Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sporadic errSecAuthFailed (-25293) when accessing KeyChain with SecKeychainFindGenericPassword?

Tags:

macos

cocoa

keychain

i'm writing an app that stores passwords on the keychain, and later obtains them with SecKeychainFindGenericPassword(). this works file 90% of the time, but every once in a while, the call to SecKeychainFindGenericPassword() will fail with errSecAuthFailed (-25293). when it does, just trying again, or restarting the app fixes it.

does anyone have an idea what could be causing this? general Google search on this error points to keychain corruption or the keychain being locked - neither of which is the case here, since subsequent calls succeed again...

like image 613
marc hoffman Avatar asked Dec 09 '25 22:12

marc hoffman

2 Answers

This link suggests the passphrase you entered is not correct. See Here Is it possible that sometimes you are sending a null object as a passphrase just by chance?

Alternatively, you could try out EMKeychain. I have a more up-to-date version on GitHub here: http://github.com/ctshryock/EMKeychain

like image 164
catsby Avatar answered Dec 12 '25 14:12

catsby

You haven't shared the code around your problem, So I'll just guess your problem is not with dysfunctional keychain, but rather some coding error.

Here is a common pitfall: Since KeyChain APIs are 'C', and they only accept C-style null terminated string buffers, you'll usually need to convert your CFString/NSString objects to C buffers before handing them to the API.

Many use things like:

const char *usernameCStr = [username UTF8String];

For an NSString, or its CFString companion...

const char *CFStringGetCStringPtr(CFStringRef theString, CFStringEncoding encoding);        /* May return NULL at any time; be prepared for NULL */

Dismissing the fact these APIs may return NULL. Either because the internal buffer of the CF/NSString is non-contiguous, or not in the encoding you asked for, or otherwise not-c-compatible.

Such issue can behave in runtime exactly like what you describe.

In such cases you should catch the problem and use different API to copy the CF/NS string into a C-buffer: 

Boolean CFStringGetCString(CFStringRef theString, char *buffer, CFIndex bufferSize, CFStringEncoding encoding);

or

- (BOOL)getCString:(char *)buffer maxLength:(NSUInteger)maxBufferCount encoding:(NSStringEncoding)encoding;
like image 43
Motti Shneor Avatar answered Dec 12 '25 14:12

Motti Shneor
Sign in to Comment

Related questions

OSX Cocoa NSButton type checkbox " Select all " issue, and how to solve it?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!