global: Call dcrypt always with error_r

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index d9af09f6e22ef406e0d024f21c006adcc0698f13..d63b16508faf198711901752df6baab7efa1218f 100644 (file)
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -302,7 +302,7 @@ struct db_oauth2 *db_oauth2_init(const char *config_path)
                        i_fatal("Cannot initialize key dict: %s", error);
                /* failure to initialize dcrypt is not fatal - we can still
                   validate HMAC based keys */
-               (void)dcrypt_initialize(NULL, NULL, NULL);
+               (void)dcrypt_initialize(NULL, NULL, &error);
                /* initialize key cache */
                db->oauth2_set.key_cache = oauth2_validation_key_cache_init();
        }

diff --git a/src/doveadm/doveadm-dump-dcrypt-file.c b/src/doveadm/doveadm-dump-dcrypt-file.c
index 0d5f12ee9cfe2261d73a70fcc2a9c0a717876550..b86e1878b4ed74fa11356390a2b4cb34967f888c 100644 (file)
--- a/src/doveadm/doveadm-dump-dcrypt-file.c
+++ b/src/doveadm/doveadm-dump-dcrypt-file.c
@@ -72,8 +72,11 @@ static bool dcrypt_file_dump_metadata(struct doveadm_cmd_context *cctx,
 static bool test_dump_dcrypt_file(struct doveadm_cmd_context *cctx,
                                  const char *path)
 {
-       if (!dcrypt_initialize("openssl", NULL, NULL))
+       const char *error;
+       if (!dcrypt_initialize("openssl", NULL, &error)) {
+               e_error(cctx->event, "%s", error);
                return FALSE;
+       }
        bool ret = dcrypt_file_dump_metadata(cctx, path, FALSE);
        return ret;
 }

diff --git a/src/doveadm/doveadm-dump-dcrypt-key.c b/src/doveadm/doveadm-dump-dcrypt-key.c
index b668d039d0cba8c12ce3d70241fc2ca7af1c7e92..48a112dab97b813dadf77ce1e9f0db026fc9f563 100644 (file)
--- a/src/doveadm/doveadm-dump-dcrypt-key.c
+++ b/src/doveadm/doveadm-dump-dcrypt-key.c
@@ -200,8 +200,11 @@ static bool dcrypt_key_dump_metadata(struct doveadm_cmd_context *cctx,
 static bool test_dump_dcrypt_key(struct doveadm_cmd_context *cctx,
                                 const char *path)
 {
-       if (!dcrypt_initialize("openssl", NULL, NULL))
+       const char *error;
+       if (!dcrypt_initialize("openssl", NULL, &error)) {
+               e_error(cctx->event, "%s", error);
                return FALSE;
+       }
        bool ret = dcrypt_key_dump_metadata(cctx, path, FALSE);
        return ret;
 }

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index 49180063e72a4db21eca3ecd1ec837ad26eb272e..b5ebf1f29bbaa6b59031e65b3639f8f5eac27364 100644 (file)
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -1470,8 +1470,10 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r,
        }
 
        /* finally compare key to key id */
-       dcrypt_openssl_private_key_id(*key_r, "sha256", key_data, NULL);
-
+       if (!dcrypt_openssl_private_key_id(*key_r, "sha256", key_data, error_r)) {
+               dcrypt_openssl_unref_private_key(key_r);
+               return FALSE;
+       }
        if (strcmp(binary_to_hex(key_data->data, key_data->used),
                   input[len-1]) != 0) {
                dcrypt_openssl_unref_private_key(key_r);
@@ -2123,7 +2125,10 @@ dcrypt_openssl_load_public_key_dovecot_v1(struct dcrypt_public_key **key_r,
                struct dcrypt_public_key tmp;
                i_zero(&tmp);
                tmp.key = key;
-               dcrypt_openssl_public_key_id_old(&tmp, dgst, NULL);
+               if (!dcrypt_openssl_public_key_id_old(&tmp, dgst, error_r)) {
+                       EVP_PKEY_free(key);
+                       return FALSE;
+               }
                if (strcmp(binary_to_hex(dgst->data, dgst->used),
                           input[len-1]) != 0) {
                        DCRYPT_SET_ERROR("Key id mismatch after load");
@@ -2165,7 +2170,10 @@ dcrypt_openssl_load_public_key_dovecot_v2(struct dcrypt_public_key **key_r,
        struct dcrypt_public_key tmpkey;
        i_zero(&tmpkey);
        tmpkey.key = pkey;
-       dcrypt_openssl_public_key_id(&tmpkey, "sha256", dgst, NULL);
+       if (!dcrypt_openssl_public_key_id(&tmpkey, "sha256", dgst, error_r)) {
+               EVP_PKEY_free(pkey);
+               return FALSE;
+       }
        if (strcmp(binary_to_hex(dgst->data, dgst->used), input[len-1]) != 0) {
                DCRYPT_SET_ERROR("Key id mismatch after load");
                EVP_PKEY_free(pkey);

diff --git a/src/lib-dcrypt/ostream-encrypt.c b/src/lib-dcrypt/ostream-encrypt.c
index b1194914d54dc9bde9881ada73eec2cec83e94b2..7129ebdfbbf3d746798191a4b0a4beaee16b58b6 100644 (file)
--- a/src/lib-dcrypt/ostream-encrypt.c
+++ b/src/lib-dcrypt/ostream-encrypt.c
@@ -355,7 +355,11 @@ o_stream_encrypt_key_for_pubkey_v2(struct encrypt_ostream *stream,
        char kt = ktype;
        buffer_append(res, &kt, 1);
        /* store hash of public key as ID */
-       dcrypt_key_id_public(stream->pub, "sha256", res, NULL);
+       if (!dcrypt_key_id_public(stream->pub, "sha256", res, &error)) {
+               io_stream_set_error(&stream->ostream.iostream,
+                                   "Cannot hash public key: %s", error);
+               return -1;
+       }
        /* store ephemeral key (if present) */
        unsigned int val = cpu32_to_be(ephemeral_key->used);
        buffer_append(res, &val, 4);

diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c
index 2d337f80847071c925fd924eec6dc5bbfb752b5d..a44db2a8beda688e1d6e55fced1ae3eb9acfd1b3 100644 (file)
--- a/src/lib-dcrypt/test-crypto.c
+++ b/src/lib-dcrypt/test-crypto.c
@@ -20,6 +20,8 @@
 
 static void test_cipher_test_vectors(void)
 {
+       const char *error ATTR_UNUSED;
+
        static const struct {
                const char *key;
                const char *iv;
@@ -79,11 +81,11 @@ static void test_cipher_test_vectors(void)
                dcrypt_ctx_sym_set_key(ctx, key->data, key->used);
                dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used);
 
-               test_assert_idx(dcrypt_ctx_sym_init(ctx, NULL), i);
+               test_assert_idx(dcrypt_ctx_sym_init(ctx, &error), i);
 
                test_assert_idx(dcrypt_ctx_sym_update(ctx,
-                       pt->data, pt->used, res_enc, NULL), i);
-               test_assert_idx(dcrypt_ctx_sym_final(ctx, res_enc, NULL), i);
+                       pt->data, pt->used, res_enc, &error), i);
+               test_assert_idx(dcrypt_ctx_sym_final(ctx, res_enc, &error), i);
 
                test_assert_idx(buffer_cmp(ct, res_enc), i);
 
@@ -101,10 +103,10 @@ static void test_cipher_test_vectors(void)
                dcrypt_ctx_sym_set_key(ctx, key->data, key->used);
                dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used);
 
-               test_assert_idx(dcrypt_ctx_sym_init(ctx, NULL), i);
+               test_assert_idx(dcrypt_ctx_sym_init(ctx, &error), i);
                test_assert_idx(dcrypt_ctx_sym_update(ctx,
-                       res_enc->data, res_enc->used, res_dec, NULL), i);
-               test_assert_idx(dcrypt_ctx_sym_final(ctx, res_dec, NULL), i);
+                       res_enc->data, res_enc->used, res_dec, &error), i);
+               test_assert_idx(dcrypt_ctx_sym_final(ctx, res_dec, &error), i);
 
                test_assert_idx(buffer_cmp(pt, res_dec), i);
 
@@ -193,6 +195,7 @@ static void test_hmac_test_vectors(void)
 {
        test_begin("test_hmac_test_vectors");
 
+       const char *error ATTR_UNUSED;
        buffer_t *pt, *ct, *key, *res;
        pt = t_buffer_create(50);
        key = t_buffer_create(20);
@@ -206,15 +209,15 @@ static void test_hmac_test_vectors(void)
                      "2959098b3ef8c122d9635514ced565fe", res);
 
        struct dcrypt_context_hmac *hctx;
-       if (!dcrypt_ctx_hmac_create("sha256", &hctx, NULL)) {
+       if (!dcrypt_ctx_hmac_create("sha256", &hctx, &error)) {
                test_assert_failed("dcrypt_ctx_hmac_create",
                                   __FILE__, __LINE__-1);
        } else {
                dcrypt_ctx_hmac_set_key(hctx, key->data, key->used);
-               test_assert(dcrypt_ctx_hmac_init(hctx, NULL));
+               test_assert(dcrypt_ctx_hmac_init(hctx, &error));
                test_assert(dcrypt_ctx_hmac_update(hctx,
                        pt->data, pt->used, NULL));
-               test_assert(dcrypt_ctx_hmac_final(hctx, ct, NULL));
+               test_assert(dcrypt_ctx_hmac_final(hctx, ct, &error));
                test_assert(buffer_cmp(ct, res));
                dcrypt_ctx_hmac_destroy(&hctx);
        }
@@ -600,7 +603,7 @@ static void test_gen_and_get_info_rsa_pem(void)
        struct dcrypt_keypair pair;
        string_t* buf = str_new(default_pool, 4096);
 
-       ret = dcrypt_keypair_generate(&pair, DCRYPT_KEY_RSA, 1024, NULL, NULL);
+       ret = dcrypt_keypair_generate(&pair, DCRYPT_KEY_RSA, 1024, NULL, &error);
        test_assert(ret == TRUE);
 
        /* test public key */
@@ -909,6 +912,7 @@ static void test_raw_keys(void)
 
        test_begin("test_raw_keys");
 
+       const char *error;
        ARRAY_TYPE(dcrypt_raw_key) priv_key;
        ARRAY_TYPE(dcrypt_raw_key) pub_key;
        pool_t pool = pool_datastack_create();
@@ -920,7 +924,7 @@ static void test_raw_keys(void)
 
        /* generate ECC key */
        struct dcrypt_keypair pair;
-       i_assert(dcrypt_keypair_generate(&pair, DCRYPT_KEY_EC, 0, "prime256v1", NULL));
+       i_assert(dcrypt_keypair_generate(&pair, DCRYPT_KEY_EC, 0, "prime256v1", &error));
 
        /* store it */
        test_assert(dcrypt_key_store_private_raw(pair.priv, pool, &t, &priv_key,
@@ -953,7 +957,7 @@ static void test_raw_keys(void)
 
        /* Add OID */
        buffer_t *buf = t_buffer_create(32);
-       test_assert(dcrypt_name2oid(curve, buf, NULL));
+       test_assert(dcrypt_name2oid(curve, buf, &error));
        item = array_append_space(&static_key);
        item->parameter = buf->data;
        item->len = buf->used;
@@ -992,7 +996,7 @@ static void test_raw_keys(void)
 
        /* Add OID */
        buf = t_buffer_create(32);
-       test_assert(dcrypt_name2oid(curve, buf, NULL));
+       test_assert(dcrypt_name2oid(curve, buf, &error));
        item = array_append_space(&static_key);
        item->parameter = buf->data;
        item->len = buf->used;
@@ -1131,8 +1135,8 @@ static void test_static_verify_ecdsa(void)
 
        i_zero(&pair);
        /* static key test */
-       test_assert(dcrypt_key_load_public(&pair.pub, pub_key_pem, NULL));
-       test_assert(dcrypt_key_load_private(&pair.priv, priv_key_pem, NULL, NULL, NULL));
+       test_assert(dcrypt_key_load_public(&pair.pub, pub_key_pem, &error));
+       test_assert(dcrypt_key_load_private(&pair.priv, priv_key_pem, NULL, NULL, &error));
        /* validate signature */
        test_assert(dcrypt_verify(pair.pub, "sha256", DCRYPT_SIGNATURE_FORMAT_DSS,
                                  input, strlen(input),
@@ -1161,23 +1165,24 @@ static void test_jwk_keys(void)
          "yLG69yOisek4aMLCMQ8HkGEflJE/DVwI3mCtassKmGtbX18IVHyntz07mg==\n"
          "-----END PUBLIC KEY-----";
        test_begin("test_jwk_keys");
+       const char *error ATTR_UNUSED;
        struct dcrypt_keypair pair;
        buffer_t *pem = t_buffer_create(256);
        i_zero(&pair);
 
-       test_assert(dcrypt_key_load_public(&pair.pub, jwk_key_json, NULL));
-       test_assert(dcrypt_key_load_private(&pair.priv, jwk_key_json, NULL, NULL, NULL));
+       test_assert(dcrypt_key_load_public(&pair.pub, jwk_key_json, &error));
+       test_assert(dcrypt_key_load_private(&pair.priv, jwk_key_json, NULL, NULL, &error));
 
        /* test accessors */
        test_assert_strcmp(dcrypt_key_get_id_public(pair.pub), "123");
        test_assert(dcrypt_key_get_usage_public(pair.pub) == DCRYPT_KEY_USAGE_SIGN);
 
        /* make sure we got the right key */
-       test_assert(dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_PEM, pem, NULL));
+       test_assert(dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_PEM, pem, &error));
        test_assert_strcmp(str_c(pem), pem_key);
 
        str_truncate(pem, 0);
-       test_assert(dcrypt_key_store_private(pair.priv, DCRYPT_FORMAT_JWK, NULL, pem, NULL, NULL, NULL));
+       test_assert(dcrypt_key_store_private(pair.priv, DCRYPT_FORMAT_JWK, NULL, pem, NULL, NULL, &error));
        test_assert_strcmp(str_c(pem), jwk_key_json);
 
        dcrypt_keypair_unref(&pair);

diff --git a/src/lib-dcrypt/test-stream.c b/src/lib-dcrypt/test-stream.c
index 09a749760bdd9c54f6f17490177518729057dc5e..d4dfa356f54643b0f1dcd1700b965ef18f46b110 100644 (file)
--- a/src/lib-dcrypt/test-stream.c
+++ b/src/lib-dcrypt/test-stream.c
@@ -632,11 +632,11 @@ int main(void)
        }
 
        test_assert(dcrypt_key_load_private(&test_v1_kp.priv, key_v1_priv,
-                                           NULL, NULL, NULL));
-       test_assert(dcrypt_key_load_public(&test_v1_kp.pub, key_v1_pub, NULL));
+                                           NULL, NULL, &error));
+       test_assert(dcrypt_key_load_public(&test_v1_kp.pub, key_v1_pub, &error));
        test_assert(dcrypt_key_load_private(&test_v2_kp.priv, key_v2_priv,
-                                           NULL, NULL, NULL));
-       test_assert(dcrypt_key_load_public(&test_v2_kp.pub, key_v2_pub, NULL));
+                                           NULL, NULL, &error));
+       test_assert(dcrypt_key_load_public(&test_v2_kp.pub, key_v2_pub, &error));
 
        static void (*const test_functions[])(void) = {
                test_static_v1_input,

diff --git a/src/plugins/mail-crypt/test-mail-global-key.c b/src/plugins/mail-crypt/test-mail-global-key.c
index 4c5ed38db04dd6c245f49b2f6caf28388235e259..48f1a5386bd966a6f389909435e918654897ac61 100644 (file)
--- a/src/plugins/mail-crypt/test-mail-global-key.c
+++ b/src/plugins/mail-crypt/test-mail-global-key.c
@@ -37,8 +37,9 @@ static void test_setup(void)
        struct dcrypt_settings set = {
                .module_dir = top_builddir "/src/lib-dcrypt/.libs"
        };
-       if (!dcrypt_initialize(NULL, &set, NULL)) {
-               i_info("No functional dcrypt backend found - skipping tests");
+       const char *error;
+       if (!dcrypt_initialize(NULL, &set, &error)) {
+               i_info("No functional dcrypt backend found - skipping tests: %s", error);
                test_exit(0);
        }
        i_array_init(&fs_set.plugin_envs, 8);

diff --git a/src/plugins/mail-crypt/test-mail-key.c b/src/plugins/mail-crypt/test-mail-key.c
index 707d54bfa001d16bdd823c10840ee88fbd6f76dc..daf098cd0ea0a1e4478a4b179217b930c9f85ae1 100644 (file)
--- a/src/plugins/mail-crypt/test-mail-key.c
+++ b/src/plugins/mail-crypt/test-mail-key.c
@@ -363,8 +363,9 @@ static void test_setup(void)
        struct dcrypt_settings set = {
                .module_dir = top_builddir "/src/lib-dcrypt/.libs"
        };
-       if (!dcrypt_initialize(NULL, &set, NULL)) {
-               i_info("No functional dcrypt backend found - skipping tests");
+       const char *error;
+       if (!dcrypt_initialize(NULL, &set, &error)) {
+               i_info("No functional dcrypt backend found - skipping tests: %s", error);
                test_exit(0);
        }
        test_ctx = test_mail_storage_init();

diff --git a/src/plugins/var-expand-crypt/test-var-expand-crypt.c b/src/plugins/var-expand-crypt/test-var-expand-crypt.c
index e12a0402b693baf7e59c81e30a37a6d1b64bec4d..73a2fee1798ad232122ff931aa7cf50e7d558220 100644 (file)
--- a/src/plugins/var-expand-crypt/test-var-expand-crypt.c
+++ b/src/plugins/var-expand-crypt/test-var-expand-crypt.c
@@ -90,9 +90,12 @@ int main(void)
        struct dcrypt_settings set = {
                .module_dir = DCRYPT_BUILD_DIR"/.libs"
        };
+       const char *error;
 
-       if (!dcrypt_initialize(NULL, &set, NULL))
+       if (!dcrypt_initialize(NULL, &set, &error)) {
+               i_info("No functional dcrypt backend found - skipping tests: %s", error);
                return 0;
+       }
 
        ret = test_run(test_functions);