Mercurial > dovecot > core-2.2
changeset 20585:3c5e3a14878b
lib-dcrypt: error message on missing decrypt key or password
Return a sensible error message when loading an encrypted private key is
attempted but the decrypt key or password is missing.
| author | Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi> |
|---|---|
| date | Thu, 04 Aug 2016 18:35:53 +0300 |
| parents | 6ff9cfbbdf4c |
| children | 56fde44e2425 |
| files | src/lib-dcrypt/dcrypt-openssl.c |
| diffstat | 1 files changed, 16 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-dcrypt/dcrypt-openssl.c Thu Aug 04 17:11:20 2016 +0300 +++ b/src/lib-dcrypt/dcrypt-openssl.c Thu Aug 04 18:35:53 2016 +0300 @@ -880,6 +880,10 @@ } } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PASSWORD) { /* by password */ + if (password == NULL) { + if (error_r != NULL) *error_r = "password missing"; + return FALSE; + } const char *enc_priv_pt = input[3]; const char *salt = input[4]; if (!dcrypt_openssl_decrypt_point_password_v1(enc_priv_pt, password, salt, &point, error_r)) { @@ -887,9 +891,12 @@ } } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PK) { /* by key */ + if (dec_key == NULL) { + if (error_r != NULL) *error_r = "decrypt key missing"; + return FALSE; + } const char *enc_priv_pt = input[3]; const char *peer_key = input[4]; - i_assert(dec_key != NULL); if (!dcrypt_openssl_decrypt_point_ec_v1(dec_key, enc_priv_pt, peer_key, &point, error_r)) { return FALSE; } @@ -1051,6 +1058,10 @@ *error_r = "Corrupted data"; } } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PK) { + if (dec_key == NULL) { + if (error_r != NULL) *error_r = "decrypt key missing"; + return FALSE; + } unsigned int rounds; struct dcrypt_public_key *pubkey = NULL; if (str_to_uint(input[6], &rounds) != 0) { @@ -1102,6 +1113,10 @@ return FALSE; } } else if (enctype == DCRYPT_DOVECOT_KEY_ENCRYPT_PASSWORD) { + if (password == NULL) { + if (error_r != NULL) *error_r = "password missing"; + return FALSE; + } unsigned int rounds; if (str_to_uint(input[6], &rounds) != 0) { if (error_r != NULL)