name+security: Fixing bugs with empty name component comparison and failure handing in OSX tpm implementation
Change-Id: I5105bc87b382d7e515538fef6922f3516afc3bff
diff --git a/src/name-component.hpp b/src/name-component.hpp
index 4c3ecca..f88c081 100644
--- a/src/name-component.hpp
+++ b/src/name-component.hpp
@@ -251,7 +251,11 @@
{
if (value_size() != other.value_size())
return false;
+ if (value_size() == 0 /* == other.value_size()*/)
+ return true;
+ // somehow, behavior is wrong on OSX 10.9 when component is empty
+ // (probably some bug in STL...)
return std::equal(value_begin(), value_end(), other.value_begin());
}
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index fc04ba0..de95ef1 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -267,11 +267,12 @@
OSStatus res = SecKeyGeneratePair((CFDictionaryRef)attrDict, &publicKey, &privateKey);
- CFRelease(publicKey);
- CFRelease(privateKey);
-
if (res == errSecSuccess)
- return;
+ {
+ CFRelease(publicKey);
+ CFRelease(privateKey);
+ return;
+ }
if (res == errSecAuthFailed && !retry)
{
@@ -360,6 +361,10 @@
0,
NULL,
&exportedKey);
+ if (res != errSecSuccess)
+ {
+ throw Error("Cannot export requested public key from OSX Keychain");
+ }
shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey), CFDataGetLength(exportedKey));
CFRelease(exportedKey);
@@ -546,6 +551,9 @@
0,
NULL);
+ if(res != errSecSuccess)
+ return false;
+
CFRelease(importedKey);
return true;
}