From: Aki Tuomi Date: Tue, 1 Nov 2022 10:54:11 +0000 (+0200) Subject: global: Call dcrypt always with error_r X-Git-Tag: 2.4.0~3453 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c65d2f659d8bb2785f5a18fe583b456e0b5cece;p=thirdparty%2Fdovecot%2Fcore.git global: Call dcrypt always with error_r --- diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c index d9af09f6e2..d63b16508f 100644 --- a/src/auth/db-oauth2.c +++ b/src/auth/db-oauth2.c @@ -302,7 +302,7 @@ struct db_oauth2 *db_oauth2_init(const char *config_path) i_fatal("Cannot initialize key dict: %s", error); /* failure to initialize dcrypt is not fatal - we can still validate HMAC based keys */ - (void)dcrypt_initialize(NULL, NULL, NULL); + (void)dcrypt_initialize(NULL, NULL, &error); /* initialize key cache */ db->oauth2_set.key_cache = oauth2_validation_key_cache_init(); } diff --git a/src/doveadm/doveadm-dump-dcrypt-file.c b/src/doveadm/doveadm-dump-dcrypt-file.c index 0d5f12ee9c..b86e1878b4 100644 --- a/src/doveadm/doveadm-dump-dcrypt-file.c +++ b/src/doveadm/doveadm-dump-dcrypt-file.c @@ -72,8 +72,11 @@ static bool dcrypt_file_dump_metadata(struct doveadm_cmd_context *cctx, static bool test_dump_dcrypt_file(struct doveadm_cmd_context *cctx, const char *path) { - if (!dcrypt_initialize("openssl", NULL, NULL)) + const char *error; + if (!dcrypt_initialize("openssl", NULL, &error)) { + e_error(cctx->event, "%s", error); return FALSE; + } bool ret = dcrypt_file_dump_metadata(cctx, path, FALSE); return ret; } diff --git a/src/doveadm/doveadm-dump-dcrypt-key.c b/src/doveadm/doveadm-dump-dcrypt-key.c index b668d039d0..48a112dab9 100644 --- a/src/doveadm/doveadm-dump-dcrypt-key.c +++ b/src/doveadm/doveadm-dump-dcrypt-key.c @@ -200,8 +200,11 @@ static bool dcrypt_key_dump_metadata(struct doveadm_cmd_context *cctx, static bool test_dump_dcrypt_key(struct doveadm_cmd_context *cctx, const char *path) { - if (!dcrypt_initialize("openssl", NULL, NULL)) + const char *error; + if (!dcrypt_initialize("openssl", NULL, &error)) { + e_error(cctx->event, "%s", error); return FALSE; + } bool ret = dcrypt_key_dump_metadata(cctx, path, FALSE); return ret; } diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c index 49180063e7..b5ebf1f29b 100644 --- a/src/lib-dcrypt/dcrypt-openssl.c +++ b/src/lib-dcrypt/dcrypt-openssl.c @@ -1470,8 +1470,10 @@ dcrypt_openssl_load_private_key_dovecot_v2(struct dcrypt_private_key **key_r, } /* finally compare key to key id */ - dcrypt_openssl_private_key_id(*key_r, "sha256", key_data, NULL); - + if (!dcrypt_openssl_private_key_id(*key_r, "sha256", key_data, error_r)) { + dcrypt_openssl_unref_private_key(key_r); + return FALSE; + } if (strcmp(binary_to_hex(key_data->data, key_data->used), input[len-1]) != 0) { dcrypt_openssl_unref_private_key(key_r); @@ -2123,7 +2125,10 @@ dcrypt_openssl_load_public_key_dovecot_v1(struct dcrypt_public_key **key_r, struct dcrypt_public_key tmp; i_zero(&tmp); tmp.key = key; - dcrypt_openssl_public_key_id_old(&tmp, dgst, NULL); + if (!dcrypt_openssl_public_key_id_old(&tmp, dgst, error_r)) { + EVP_PKEY_free(key); + return FALSE; + } if (strcmp(binary_to_hex(dgst->data, dgst->used), input[len-1]) != 0) { DCRYPT_SET_ERROR("Key id mismatch after load"); @@ -2165,7 +2170,10 @@ dcrypt_openssl_load_public_key_dovecot_v2(struct dcrypt_public_key **key_r, struct dcrypt_public_key tmpkey; i_zero(&tmpkey); tmpkey.key = pkey; - dcrypt_openssl_public_key_id(&tmpkey, "sha256", dgst, NULL); + if (!dcrypt_openssl_public_key_id(&tmpkey, "sha256", dgst, error_r)) { + EVP_PKEY_free(pkey); + return FALSE; + } if (strcmp(binary_to_hex(dgst->data, dgst->used), input[len-1]) != 0) { DCRYPT_SET_ERROR("Key id mismatch after load"); EVP_PKEY_free(pkey); diff --git a/src/lib-dcrypt/ostream-encrypt.c b/src/lib-dcrypt/ostream-encrypt.c index b1194914d5..7129ebdfbb 100644 --- a/src/lib-dcrypt/ostream-encrypt.c +++ b/src/lib-dcrypt/ostream-encrypt.c @@ -355,7 +355,11 @@ o_stream_encrypt_key_for_pubkey_v2(struct encrypt_ostream *stream, char kt = ktype; buffer_append(res, &kt, 1); /* store hash of public key as ID */ - dcrypt_key_id_public(stream->pub, "sha256", res, NULL); + if (!dcrypt_key_id_public(stream->pub, "sha256", res, &error)) { + io_stream_set_error(&stream->ostream.iostream, + "Cannot hash public key: %s", error); + return -1; + } /* store ephemeral key (if present) */ unsigned int val = cpu32_to_be(ephemeral_key->used); buffer_append(res, &val, 4); diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c index 2d337f8084..a44db2a8be 100644 --- a/src/lib-dcrypt/test-crypto.c +++ b/src/lib-dcrypt/test-crypto.c @@ -20,6 +20,8 @@ static void test_cipher_test_vectors(void) { + const char *error ATTR_UNUSED; + static const struct { const char *key; const char *iv; @@ -79,11 +81,11 @@ static void test_cipher_test_vectors(void) dcrypt_ctx_sym_set_key(ctx, key->data, key->used); dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used); - test_assert_idx(dcrypt_ctx_sym_init(ctx, NULL), i); + test_assert_idx(dcrypt_ctx_sym_init(ctx, &error), i); test_assert_idx(dcrypt_ctx_sym_update(ctx, - pt->data, pt->used, res_enc, NULL), i); - test_assert_idx(dcrypt_ctx_sym_final(ctx, res_enc, NULL), i); + pt->data, pt->used, res_enc, &error), i); + test_assert_idx(dcrypt_ctx_sym_final(ctx, res_enc, &error), i); test_assert_idx(buffer_cmp(ct, res_enc), i); @@ -101,10 +103,10 @@ static void test_cipher_test_vectors(void) dcrypt_ctx_sym_set_key(ctx, key->data, key->used); dcrypt_ctx_sym_set_iv(ctx, iv->data, iv->used); - test_assert_idx(dcrypt_ctx_sym_init(ctx, NULL), i); + test_assert_idx(dcrypt_ctx_sym_init(ctx, &error), i); test_assert_idx(dcrypt_ctx_sym_update(ctx, - res_enc->data, res_enc->used, res_dec, NULL), i); - test_assert_idx(dcrypt_ctx_sym_final(ctx, res_dec, NULL), i); + res_enc->data, res_enc->used, res_dec, &error), i); + test_assert_idx(dcrypt_ctx_sym_final(ctx, res_dec, &error), i); test_assert_idx(buffer_cmp(pt, res_dec), i); @@ -193,6 +195,7 @@ static void test_hmac_test_vectors(void) { test_begin("test_hmac_test_vectors"); + const char *error ATTR_UNUSED; buffer_t *pt, *ct, *key, *res; pt = t_buffer_create(50); key = t_buffer_create(20); @@ -206,15 +209,15 @@ static void test_hmac_test_vectors(void) "2959098b3ef8c122d9635514ced565fe", res); struct dcrypt_context_hmac *hctx; - if (!dcrypt_ctx_hmac_create("sha256", &hctx, NULL)) { + if (!dcrypt_ctx_hmac_create("sha256", &hctx, &error)) { test_assert_failed("dcrypt_ctx_hmac_create", __FILE__, __LINE__-1); } else { dcrypt_ctx_hmac_set_key(hctx, key->data, key->used); - test_assert(dcrypt_ctx_hmac_init(hctx, NULL)); + test_assert(dcrypt_ctx_hmac_init(hctx, &error)); test_assert(dcrypt_ctx_hmac_update(hctx, pt->data, pt->used, NULL)); - test_assert(dcrypt_ctx_hmac_final(hctx, ct, NULL)); + test_assert(dcrypt_ctx_hmac_final(hctx, ct, &error)); test_assert(buffer_cmp(ct, res)); dcrypt_ctx_hmac_destroy(&hctx); } @@ -600,7 +603,7 @@ static void test_gen_and_get_info_rsa_pem(void) struct dcrypt_keypair pair; string_t* buf = str_new(default_pool, 4096); - ret = dcrypt_keypair_generate(&pair, DCRYPT_KEY_RSA, 1024, NULL, NULL); + ret = dcrypt_keypair_generate(&pair, DCRYPT_KEY_RSA, 1024, NULL, &error); test_assert(ret == TRUE); /* test public key */ @@ -909,6 +912,7 @@ static void test_raw_keys(void) test_begin("test_raw_keys"); + const char *error; ARRAY_TYPE(dcrypt_raw_key) priv_key; ARRAY_TYPE(dcrypt_raw_key) pub_key; pool_t pool = pool_datastack_create(); @@ -920,7 +924,7 @@ static void test_raw_keys(void) /* generate ECC key */ struct dcrypt_keypair pair; - i_assert(dcrypt_keypair_generate(&pair, DCRYPT_KEY_EC, 0, "prime256v1", NULL)); + i_assert(dcrypt_keypair_generate(&pair, DCRYPT_KEY_EC, 0, "prime256v1", &error)); /* store it */ test_assert(dcrypt_key_store_private_raw(pair.priv, pool, &t, &priv_key, @@ -953,7 +957,7 @@ static void test_raw_keys(void) /* Add OID */ buffer_t *buf = t_buffer_create(32); - test_assert(dcrypt_name2oid(curve, buf, NULL)); + test_assert(dcrypt_name2oid(curve, buf, &error)); item = array_append_space(&static_key); item->parameter = buf->data; item->len = buf->used; @@ -992,7 +996,7 @@ static void test_raw_keys(void) /* Add OID */ buf = t_buffer_create(32); - test_assert(dcrypt_name2oid(curve, buf, NULL)); + test_assert(dcrypt_name2oid(curve, buf, &error)); item = array_append_space(&static_key); item->parameter = buf->data; item->len = buf->used; @@ -1131,8 +1135,8 @@ static void test_static_verify_ecdsa(void) i_zero(&pair); /* static key test */ - test_assert(dcrypt_key_load_public(&pair.pub, pub_key_pem, NULL)); - test_assert(dcrypt_key_load_private(&pair.priv, priv_key_pem, NULL, NULL, NULL)); + test_assert(dcrypt_key_load_public(&pair.pub, pub_key_pem, &error)); + test_assert(dcrypt_key_load_private(&pair.priv, priv_key_pem, NULL, NULL, &error)); /* validate signature */ test_assert(dcrypt_verify(pair.pub, "sha256", DCRYPT_SIGNATURE_FORMAT_DSS, input, strlen(input), @@ -1161,23 +1165,24 @@ static void test_jwk_keys(void) "yLG69yOisek4aMLCMQ8HkGEflJE/DVwI3mCtassKmGtbX18IVHyntz07mg==\n" "-----END PUBLIC KEY-----"; test_begin("test_jwk_keys"); + const char *error ATTR_UNUSED; struct dcrypt_keypair pair; buffer_t *pem = t_buffer_create(256); i_zero(&pair); - test_assert(dcrypt_key_load_public(&pair.pub, jwk_key_json, NULL)); - test_assert(dcrypt_key_load_private(&pair.priv, jwk_key_json, NULL, NULL, NULL)); + test_assert(dcrypt_key_load_public(&pair.pub, jwk_key_json, &error)); + test_assert(dcrypt_key_load_private(&pair.priv, jwk_key_json, NULL, NULL, &error)); /* test accessors */ test_assert_strcmp(dcrypt_key_get_id_public(pair.pub), "123"); test_assert(dcrypt_key_get_usage_public(pair.pub) == DCRYPT_KEY_USAGE_SIGN); /* make sure we got the right key */ - test_assert(dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_PEM, pem, NULL)); + test_assert(dcrypt_key_store_public(pair.pub, DCRYPT_FORMAT_PEM, pem, &error)); test_assert_strcmp(str_c(pem), pem_key); str_truncate(pem, 0); - test_assert(dcrypt_key_store_private(pair.priv, DCRYPT_FORMAT_JWK, NULL, pem, NULL, NULL, NULL)); + test_assert(dcrypt_key_store_private(pair.priv, DCRYPT_FORMAT_JWK, NULL, pem, NULL, NULL, &error)); test_assert_strcmp(str_c(pem), jwk_key_json); dcrypt_keypair_unref(&pair); diff --git a/src/lib-dcrypt/test-stream.c b/src/lib-dcrypt/test-stream.c index 09a749760b..d4dfa356f5 100644 --- a/src/lib-dcrypt/test-stream.c +++ b/src/lib-dcrypt/test-stream.c @@ -632,11 +632,11 @@ int main(void) } test_assert(dcrypt_key_load_private(&test_v1_kp.priv, key_v1_priv, - NULL, NULL, NULL)); - test_assert(dcrypt_key_load_public(&test_v1_kp.pub, key_v1_pub, NULL)); + NULL, NULL, &error)); + test_assert(dcrypt_key_load_public(&test_v1_kp.pub, key_v1_pub, &error)); test_assert(dcrypt_key_load_private(&test_v2_kp.priv, key_v2_priv, - NULL, NULL, NULL)); - test_assert(dcrypt_key_load_public(&test_v2_kp.pub, key_v2_pub, NULL)); + NULL, NULL, &error)); + test_assert(dcrypt_key_load_public(&test_v2_kp.pub, key_v2_pub, &error)); static void (*const test_functions[])(void) = { test_static_v1_input, diff --git a/src/plugins/mail-crypt/test-mail-global-key.c b/src/plugins/mail-crypt/test-mail-global-key.c index 4c5ed38db0..48f1a5386b 100644 --- a/src/plugins/mail-crypt/test-mail-global-key.c +++ b/src/plugins/mail-crypt/test-mail-global-key.c @@ -37,8 +37,9 @@ static void test_setup(void) struct dcrypt_settings set = { .module_dir = top_builddir "/src/lib-dcrypt/.libs" }; - if (!dcrypt_initialize(NULL, &set, NULL)) { - i_info("No functional dcrypt backend found - skipping tests"); + const char *error; + if (!dcrypt_initialize(NULL, &set, &error)) { + i_info("No functional dcrypt backend found - skipping tests: %s", error); test_exit(0); } i_array_init(&fs_set.plugin_envs, 8); diff --git a/src/plugins/mail-crypt/test-mail-key.c b/src/plugins/mail-crypt/test-mail-key.c index 707d54bfa0..daf098cd0e 100644 --- a/src/plugins/mail-crypt/test-mail-key.c +++ b/src/plugins/mail-crypt/test-mail-key.c @@ -363,8 +363,9 @@ static void test_setup(void) struct dcrypt_settings set = { .module_dir = top_builddir "/src/lib-dcrypt/.libs" }; - if (!dcrypt_initialize(NULL, &set, NULL)) { - i_info("No functional dcrypt backend found - skipping tests"); + const char *error; + if (!dcrypt_initialize(NULL, &set, &error)) { + i_info("No functional dcrypt backend found - skipping tests: %s", error); test_exit(0); } test_ctx = test_mail_storage_init(); diff --git a/src/plugins/var-expand-crypt/test-var-expand-crypt.c b/src/plugins/var-expand-crypt/test-var-expand-crypt.c index e12a0402b6..73a2fee179 100644 --- a/src/plugins/var-expand-crypt/test-var-expand-crypt.c +++ b/src/plugins/var-expand-crypt/test-var-expand-crypt.c @@ -90,9 +90,12 @@ int main(void) struct dcrypt_settings set = { .module_dir = DCRYPT_BUILD_DIR"/.libs" }; + const char *error; - if (!dcrypt_initialize(NULL, &set, NULL)) + if (!dcrypt_initialize(NULL, &set, &error)) { + i_info("No functional dcrypt backend found - skipping tests: %s", error); return 0; + } ret = test_run(test_functions);