verify OSStatus returned from Sec* functions

Sources/Starscream/SSLSecurity.swift

@@ -149,7 +149,10 @@ open class SSLSecurity : SSLTrustValidator {
         } else {
             policy = SecPolicyCreateBasicX509()
         }
-        SecTrustSetPolicies(trust,policy)
+        guard SecTrustSetPolicies(trust, policy) == errSecSuccess else {
+            assertionFailure("unable to set trust policies")
+            return false
+        }
         if self.usePublicKeys {
             if let keys = self.pubKeys {
                 let serverPubKeys = publicKeyChain(trust)
@@ -167,9 +170,15 @@ open class SSLSecurity : SSLTrustValidator {
             for cert in certs {
                 collect.append(SecCertificateCreateWithData(nil,cert as CFData)!)
             }
-            SecTrustSetAnchorCertificates(trust,collect as NSArray)
+            guard SecTrustSetAnchorCertificates(trust, collect as NSArray) == errSecSuccess else {
+                assertionFailure("unable to set trust anchor certificates")
+                return false
+            }
             var result: SecTrustResultType = .unspecified
-            SecTrustEvaluate(trust,&result)
+            guard SecTrustEvaluate(trust, &result) == errSecSuccess else {
+                assertionFailure("unable to evaluate trust")
+                return false
+            }
             if result == .unspecified || result == .proceed {
                 if !validateEntireChain {
                     return true
@@ -213,11 +222,17 @@ open class SSLSecurity : SSLTrustValidator {
     */
     public func extractPublicKey(_ cert: SecCertificate, policy: SecPolicy) -> SecKey? {
         var possibleTrust: SecTrust?
-        SecTrustCreateWithCertificates(cert, policy, &possibleTrust)
+        guard SecTrustCreateWithCertificates(cert, policy, &possibleTrust) == errSecSuccess else {
+            assertionFailure("failed to create trust with certificate")
+            return nil
+        }
         
         guard let trust = possibleTrust else { return nil }
         var result: SecTrustResultType = .unspecified
-        SecTrustEvaluate(trust, &result)
+        guard SecTrustEvaluate(trust, &result) == errSecSuccess else {
+            assertionFailure("failed to evaluate trust")
+            return nil
+        }
         return SecTrustCopyPublicKey(trust)
     }
     

Sources/Starscream/WebSocket.swift

@@ -49,6 +49,7 @@ public enum ErrorType: Error {
     case protocolError //There was an error parsing the WebSocket frames
     case upgradeError //There was an error during the HTTP upgrade
     case closeError //There was an error during the close (socket probably has been dereferenced)
+    case osError // There was an error with the underlying OS
 }
 
 public struct WSError: Error {
@@ -1250,7 +1251,10 @@ open class WebSocket : NSObject, StreamDelegate, WebSocketClient, WSStreamDelega
             }
             buffer[1] |= self.MaskMask
             let maskKey = UnsafeMutablePointer<UInt8>(buffer + offset)
-            _ = SecRandomCopyBytes(kSecRandomDefault, Int(MemoryLayout<UInt32>.size), maskKey)
+            guard SecRandomCopyBytes(kSecRandomDefault, Int(MemoryLayout<UInt32>.size), maskKey) == errSecSuccess else {
+                self.doDisconnect(WSError(type: .osError, message: "unable to generate random bytes", code: 0))
+                return
+            }
             offset += MemoryLayout<UInt32>.size
 
             for i in 0..<dataLength {