Print error message in sign_data

qpernil · qpernil · commit 90d34bf4017c · 2021-11-02T08:29:46.000+01:00
diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
@@ -130,10 +130,13 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u
   if(!verify_pin(state)) {
     return false;
   }
-  if(ykpiv_sign_data(state, in, len, out, out_len, algorithm, key) == YKPIV_OK) {
-    return true;
+  ykpiv_rc res = ykpiv_sign_data(state, in, len, out, out_len, algorithm, key);
+  if(res != YKPIV_OK)
+  {
+    fprintf(stderr, "Signing data failed: '%s'\n", ykpiv_strerror(res));
+    return false;
   }
-  return false;
+  return true;
 }
 
 #if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
@@ -874,7 +877,6 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
     unsigned char signature[1024] = {0};
     size_t sig_len = sizeof(signature);
     if(!sign_data(state, signinput, len, signature, &sig_len, algorithm, key)) {
-      fprintf(stderr, "Failed signing request.\n");
       goto request_out;
     }
     ASN1_STRING_set(req->signature, signature, sig_len);
@@ -1128,7 +1130,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
     unsigned char signature[1024] = {0};
     size_t sig_len = sizeof(signature);
     if(!sign_data(state, signinput, len, signature, &sig_len, algorithm, key)) {
-      fprintf(stderr, "Failed signing certificate.\n");
       goto selfsign_out;
     }
     ASN1_STRING_set(x509->signature, signature, sig_len);
@@ -1395,7 +1396,6 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
     unsigned char buf[1024] = {0};
     size_t len = sizeof(buf);
     if(!sign_data(state, hashed, hash_len, buf, &len, algo, key)) {
-      fprintf(stderr, "failed signing file\n");
       goto out;
     }
 
@@ -1699,7 +1699,6 @@ static bool test_signature(ykpiv_state *state, enum enum_slot slot,
       enc_len = data_len;
     }
     if(!sign_data(state, ptr, enc_len, signature, &sig_len, algorithm, key)) {
-      fprintf(stderr, "Failed signing test data.\n");
       goto test_out;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -130,10 +130,13 @@ static bool sign_data(ykpiv_state state, const unsigned char in, size_t len, u`
`130`	`130`	`if(!verify_pin(state)) {`
`131`	`131`	`return false;`
`132`	`132`	`}`
`133`		`- if(ykpiv_sign_data(state, in, len, out, out_len, algorithm, key) == YKPIV_OK) {`
`134`		`- return true;`
	`133`	`+ ykpiv_rc res = ykpiv_sign_data(state, in, len, out, out_len, algorithm, key);`
	`134`	`+ if(res != YKPIV_OK)`
	`135`	`+ {`
	`136`	`+ fprintf(stderr, "Signing data failed: '%s'\n", ykpiv_strerror(res));`
	`137`	`+ return false;`
`135`	`138`	`}`
`136`		`- return false;`
	`139`	`+ return true;`
`137`	`140`	`}`
`138`	`141`
`139`	`142`	`#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) \|\| defined(LIBRESSL_VERSION_NUMBER))`
`@@ -874,7 +877,6 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for`
`874`	`877`	`unsigned char signature[1024] = {0};`
`875`	`878`	`size_t sig_len = sizeof(signature);`
`876`	`879`	`if(!sign_data(state, signinput, len, signature, &sig_len, algorithm, key)) {`
`877`		`- fprintf(stderr, "Failed signing request.\n");`
`878`	`880`	`goto request_out;`
`879`	`881`	`}`
`880`	`882`	`ASN1_STRING_set(req->signature, signature, sig_len);`
`@@ -1128,7 +1130,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo`
`1128`	`1130`	`unsigned char signature[1024] = {0};`
`1129`	`1131`	`size_t sig_len = sizeof(signature);`
`1130`	`1132`	`if(!sign_data(state, signinput, len, signature, &sig_len, algorithm, key)) {`
`1131`		`- fprintf(stderr, "Failed signing certificate.\n");`
`1132`	`1133`	`goto selfsign_out;`
`1133`	`1134`	`}`
`1134`	`1135`	`ASN1_STRING_set(x509->signature, signature, sig_len);`
`@@ -1395,7 +1396,6 @@ static bool sign_file(ykpiv_state state, const char input, const char *output,`
`1395`	`1396`	`unsigned char buf[1024] = {0};`
`1396`	`1397`	`size_t len = sizeof(buf);`
`1397`	`1398`	`if(!sign_data(state, hashed, hash_len, buf, &len, algo, key)) {`
`1398`		`- fprintf(stderr, "failed signing file\n");`
`1399`	`1399`	`goto out;`
`1400`	`1400`	`}`
`1401`	`1401`
`@@ -1699,7 +1699,6 @@ static bool test_signature(ykpiv_state *state, enum enum_slot slot,`
`1699`	`1699`	`enc_len = data_len;`
`1700`	`1700`	`}`
`1701`	`1701`	`if(!sign_data(state, ptr, enc_len, signature, &sig_len, algorithm, key)) {`
`1702`		`- fprintf(stderr, "Failed signing test data.\n");`
`1703`	`1702`	`goto test_out;`
`1704`	`1703`	`}`
`1705`	`1704`