From: Michael Tremer Date: Tue, 22 Oct 2024 14:58:48 +0000 (+0000) Subject: key: Refactor return values X-Git-Tag: 0.9.30~956 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=668569ac14873da0915e22e80ffa767d71ff88ee;p=pakfire.git key: Refactor return values Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/key.c b/src/libpakfire/key.c index c1f6cf9c5..349c47de8 100644 --- a/src/libpakfire/key.c +++ b/src/libpakfire/key.c @@ -96,17 +96,16 @@ static int pakfire_key_id_equals(const pakfire_key_id* id1, const pakfire_key_id static int pakfire_key_create(struct pakfire_key** key, struct pakfire_ctx* ctx, const pakfire_key_algo_t algo, const pakfire_key_id id, EVP_PKEY* pkey, const char* comment) { - int r; + struct pakfire_key* k = NULL; + int r = 0; - if (!pkey) { - errno = EINVAL; - return 1; - } + if (!pkey) + return -EINVAL; // Allocate memory - struct pakfire_key* k = calloc(1, sizeof(*k)); + k = calloc(1, sizeof(*k)); if (!k) - return 1; + return -errno; // Store a reference to the context k->ctx = pakfire_ctx_ref(ctx); @@ -122,7 +121,7 @@ static int pakfire_key_create(struct pakfire_key** key, struct pakfire_ctx* ctx, default: CTX_ERROR(k->ctx, "Unsupported key algorithm %u\n", algo); - errno = ENOTSUP; + r = -ENOTSUP; goto ERROR; } @@ -136,20 +135,21 @@ static int pakfire_key_create(struct pakfire_key** key, struct pakfire_ctx* ctx, // Store the comment if (comment) { r = pakfire_string_set(k->comment, comment); - if (r) + if (r < 0) goto ERROR; // Remove any trailing newline pakfire_remove_trailing_newline(k->comment); } - *key = k; - return 0; + // Return the pointer + *key = pakfire_key_ref(k); ERROR: - pakfire_key_unref(k); + if (k) + pakfire_key_unref(k); - return 1; + return r; } static void pakfire_key_free(struct pakfire_key* key) { @@ -210,15 +210,14 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire default: CTX_ERROR(ctx, "Invalid key algorithm %u\n", algo); - errno = EINVAL; - return 1; + return -EINVAL; } // Generate a random key ID r = RAND_bytes((unsigned char*)&key_id, sizeof(key_id)); if (r < 0) { CTX_ERROR(ctx, "Could not generate the key ID\n"); - r = 1; + r = -EINVAL; goto ERROR; } @@ -226,7 +225,7 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire pctx = EVP_PKEY_CTX_new_id(id, NULL); if (!pctx) { CTX_ERROR(ctx, "Could not allocate the OpenSSL context: %m\n"); - r = 1; + r = -ENOMEM; goto ERROR; } @@ -236,7 +235,7 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire ERR_error_string_n(r, error, sizeof(error)); CTX_ERROR(ctx, "Could not prepare the context: %s\n", error); - r = 1; + r = -EINVAL; goto ERROR; } @@ -246,13 +245,13 @@ PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire ERR_error_string_n(r, error, sizeof(error)); CTX_ERROR(ctx, "Could not generate the key: %s\n", error); - r = 1; + r = -EINVAL; goto ERROR; } // Create a key object r = pakfire_key_create(key, ctx, algo, key_id, pkey, comment); - if (r) + if (r < 0) goto ERROR; // Success @@ -291,24 +290,21 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, // Check the signature algorithm if (buffer->sig_algo[0] != 'E' || buffer->sig_algo[1] != 'd') { CTX_ERROR(ctx, "Unsupported signature algorithm\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } // Check the KDF algorithm if (buffer->kdf_algo[0] != 'B' || buffer->kdf_algo[1] != 'K') { CTX_ERROR(ctx, "Unsupported KDF algorithm\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } // We don't support encrypted keys here if (buffer->kdf_rounds) { CTX_ERROR(ctx, "Encrypted keys are not supported\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } @@ -316,14 +312,13 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, r = EVP_Digest(&buffer->keys, sizeof(buffer->keys), checksum, &length, EVP_sha512(), NULL); if (r < 0) { CTX_ERROR(ctx, "Could not compute the checksum: %m\n"); - r = 1; goto ERROR; } // Compare the checksum if (memcmp(buffer->checksum, checksum, sizeof(buffer->checksum)) != 0) { CTX_ERROR(ctx, "Checksum mismatch\n"); - r = 1; + r = -EINVAL; goto ERROR; } @@ -334,20 +329,20 @@ static int pakfire_key_import_secret_key(struct pakfire_key** key, ERR_error_string_n(ERR_get_error(), error, sizeof(error)); CTX_ERROR(ctx, "Could not load secret key: %s\n", error); - r = 1; + r = -EINVAL; goto ERROR; } // Create a new key object r = pakfire_key_create(key, ctx, algo, buffer->id, pkey, comment); - if (r) + if (r < 0) goto ERROR; ERROR: if (pkey) EVP_PKEY_free(pkey); - return 0; + return r; } static int pakfire_key_import_public_key(struct pakfire_key** key, @@ -359,16 +354,13 @@ static int pakfire_key_import_public_key(struct pakfire_key** key, int r; // Check for input - if (!buffer) { - errno = EINVAL; - return 1; - } + if (!buffer) + return -EINVAL; // Check the signature algorithm if (buffer->sig_algo[0] != 'E' || buffer->sig_algo[1] != 'd') { CTX_ERROR(ctx, "Unsupported signature algorithm\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } @@ -379,13 +371,13 @@ static int pakfire_key_import_public_key(struct pakfire_key** key, ERR_error_string_n(ERR_get_error(), error, sizeof(error)); CTX_ERROR(ctx, "Could not load public key: %s\n", error); - r = 1; + r = -EINVAL; goto ERROR; } // Create a new key object r = pakfire_key_create(key, ctx, algo, buffer->id, pkey, comment); - if (r) + if (r < 0) goto ERROR; ERROR: @@ -421,16 +413,14 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, if (!pakfire_string_startswith(line, "untrusted comment: ")) { CTX_ERROR(ctx, "The first line must start with 'untrusted comment: '" " and not %s\n", line); - errno = EINVAL; - r = 1; + r = -EINVAL; goto ERROR; } // Copy the comment r = pakfire_string_set(comment, line + strlen("untrusted comment: ")); - if (r) { + if (r < 0) { CTX_ERROR(ctx, "Could not copy comment: %m\n"); - r = 1; goto ERROR; } @@ -442,8 +432,7 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, r = pakfire_b64decode(ctx, &buffer, &buffer_length, line); if (r) { CTX_ERROR(ctx, "Could not decode the key: %m\n"); - errno = EINVAL; - r = 1; + r = -EINVAL; goto ERROR; } @@ -453,19 +442,22 @@ PAKFIRE_EXPORT int pakfire_key_import(struct pakfire_key** key, case sizeof(struct pakfire_key_public_key): r = pakfire_key_import_public_key(key, ctx, comment, (struct pakfire_key_public_key*)buffer); + if (r < 0) + goto ERROR; break; // Private Key case sizeof(struct pakfire_key_private_key): r = pakfire_key_import_secret_key(key, ctx, comment, (struct pakfire_key_private_key*)buffer); + if (r < 0) + goto ERROR; break; // Unknown key default: CTX_ERROR(ctx, "Unsupported key type\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } break; @@ -499,7 +491,7 @@ int pakfire_key_import_from_string(struct pakfire_key** key, f = fmemopen((char*)data, length, "r"); if (!f) { CTX_ERROR(ctx, "Could not map the key to file: %m\n"); - r = 1; + r = -errno; goto ERROR; } @@ -526,13 +518,12 @@ static int pakfire_key_get_public_key(struct pakfire_key* key, ERR_error_string_n(ERR_get_error(), error, sizeof(error)); CTX_ERROR(key->ctx, "Could not extract the public key: %s\n", error); - return 1; + return -EINVAL; } if (l > length) { CTX_ERROR(key->ctx, "The buffer was too small to write the public key\n"); - errno = ENOBUFS; - return 1; + return -ENOBUFS; } return 0; @@ -551,13 +542,12 @@ static int pakfire_key_get_secret_key(struct pakfire_key* key, ERR_error_string_n(ERR_get_error(), error, sizeof(error)); CTX_ERROR(key->ctx, "Could not extract the secret key: %s\n", error); - return 1; + return -EINVAL; } if (l > length) { CTX_ERROR(key->ctx, "The buffer was too small to write the secret key\n"); - errno = ENOBUFS; - return 1; + return -ENOBUFS; } return 0; @@ -587,14 +577,14 @@ static int pakfire_key_export_private_key(struct pakfire_key* key, default: CTX_ERROR(key->ctx, "Unknown algorithm\n"); - return 1; + return -ENOTSUP; } // Generate a salt r = RAND_bytes(buffer->kdf_salt, sizeof(buffer->kdf_salt)); if (r < 1) { CTX_ERROR(key->ctx, "Could not generate salt\n"); - return 1; + return -EINVAL; } // Copy the key ID @@ -602,14 +592,14 @@ static int pakfire_key_export_private_key(struct pakfire_key* key, // Write the public key r = pakfire_key_get_public_key(key, buffer->keys.public, sizeof(buffer->keys.public)); - if (r) { + if (r < 0) { CTX_ERROR(key->ctx, "Could not export the public key: %m\n"); return r; } // Write the secret key r = pakfire_key_get_secret_key(key, buffer->keys.secret, sizeof(buffer->keys.secret)); - if (r) { + if (r < 0) { CTX_ERROR(key->ctx, "Could not export the secret key: %m\n"); return r; } @@ -618,7 +608,7 @@ static int pakfire_key_export_private_key(struct pakfire_key* key, r = EVP_Digest(&buffer->keys, sizeof(buffer->keys), checksum, &length, EVP_sha512(), NULL); if (r < 0) { CTX_ERROR(key->ctx, "Could not compute the checksum: %m\n"); - return 1; + return r; } // Copy the first couple of bytes of the checksum @@ -641,7 +631,7 @@ static int pakfire_key_export_public_key(struct pakfire_key* key, default: CTX_ERROR(key->ctx, "Unknown algorithm\n"); - return 1; + return -ENOTSUP; } // Copy the key ID @@ -649,7 +639,7 @@ static int pakfire_key_export_public_key(struct pakfire_key* key, // Write the public key r = pakfire_key_get_public_key(key, buffer->pubkey, sizeof(buffer->pubkey)); - if (r) { + if (r < 0) { CTX_ERROR(key->ctx, "Could not export the public key: %m\n"); return r; } @@ -721,14 +711,12 @@ PAKFIRE_EXPORT int pakfire_key_export(struct pakfire_key* key, FILE* f, r = BIO_write(b64, &private_key, sizeof(private_key)); if (r < 0) { CTX_ERROR(key->ctx, "Could not write the private key\n"); - r = 1; goto ERROR; } break; default: - errno = EINVAL; - r = 1; + r = -EINVAL; goto ERROR; } @@ -753,14 +741,14 @@ ERROR: PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { char* buffer = NULL; FILE* f = NULL; - int fd = -1; + int fd = -EBADF; int r; // Allocate a buffer in memory fd = memfd_create("pakfire-key-dump", MFD_CLOEXEC); if (fd < 0) { CTX_ERROR(key->ctx, "Could not allocate a temporary file: %m\n"); - r = 1; + r = -errno; goto ERROR; } @@ -768,13 +756,13 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { f = fdopen(fd, "r+"); if (!f) { CTX_ERROR(key->ctx, "Could not open file handle for temporary file: %m\n"); - r = 1; + r = -errno; goto ERROR; } // Export the public part of the key r = pakfire_key_export(key, f, PAKFIRE_KEY_EXPORT_MODE_PUBLIC); - if (r) { + if (r < 0) { CTX_ERROR(key->ctx, "Could not export key: %m\n"); goto ERROR; } @@ -789,7 +777,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { buffer = calloc(1, length + 1); if (!buffer) { CTX_ERROR(key->ctx, "Could not allocate buffer of %zu byte(s)\n", length + 1); - r = 1; + r = -errno; goto ERROR; } @@ -797,7 +785,7 @@ PAKFIRE_EXPORT char* pakfire_key_dump(struct pakfire_key* key) { size_t bytes_read = fread(buffer, 1, length, f); if (bytes_read < length) { CTX_ERROR(key->ctx, "Could not read back the buffer: %m\n"); - r = 1; + r = -errno; goto ERROR; } @@ -830,10 +818,8 @@ static int __pakfire_key_sign(struct pakfire_key* key, int r; // Check inputs - if (!signature || !data || !length) { - errno = EINVAL; - return 1; - } + if (!signature || !data || !length) + return -EINVAL; // Set algorithm signature->sig_algo[0] = 'E'; @@ -846,7 +832,7 @@ static int __pakfire_key_sign(struct pakfire_key* key, mdctx = EVP_MD_CTX_new(); if (!mdctx) { CTX_ERROR(key->ctx, "Could not initialize the message digest context: %m\n"); - r = 1; + r = -ENOMEM; goto ERROR; } @@ -854,7 +840,7 @@ static int __pakfire_key_sign(struct pakfire_key* key, r = EVP_DigestSignInit(mdctx, NULL, NULL, NULL, key->pkey); if (r < 1) { CTX_ERROR(key->ctx, "Could not setup context\n"); - r = 1; + r = -EINVAL; goto ERROR; } @@ -866,7 +852,6 @@ static int __pakfire_key_sign(struct pakfire_key* key, ERR_error_string_n(ERR_get_error(), error, sizeof(error)); CTX_ERROR(key->ctx, "Could not sign content: %s\n", error); - r = 1; goto ERROR; } @@ -896,21 +881,21 @@ PAKFIRE_EXPORT int pakfire_key_sign(struct pakfire_key* key, r = fprintf(f, "untrusted comment: %s\n", comment); if (r < 0) { CTX_ERROR(key->ctx, "Could not write comment: %m\n"); - r = 1; + r = -errno; goto ERROR; } } // Encode the signature to base64 r = pakfire_b64encode(key->ctx, &s, &signature, sizeof(signature)); - if (r) + if (r < 0) goto ERROR; // Write the signature r = fprintf(f, "%s\n", s); if (r < 0) { CTX_ERROR(key->ctx, "Could not write the signature: %m\n"); - r = 1; + r = -errno; goto ERROR; } @@ -934,7 +919,7 @@ int pakfire_key_signf(struct pakfire_key* key, FILE* s, FILE* f, const char* com // Load the entire content into memory r = pakfire_read_file_into_buffer(f, &buffer, &length); - if (r) + if (r < 0) goto ERROR; // Sign! @@ -970,8 +955,7 @@ static int pakfire_key_read_signature(struct pakfire_key* key, case 1: if (!pakfire_string_startswith(line, "untrusted comment:")) { CTX_ERROR(key->ctx, "The first line must start with 'untrusted comment:'\n"); - errno = EINVAL; - r = 1; + r = -EINVAL; goto ERROR; } break; @@ -982,8 +966,7 @@ static int pakfire_key_read_signature(struct pakfire_key* key, r = pakfire_b64decode(key->ctx, &buffer, &buffer_length, line); if (r) { CTX_ERROR(key->ctx, "Could not decode the signature: %m\n"); - errno = EINVAL; - r = 1; + r = -EINVAL; goto ERROR; } @@ -996,16 +979,14 @@ static int pakfire_key_read_signature(struct pakfire_key* key, // Check if we support the signature type if (signature->sig_algo[0] != 'E' || signature->sig_algo[1] != 'd') { CTX_ERROR(key->ctx, "Unknown signature type\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } break; default: CTX_ERROR(key->ctx, "Unknown signature type\n"); - errno = ENOTSUP; - r = 1; + r = -ENOTSUP; goto ERROR; } break; @@ -1035,8 +1016,7 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, // Check the key ID if (!pakfire_key_id_equals(&key->id, &signature->key_id)) { CTX_ERROR(key->ctx, "The signature has been created with a different key\n"); - errno = EBADMSG; - r = 1; + r = -EBADMSG; goto ERROR; } @@ -1044,7 +1024,7 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, mdctx = EVP_MD_CTX_new(); if (!mdctx) { CTX_ERROR(key->ctx, "Could not create the message digest context\n"); - r = 1; + r = -ENOMEM; goto ERROR; } @@ -1052,7 +1032,6 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, r = EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, key->pkey); if (r < 1) { CTX_ERROR(key->ctx, "Could not setup the verification context\n"); - r = 1; goto ERROR; } @@ -1063,8 +1042,7 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, // Fail case 0: CTX_ERROR(key->ctx, "Signature verification failed\n"); - errno = EBADMSG; - r = 1; + r = -EBADMSG; break; // Success @@ -1076,7 +1054,7 @@ static int pakfire_key_verify_signature(struct pakfire_key* key, // Error default: CTX_ERROR(key->ctx, "Could not perform signature verification\n"); - r = 1; + r = -ENOTSUP; goto ERROR; } @@ -1094,14 +1072,14 @@ PAKFIRE_EXPORT int pakfire_key_verify(struct pakfire_key* key, FILE* f, // Read the signature r = pakfire_key_read_signature(key, &signature, f); - if (r) { + if (r < 0) { CTX_ERROR(key->ctx, "Could not read signature: %m\n"); return r; } // Verify signature r = pakfire_key_verify_signature(key, &signature, data, length); - if (r) { + if (r < 0) { CTX_ERROR(key->ctx, "Could not verify signature: %m\n"); return r; } diff --git a/tests/libpakfire/key.c b/tests/libpakfire/key.c index c6ea5134a..3a2fa7f34 100644 --- a/tests/libpakfire/key.c +++ b/tests/libpakfire/key.c @@ -34,8 +34,7 @@ static int test_generate(const struct test* t) { int r = EXIT_FAILURE; // Try to call pakfire_key_generate() with some invalid inputs - ASSERT_ERRNO(pakfire_key_generate(&key, t->ctx, - PAKFIRE_KEY_ALGO_NULL, "Key 1"), EINVAL); + ASSERT(pakfire_key_generate(&key, t->ctx, PAKFIRE_KEY_ALGO_NULL, "Key 1") == -EINVAL); // Generate a new key using ed25519 ASSERT_SUCCESS(pakfire_key_generate(&key, t->ctx,