From: Aki Tuomi Date: Tue, 1 Nov 2022 10:55:36 +0000 (+0200) Subject: lib-dcrypt: Make error_r required X-Git-Tag: 2.4.0~3452 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0462b64079d73f47fe3569f97696bc008ecb1d58;p=thirdparty%2Fdovecot%2Fcore.git lib-dcrypt: Make error_r required --- diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c index b5ebf1f29b..4ad855cc0f 100644 --- a/src/lib-dcrypt/dcrypt-openssl.c +++ b/src/lib-dcrypt/dcrypt-openssl.c @@ -158,8 +158,6 @@ struct dcrypt_private_key { char *key_id; }; -#define DCRYPT_SET_ERROR(error) STMT_START { if (error_r != NULL) *error_r = (error); } STMT_END - static bool dcrypt_openssl_public_key_id(struct dcrypt_public_key *key, const char *algorithm, buffer_t *result, @@ -234,16 +232,12 @@ static bool dcrypt_openssl_error(const char **error_r) i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed"); if (ERR_peek_error() == 0) break; - if (error_r == NULL) - continue; if (errstr == NULL) errstr = t_str_new(128); else str_append(errstr, ", "); str_append(errstr, ssl_err2str(err, data, flags)); } - if (error_r == NULL) - return FALSE; if (err == 0) { if (errno != 0) final_error = strerror(errno); @@ -279,7 +273,7 @@ dcrypt_openssl_padding_mode(enum dcrypt_padding padding, case DCRYPT_PADDING_RSA_NO: return RSA_NO_PADDING; default: - DCRYPT_SET_ERROR("Unsupported padding mode"); + *error_r = "Unsupported padding mode"; return -1; } i_unreached(); @@ -320,8 +314,8 @@ dcrypt_openssl_ctx_sym_create(const char *algorithm, enum dcrypt_sym_mode mode, cipher = EVP_get_cipherbyname(algorithm); if (cipher == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Invalid cipher %s", - algorithm)); + *error_r = t_strdup_printf("Invalid cipher %s", + algorithm); return FALSE; } @@ -593,7 +587,7 @@ dcrypt_openssl_ctx_sym_final(struct dcrypt_context_symmetric *ctx, } if (ec == 0) - DCRYPT_SET_ERROR("data authentication failed"); + *error_r = "data authentication failed"; else if (ec < 0) dcrypt_openssl_error(error_r); @@ -614,8 +608,8 @@ dcrypt_openssl_ctx_hmac_create(const char *algorithm, md = EVP_get_digestbyname(algorithm); if(md == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Invalid digest %s", - algorithm)); + *error_r = t_strdup_printf("Invalid digest %s", + algorithm); return FALSE; } @@ -885,7 +879,7 @@ dcrypt_openssl_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key, EVP_PKEY *local = NULL; EVP_PKEY *peer = peer_key->key; if (EVP_PKEY_base_id(peer) != EVP_PKEY_EC) { - DCRYPT_SET_ERROR("Only ECC key can be used"); + *error_r = "Only ECC key can be used"; return FALSE; } @@ -935,7 +929,7 @@ dcrypt_openssl_pbkdf2(const unsigned char *password, size_t password_len, /* determine MD */ const EVP_MD* md = EVP_get_digestbyname(hash); if (md == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Invalid digest %s", hash)); + *error_r = t_strdup_printf("Invalid digest %s", hash); return FALSE; } @@ -974,8 +968,8 @@ dcrypt_openssl_generate_keypair(struct dcrypt_keypair *pair_r, } else if (kind == DCRYPT_KEY_EC) { int nid = OBJ_sn2nid(curve); if (nid == NID_undef) { - DCRYPT_SET_ERROR(t_strdup_printf("Unknown EC curve %s", - curve)); + *error_r = t_strdup_printf("Unknown EC curve %s", + curve); return FALSE; } if (dcrypt_openssl_generate_ec_key(nid, &pkey, error_r)) { @@ -990,7 +984,7 @@ dcrypt_openssl_generate_keypair(struct dcrypt_keypair *pair_r, return dcrypt_openssl_error(error_r); } } - DCRYPT_SET_ERROR("Key type not supported in this build"); + *error_r = "Key type not supported in this build"; return FALSE; } @@ -1103,12 +1097,12 @@ dcrypt_openssl_load_private_key_dovecot_v1(struct dcrypt_private_key **key_r, BIGNUM *point = NULL; if (str_to_int(input[1], &nid) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } if (str_to_int(input[2], &enctype) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -1122,7 +1116,7 @@ dcrypt_openssl_load_private_key_dovecot_v1(struct dcrypt_private_key **key_r, } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PASSWORD) { /* by password */ if (password == NULL) { - DCRYPT_SET_ERROR("password missing"); + *error_r = "password missing"; return FALSE; } const char *enc_priv_pt = input[3]; @@ -1134,7 +1128,7 @@ dcrypt_openssl_load_private_key_dovecot_v1(struct dcrypt_private_key **key_r, } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PK) { /* by key */ if (dec_key == NULL) { - DCRYPT_SET_ERROR("decrypt key missing"); + *error_r = "decrypt key missing"; return FALSE; } const char *enc_priv_pt = input[3]; @@ -1144,7 +1138,7 @@ dcrypt_openssl_load_private_key_dovecot_v1(struct dcrypt_private_key **key_r, return FALSE; } } else { - DCRYPT_SET_ERROR("Invalid key data"); + *error_r = "Invalid key data"; return FALSE; } @@ -1188,7 +1182,7 @@ dcrypt_openssl_load_private_key_dovecot_v1(struct dcrypt_private_key **key_r, const char *digest_hex = binary_to_hex(digest, SHA256_DIGEST_LENGTH); if (strcmp(digest_hex, input[len-1]) != 0) { - DCRYPT_SET_ERROR("Key id mismatch after load"); + *error_r = "Key id mismatch after load"; EC_KEY_free(eckey); return FALSE; } @@ -1278,12 +1272,12 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, /* check for encryption type */ if (str_to_int(input[2], &enctype) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } if (enctype < 0 || enctype > 2) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -1291,7 +1285,7 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, if ((enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_NONE && len != 5) || (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PASSWORD && len != 9) || (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PK && len != 11)) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -1304,17 +1298,17 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, /* decode and possibly decipher private key value */ if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_NONE) { if (hex_to_binary(input[3], key_data) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; } } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PK) { if (dec_key == NULL) { - DCRYPT_SET_ERROR("decrypt key missing"); + *error_r = "decrypt key missing"; return FALSE; } unsigned int rounds; struct dcrypt_public_key *pubkey = NULL; if (str_to_uint(input[6], &rounds) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -1332,7 +1326,7 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, if (strcmp(binary_to_hex(data->data, data->used), input[9]) != 0) { - DCRYPT_SET_ERROR("No private key available"); + *error_r = "No private key available"; return FALSE; } @@ -1367,12 +1361,12 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, } } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PASSWORD) { if (password == NULL) { - DCRYPT_SET_ERROR("password missing"); + *error_r = "password missing"; return FALSE; } unsigned int rounds; if (str_to_uint(input[6], &rounds) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -1382,7 +1376,7 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, data = t_buffer_create(strlen(input[7])/2); if (hex_to_binary(input[4], salt) != 0 || hex_to_binary(input[7], data) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -1477,7 +1471,7 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, if (strcmp(binary_to_hex(key_data->data, key_data->used), input[len-1]) != 0) { dcrypt_openssl_unref_private_key(key_r); - DCRYPT_SET_ERROR("Key id mismatch after load"); + *error_r = "Key id mismatch after load"; return FALSE; } @@ -1552,26 +1546,26 @@ static bool load_jwk_ec_key(EVP_PKEY **key_r, bool want_private_key, if ((node = json_tree_find_key(root, "crv")) == NULL || (crv = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing crv parameter"); + *error_r = "Missing crv parameter"; return FALSE; } if ((node = json_tree_find_key(root, "x")) == NULL || (x = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing x parameter"); + *error_r = "Missing x parameter"; return FALSE; } if ((node = json_tree_find_key(root, "y")) == NULL || (y = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing y parameter"); + *error_r = "Missing y parameter"; return FALSE; } if ((node = json_tree_find_key(root, "d")) == NULL || (d = json_tree_get_value_str(node)) == NULL) { if (want_private_key) { - DCRYPT_SET_ERROR("Missing d parameter"); + *error_r = "Missing d parameter"; return FALSE; } } @@ -1583,13 +1577,13 @@ static bool load_jwk_ec_key(EVP_PKEY **key_r, bool want_private_key, /* determine NID */ int nid = jwk_curve_to_nid(crv); if (nid == 0) { - DCRYPT_SET_ERROR(t_strdup_printf("Unsupported curve: %s", crv)); + *error_r = t_strdup_printf("Unsupported curve: %s", crv); return FALSE; } /* create key */ EC_KEY *ec_key = EC_KEY_new_by_curve_name(nid); if (ec_key == NULL) { - DCRYPT_SET_ERROR("Cannot allocate memory"); + *error_r = "Cannot allocate memory"; return FALSE; } @@ -1708,50 +1702,50 @@ static bool load_jwk_rsa_key(EVP_PKEY **key_r, bool want_private_key, /* n and e must be present */ if ((node = json_tree_find_key(root, "n")) == NULL || (n = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing n parameter"); + *error_r = "Missing n parameter"; return FALSE; } if ((node = json_tree_find_key(root, "e")) == NULL || (e = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing e parameter"); + *error_r = "Missing e parameter"; return FALSE; } if (want_private_key) { if ((node = json_tree_find_key(root, "d")) == NULL || (d = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing d parameter"); + *error_r = "Missing d parameter"; return FALSE; } if ((node = json_tree_find_key(root, "p")) == NULL || (p = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing p parameter"); + *error_r = "Missing p parameter"; return FALSE; } if ((node = json_tree_find_key(root, "q")) == NULL || (q = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing q parameter"); + *error_r = "Missing q parameter"; return FALSE; } if ((node = json_tree_find_key(root, "dp")) == NULL || (dp = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing dp parameter"); + *error_r = "Missing dp parameter"; return FALSE; } if ((node = json_tree_find_key(root, "dq")) == NULL || (dq = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing dq parameter"); + *error_r = "Missing dq parameter"; return FALSE; } if ((node = json_tree_find_key(root, "qi")) == NULL || (qi = json_tree_get_value_str(node)) == NULL) { - DCRYPT_SET_ERROR("Missing qi parameter"); + *error_r = "Missing qi parameter"; return FALSE; } } @@ -1860,8 +1854,8 @@ dcrypt_openssl_load_private_key_jwk(struct dcrypt_private_key **key_r, bool ret; if (parse_jwk_key(data, &key_tree, &error) != 0) { - DCRYPT_SET_ERROR(t_strdup_printf("Cannot load JWK private key: %s", - error)); + *error_r = t_strdup_printf("Cannot load JWK private key: %s", + error); return FALSE; } @@ -1869,7 +1863,7 @@ dcrypt_openssl_load_private_key_jwk(struct dcrypt_private_key **key_r, /* check key type */ if ((node = json_tree_find_key(root, "kty")) == NULL) { - DCRYPT_SET_ERROR("Cannot load JWK private key: no kty parameter"); + *error_r = "Cannot load JWK private key: no kty parameter"; json_tree_deinit(&key_tree); return FALSE; } @@ -1888,7 +1882,7 @@ dcrypt_openssl_load_private_key_jwk(struct dcrypt_private_key **key_r, i_assert(ret || error != NULL); if (!ret) - DCRYPT_SET_ERROR(t_strdup_printf("Cannot load JWK private key: %s", error)); + *error_r = t_strdup_printf("Cannot load JWK private key: %s", error); else if (ret) { *key_r = i_new(struct dcrypt_private_key, 1); (*key_r)->key = pkey; @@ -1918,8 +1912,8 @@ dcrypt_openssl_load_public_key_jwk(struct dcrypt_public_key **key_r, bool ret; if (parse_jwk_key(data, &key_tree, &error) != 0) { - DCRYPT_SET_ERROR(t_strdup_printf("Cannot load JWK public key: %s", - error)); + *error_r = t_strdup_printf("Cannot load JWK public key: %s", + error); return FALSE; } @@ -1927,7 +1921,7 @@ dcrypt_openssl_load_public_key_jwk(struct dcrypt_public_key **key_r, /* check key type */ if ((node = json_tree_find_key(root, "kty")) == NULL) { - DCRYPT_SET_ERROR("Cannot load JWK public key: no kty parameter"); + *error_r = "Cannot load JWK public key: no kty parameter"; json_tree_deinit(&key_tree); return FALSE; } @@ -1946,7 +1940,7 @@ dcrypt_openssl_load_public_key_jwk(struct dcrypt_public_key **key_r, i_assert(ret || error != NULL); if (!ret) - DCRYPT_SET_ERROR(t_strdup_printf("Cannot load JWK public key: %s", error)); + *error_r = t_strdup_printf("Cannot load JWK public key: %s", error); else if (ret) { *key_r = i_new(struct dcrypt_public_key, 1); (*key_r)->key = pkey; @@ -2026,7 +2020,7 @@ static bool store_jwk_ec_key(EVP_PKEY *pkey, bool is_private_key, if (is_private_key) { const BIGNUM *d = EC_KEY_get0_private_key(ec_key); if (d == NULL) { - DCRYPT_SET_ERROR("No private key available"); + *error_r = "No private key available"; return FALSE; } str_append(temp, "\",\"d\":\""); @@ -2052,7 +2046,7 @@ static bool store_jwk_key(EVP_PKEY *pkey, bool is_private_key, return store_jwk_ec_key(pkey, is_private_key, usage, key_id, cipher, password, enc_key, dest, error_r); } - DCRYPT_SET_ERROR("Unsupported key type"); + *error_r = "Unsupported key type"; return FALSE; } @@ -2086,7 +2080,7 @@ dcrypt_openssl_load_public_key_dovecot_v1(struct dcrypt_public_key **key_r, { int nid; if (str_to_int(input[1], &nid) != 0) { - DCRYPT_SET_ERROR("Corrupted data"); + *error_r = "Corrupted data"; return FALSE; } @@ -2131,7 +2125,7 @@ dcrypt_openssl_load_public_key_dovecot_v1(struct dcrypt_public_key **key_r, } if (strcmp(binary_to_hex(dgst->data, dgst->used), input[len-1]) != 0) { - DCRYPT_SET_ERROR("Key id mismatch after load"); + *error_r = "Key id mismatch after load"; EVP_PKEY_free(key); return FALSE; } @@ -2175,7 +2169,7 @@ dcrypt_openssl_load_public_key_dovecot_v2(struct dcrypt_public_key **key_r, return FALSE; } if (strcmp(binary_to_hex(dgst->data, dgst->used), input[len-1]) != 0) { - DCRYPT_SET_ERROR("Key id mismatch after load"); + *error_r = "Key id mismatch after load"; EVP_PKEY_free(pkey); return FALSE; } @@ -2323,7 +2317,7 @@ dcrypt_openssl_store_private_key_dovecot(struct dcrypt_private_key *key, if (len < 1) return dcrypt_openssl_error(error_r); if (len > (int)sizeof(objtxt)) { - DCRYPT_SET_ERROR("Object identifier too long"); + *error_r = "Object identifier too long"; return FALSE; } @@ -2448,7 +2442,7 @@ dcrypt_openssl_load_private_key(struct dcrypt_private_key **key_r, return FALSE; } if (kind != DCRYPT_KEY_KIND_PRIVATE) { - DCRYPT_SET_ERROR("key is not private"); + *error_r = "key is not private"; return FALSE; } @@ -2503,7 +2497,7 @@ dcrypt_openssl_load_public_key(struct dcrypt_public_key **key_r, } /* JWK private keys can be loaded as public */ if (kind != DCRYPT_KEY_KIND_PUBLIC && format != DCRYPT_FORMAT_JWK) { - DCRYPT_SET_ERROR("key is not public"); + *error_r = "key is not public"; return FALSE; } @@ -2530,7 +2524,7 @@ dcrypt_openssl_load_public_key(struct dcrypt_public_key **key_r, return dcrypt_openssl_error(error_r); } if (strcmp(buf, "-----BEGIN PUBLIC KEY-----") != 0) { - DCRYPT_SET_ERROR("Missing public key header"); + *error_r = "Missing public key header"; return FALSE; } BIO *b64 = BIO_new(BIO_f_base64()); @@ -2600,8 +2594,7 @@ dcrypt_openssl_store_private_key(struct dcrypt_private_key *key, if (cipher != NULL) { algo = EVP_get_cipherbyname(cipher); if (algo == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Invalid cipher %s", - cipher)); + *error_r = t_strdup_printf("Invalid cipher %s", cipher); return FALSE; } } @@ -2744,7 +2737,7 @@ dcrypt_openssl_key_string_get_info( format = DCRYPT_FORMAT_PEM; version = DCRYPT_KEY_VERSION_NA; if (str_begins_with(key_data, "RSA ")) { - DCRYPT_SET_ERROR("RSA private key format not supported, convert it to PKEY format with openssl pkey"); + *error_r = "RSA private key format not supported, convert it to PKEY format with openssl pkey"; return FALSE; } if (str_begins(key_data, "ENCRYPTED ", &key_data)) @@ -2754,7 +2747,7 @@ dcrypt_openssl_key_string_get_info( else if (str_begins_with(key_data, "PUBLIC KEY-----")) kind = DCRYPT_KEY_KIND_PUBLIC; else { - DCRYPT_SET_ERROR("Unknown/invalid PEM key type"); + *error_r = "Unknown/invalid PEM key type"; return FALSE; } } else if (*key_data == '{') { @@ -2765,7 +2758,7 @@ dcrypt_openssl_key_string_get_info( const struct json_tree_node *root, *node; const char *value, *error; if (parse_jwk_key(key_data, &tree, &error) != 0) { - DCRYPT_SET_ERROR("Unknown/invalid key data"); + *error_r = "Unknown/invalid key data"; return FALSE; } @@ -2774,7 +2767,7 @@ dcrypt_openssl_key_string_get_info( if ((node = json_tree_find_key(root, "kty")) == NULL || (value = json_tree_get_value_str(node)) == NULL) { json_tree_deinit(&tree); - DCRYPT_SET_ERROR("Invalid JWK key: Missing kty parameter"); + *error_r = "Invalid JWK key: Missing kty parameter"; return FALSE; } else if (strcmp(value, "RSA") == 0) { if (json_tree_find_key(root, "d") != NULL) @@ -2788,23 +2781,23 @@ dcrypt_openssl_key_string_get_info( kind = DCRYPT_KEY_KIND_PUBLIC; } else { json_tree_deinit(&tree); - DCRYPT_SET_ERROR("Unsupported JWK key type"); + *error_r = "Unsupported JWK key type"; return FALSE; } json_tree_deinit(&tree); } else { if (str_begins_with(key_data, "1:")) { - DCRYPT_SET_ERROR("Dovecot v1 key format uses tab to separate fields"); + *error_r = "Dovecot v1 key format uses tab to separate fields"; return FALSE; } else if (str_begins_with(key_data, "2\t")) { - DCRYPT_SET_ERROR("Dovecot v2 key format uses colon to separate fields"); + *error_r = "Dovecot v2 key format uses colon to separate fields"; return FALSE; } const char **fields = t_strsplit(key_data, ":\t"); int nfields = str_array_length(fields); if (nfields < 2) { - DCRYPT_SET_ERROR("Unknown key format"); + *error_r = "Unknown key format"; return FALSE; } @@ -2827,7 +2820,7 @@ dcrypt_openssl_key_string_get_info( if (encryption_key_hash_r != NULL) encryption_key_hash = i_strdup(fields[nfields-2]); } else { - DCRYPT_SET_ERROR("Invalid dovecot v1 encoding"); + *error_r = "Invalid dovecot v1 encoding"; return FALSE; } } else if (strcmp(fields[0], "2") == 0) { @@ -2846,11 +2839,11 @@ dcrypt_openssl_key_string_get_info( if (encryption_key_hash_r != NULL) encryption_key_hash = i_strdup(fields[nfields-2]); } else { - DCRYPT_SET_ERROR("Invalid dovecot v2 encoding"); + *error_r = "Invalid dovecot v2 encoding"; return FALSE; } } else { - DCRYPT_SET_ERROR("Invalid dovecot key version"); + *error_r = "Invalid dovecot key version"; return FALSE; } @@ -3008,7 +3001,7 @@ dcrypt_openssl_name2oid(const char *name, buffer_t *oid, const char **error_r) size_t len = OBJ_length(obj); if (len == 0) { - DCRYPT_SET_ERROR("Object has no OID assigned"); + *error_r = "Object has no OID assigned"; return FALSE; } len = i2d_ASN1_OBJECT(obj, NULL); @@ -3051,7 +3044,7 @@ dcrypt_openssl_public_key_id_old(struct dcrypt_public_key *key, EVP_PKEY *pub = key->key; if (EVP_PKEY_base_id(pub) != EVP_PKEY_EC) { - DCRYPT_SET_ERROR("Only EC key supported"); + *error_r = "Only EC key supported"; return FALSE; } @@ -3074,7 +3067,7 @@ dcrypt_openssl_private_key_id_old(struct dcrypt_private_key *key, EVP_PKEY *priv = key->key; if (EVP_PKEY_base_id(priv) != EVP_PKEY_EC) { - DCRYPT_SET_ERROR("Only EC key supported"); + *error_r = "Only EC key supported"; return FALSE; } @@ -3135,7 +3128,7 @@ dcrypt_openssl_public_key_id(struct dcrypt_public_key *key, EVP_PKEY *pub = key->key; if (md == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Unknown cipher %s", algorithm)); + *error_r = t_strdup_printf("Unknown cipher %s", algorithm); return FALSE; } @@ -3152,7 +3145,7 @@ dcrypt_openssl_private_key_id(struct dcrypt_private_key *key, EVP_PKEY *priv = key->key; if (md == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Unknown cipher %s", algorithm)); + *error_r = t_strdup_printf("Unknown cipher %s", algorithm); return FALSE; } @@ -3268,7 +3261,7 @@ dcrypt_openssl_sign(struct dcrypt_private_key *key, const char *algorithm, break; case DCRYPT_SIGNATURE_FORMAT_X962: if (EVP_PKEY_base_id(key->key) == EVP_PKEY_RSA) { - DCRYPT_SET_ERROR("Format does not support RSA"); + *error_r = "Format does not support RSA"; return FALSE; } return dcrypt_openssl_sign_ecdsa(key, algorithm, @@ -3288,7 +3281,7 @@ dcrypt_openssl_sign(struct dcrypt_private_key *key, const char *algorithm, return FALSE; if (md == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Unknown digest %s", algorithm)); + *error_r = t_strdup_printf("Unknown digest %s", algorithm); return FALSE; } @@ -3327,7 +3320,7 @@ dcrypt_openssl_verify_ecdsa(struct dcrypt_public_key *key, const char *algorithm bool *valid_r, const char **error_r) { if ((signature_len % 2) != 0) { - DCRYPT_SET_ERROR("Truncated signature"); + *error_r = "Truncated signature"; return FALSE; } @@ -3387,7 +3380,7 @@ dcrypt_openssl_verify(struct dcrypt_public_key *key, const char *algorithm, break; case DCRYPT_SIGNATURE_FORMAT_X962: if (EVP_PKEY_base_id(key->key) == EVP_PKEY_RSA) { - DCRYPT_SET_ERROR("Format does not support RSA"); + *error_r = "Format does not support RSA"; return FALSE; } return dcrypt_openssl_verify_ecdsa(key, algorithm, @@ -3407,7 +3400,7 @@ dcrypt_openssl_verify(struct dcrypt_public_key *key, const char *algorithm, return FALSE; if (md == NULL) { - DCRYPT_SET_ERROR(t_strdup_printf("Unknown digest %s", algorithm)); + *error_r = t_strdup_printf("Unknown digest %s", algorithm); return FALSE; } @@ -3446,7 +3439,7 @@ dcrypt_openssl_key_store_private_raw(struct dcrypt_private_key *key, t_array_init(&keys, 2); if (EVP_PKEY_base_id(priv) == EVP_PKEY_RSA) { - DCRYPT_SET_ERROR("Not implemented"); + *error_r = "Not implemented"; return FALSE; } else if (EVP_PKEY_base_id(priv) == EVP_PKEY_EC) { /* store OID */ @@ -3456,7 +3449,7 @@ dcrypt_openssl_key_store_private_raw(struct dcrypt_private_key *key, ASN1_OBJECT *obj = OBJ_nid2obj(nid); int len = OBJ_length(obj); if (len == 0) { - DCRYPT_SET_ERROR("Object has no OID assigned"); + *error_r = "Object has no OID assigned"; return FALSE; } len = i2d_ASN1_OBJECT(obj, NULL); @@ -3476,7 +3469,7 @@ dcrypt_openssl_key_store_private_raw(struct dcrypt_private_key *key, item->len = len; *type_r = DCRYPT_KEY_EC; } else { - DCRYPT_SET_ERROR("Key type unsupported"); + *error_r = "Key type unsupported"; return FALSE; } @@ -3497,7 +3490,7 @@ dcrypt_openssl_key_store_public_raw(struct dcrypt_public_key *key, t_array_init(&keys, 2); if (EVP_PKEY_base_id(pub) == EVP_PKEY_RSA) { - DCRYPT_SET_ERROR("Not implemented"); + *error_r = "Not implemented"; return FALSE; } else if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) { /* store OID */ @@ -3507,7 +3500,7 @@ dcrypt_openssl_key_store_public_raw(struct dcrypt_public_key *key, ASN1_OBJECT *obj = OBJ_nid2obj(nid); int len = OBJ_length(obj); if (len == 0) { - DCRYPT_SET_ERROR("Object has no OID assigned"); + *error_r = "Object has no OID assigned"; return FALSE; } len = i2d_ASN1_OBJECT(obj, NULL); @@ -3532,7 +3525,7 @@ dcrypt_openssl_key_store_public_raw(struct dcrypt_public_key *key, return dcrypt_openssl_error(error_r); *type_r = DCRYPT_KEY_EC; } else { - DCRYPT_SET_ERROR("Key type unsupported"); + *error_r = "Key type unsupported"; return FALSE; } @@ -3552,12 +3545,12 @@ dcrypt_openssl_key_load_private_raw(struct dcrypt_private_key **key_r, const struct dcrypt_raw_key *item; if (type == DCRYPT_KEY_RSA) { - DCRYPT_SET_ERROR("Not implemented"); + *error_r = "Not implemented"; return FALSE; } else if (type == DCRYPT_KEY_EC) { /* get curve */ if (array_count(keys) < 2) { - DCRYPT_SET_ERROR("Invalid parameters"); + *error_r = "Invalid parameters"; return FALSE; } item = array_idx(keys, 0); @@ -3615,7 +3608,7 @@ dcrypt_openssl_key_load_private_raw(struct dcrypt_private_key **key_r, (*key_r)->ref++; return TRUE; } else { - DCRYPT_SET_ERROR("Key type unsupported"); + *error_r = "Key type unsupported"; } return FALSE; @@ -3632,12 +3625,12 @@ dcrypt_openssl_key_load_public_raw(struct dcrypt_public_key **key_r, const struct dcrypt_raw_key *item; if (type == DCRYPT_KEY_RSA) { - DCRYPT_SET_ERROR("Not implemented"); + *error_r = "Not implemented"; return FALSE; } else if (type == DCRYPT_KEY_EC) { /* get curve */ if (array_count(keys) < 2) { - DCRYPT_SET_ERROR("Invalid parameters"); + *error_r = "Invalid parameters"; return FALSE; } item = array_idx(keys, 0); @@ -3689,7 +3682,7 @@ dcrypt_openssl_key_load_public_raw(struct dcrypt_public_key **key_r, (*key_r)->ref++; return TRUE; } else { - DCRYPT_SET_ERROR("Key type unsupported"); + *error_r = "Key type unsupported"; } return FALSE; @@ -3703,7 +3696,7 @@ dcrypt_openssl_key_get_curve_public(struct dcrypt_public_key *key, char objtxt[OID_TEXT_MAX_LEN]; if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { - DCRYPT_SET_ERROR("Unsupported key type"); + *error_r = "Unsupported key type"; return FALSE; } @@ -3716,7 +3709,7 @@ dcrypt_openssl_key_get_curve_public(struct dcrypt_public_key *key, if (len < 1) { return dcrypt_openssl_error(error_r); } else if ((unsigned int)len > sizeof(objtxt)) { - DCRYPT_SET_ERROR("Object name too long"); + *error_r = "Object name too long"; return FALSE; }