Updated copyright notices to include the year 2018.

global: drop unnecessary parens in &(foo) This makes the code more consistent since most of the repo uses the no-parens style. These inconsistencies were found using `git grep '(&([^*]'` and any use of the parens in macros was ignored for safety reasons.

global: Use t_buffer_create sed -i -e 's/buffer_create_dynamic(pool_datastack_create(), */t_buffer_create(/g'

lib-dcrypt: Add asserts Fixes several static analysis reports

lib-dcrypt: Replace #if OPENSSL_VERSION_NUMBER with more explicit checks

lib-dcrypt: Move most of the OpenSSL #if handling to macros This avoids #if calls being littered all over the file. This change can cause HMAC_CTX_free(NULL) to be called, but that seems to work fine without crashing.

Updated copyright notices to include the year 2017.

global: Replaced all instances of memset(p, 0, sizeof(*p)) with the new i_zero() macro. Used the following script: C_FILES=`git ls-files *.c` H_FILES=`git ls-files *.h` for F in "$C_FILES $H_FILES"; do echo "$F" perl -p -i -e 's/safe_memset\(&\(?([^,]*)\)?,\s*0,\s*sizeof\(\g1\)\)/i_zero_safe(&$1)/g' $F perl -p -i -e 's/safe_memset\(([^,]*),\s*0,\s*sizeof\(\*\g1\)\)/i_zero_safe($1)/g' $F perl -p -i -e 's/memset\(&\(?([^,]*)\)?,\s*0,\s*sizeof\(\g1\)\)/i_zero(&$1)/g' $F perl -p -i -e 's/memset\(([^,]*),\s*0,\s*sizeof\(\*\g1\)\)/i_zero($1)/g' $F done

global: Made all struct initialization using memset() use the same style.

global: Added missing copyright notices.

lib-dcrypt: Fix uninitialized memory

lib-dcrypt: enc_key and pw must be NULL on storing unencrypted private key Add tests for password and key encryption, and get_info on them. Also give examples of valid cipher values for password and key encryption in dcrypt.h comment.

Removed dead code to make static analyzer happier.

dcrypt: Retrieve key length correctly

openssl: Fix v1.1 compability

lib-dcrypt: error message on missing decrypt key or password Return a sensible error message when loading an encrypted private key is attempted but the decrypt key or password is missing.

lib-dcrypt: drop format from key_load_public

lib-dcrypt: drop format from key_load_private

lib-dcrypt: get_info in openssl_load_private_key Use dcrypt_openssl_key_string_get_info to determine the key format instead of taking it as a parameter.

lib-dcrypt: get_info in openssl_load_public_key Use dcrypt_openssl_key_string_get_info to determine the key format instead of taking it as a parameter.

lib-dcrypt: change v2 key field separator to ':'

lib-dcrypt: Do not unref key twice

dcrypt: Use refcounting on keys

lib-dcrypt: tell in error_r that RSA key has to be converted to pkey

lib-dcrypt: correctly set version 2 on key info Dovecot format version 2 keys were incorrectly reported as version 1 before.

dcrypt-openssl: Various fixes Fix v1 and v2 key handling and some allocation issues.

lib-dcrypt: Added missing error handling. Most of these are probably unnecessary now that malloc() no longer fails. Also some of the NULL checks may not be needed since OpenSSL functions (usually?) return failure on NULL parameters, but sometimes they perform a different operation. So overall, probably safer to include these checks.

lib-dcrypt: Don't ignore BIO errors. Might happen due to out of memory?

lib-dcrypt: dcrypt_key_type_public/private() can no longer fail. Removed unnecessary failure handling.

lib-dcrypt: dcrypt_key_convert_private_to_public() can no longer fail. Removed unnecessary failure handling.

lib-dcrypt: Assert-crash if key parameter is NULL. If it happens, it's a bug.

lib-dcrypt: Assert-crash if impossible private/public keys are seen.

lib-dcrypt: Allow specifying crypto_device (OpenSSL engine).

lib-dcrypt, lib-ssl-iostream: Share OpenSSL init/deinit code.

dcrypt-openssl: Pass pointer safely

lib-dcrypt: Fix various problems

global: Require comparisons to be strict boolean expressions * No implicit integer -> boolean or pointer -> boolean conversions * !expr can be used only if expr is boolean type These were checked with a patched clang. It found various actual bugs, which were fixed by the previous commits.

global: Fixed mismatched bool vs. int/pointer handling I don't think these fix any actual bugs.

lib-dcrypt: Fixed error handling in dcrypt_key_id_public()

lib-dcrypt: Fixed function return type.

lib-dcrypt: Fixed dcrypt_openssl_generate_keypair()

lib-dcrypt: Fix strict type-punning warning

lib-dcrypt: Fix various OpenSSL API usage issues

lib-dcrypt: Always allow error_r to be NULL. Especially dcrypt_openssl_private_to_public_key() was called with error_r=NULL by the dcrypt.c itself.

lib-dcrypt: Compiler warning fixes

lib-dcrypt: Initial implementation