in pkinit_server_verify_padata()
411 retval = cms_signeddata_verify(context, plgctx->cryptoctx, in pkinit_server_verify_padata()
420 retval = EINVAL; in pkinit_server_verify_padata()
423 if (retval) { in pkinit_server_verify_padata()
428 retval = verify_client_san(context, plgctx, reqctx, request->client, in pkinit_server_verify_padata()
430 if (retval) in pkinit_server_verify_padata()
435 retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH; in pkinit_server_verify_padata()
438 retval = verify_client_eku(context, plgctx, reqctx, &valid_eku); in pkinit_server_verify_padata()
439 if (retval) in pkinit_server_verify_padata()
445 retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE; in pkinit_server_verify_padata()
456 retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack); in pkinit_server_verify_padata()
457 if (retval) { in pkinit_server_verify_padata()
464 retval = server_check_dh(context, plgctx->cryptoctx, in pkinit_server_verify_padata()
469 if (retval) { in pkinit_server_verify_padata()
480 retval = k5int_decode_krb5_as_req(req_pkt, &tmp_as_req); in pkinit_server_verify_padata()
481 if (retval) { in pkinit_server_verify_padata()
482 pkiDebug("decode_krb5_as_req returned %d\n", (int)retval); in pkinit_server_verify_padata()
486 retval = k5int_encode_krb5_kdc_req_body(tmp_as_req, &der_req); in pkinit_server_verify_padata()
487 if (retval) { in pkinit_server_verify_padata()
488 pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval); in pkinit_server_verify_padata()
491 retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, in pkinit_server_verify_padata()
493 if (retval) { in pkinit_server_verify_padata()
516 retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED; in pkinit_server_verify_padata()
523 retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx, in pkinit_server_verify_padata()
526 if (retval) in pkinit_server_verify_padata()
539 retval = k5int_decode_krb5_auth_pack_draft9(&k5data, &auth_pack9); in pkinit_server_verify_padata()
540 if (retval) { in pkinit_server_verify_padata()
545 retval = server_check_dh(context, plgctx->cryptoctx, in pkinit_server_verify_padata()
550 if (retval) { in pkinit_server_verify_padata()
566 retval = ENOMEM; in pkinit_server_verify_padata()
573 retval = ENOMEM; in pkinit_server_verify_padata()
585 retval = ENOMEM; in pkinit_server_verify_padata()
597 retval = k5int_encode_krb5_authdata_elt(pkinit_authz_data, in pkinit_server_verify_padata()
605 if (retval) { in pkinit_server_verify_padata()
630 if (retval && data->pa_type == KRB5_PADATA_PK_AS_REQ) { in pkinit_server_verify_padata()
633 plgctx->idctx, plgctx->opts, retval, e_data)) in pkinit_server_verify_padata()
662 return retval; in pkinit_server_verify_padata()
680 krb5_error_code retval = 0; in pkinit_server_return_padata() local
747 retval = KRB5KDC_ERR_ETYPE_NOSUPP; in pkinit_server_return_padata()
755 retval = ENOMEM; in pkinit_server_return_padata()
765 retval = ENOMEM; in pkinit_server_return_padata()
771 retval = KRB5KDC_ERR_PREAUTH_FAILED; in pkinit_server_return_padata()
796 retval = server_process_dh(context, plgctx->cryptoctx, in pkinit_server_return_padata()
800 if (retval) { in pkinit_server_return_padata()
809 retval = pkinit_octetstring2key(context, enctype, server_key, in pkinit_server_return_padata()
811 if (retval) { in pkinit_server_return_padata()
813 error_message(retval)); in pkinit_server_return_padata()
822 retval = k5int_encode_krb5_kdc_dh_key_info(&dhkey_info, in pkinit_server_return_padata()
824 if (retval) { in pkinit_server_return_padata()
836 retval = cms_signeddata_create(context, plgctx->cryptoctx, in pkinit_server_return_padata()
842 if (retval) { in pkinit_server_return_padata()
849 retval = cms_signeddata_create(context, plgctx->cryptoctx, in pkinit_server_return_padata()
855 if (retval) { in pkinit_server_return_padata()
864 retval = krb5_c_make_random_key(context, enctype, encrypting_key); in pkinit_server_return_padata()
865 if (retval) { in pkinit_server_return_padata()
888 retval = ENOMEM; in pkinit_server_return_padata()
892 retval = krb5_c_keyed_checksum_types(context, in pkinit_server_return_padata()
894 if (retval) in pkinit_server_return_padata()
898 retval = krb5_c_make_checksum(context, cksum_types[0], in pkinit_server_return_padata()
901 if (retval) { in pkinit_server_return_padata()
918 retval = k5int_encode_krb5_reply_key_pack(key_pack, in pkinit_server_return_padata()
920 if (retval) { in pkinit_server_return_padata()
929 retval = cms_envelopeddata_create(context, plgctx->cryptoctx, in pkinit_server_return_padata()
943 retval = ENOMEM; in pkinit_server_return_padata()
950 retval = k5int_encode_krb5_reply_key_pack_draft9(key_pack9, in pkinit_server_return_padata()
952 if (retval) { in pkinit_server_return_padata()
959 retval = cms_envelopeddata_create(context, plgctx->cryptoctx, in pkinit_server_return_padata()
966 if (retval) { in pkinit_server_return_padata()
968 error_message(retval)); in pkinit_server_return_padata()
993 retval = k5int_encode_krb5_pa_pk_as_rep(rep, &out_data); in pkinit_server_return_padata()
997 retval = k5int_encode_krb5_pa_pk_as_rep_draft9(rep9, &out_data); in pkinit_server_return_padata()
1000 if (retval) { in pkinit_server_return_padata()
1012 retval = ENOMEM; in pkinit_server_return_padata()
1066 if (retval) in pkinit_server_return_padata()
1069 return retval; in pkinit_server_return_padata()
1099 krb5_error_code retval; in pkinit_init_kdc_profile() local
1103 retval = pkinit_kdcdefault_string(context, plgctx->realmname, in pkinit_init_kdc_profile()
1106 if (retval != 0 || NULL == plgctx->idopts->identity) { in pkinit_init_kdc_profile()
1107 retval = EINVAL; in pkinit_init_kdc_profile()
1108 krb5_set_error_message(context, retval, in pkinit_init_kdc_profile()
1114 retval = pkinit_kdcdefault_strings(context, plgctx->realmname, in pkinit_init_kdc_profile()
1117 if (retval != 0 || NULL == plgctx->idopts->anchors) { in pkinit_init_kdc_profile()
1118 retval = EINVAL; in pkinit_init_kdc_profile()
1119 krb5_set_error_message(context, retval, in pkinit_init_kdc_profile()
1185 return retval; in pkinit_init_kdc_profile()
1218 krb5_error_code retval = ENOMEM; in pkinit_server_plugin_init_realm() local
1237 retval = pkinit_init_plg_crypto(&plgctx->cryptoctx); in pkinit_server_plugin_init_realm()
1238 if (retval) in pkinit_server_plugin_init_realm()
1241 retval = pkinit_init_plg_opts(&plgctx->opts); in pkinit_server_plugin_init_realm()
1242 if (retval) in pkinit_server_plugin_init_realm()
1245 retval = pkinit_init_identity_crypto(&plgctx->idctx); in pkinit_server_plugin_init_realm()
1246 if (retval) in pkinit_server_plugin_init_realm()
1249 retval = pkinit_init_identity_opts(&plgctx->idopts); in pkinit_server_plugin_init_realm()
1250 if (retval) in pkinit_server_plugin_init_realm()
1253 retval = pkinit_init_kdc_profile(context, plgctx); in pkinit_server_plugin_init_realm()
1254 if (retval) in pkinit_server_plugin_init_realm()
1262 retval = pkinit_identity_set_prompter(plgctx->idctx, krb5_prompter_posix, in pkinit_server_plugin_init_realm()
1264 if (retval) in pkinit_server_plugin_init_realm()
1267 retval = pkinit_identity_initialize(context, plgctx->cryptoctx, NULL, in pkinit_server_plugin_init_realm()
1269 if (retval) in pkinit_server_plugin_init_realm()
1275 retval = 0; in pkinit_server_plugin_init_realm()
1278 if (retval) in pkinit_server_plugin_init_realm()
1281 return retval; in pkinit_server_plugin_init_realm()
1288 krb5_error_code retval = ENOMEM; in pkinit_server_plugin_init() local
1293 retval = pkinit_accessor_init(); in pkinit_server_plugin_init()
1294 if (retval) in pkinit_server_plugin_init()
1295 return retval; in pkinit_server_plugin_init()
1308 retval = pkinit_server_plugin_init_realm(context, realmnames[i], &plgctx); in pkinit_server_plugin_init()
1309 if (retval == 0 && plgctx != NULL) in pkinit_server_plugin_init()
1319 retval = EINVAL; in pkinit_server_plugin_init()
1320 krb5_set_error_message(context, retval, "No realms configured " in pkinit_server_plugin_init()
1328 retval = 0; in pkinit_server_plugin_init()
1332 if (retval) in pkinit_server_plugin_init()
1335 return retval; in pkinit_server_plugin_init()
1372 krb5_error_code retval = ENOMEM; in pkinit_init_kdc_req_context() local
1377 return retval; in pkinit_init_kdc_req_context()
1381 retval = pkinit_init_req_crypto(&reqctx->cryptoctx); in pkinit_init_kdc_req_context()
1382 if (retval) in pkinit_init_kdc_req_context()
1389 retval = 0; in pkinit_init_kdc_req_context()
1391 if (retval) in pkinit_init_kdc_req_context()
1394 return retval; in pkinit_init_kdc_req_context()