static
bool dcrypt_openssl_ecdh_derive_secret_local(struct dcrypt_private_key *local_key, buffer_t *R, buffer_t *S, const char **error_r)
{
- i_assert(local_key != NULL);
+ i_assert(local_key != NULL && local_key->key != NULL);
EVP_PKEY *local = local_key->key;
BN_CTX *bn_ctx = BN_CTX_new();
if (bn_ctx == NULL)
static
bool dcrypt_openssl_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key, buffer_t *R, buffer_t *S, const char **error_r)
{
+ i_assert(peer_key != NULL && peer_key->key != NULL);
/* ensure peer_key is EC key */
EVP_PKEY *local = NULL;
EVP_PKEY *peer = peer_key->key;
bool dcrypt_openssl_generate_keypair(struct dcrypt_keypair *pair_r, enum dcrypt_key_type kind, unsigned int bits, const char *curve, const char **error_r)
{
EVP_PKEY *pkey = NULL;
+ i_assert(pair_r != NULL);
i_zero(pair_r);
if (kind == DCRYPT_KEY_RSA) {
if (dcrypt_openssl_generate_rsa_key(bits, &pkey, error_r)) {
const char *data, const char *password,
struct dcrypt_private_key *dec_key, const char **error_r)
{
+ i_assert(key_r != NULL);
+
enum dcrypt_key_format format;
enum dcrypt_key_version version;
enum dcrypt_key_kind kind;
enum dcrypt_key_format format;
enum dcrypt_key_version version;
enum dcrypt_key_kind kind;
+ i_assert(key_r != NULL);
+
if (!dcrypt_openssl_key_string_get_info(data, &format, &version,
&kind, NULL, NULL, NULL, error_r)) {
return FALSE;
const char *cipher, buffer_t *destination, const char *password, struct dcrypt_public_key *enc_key,
const char **error_r)
{
+ i_assert(key != NULL && key->key != NULL);
+
int ec;
if (format == DCRYPT_FORMAT_DOVECOT) {
bool ret;
bool dcrypt_openssl_store_public_key(struct dcrypt_public_key *key, enum dcrypt_key_format format, buffer_t *destination, const char **error_r)
{
int ec;
+
+ i_assert(key != NULL && key->key != NULL);
+
if (format == DCRYPT_FORMAT_DOVECOT)
return dcrypt_openssl_store_public_key_dovecot(key, destination, error_r);
static
void dcrypt_openssl_private_to_public_key(struct dcrypt_private_key *priv_key, struct dcrypt_public_key **pub_key_r)
{
+ i_assert(priv_key != NULL && pub_key_r != NULL);
+
EVP_PKEY *pkey = priv_key->key;
EVP_PKEY *pk;
static
void dcrypt_openssl_ref_public_key(struct dcrypt_public_key *key)
{
+ i_assert(key != NULL && key->ref > 0);
key->ref++;
}
static
void dcrypt_openssl_ref_private_key(struct dcrypt_private_key *key)
{
+ i_assert(key != NULL && key->ref > 0);
key->ref++;
}
static
void dcrypt_openssl_unref_public_key(struct dcrypt_public_key **key)
{
+ i_assert(key != NULL && *key != NULL);
struct dcrypt_public_key *_key = *key;
+ i_assert(_key->ref > 0);
*key = NULL;
if (--_key->ref > 0) return;
EVP_PKEY_free(_key->key);
static
void dcrypt_openssl_unref_private_key(struct dcrypt_private_key **key)
{
+ i_assert(key != NULL && *key != NULL);
struct dcrypt_private_key *_key = *key;
+ i_assert(_key->ref > 0);
*key = NULL;
if (--_key->ref > 0) return;
EVP_PKEY_free(_key->key);
static
void dcrypt_openssl_unref_keypair(struct dcrypt_keypair *keypair)
{
+ i_assert(keypair != NULL);
dcrypt_openssl_unref_public_key(&(keypair->pub));
dcrypt_openssl_unref_private_key(&(keypair->priv));
}
bool dcrypt_openssl_rsa_encrypt(struct dcrypt_public_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r)
{
int ec;
-
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key->key, NULL);
size_t outl = EVP_PKEY_size(key->key);
unsigned char buf[outl];
bool dcrypt_openssl_rsa_decrypt(struct dcrypt_private_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r)
{
int ec;
-
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key->key, NULL);
size_t outl = EVP_PKEY_size(key->key);
unsigned char buf[outl];
const char *dcrypt_openssl_oid2name(const unsigned char *oid, size_t oid_len, const char **error_r)
{
const char *name;
+ i_assert(oid != NULL);
ASN1_OBJECT *obj = d2i_ASN1_OBJECT(NULL, &oid, oid_len);
if (obj == NULL) {
dcrypt_openssl_error(error_r);
static
bool dcrypt_openssl_name2oid(const char *name, buffer_t *oid, const char **error_r)
{
+ i_assert(name != NULL);
ASN1_OBJECT *obj = OBJ_txt2obj(name, 0);
if (obj == NULL)
return dcrypt_openssl_error(error_r);
static
enum dcrypt_key_type dcrypt_openssl_private_key_type(struct dcrypt_private_key *key)
{
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY *priv = key->key;
- i_assert(priv != NULL);
if (EVP_PKEY_base_id(priv) == EVP_PKEY_RSA) return DCRYPT_KEY_RSA;
else if (EVP_PKEY_base_id(priv) == EVP_PKEY_EC) return DCRYPT_KEY_EC;
else i_unreached();
static
enum dcrypt_key_type dcrypt_openssl_public_key_type(struct dcrypt_public_key *key)
{
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY *pub = key->key;
- i_assert(pub != NULL);
if (EVP_PKEY_base_id(pub) == EVP_PKEY_RSA) return DCRYPT_KEY_RSA;
else if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) return DCRYPT_KEY_EC;
else i_unreached();
bool dcrypt_openssl_public_key_id_old(struct dcrypt_public_key *key, buffer_t *result, const char **error_r)
{
unsigned char buf[SHA256_DIGEST_LENGTH];
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY *pub = key->key;
- i_assert(pub != NULL);
if (EVP_PKEY_base_id(pub) != EVP_PKEY_EC) {
if (error_r != NULL)
*error_r = "Only EC key supported";
bool dcrypt_openssl_private_key_id_old(struct dcrypt_private_key *key, buffer_t *result, const char **error_r)
{
unsigned char buf[SHA256_DIGEST_LENGTH];
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY *priv = key->key;
- i_assert(priv != NULL);
if (EVP_PKEY_base_id(priv) != EVP_PKEY_EC) {
if (error_r != NULL)
*error_r = "Only EC key supported";
bool dcrypt_openssl_public_key_id(struct dcrypt_public_key *key, const char *algorithm, buffer_t *result, const char **error_r)
{
const EVP_MD *md = EVP_get_digestbyname(algorithm);
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY *pub = key->key;
- i_assert(pub != NULL);
if (md == NULL) {
if (error_r != NULL)
*error_r = t_strdup_printf("Unknown cipher %s", algorithm);
bool dcrypt_openssl_private_key_id(struct dcrypt_private_key *key, const char *algorithm, buffer_t *result, const char **error_r)
{
const EVP_MD *md = EVP_get_digestbyname(algorithm);
+ i_assert(key != NULL && key->key != NULL);
EVP_PKEY *priv = key->key;
- i_assert(priv != NULL);
if (md == NULL) {
if (error_r != NULL)
*error_r = t_strdup_printf("Unknown cipher %s", algorithm);