Skip to content

Commit

Permalink
Propagate NSS initialization errors
Browse files Browse the repository at this point in the history
  • Loading branch information
@wferi
wferi committed Jan 21, 2018
1 parent f2e1f20 commit 134e540
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions libknet/crypto_nss.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,7 @@ static int init_nss_crypto(knet_handle_t knet_h)

instance->nss_sym_key = nssimport_symmetric_key(knet_h, SYM_KEY_TYPE_CRYPT);
if (instance->nss_sym_key == NULL) {
errno = ENXIO; /* NSS reported error */
return -1;
}

Expand Down Expand Up @@ -499,6 +500,7 @@ static int init_nss_hash(knet_handle_t knet_h)

instance->nss_sym_key_sign = nssimport_symmetric_key(knet_h, SYM_KEY_TYPE_HASH);
if (instance->nss_sym_key_sign == NULL) {
errno = ENXIO; /* NSS reported error */
return -1;
}

Expand Down Expand Up @@ -727,6 +729,7 @@ static int nsscrypto_init(
struct knet_handle_crypto_cfg *knet_handle_crypto_cfg)
{
struct nsscrypto_instance *nsscrypto_instance = NULL;
int savederrno;

log_debug(knet_h, KNET_SUB_NSSCRYPTO,
"Initizializing nss crypto module [%s/%s]",
Expand All @@ -736,6 +739,7 @@ static int nsscrypto_init(
knet_h->crypto_instance->model_instance = malloc(sizeof(struct nsscrypto_instance));
if (!knet_h->crypto_instance->model_instance) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "Unable to allocate memory for nss model instance");
savederrno = ENOMEM;
return -1;
}

Expand All @@ -746,25 +750,29 @@ static int nsscrypto_init(
nsscrypto_instance->crypto_cipher_type = nssstring_to_crypto_cipher_type(knet_handle_crypto_cfg->crypto_cipher_type);
if (nsscrypto_instance->crypto_cipher_type < 0) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "unknown crypto cipher type requested");
savederrno = ENXIO;
goto out_err;
}

nsscrypto_instance->crypto_hash_type = nssstring_to_crypto_hash_type(knet_handle_crypto_cfg->crypto_hash_type);
if (nsscrypto_instance->crypto_hash_type < 0) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "unknown crypto hash type requested");
savederrno = ENXIO;
goto out_err;
}

if ((nsscrypto_instance->crypto_cipher_type > 0) &&
(nsscrypto_instance->crypto_hash_type == 0)) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "crypto communication requires hash specified");
savederrno = EINVAL;
goto out_err;
}

nsscrypto_instance->private_key = knet_handle_crypto_cfg->private_key;
nsscrypto_instance->private_key_len = knet_handle_crypto_cfg->private_key_len;

if (init_nss(knet_h) < 0) {
savederrno = errno;
goto out_err;
}

Expand All @@ -783,6 +791,7 @@ static int nsscrypto_init(
} else {
block_size = PK11_GetBlockSize(nsscrypto_instance->crypto_cipher_type, NULL);
if (block_size < 0) {
savederrno = ENXIO;
goto out_err;
}
}
Expand All @@ -797,6 +806,7 @@ static int nsscrypto_init(

out_err:
nsscrypto_fini(knet_h);
errno = savederrno;
return -1;
}

Expand Down

0 comments on commit 134e540

Please sign in to comment.