diff --git a/lib/hx509/collector.c b/lib/hx509/collector.c index 733b2d5bb..dbe91bdfd 100644 --- a/lib/hx509/collector.c +++ b/lib/hx509/collector.c @@ -107,7 +107,8 @@ free_private_key(struct private_key *key) } int -_hx509_collector_private_key_add(struct hx509_collector *c, +_hx509_collector_private_key_add(hx509_context context, + struct hx509_collector *c, const AlgorithmIdentifier *alg, hx509_private_key private_key, const heim_octet_string *key_data, @@ -124,17 +125,21 @@ _hx509_collector_private_key_add(struct hx509_collector *c, d = realloc(c->val.data, (c->val.len + 1) * sizeof(c->val.data[0])); if (d == NULL) { free(key); + hx509_set_error_string(context, 0, ENOMEM, "Out of memory"); return ENOMEM; } c->val.data = d; ret = copy_AlgorithmIdentifier(alg, &key->alg); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to copy " + "AlgorithmIdentifier"); goto out; + } if (private_key) { key->private_key = private_key; } else { - ret = _hx509_parse_private_key(&alg->algorithm, + ret = _hx509_parse_private_key(context, &alg->algorithm, key_data->data, key_data->length, &key->private_key); if (ret) @@ -142,8 +147,11 @@ _hx509_collector_private_key_add(struct hx509_collector *c, } if (localKeyId) { ret = der_copy_octet_string(localKeyId, &key->localKeyId); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy localKeyId"); goto out; + } } else memset(&key->localKeyId, 0, sizeof(key->localKeyId)); diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index 46761823c..e4b1f12fd 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -98,7 +98,8 @@ struct signature_alg { const heim_octet_string *, AlgorithmIdentifier *, heim_octet_string *); - int (*parse_private_key)(const struct signature_alg *, + int (*parse_private_key)(hx509_context, + const struct signature_alg *, const void *data, size_t len, hx509_private_key private_key); @@ -349,7 +350,8 @@ create_signature(const struct signature_alg *sig_alg, #endif static int -rsa_parse_private_key(const struct signature_alg *sig_alg, +rsa_parse_private_key(hx509_context context, + const struct signature_alg *sig_alg, const void *data, size_t len, hx509_private_key private_key) @@ -358,8 +360,11 @@ rsa_parse_private_key(const struct signature_alg *sig_alg, private_key->private_key.rsa = d2i_RSAPrivateKey(NULL, &p, len); - if (private_key->private_key.rsa == NULL) - return EINVAL; + if (private_key->private_key.rsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse RSA key"); + return HX509_PARSING_KEY_FAILED; + } private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); return 0; @@ -478,7 +483,8 @@ dsa_verify_signature(const struct signature_alg *sig_alg, } static int -dsa_parse_private_key(const struct signature_alg *sig_alg, +dsa_parse_private_key(hx509_context context, + const struct signature_alg *sig_alg, const void *data, size_t len, hx509_private_key private_key) @@ -494,7 +500,9 @@ dsa_parse_private_key(const struct signature_alg *sig_alg, return 0; #else - return EINVAL; + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "No support to parse DSA keys"); + return HX509_PARSING_KEY_FAILED; #endif } @@ -993,7 +1001,8 @@ _hx509_private_key_private_decrypt(const heim_octet_string *ciphertext, int -_hx509_parse_private_key(const heim_oid *key_oid, +_hx509_parse_private_key(hx509_context context, + const heim_oid *key_oid, const void *data, size_t len, hx509_private_key *private_key) @@ -1004,14 +1013,18 @@ _hx509_parse_private_key(const heim_oid *key_oid, *private_key = NULL; md = find_key_alg(key_oid); - if (md == NULL) + if (md == NULL) { + hx509_clear_error_string(context); return HX509_SIG_ALG_NO_SUPPORTED; + } ret = _hx509_new_private_key(private_key); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); return ret; + } - ret = (*md->parse_private_key)(md, data, len, *private_key); + ret = (*md->parse_private_key)(context, md, data, len, *private_key); if (ret) _hx509_free_private_key(private_key); else