From 739b528ec5b1c94ee3c5c1e37bb88c810c48a0a4 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Wed, 16 Jan 2019 17:59:26 +0100
Subject: ffi: Do not use a context where an errp suffices.

  - This prepares us for the FFI crate split.

  - Fixes #158.
---
 ffi/examples/armor.c           |  20 ++-----
 ffi/examples/encrypt-for.c     |  45 +++++-----------
 ffi/examples/example.c         |  15 ++----
 ffi/examples/parser.c          |  24 ++-------
 ffi/examples/reader.c          |  20 +------
 ffi/include/sequoia/core.h     |   8 +--
 ffi/include/sequoia/openpgp.h  |  86 +++++++++++++++---------------
 ffi/src/core.rs                |  29 +++--------
 ffi/src/lib.rs                 |  13 +----
 ffi/src/openpgp/armor.rs       |  69 +++++++------------------
 ffi/src/openpgp/crypto.rs      |   7 +--
 ffi/src/openpgp/mod.rs         | 115 +++++++++++++++++------------------------
 ffi/src/openpgp/packet_pile.rs |  21 +++-----
 ffi/src/openpgp/tpk.rs         |  89 ++++++++++++-------------------
 ffi/src/openpgp/tsk.rs         |  11 ++--
 15 files changed, 195 insertions(+), 377 deletions(-)

(limited to 'ffi')

diff --git a/ffi/examples/armor.c b/ffi/examples/armor.c
index a2643667..5a1b9339 100644
--- a/ffi/examples/armor.c
+++ b/ffi/examples/armor.c
@@ -20,7 +20,6 @@ int
 main (int argc, char **argv)
 {
   sq_error_t err;
-  sq_context_t ctx;
   sq_reader_t bytes;
   sq_reader_t armor;
   sq_armor_kind_t kind;
@@ -28,18 +27,12 @@ main (int argc, char **argv)
   sq_armor_header_t *header;
   size_t header_len;
 
-  ctx = sq_context_new ("org.sequoia-pgp.example", &err);
-  if (ctx == NULL)
-    error (1, 0, "Initializing sequoia failed: %s",
-           sq_error_string (err));
-
   bytes = sq_reader_from_bytes ((uint8_t *) armored, strlen (armored));
   armor = sq_armor_reader_new (bytes, SQ_ARMOR_KIND_ANY);
 
-  header = sq_armor_reader_headers (ctx, armor, &header_len);
+  header = sq_armor_reader_headers (&err, armor, &header_len);
   if (header == NULL)
-    error (1, 0, "Getting headers failed: %s",
-           sq_error_string (err));
+    error (1, 0, "Getting headers failed: %s", sq_error_string (err));
 
   assert (header_len == 2);
   assert (strcmp (header[0].key, "Key0") == 0
@@ -56,17 +49,12 @@ main (int argc, char **argv)
   kind = sq_armor_reader_kind (armor);
   assert (kind == SQ_ARMOR_KIND_FILE);
 
-  if (sq_reader_read (ctx, armor, (uint8_t *) message, 12) < 0)
-    {
-      err = sq_context_last_error (ctx);
-      error (1, 0, "Reading failed: %s",
-	     sq_error_string (err));
-    }
+  if (sq_reader_read (&err, armor, (uint8_t *) message, 12) < 0)
+      error (1, 0, "Reading failed: %s", sq_error_string (err));
 
   assert (memcmp (message, "Hello world!", 12) == 0);
 
   sq_reader_free (armor);
   sq_reader_free (bytes);
-  sq_context_free (ctx);
   return 0;
 }
diff --git a/ffi/examples/encrypt-for.c b/ffi/examples/encrypt-for.c
index 15ff3ef6..f0c34449 100644
--- a/ffi/examples/encrypt-for.c
+++ b/ffi/examples/encrypt-for.c
@@ -22,7 +22,6 @@ main (int argc, char **argv)
   uint8_t *b;
   sq_status_t rc;
   sq_error_t err;
-  sq_context_t ctx;
   int use_armor = 1;
   sq_tpk_t tpk;
   sq_writer_t sink;
@@ -33,11 +32,6 @@ main (int argc, char **argv)
   if (argc != 2)
     error (1, 0, "Usage: %s <keyfile> <plain >cipher", argv[0]);
 
-  ctx = sq_context_new ("org.sequoia-pgp.example", &err);
-  if (ctx == NULL)
-    error (1, 0, "Initializing sequoia failed: %s",
-           sq_error_string (err));
-
   if (stat (argv[1], &st))
     error (1, errno, "%s", argv[1]);
 
@@ -50,37 +44,28 @@ main (int argc, char **argv)
   if (b == MAP_FAILED)
     error (1, errno, "mmap");
 
-  tpk = sq_tpk_from_bytes (ctx, b, st.st_size);
+  tpk = sq_tpk_from_bytes (&err, b, st.st_size);
   if (tpk == NULL)
-    {
-      err = sq_context_last_error (ctx);
-      error (1, 0, "sq_packet_parser_from_bytes: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_packet_parser_from_bytes: %s", sq_error_string (err));
 
   sink = sq_writer_alloc (&cipher, &cipher_bytes);
 
   if (use_armor)
-    sink = sq_armor_writer_new (ctx, sink, SQ_ARMOR_KIND_MESSAGE,
+    sink = sq_armor_writer_new (&err, sink, SQ_ARMOR_KIND_MESSAGE,
                                 NULL, 0);
 
   writer = sq_writer_stack_message (sink);
-  writer = sq_encryptor_new (ctx,
+  writer = sq_encryptor_new (&err,
 			     writer,
 			     NULL, 0, /* no passwords */
 			     &tpk, 1,
 			     SQ_ENCRYPTION_MODE_FOR_TRANSPORT);
   if (writer == NULL)
-    {
-      err = sq_context_last_error (ctx);
-      error (1, 0, "sq_encryptor_new: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_encryptor_new: %s", sq_error_string (err));
 
-  writer = sq_literal_writer_new (ctx, writer);
+  writer = sq_literal_writer_new (&err, writer);
   if (writer == NULL)
-    {
-      err = sq_context_last_error (ctx);
-      error (1, 0, "sq_literal_writer_new: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_literal_writer_new: %s", sq_error_string (err));
 
   size_t nread;
   uint8_t buf[4096];
@@ -90,28 +75,22 @@ main (int argc, char **argv)
       while (nread)
 	{
 	  ssize_t written;
-	  written = sq_writer_stack_write (ctx, writer, b, nread);
+	  written = sq_writer_stack_write (&err, writer, b, nread);
 	  if (written < 0)
-	    {
-	      err = sq_context_last_error (ctx);
-	      error (1, 0, "sq_writer_stack_write: %s", sq_error_string (err));
-	    }
+            error (1, 0, "sq_writer_stack_write: %s", sq_error_string (err));
+
 	  b += written;
 	  nread -= written;
 	}
     }
 
-  rc = sq_writer_stack_finalize (ctx, writer);
+  rc = sq_writer_stack_finalize (&err, writer);
   writer = NULL;
   if (rc)
-    {
-      err = sq_context_last_error (ctx);
-      error (1, 0, "sq_writer_stack_write: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_writer_stack_write: %s", sq_error_string (err));
 
   fwrite (cipher, 1, cipher_bytes, stdout);
 
-  sq_context_free (ctx);
   munmap (b, st.st_size);
   return 0;
 }
diff --git a/ffi/examples/example.c b/ffi/examples/example.c
index 2b4d8126..8636d011 100644
--- a/ffi/examples/example.c
+++ b/ffi/examples/example.c
@@ -17,17 +17,11 @@ main (int argc, char **argv)
   int fd;
   uint8_t *b;
   sq_error_t err;
-  sq_context_t ctx;
   sq_tpk_t tpk;
 
   if (argc != 2)
     error (1, 0, "Usage: %s <file>", argv[0]);
 
-  ctx = sq_context_new("org.sequoia-pgp.example", &err);
-  if (ctx == NULL)
-    error (1, 0, "Initializing sequoia failed: %s",
-           sq_error_string (err));
-
   if (stat (argv[1], &st))
     error (1, errno, "%s", argv[1]);
 
@@ -39,15 +33,12 @@ main (int argc, char **argv)
   if (b == MAP_FAILED)
     error (1, errno, "mmap");
 
-  tpk = sq_tpk_from_bytes (ctx, b, st.st_size);
+  tpk = sq_tpk_from_bytes (&err, b, st.st_size);
   if (tpk == NULL)
-    {
-      sq_error_t err = sq_context_last_error (ctx);
-      error (1, 0, "sq_tpk_from_bytes: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_tpk_from_bytes: %s", sq_error_string (err));
+
   sq_tpk_dump (tpk);
   sq_tpk_free (tpk);
-  sq_context_free (ctx);
   munmap (b, st.st_size);
   close (fd);
   return 0;
diff --git a/ffi/examples/parser.c b/ffi/examples/parser.c
index e26dd646..8d953422 100644
--- a/ffi/examples/parser.c
+++ b/ffi/examples/parser.c
@@ -22,18 +22,12 @@ main (int argc, char **argv)
   uint8_t *b;
   sq_status_t rc;
   sq_error_t err;
-  sq_context_t ctx;
   sq_packet_parser_result_t ppr;
   sq_packet_parser_t pp;
 
   if (argc != 2)
     error (1, 0, "Usage: %s <file>", argv[0]);
 
-  ctx = sq_context_new ("org.sequoia-pgp.example", &err);
-  if (ctx == NULL)
-    error (1, 0, "Initializing sequoia failed: %s",
-           sq_error_string (err));
-
   if (stat (argv[1], &st))
     error (1, errno, "%s", argv[1]);
 
@@ -51,7 +45,7 @@ main (int argc, char **argv)
   time_t elapsed;
   size_t tens_of_s = 0;
 
-  ppr = sq_packet_parser_from_bytes (ctx, b, st.st_size);
+  ppr = sq_packet_parser_from_bytes (&err, b, st.st_size);
   while (ppr && (pp = sq_packet_parser_result_packet_parser (ppr)))
     {
       // Get a reference to the packet that is currently being parsed.
@@ -64,13 +58,10 @@ main (int argc, char **argv)
 
       // Finish parsing the current packet (returned in p), and read
       // the header of the next packet (returned in ppr).
-      rc = sq_packet_parser_next (ctx, pp, &p, &ppr);
+      rc = sq_packet_parser_next (&err, pp, &p, &ppr);
       if (rc)
-	{
-	  err = sq_context_last_error (ctx);
-	  error (1, 0, "sq_packet_parser_from_bytes: %s",
-                 sq_error_string (err));
-	}
+        error (1, 0, "sq_packet_parser_from_bytes: %s",
+               sq_error_string (err));
 
       // We now own p.  If we want, we can save it in some structure.
       // This would be useful when collecting PKESK packets.  Either
@@ -91,17 +82,12 @@ main (int argc, char **argv)
         }
     }
   if (ppr == NULL)
-    {
-      err = sq_context_last_error (ctx);
-      error (1, 0, "sq_packet_parser_from_bytes: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_packet_parser_from_bytes: %s", sq_error_string (err));
 
   fprintf (stderr, "Parsed %ld packets in %ld seconds, %.2f packets/s.\n",
            n, elapsed, (double) n / (double) elapsed);
 
   sq_packet_parser_result_free (ppr);
-
-  sq_context_free (ctx);
   munmap (b, st.st_size);
   return 0;
 }
diff --git a/ffi/examples/reader.c b/ffi/examples/reader.c
index 1587979b..8e458620 100644
--- a/ffi/examples/reader.c
+++ b/ffi/examples/reader.c
@@ -17,18 +17,12 @@ main (int argc, char **argv)
   int fd;
   uint8_t *b;
   sq_error_t err;
-  sq_context_t ctx;
   sq_reader_t reader;
   sq_tpk_t tpk;
 
   if (argc != 2)
     error (1, 0, "Usage: %s <file>", argv[0]);
 
-  ctx = sq_context_new("org.sequoia-pgp.example", &err);
-  if (ctx == NULL)
-    error (1, 0, "Initializing sequoia failed: %s",
-           sq_error_string (err));
-
   if (stat (argv[1], &st))
     error (1, errno, "%s", argv[1]);
 
@@ -41,23 +35,13 @@ main (int argc, char **argv)
     error (1, errno, "mmap");
 
   reader = sq_reader_from_bytes (b, st.st_size);
-  if (reader == NULL)
-    {
-      sq_error_t err = sq_context_last_error (ctx);
-      error (1, 0, "sq_reader_from_bytes: %s", sq_error_string (err));
-    }
-
-  tpk = sq_tpk_from_reader (ctx, reader);
+  tpk = sq_tpk_from_reader (&err, reader);
   if (tpk == NULL)
-    {
-      sq_error_t err = sq_context_last_error (ctx);
-      error (1, 0, "sq_tpk_from_reader: %s", sq_error_string (err));
-    }
+    error (1, 0, "sq_tpk_from_reader: %s", sq_error_string (err));
 
   sq_tpk_dump (tpk);
   sq_tpk_free (tpk);
   sq_reader_free (reader);
-  sq_context_free (ctx);
   munmap (b, st.st_size);
   close (fd);
   return 0;
diff --git a/ffi/include/sequoia/core.h b/ffi/include/sequoia/core.h
index 829d7104..9d7d261b 100644
--- a/ffi/include/sequoia/core.h
+++ b/ffi/include/sequoia/core.h
@@ -229,7 +229,7 @@ typedef struct sq_reader *sq_reader_t;
 /*/
 /// Opens a file returning a reader.
 /*/
-sq_reader_t sq_reader_from_file (sq_context_t ctx, const char *filename);
+sq_reader_t sq_reader_from_file (sq_error_t *errp, const char *filename);
 
 /*/
 /// Opens a file descriptor returning a reader.
@@ -249,7 +249,7 @@ void sq_reader_free (sq_reader_t reader);
 /*/
 /// Reads up to `len` bytes into `buf`.
 /*/
-ssize_t sq_reader_read (sq_context_t ctx, sq_reader_t reader,
+ssize_t sq_reader_read (sq_error_t *errp, sq_reader_t reader,
                         uint8_t *buf, size_t len);
 
 /*/
@@ -263,7 +263,7 @@ typedef struct sq_writer *sq_writer_t;
 /// The file will be created if it does not exist, or be truncated
 /// otherwise.  If you need more control, use `sq_writer_from_fd`.
 /*/
-sq_writer_t sq_writer_from_file (sq_context_t ctx, const char *filename);
+sq_writer_t sq_writer_from_file (sq_error_t *errp, const char *filename);
 
 /*/
 /// Opens a file descriptor returning a writer.
@@ -295,7 +295,7 @@ void sq_writer_free (sq_writer_t writer);
 /*/
 /// Writes up to `len` bytes of `buf` into `writer`.
 /*/
-ssize_t sq_writer_write (sq_context_t ctx, sq_writer_t writer,
+ssize_t sq_writer_write (sq_error_t *errp, sq_writer_t writer,
                          const uint8_t *buf, size_t len);
 
 #endif
diff --git a/ffi/include/sequoia/openpgp.h b/ffi/include/sequoia/openpgp.h
index 6fe71f6b..2632a58a 100644
--- a/ffi/include/sequoia/openpgp.h
+++ b/ffi/include/sequoia/openpgp.h
@@ -257,7 +257,7 @@ sq_reader_t sq_armor_reader_new (sq_reader_t inner, sq_armor_kind_t kind);
 /*/
 /// Creates a `Reader` from a file.
 /*/
-sq_reader_t sq_armor_reader_from_file (sq_context_t ctx,
+sq_reader_t sq_armor_reader_from_file (sq_error_t *errp,
 				       const char *filename,
 				       sq_armor_kind_t kind);
 
@@ -290,7 +290,7 @@ sq_armor_kind_t sq_armor_reader_kind (sq_reader_t reader);
 /// allocated with `malloc`, and the caller is responsible for freeing
 /// both the array and the strings.
 /*/
-sq_armor_header_t *sq_armor_reader_headers (sq_context_t ctx,
+sq_armor_header_t *sq_armor_reader_headers (sq_error_t *errp,
 					    sq_reader_t reader,
 					    size_t *len);
 
@@ -300,7 +300,7 @@ sq_armor_header_t *sq_armor_reader_headers (sq_context_t ctx,
 ///
 /// A filter that applies ASCII Armor to the data written to it.
 /*/
-sq_writer_t sq_armor_writer_new (sq_context_t ctx, sq_writer_t inner,
+sq_writer_t sq_armor_writer_new (sq_error_t *errp, sq_writer_t inner,
 				 sq_armor_kind_t kind,
 				 sq_armor_header_t *header, size_t header_len);
 
@@ -498,7 +498,7 @@ typedef struct sq_packet_pile *sq_packet_pile_t;
 ///
 /// Note: this interface *does* buffer the contents of packets.
 /*/
-sq_packet_pile_t sq_packet_pile_from_reader (sq_context_t ctx,
+sq_packet_pile_t sq_packet_pile_from_reader (sq_error_t *errp,
 					     sq_reader_t reader);
 
 /*/
@@ -507,7 +507,7 @@ sq_packet_pile_t sq_packet_pile_from_reader (sq_context_t ctx,
 ///
 /// See `sq_packet_pile_from_reader` for more details and caveats.
 /*/
-sq_packet_pile_t sq_packet_pile_from_file (sq_context_t ctx,
+sq_packet_pile_t sq_packet_pile_from_file (sq_error_t *errp,
 					   const char *filename);
 
 /*/
@@ -515,7 +515,7 @@ sq_packet_pile_t sq_packet_pile_from_file (sq_context_t ctx,
 ///
 /// See `sq_packet_pile_from_reader` for more details and caveats.
 /*/
-sq_packet_pile_t sq_packet_pile_from_bytes (sq_context_t ctx,
+sq_packet_pile_t sq_packet_pile_from_bytes (sq_error_t *errp,
 					    const uint8_t *b, size_t len);
 
 /*/
@@ -531,7 +531,7 @@ sq_packet_pile_t sq_packet_pile_clone (sq_packet_pile_t message);
 /*/
 /// Serializes the packet pile.
 /*/
-sq_status_t sq_packet_pile_serialize (sq_context_t ctx,
+sq_status_t sq_packet_pile_serialize (sq_error_t *errp,
 				      const sq_packet_pile_t message,
 				      sq_writer_t writer);
 
@@ -647,7 +647,7 @@ sq_keyid_t sq_pkesk_recipient(sq_pkesk_t pkesk);
 /// is not written to it.  Either way, `key_len` is set to the size of
 /// the session key.
 /*/
-sq_status_t sq_pkesk_decrypt (sq_context_t ctx, sq_pkesk_t pkesk,
+sq_status_t sq_pkesk_decrypt (sq_error_t *errp, sq_pkesk_t pkesk,
                               sq_p_key_t secret_key,
                               uint8_t *algo, /* XXX */
                               uint8_t *key, size_t *key_len);
@@ -774,13 +774,13 @@ typedef struct sq_tsk *sq_tsk_t;
 /*/
 /// Returns the first TPK encountered in the reader.
 /*/
-sq_tpk_t sq_tpk_from_reader (sq_context_t ctx,
+sq_tpk_t sq_tpk_from_reader (sq_error_t *errp,
 			     sq_reader_t reader);
 
 /*/
 /// Returns the first TPK encountered in the file.
 /*/
-sq_tpk_t sq_tpk_from_file (sq_context_t ctx,
+sq_tpk_t sq_tpk_from_file (sq_error_t *errp,
                            const char *filename);
 
 /*/
@@ -788,7 +788,7 @@ sq_tpk_t sq_tpk_from_file (sq_context_t ctx,
 ///
 /// Consumes `m`.
 /*/
-sq_tpk_t sq_tpk_from_packet_pile (sq_context_t ctx,
+sq_tpk_t sq_tpk_from_packet_pile (sq_error_t *errp,
 				  sq_packet_pile_t m);
 
 /*/
@@ -796,7 +796,7 @@ sq_tpk_t sq_tpk_from_packet_pile (sq_context_t ctx,
 ///
 /// `buf` must be an OpenPGP-encoded TPK.
 /*/
-sq_tpk_t sq_tpk_from_bytes (sq_context_t ctx,
+sq_tpk_t sq_tpk_from_bytes (sq_error_t *errp,
 			    const uint8_t *b, size_t len);
 
 /*/
@@ -804,7 +804,7 @@ sq_tpk_t sq_tpk_from_bytes (sq_context_t ctx,
 ///
 /// Consumes the packet parser result.
 /*/
-sq_tpk_t sq_tpk_from_packet_parser (sq_context_t ctx,
+sq_tpk_t sq_tpk_from_packet_parser (sq_error_t *errp,
                                     sq_packet_parser_result_t ppr);
 
 /*/
@@ -825,7 +825,7 @@ int sq_tpk_equal (const sq_tpk_t a, const sq_tpk_t b);
 /*/
 /// Serializes the TPK.
 /*/
-sq_status_t sq_tpk_serialize (sq_context_t ctx,
+sq_status_t sq_tpk_serialize (sq_error_t *errp,
                               const sq_tpk_t tpk,
                               sq_writer_t writer);
 
@@ -837,7 +837,7 @@ sq_status_t sq_tpk_serialize (sq_context_t ctx,
 ///
 /// Consumes `tpk` and `other`.
 /*/
-sq_tpk_t sq_tpk_merge (sq_context_t ctx,
+sq_tpk_t sq_tpk_merge (sq_error_t *errp,
                        sq_tpk_t tpk,
                        sq_tpk_t other);
 
@@ -850,7 +850,7 @@ sq_tpk_t sq_tpk_merge (sq_context_t ctx,
 /// Consumes `tpk` and the packets in `packets`.  The buffer, however,
 /// must be freed by the caller.
 /*/
-sq_tpk_t sq_tpk_merge_packets (sq_context_t ctx,
+sq_tpk_t sq_tpk_merge_packets (sq_error_t *errp,
                                sq_tpk_t tpk,
                                sq_packet_t *packets,
                                size_t packets_len);
@@ -893,7 +893,7 @@ sq_revocation_status_t sq_tpk_revocation_status (sq_tpk_t tpk);
 ///
 /// This function consumes the writer.  It does *not* consume tpk.
 /*/
-sq_signature_t sq_tpk_revoke (sq_context_t ctx,
+sq_signature_t sq_tpk_revoke (sq_error_t *errp,
                               sq_tpk_t tpk,
                               sq_signer_t primary_signer,
                               sq_reason_for_revocation_t code,
@@ -904,7 +904,7 @@ sq_signature_t sq_tpk_revoke (sq_context_t ctx,
 ///
 /// This function consumes the tpk.
 /*/
-sq_tpk_t sq_tpk_revoke_in_place (sq_context_t ctx,
+sq_tpk_t sq_tpk_revoke_in_place (sq_error_t *errp,
                                  sq_tpk_t tpk,
                                  sq_signer_t primary_signer,
                                  sq_reason_for_revocation_t code,
@@ -938,7 +938,7 @@ int sq_tpk_alive_at(sq_tpk_t tpk, time_t at);
 ///
 /// This function consumes `tpk` and returns a new `TPK`.
 /*/
-sq_tpk_t sq_tpk_set_expiry(sq_context_t ctx,
+sq_tpk_t sq_tpk_set_expiry(sq_error_t *errp,
                            sq_tpk_t tpk,
                            uint32_t expiry);
 
@@ -1033,7 +1033,7 @@ void sq_tpk_builder_add_certification_subkey(sq_tpk_builder_t *tpkb);
 ///
 /// Consumes `tpkb`.
 /*/
-sq_tpk_t sq_tpk_builder_generate(sq_context_t ctx, sq_tpk_builder_t tpkb,
+sq_tpk_t sq_tpk_builder_generate(sq_error_t *errp, sq_tpk_builder_t tpkb,
                                  sq_tpk_t *tpk, sq_signature_t *revocation);
 
 
@@ -1042,7 +1042,7 @@ sq_tpk_t sq_tpk_builder_generate(sq_context_t ctx, sq_tpk_builder_t tpkb,
 /*/
 /// Generates a new RSA 3072 bit key with UID `primary_uid`.
 /*/
-sq_status_t sq_tsk_new (sq_context_t ctx, char *primary_uid,
+sq_status_t sq_tsk_new (sq_error_t *errp, char *primary_uid,
                         sq_tsk_t *tpk, sq_signature_t *revocation);
 
 /*/
@@ -1063,7 +1063,7 @@ sq_tpk_t sq_tsk_into_tpk (sq_tsk_t tsk);
 /*/
 /// Serializes the TSK.
 /*/
-sq_status_t sq_tsk_serialize (sq_context_t ctx,
+sq_status_t sq_tsk_serialize (sq_error_t *errp,
                               const sq_tsk_t tsk,
                               sq_writer_t writer);
 
@@ -1188,7 +1188,7 @@ int sq_p_key_public_key_bits(sq_p_key_t key);
 ///
 /// Fails if the secret key is missing, or encrypted.
 /*/
-sq_key_pair_t sq_p_key_into_key_pair (sq_context_t ctx, sq_p_key_t key);
+sq_key_pair_t sq_p_key_into_key_pair (sq_error_t *errp, sq_p_key_t key);
 
 /*/
 /// Returns the value of the User ID Packet.
@@ -1216,7 +1216,7 @@ const uint8_t *sq_user_attribute_value (sq_user_attribute_t ua,
 /// is not written to it.  Either way, `key_len` is set to the size of
 /// the session key.
 /*/
-sq_status_t sq_skesk_decrypt (sq_context_t ctx, sq_skesk_t skesk,
+sq_status_t sq_skesk_decrypt (sq_error_t *errp, sq_skesk_t skesk,
                               const uint8_t *password, size_t password_len,
                               uint8_t *algo, /* XXX */
                               uint8_t *key, size_t *key_len);
@@ -1231,19 +1231,19 @@ uint32_t sq_p_key_creation_time (sq_p_key_t p);
 /*/
 /// Starts parsing an OpenPGP message stored in a `sq_reader_t` object.
 /*/
-sq_packet_parser_result_t sq_packet_parser_from_reader (sq_context_t ctx,
+sq_packet_parser_result_t sq_packet_parser_from_reader (sq_error_t *errp,
                                                         sq_reader_t reader);
 
 /*/
 /// Starts parsing an OpenPGP message stored in a file named `path`.
 /*/
-sq_packet_parser_result_t sq_packet_parser_from_file (sq_context_t ctx,
+sq_packet_parser_result_t sq_packet_parser_from_file (sq_error_t *errp,
                                                       const char *filename);
 
 /*/
 /// Starts parsing an OpenPGP message stored in a buffer.
 /*/
-sq_packet_parser_result_t sq_packet_parser_from_bytes (sq_context_t ctx,
+sq_packet_parser_result_t sq_packet_parser_from_bytes (sq_error_t *errp,
                                                        const uint8_t *b,
                                                        size_t len);
 
@@ -1392,7 +1392,7 @@ uint8_t sq_packet_parser_recursion_depth (sq_packet_parser_t pp);
 ///
 /// Consumes the given packet parser.
 /*/
-sq_status_t sq_packet_parser_next (sq_context_t ctx,
+sq_status_t sq_packet_parser_next (sq_error_t *errp,
                                    sq_packet_parser_t pp,
                                    sq_packet_t *old_packet,
                                    sq_packet_parser_result_t *ppr);
@@ -1419,7 +1419,7 @@ sq_status_t sq_packet_parser_next (sq_context_t ctx,
 ///
 /// Consumes the given packet parser.
 /*/
-sq_status_t sq_packet_parser_recurse (sq_context_t ctx,
+sq_status_t sq_packet_parser_recurse (sq_error_t *errp,
                                       sq_packet_parser_t pp,
                                       sq_packet_t *old_packet,
                                       sq_packet_parser_result_t *ppr);
@@ -1432,7 +1432,7 @@ sq_status_t sq_packet_parser_recurse (sq_context_t ctx,
 /// prefer streaming its content unless you are certain that the
 /// content is small.
 /*/
-uint8_t *sq_packet_parser_buffer_unread_content (sq_context_t ctx,
+uint8_t *sq_packet_parser_buffer_unread_content (sq_error_t *errp,
                                                  sq_packet_parser_t pp,
                                                  size_t *len);
 
@@ -1442,7 +1442,7 @@ uint8_t *sq_packet_parser_buffer_unread_content (sq_context_t ctx,
 /// By default, this drops any unread content.  Use, for instance,
 /// `PacketParserBuild` to customize the default behavior.
 /*/
-sq_status_t sq_packet_parser_finish (sq_context_t ctx,
+sq_status_t sq_packet_parser_finish (sq_error_t *errp,
                                      sq_packet_parser_t pp,
 				     sq_packet_t **packet);
 
@@ -1457,7 +1457,7 @@ sq_status_t sq_packet_parser_finish (sq_context_t ctx,
 /// encrypted data, or some of the data was already read, then it
 /// returns `Error::InvalidOperation`.
 /*/
-sq_status_t sq_packet_parser_decrypt (sq_context_t ctx,
+sq_status_t sq_packet_parser_decrypt (sq_error_t *errp,
                                       sq_packet_parser_t pp,
                                       uint8_t algo, /* XXX */
                                       uint8_t *key, size_t key_len);
@@ -1472,7 +1472,7 @@ sq_writer_stack_t sq_writer_stack_message (sq_writer_t writer);
 /*/
 /// Writes up to `len` bytes of `buf` into `writer`.
 /*/
-ssize_t sq_writer_stack_write (sq_context_t ctx, sq_writer_stack_t writer,
+ssize_t sq_writer_stack_write (sq_error_t *errp, sq_writer_stack_t writer,
                                const uint8_t *buf, size_t len);
 
 /*/
@@ -1482,20 +1482,20 @@ ssize_t sq_writer_stack_write (sq_context_t ctx, sq_writer_stack_t writer,
 /// buffer will be written.  Also, this version automatically catches
 /// EINTR.
 /*/
-sq_status_t sq_writer_stack_write_all (sq_context_t ctx,
+sq_status_t sq_writer_stack_write_all (sq_error_t *errp,
                                        sq_writer_stack_t writer,
                                        const uint8_t *buf, size_t len);
 
 /*/
 /// Finalizes this writer, returning the underlying writer.
 /*/
-sq_writer_stack_t sq_writer_stack_finalize_one (sq_context_t ctx,
+sq_writer_stack_t sq_writer_stack_finalize_one (sq_error_t *errp,
                                                 sq_writer_stack_t writer);
 
 /*/
 /// Finalizes all writers, tearing down the whole stack.
 /*/
-sq_status_t sq_writer_stack_finalize (sq_context_t ctx,
+sq_status_t sq_writer_stack_finalize (sq_error_t *errp,
                                       sq_writer_stack_t writer);
 
 /*/
@@ -1505,7 +1505,7 @@ sq_status_t sq_writer_stack_finalize (sq_context_t ctx,
 /// The body will be written using partial length encoding, or, if the
 /// body is short, using full length encoding.
 /*/
-sq_writer_stack_t sq_arbitrary_writer_new (sq_context_t ctx,
+sq_writer_stack_t sq_arbitrary_writer_new (sq_error_t *errp,
                                            sq_writer_stack_t inner,
                                            sq_tag_t tag);
 
@@ -1516,14 +1516,14 @@ sq_writer_stack_t sq_arbitrary_writer_new (sq_context_t ctx,
 /// packet, then hashes and emits the data stream, then for every key
 /// writes a signature packet.
 /*/
-sq_writer_stack_t sq_signer_new (sq_context_t ctx,
+sq_writer_stack_t sq_signer_new (sq_error_t *errp,
                                  sq_writer_stack_t inner,
                                  sq_tpk_t *signers, size_t signers_len);
 
 /*/
 /// Creates a signer for a detached signature.
 /*/
-sq_writer_stack_t sq_signer_new_detached (sq_context_t ctx,
+sq_writer_stack_t sq_signer_new_detached (sq_error_t *errp,
                                           sq_writer_stack_t inner,
                                           sq_tpk_t *signers,
                                           size_t signers_len);
@@ -1534,7 +1534,7 @@ sq_writer_stack_t sq_signer_new_detached (sq_context_t ctx,
 /// The body will be written using partial length encoding, or, if the
 /// body is short, using full length encoding.
 /*/
-sq_writer_stack_t sq_literal_writer_new (sq_context_t ctx,
+sq_writer_stack_t sq_literal_writer_new (sq_error_t *errp,
                                          sq_writer_stack_t inner);
 
 /*/
@@ -1572,7 +1572,7 @@ typedef enum sq_encryption_mode {
 /// The stream is encrypted using AES256, regardless of any key
 /// preferences.
 /*/
-sq_writer_stack_t sq_encryptor_new (sq_context_t ctx,
+sq_writer_stack_t sq_encryptor_new (sq_error_t *errp,
                                     sq_writer_stack_t inner,
                                     char **passwords,
                                     size_t passwords_len,
@@ -1643,13 +1643,13 @@ typedef sq_status_t (*sq_sequoia_decrypt_check_signatures_cb_t) (void *,
                                                                  sq_verification_results_t,
                                                                  size_t);
 
-sq_status_t sq_decrypt (sq_context_t ctx, sq_reader_t input, sq_writer_t output,
+sq_status_t sq_decrypt (sq_error_t *errp, sq_reader_t input, sq_writer_t output,
                         sq_sequoia_decrypt_get_public_keys_cb_t get_public_keys,
                         sq_sequoia_decrypt_get_secret_keys_cb_t get_secret_keys,
                         sq_sequoia_decrypt_check_signatures_cb_t check_signatures,
                         void *cookie);
 
-sq_status_t sq_verify (sq_context_t ctx,
+sq_status_t sq_verify (sq_error_t *errp,
                        sq_reader_t input, sq_reader_t dsig, sq_writer_t output,
                        sq_sequoia_decrypt_get_public_keys_cb_t get_public_keys,
                        sq_sequoia_decrypt_check_signatures_cb_t check_signatures,
diff --git a/ffi/src/core.rs b/ffi/src/core.rs
index 95faaee8..915dcffc 100644
--- a/ffi/src/core.rs
+++ b/ffi/src/core.rs
@@ -67,15 +67,6 @@ impl Context {
     pub(crate) fn errp(&mut self) -> &mut *mut failure::Error {
         &mut self.e
     }
-
-    pub(crate) fn set_error(&mut self, e: failure::Error) {
-        if ! self.e.is_null() {
-            unsafe {
-                drop(Box::from_raw(self.e));
-            }
-        }
-        self.e = box_raw!(e);
-    }
 }
 
 /// Returns the last error.
@@ -239,11 +230,10 @@ pub extern "system" fn sq_config_ephemeral(cfg: *mut Config) {
 
 /// Opens a file returning a reader.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_reader_from_file(ctx: *mut Context,
+pub extern "system" fn sq_reader_from_file(errp: Option<&mut *mut failure::Error>,
                                            filename: *const c_char)
                                            -> *mut Box<Read> {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let filename = ffi_param_cstr!(filename).to_string_lossy().into_owned();
     ffi_try_box!(File::open(Path::new(&filename))
              .map(|r| Box::new(r))
@@ -278,12 +268,11 @@ pub extern "system" fn sq_reader_free(reader: Option<&mut Box<Read>>) {
 
 /// Reads up to `len` bytes into `buf`.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_reader_read(ctx: *mut Context,
+pub extern "system" fn sq_reader_read(errp: Option<&mut *mut failure::Error>,
                                       reader: *mut Box<Read>,
                                       buf: *mut uint8_t, len: size_t)
                                       -> ssize_t {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let reader = ffi_param_ref_mut!(reader);
     assert!(!buf.is_null());
     let buf = unsafe {
@@ -298,11 +287,10 @@ pub extern "system" fn sq_reader_read(ctx: *mut Context,
 /// The file will be created if it does not exist, or be truncated
 /// otherwise.  If you need more control, use `sq_writer_from_fd`.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_writer_from_file(ctx: *mut Context,
+pub extern "system" fn sq_writer_from_file(errp: Option<&mut *mut failure::Error>,
                                            filename: *const c_char)
                                            -> *mut Box<Write> {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let filename = ffi_param_cstr!(filename).to_string_lossy().into_owned();
     ffi_try_box!(File::create(Path::new(&filename))
              .map(|r| Box::new(r))
@@ -391,12 +379,11 @@ pub extern "system" fn sq_writer_free(writer: Option<&mut Box<Write>>) {
 
 /// Writes up to `len` bytes of `buf` into `writer`.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_writer_write(ctx: *mut Context,
+pub extern "system" fn sq_writer_write(errp: Option<&mut *mut failure::Error>,
                                        writer: *mut Box<Write>,
                                        buf: *const uint8_t, len: size_t)
                                        -> ssize_t {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let writer = ffi_param_ref_mut!(writer);
     assert!(!buf.is_null());
     let buf = unsafe {
diff --git a/ffi/src/lib.rs b/ffi/src/lib.rs
index f7202cc7..2f5f3bbe 100644
--- a/ffi/src/lib.rs
+++ b/ffi/src/lib.rs
@@ -96,22 +96,13 @@
 //! #include <error.h>
 //!
 //! sq_error_t err;
-//! sq_context_t ctx;
 //! sq_tpk_t tpk;
 //!
-//! ctx = sq_context_new ("org.sequoia-pgp.example", &err);
-//! if (ctx == NULL)
-//!   error (1, 0, "Initializing sequoia failed: %s", sq_error_string (err));
-//!
-//! tpk = sq_tpk_from_file (ctx, "../openpgp/tests/data/keys/testy.pgp");
+//! tpk = sq_tpk_from_file (&err, "../openpgp/tests/data/keys/testy.pgp");
 //! if (tpk == NULL)
-//!    {
-//!      err = sq_context_last_error (ctx);
-//!      error (1, 0, "sq_tpk_from_bytes: %s", sq_error_string (err));
-//!    }
+//!   error (1, 0, "sq_tpk_from_bytes: %s", sq_error_string (err));
 //!
 //! sq_tpk_free (tpk);
-//! sq_context_free (ctx);
 //! ```
 
 #![warn(missing_docs)]
diff --git a/ffi/src/openpgp/armor.rs b/ffi/src/openpgp/armor.rs
index db6672d6..1a42c369 100644
--- a/ffi/src/openpgp/armor.rs
+++ b/ffi/src/openpgp/armor.rs
@@ -13,8 +13,6 @@ use libc::{self, uint8_t, c_char, c_int, size_t};
 extern crate sequoia_openpgp;
 use self::sequoia_openpgp::armor;
 
-use ::core::Context;
-
 /// Represents a (key, value) pair in an armor header.
 #[repr(C)]
 pub struct ArmorHeader {
@@ -74,7 +72,6 @@ fn kind_to_int(kind: Option<armor::Kind>) -> c_int {
 /// main (int argc, char **argv)
 /// {
 ///   sq_error_t err;
-///   sq_context_t ctx;
 ///   sq_reader_t bytes;
 ///   sq_reader_t armor;
 ///   sq_armor_kind_t kind;
@@ -82,21 +79,12 @@ fn kind_to_int(kind: Option<armor::Kind>) -> c_int {
 ///   sq_armor_header_t *header;
 ///   size_t header_len;
 ///
-///   ctx = sq_context_new ("org.sequoia-pgp.example", &err);
-///   if (ctx == NULL)
-///     error (1, 0, "Initializing sequoia failed: %s",
-///            sq_error_string (err));
-///
 ///   bytes = sq_reader_from_bytes ((uint8_t *) armored, strlen (armored));
 ///   armor = sq_armor_reader_new (bytes, SQ_ARMOR_KIND_ANY);
 ///
-///   header = sq_armor_reader_headers (ctx, armor, &header_len);
+///   header = sq_armor_reader_headers (&err, armor, &header_len);
 ///   if (header == NULL)
-///     {
-///       err = sq_context_last_error (ctx);
-///       error (1, 0, "Getting headers failed: %s",
-///              sq_error_string (err));
-///     }
+///     error (1, 0, "Getting headers failed: %s", sq_error_string (err));
 ///
 ///   assert (header_len == 2);
 ///   assert (strcmp (header[0].key, "Key0") == 0
@@ -113,18 +101,13 @@ fn kind_to_int(kind: Option<armor::Kind>) -> c_int {
 ///   kind = sq_armor_reader_kind (armor);
 ///   assert (kind == SQ_ARMOR_KIND_FILE);
 ///
-///   if (sq_reader_read (ctx, armor, (uint8_t *) message, 12) < 0)
-///     {
-///       err = sq_context_last_error (ctx);
-///       error (1, 0, "Reading failed: %s",
-///              sq_error_string (err));
-///     }
+///   if (sq_reader_read (&err, armor, (uint8_t *) message, 12) < 0)
+///     error (1, 0, "Reading failed: %s", sq_error_string (err));
 ///
 ///   assert (memcmp (message, "Hello world!", 12) == 0);
 ///
 ///   sq_reader_free (armor);
 ///   sq_reader_free (bytes);
-///   sq_context_free (ctx);
 ///   return 0;
 /// }
 /// ```
@@ -140,12 +123,11 @@ pub extern "system" fn sq_armor_reader_new(inner: *mut Box<Read>,
 
 /// Creates a `Reader` from a file.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_armor_reader_from_file(ctx: *mut Context,
+pub extern "system" fn sq_armor_reader_from_file(errp: Option<&mut *mut failure::Error>,
                                                  filename: *const c_char,
                                                  kind: c_int)
                                                  -> *mut Box<Read> {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let filename = ffi_param_cstr!(filename).to_string_lossy().into_owned();
     let kind = int_to_kind(kind);
 
@@ -210,12 +192,11 @@ pub extern "system" fn sq_armor_reader_kind(reader: *mut Box<Read>)
 ///
 ///   [this]: fn.sq_armor_reader_new.html
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_armor_reader_headers(ctx: *mut Context,
+pub extern "system" fn sq_armor_reader_headers(errp: Option<&mut *mut failure::Error>,
                                                reader: *mut Box<Read>,
                                                len: *mut size_t)
                                                -> *mut ArmorHeader {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let len = ffi_param_ref_mut!(len);
 
     // We need to downcast `reader`.  To do that, we need to do a
@@ -245,7 +226,9 @@ pub extern "system" fn sq_armor_reader_headers(ctx: *mut Context,
             buf
         },
         Err(e) => {
-            ctx.set_error(e);
+            if let Some(errp) = errp {
+                *errp = box_raw!(e);
+            }
             ptr::null_mut()
         },
     };
@@ -295,33 +278,21 @@ fn strdup(s: &str) -> *mut c_char {
 ///   sq_writer_t alloc;
 ///   sq_writer_t armor;
 ///   sq_error_t err;
-///   sq_context_t ctx;
+///
 ///   char *message = "Hello world!";
 ///   sq_armor_header_t header[2] = {
 ///     { "Key0", "Value0" },
 ///     { "Key1", "Value1" },
 ///   };
 ///
-///   ctx = sq_context_new ("org.sequoia-pgp.example", &err);
-///   if (ctx == NULL)
-///     error (1, 0, "Initializing sequoia failed: %s",
-///            sq_error_string (err));
-///
 ///   alloc = sq_writer_alloc (&buf, &len);
-///   armor = sq_armor_writer_new (ctx, alloc, SQ_ARMOR_KIND_FILE, header, 2);
+///   armor = sq_armor_writer_new (&err, alloc, SQ_ARMOR_KIND_FILE, header, 2);
 ///   if (armor == NULL)
-///     {
-///       err = sq_context_last_error (ctx);
-///       error (1, 0, "Creating armor writer failed: %s",
-///              sq_error_string (err));
-///     }
+///     error (1, 0, "Creating armor writer failed: %s", sq_error_string (err));
 ///
-///   if (sq_writer_write (ctx, armor, (uint8_t *) message, strlen (message)) < 0)
-///     {
-///       err = sq_context_last_error (ctx);
-///       error (1, 0, "Writing failed: %s",
-///              sq_error_string (err));
-///     }
+///   if (sq_writer_write (&err, armor, (uint8_t *) message, strlen (message)) < 0)
+///     error (1, 0, "Writing failed: %s", sq_error_string (err));
+//
 ///   sq_writer_free (armor);
 ///   sq_writer_free (alloc);
 ///
@@ -337,21 +308,19 @@ fn strdup(s: &str) -> *mut c_char {
 ///                   len) == 0);
 ///
 ///   free (buf);
-///   sq_context_free (ctx);
 ///   return 0;
 /// }
 /// ```
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_armor_writer_new
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      inner: *mut Box<Write>,
      kind: c_int,
      header: *const ArmorHeader,
      header_len: size_t)
      -> *mut Box<Write>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let inner = ffi_param_ref_mut!(inner);
     let kind = int_to_kind(kind).expect("KIND must not be SQ_ARMOR_KIND_ANY");
 
diff --git a/ffi/src/openpgp/crypto.rs b/ffi/src/openpgp/crypto.rs
index 0055d68f..5b695ec7 100644
--- a/ffi/src/openpgp/crypto.rs
+++ b/ffi/src/openpgp/crypto.rs
@@ -4,8 +4,6 @@
 //!
 //! [`sequoia-openpgp::crypto`]: ../../../sequoia_openpgp/crypto/index.html
 
-use ::core::Context;
-
 extern crate sequoia_openpgp;
 use self::sequoia_openpgp::{
     crypto,
@@ -23,11 +21,10 @@ pub extern "system" fn sq_signer_free
 /// Creates a new key pair.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_key_pair_new
-    (ctx: *mut Context, public: *mut Key, secret: *mut crypto::mpis::SecretKey)
+    (errp: Option<&mut *mut failure::Error>, public: *mut Key, secret: *mut crypto::mpis::SecretKey)
      -> *mut crypto::KeyPair
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let public = ffi_param_move!(public);
     let secret = ffi_param_move!(secret);
     ffi_try_box!(crypto::KeyPair::new(*public, *secret))
diff --git a/ffi/src/openpgp/mod.rs b/ffi/src/openpgp/mod.rs
index c679b1d4..c8f79665 100644
--- a/ffi/src/openpgp/mod.rs
+++ b/ffi/src/openpgp/mod.rs
@@ -48,7 +48,6 @@ use self::openpgp::constants::{
 };
 
 use super::error::Status;
-use super::core::Context;
 
 pub mod armor;
 pub mod crypto;
@@ -454,12 +453,11 @@ pub extern "system" fn sq_p_key_public_key_bits(key: *const packet::Key)
 ///
 /// Fails if the secret key is missing, or encrypted.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_p_key_into_key_pair(ctx: *mut Context,
+pub extern "system" fn sq_p_key_into_key_pair(errp: Option<&mut *mut failure::Error>,
                                               key: *mut packet::Key)
                                               -> *mut self::openpgp::crypto::KeyPair
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let key = ffi_param_move!(key);
     ffi_try_box!(key.into_keypair())
 }
@@ -509,7 +507,7 @@ pub extern "system" fn sq_user_attribute_value(ua: *const Packet,
 /// is not written to it.  Either way, `key_len` is set to the size of
 /// the session key.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_skesk_decrypt(ctx: *mut Context,
+pub extern "system" fn sq_skesk_decrypt(errp: Option<&mut *mut failure::Error>,
                                         skesk: *const Packet,
                                         password: *const uint8_t,
                                         password_len: size_t,
@@ -517,8 +515,7 @@ pub extern "system" fn sq_skesk_decrypt(ctx: *mut Context,
                                         key: *mut uint8_t,
                                         key_len: *mut size_t)
                                         -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let skesk = ffi_param_ref!(skesk);
     assert!(!password.is_null());
     let password = unsafe {
@@ -566,15 +563,14 @@ pub extern "system" fn sq_pkesk_recipient(pkesk: *const PKESK)
 /// is not written to it.  Either way, `key_len` is set to the size of
 /// the session key.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_pkesk_decrypt(ctx: *mut Context,
+pub extern "system" fn sq_pkesk_decrypt(errp: Option<&mut *mut failure::Error>,
                                         pkesk: *const PKESK,
                                         secret_key: *const packet::Key,
                                         algo: *mut uint8_t, // XXX
                                         key: *mut uint8_t,
                                         key_len: *mut size_t)
                                         -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let pkesk = ffi_param_ref!(pkesk);
     let secret_key = ffi_param_ref!(secret_key);
     let algo = ffi_param_ref_mut!(algo);
@@ -611,10 +607,9 @@ pub extern "system" fn sq_pkesk_decrypt(ctx: *mut Context,
 /// the stream.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_from_reader<'a>
-    (ctx: *mut Context, reader: *mut Box<'a + Read>)
+    (errp: Option<&mut *mut failure::Error>, reader: *mut Box<'a + Read>)
      -> *mut PacketParserResult<'a> {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let reader = ffi_param_ref_mut!(reader);
     ffi_try_box!(PacketParser::from_reader(reader))
 }
@@ -625,10 +620,9 @@ pub extern "system" fn sq_packet_parser_from_reader<'a>
 /// the stream.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_from_file
-    (ctx: *mut Context, filename: *const c_char)
+    (errp: Option<&mut *mut failure::Error>, filename: *const c_char)
      -> *mut PacketParserResult<'static> {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let filename = ffi_param_cstr!(filename).to_string_lossy().into_owned();
     ffi_try_box!(PacketParser::from_file(&filename))
 }
@@ -639,10 +633,9 @@ pub extern "system" fn sq_packet_parser_from_file
 /// the stream.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_from_bytes
-    (ctx: *mut Context, b: *const uint8_t, len: size_t)
+    (errp: Option<&mut *mut failure::Error>, b: *const uint8_t, len: size_t)
      -> *mut PacketParserResult<'static> {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     assert!(!b.is_null());
     let buf = unsafe {
         slice::from_raw_parts(b, len as usize)
@@ -773,13 +766,12 @@ pub extern "system" fn sq_packet_parser_recursion_depth
 /// Consumes the given packet parser.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_next<'a>
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      pp: *mut PacketParser<'a>,
      old_packet: Option<&mut *mut Packet>,
      ppr: Option<&mut *mut PacketParserResult<'a>>)
      -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let pp = ffi_param_move!(pp);
 
     match pp.next() {
@@ -818,13 +810,12 @@ pub extern "system" fn sq_packet_parser_next<'a>
 /// Consumes the given packet parser.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_recurse<'a>
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      pp: *mut PacketParser<'a>,
      old_packet: Option<&mut *mut Packet>,
      ppr: Option<&mut *mut PacketParserResult<'a>>)
      -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let pp = ffi_param_move!(pp);
 
     match pp.recurse() {
@@ -849,12 +840,11 @@ pub extern "system" fn sq_packet_parser_recurse<'a>
 /// content is small.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_buffer_unread_content<'a>
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      pp: *mut PacketParser<'a>,
      len: *mut usize)
      -> *const uint8_t {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let pp = ffi_param_ref_mut!(pp);
     let len = ffi_param_ref_mut!(len);
     let buf = ffi_try!(pp.buffer_unread_content());
@@ -868,12 +858,11 @@ pub extern "system" fn sq_packet_parser_buffer_unread_content<'a>
 /// `PacketParserBuild` to customize the default behavior.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_finish<'a>
-    (ctx: *mut Context, pp: *mut PacketParser<'a>,
+    (errp: Option<&mut *mut failure::Error>, pp: *mut PacketParser<'a>,
      packet: Option<&mut *const Packet>)
      -> Status
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let pp = ffi_param_ref_mut!(pp);
     match pp.finish() {
         Ok(p) => {
@@ -884,7 +873,9 @@ pub extern "system" fn sq_packet_parser_finish<'a>
         },
         Err(e) => {
             let status = Status::from(&e);
-            ctx.set_error(e);
+            if let Some(errp) = errp {
+                *errp = box_raw!(e);
+            }
             status
         },
     }
@@ -901,13 +892,12 @@ pub extern "system" fn sq_packet_parser_finish<'a>
 /// returns `Error::InvalidOperation`.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_packet_parser_decrypt<'a>
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      pp: *mut PacketParser<'a>,
      algo: uint8_t, // XXX
      key: *const uint8_t, key_len: size_t)
      -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let pp = ffi_param_ref_mut!(pp);
     let key = unsafe {
         slice::from_raw_parts(key, key_len as usize)
@@ -1024,13 +1014,12 @@ pub extern "system" fn sq_writer_stack_message
 /// Writes up to `len` bytes of `buf` into `writer`.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_writer_stack_write
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      writer: *mut writer::Stack<'static, Cookie>,
      buf: *const uint8_t, len: size_t)
      -> ssize_t
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let writer = ffi_param_ref_mut!(writer);
     assert!(!buf.is_null());
     let buf = unsafe {
@@ -1046,13 +1035,12 @@ pub extern "system" fn sq_writer_stack_write
 /// EINTR.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_writer_stack_write_all
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      writer: *mut writer::Stack<'static, Cookie>,
      buf: *const uint8_t, len: size_t)
      -> Status
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let writer = ffi_param_ref_mut!(writer);
     assert!(!buf.is_null());
     let buf = unsafe {
@@ -1064,12 +1052,11 @@ pub extern "system" fn sq_writer_stack_write_all
 /// Finalizes this writer, returning the underlying writer.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_writer_stack_finalize_one
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      writer: *mut writer::Stack<'static, Cookie>)
      -> *mut writer::Stack<'static, Cookie>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     if !writer.is_null() {
         let writer = ffi_param_move!(writer);
         maybe_box_raw!(ffi_try!(writer.finalize_one()))
@@ -1081,12 +1068,11 @@ pub extern "system" fn sq_writer_stack_finalize_one
 /// Finalizes all writers, tearing down the whole stack.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_writer_stack_finalize
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      writer: *mut writer::Stack<'static, Cookie>)
      -> Status
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     if !writer.is_null() {
         let writer = ffi_param_move!(writer);
         ffi_try_status!(writer.finalize())
@@ -1102,13 +1088,12 @@ pub extern "system" fn sq_writer_stack_finalize
 /// body is short, using full length encoding.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_arbitrary_writer_new
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      inner: *mut writer::Stack<'static, Cookie>,
      tag: uint8_t)
      -> *mut writer::Stack<'static, Cookie>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let inner = ffi_param_move!(inner);
     ffi_try_box!(ArbitraryWriter::new(*inner, tag.into()))
 }
@@ -1120,14 +1105,13 @@ pub extern "system" fn sq_arbitrary_writer_new
 /// writes a signature packet.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_signer_new
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      inner: *mut writer::Stack<'static, Cookie>,
      signers: *const *mut Box<self::openpgp::crypto::Signer>,
      signers_len: size_t)
      -> *mut writer::Stack<'static, Cookie>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let inner = ffi_param_move!(inner);
     let signers = ffi_param_ref!(signers);
     let signers = unsafe {
@@ -1145,14 +1129,13 @@ pub extern "system" fn sq_signer_new
 /// Creates a signer for a detached signature.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_signer_new_detached
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      inner: *mut writer::Stack<'static, Cookie>,
      signers: *const *mut Box<self::openpgp::crypto::Signer>,
      signers_len: size_t)
      -> *mut writer::Stack<'static, Cookie>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let inner = ffi_param_move!(inner);
     let signers = ffi_param_ref!(signers);
     let signers = unsafe {
@@ -1173,12 +1156,11 @@ pub extern "system" fn sq_signer_new_detached
 /// body is short, using full length encoding.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_literal_writer_new
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      inner: *mut writer::Stack<'static, Cookie>)
      -> *mut writer::Stack<'static, Cookie>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let inner = ffi_param_move!(inner);
     ffi_try_box!(LiteralWriter::new(*inner,
                                      DataFormat::Binary,
@@ -1196,15 +1178,14 @@ pub extern "system" fn sq_literal_writer_new
 /// preferences.
 #[::ffi_catch_abort] #[no_mangle]
 pub extern "system" fn sq_encryptor_new
-    (ctx: *mut Context,
+    (errp: Option<&mut *mut failure::Error>,
      inner: *mut writer::Stack<'static, Cookie>,
      passwords: Option<&*const c_char>, passwords_len: size_t,
      recipients: Option<&&TPK>, recipients_len: size_t,
      encryption_mode: uint8_t)
      -> *mut writer::Stack<'static, Cookie>
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let inner = ffi_param_move!(inner);
     let mut passwords_ = Vec::new();
     if passwords_len > 0 {
@@ -1513,7 +1494,7 @@ fn verify_real<'a>(input: &'a mut Box<'a + Read>,
 ///
 /// Note: output may be NULL, if the output is not required.
 #[::ffi_catch_abort] #[no_mangle]
-pub fn sq_verify<'a>(ctx: *mut Context,
+pub fn sq_verify<'a>(errp: Option<&mut *mut failure::Error>,
                      input: *mut Box<'a + Read>,
                      dsig: Option<&'a mut Box<'a + Read>>,
                      output: Option<&'a mut Box<'a + Write>>,
@@ -1522,8 +1503,7 @@ pub fn sq_verify<'a>(ctx: *mut Context,
                      cookie: *mut HelperCookie)
     -> Status
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let input = ffi_param_ref_mut!(input);
 
     let r = verify_real(input, dsig, output,
@@ -1637,7 +1617,7 @@ fn decrypt_real<'a>(input: &'a mut Box<'a + Read>,
 ///
 /// Note: all of the parameters are required; none may be NULL.
 #[::ffi_catch_abort] #[no_mangle]
-pub fn sq_decrypt<'a>(ctx: *mut Context,
+pub fn sq_decrypt<'a>(errp: Option<&mut *mut failure::Error>,
                       input: *mut Box<'a + Read>,
                       output: *mut Box<'a + Write>,
                       get_public_keys: GetPublicKeysCallback,
@@ -1646,8 +1626,7 @@ pub fn sq_decrypt<'a>(ctx: *mut Context,
                       cookie: *mut HelperCookie)
     -> Status
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let input = ffi_param_ref_mut!(input);
     let output = ffi_param_ref_mut!(output);
 
diff --git a/ffi/src/openpgp/packet_pile.rs b/ffi/src/openpgp/packet_pile.rs
index 139a4861..742c782cc 100644
--- a/ffi/src/openpgp/packet_pile.rs
+++ b/ffi/src/openpgp/packet_pile.rs
@@ -15,7 +15,6 @@ use self::sequoia_openpgp::{
     serialize::Serialize,
 };
 
-use ::core::Context;
 use ::error::Status;
 
 /// Deserializes the OpenPGP message stored in a `std::io::Read`
@@ -29,11 +28,10 @@ use ::error::Status;
 ///
 /// Note: this interface *does* buffer the contents of packets.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_packet_pile_from_reader(ctx: *mut Context,
+pub extern "system" fn sq_packet_pile_from_reader(errp: Option<&mut *mut failure::Error>,
                                                   reader: *mut Box<Read>)
                                                   -> *mut PacketPile {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let reader = ffi_param_ref_mut!(reader);
     ffi_try_box!(PacketPile::from_reader(reader))
 }
@@ -43,11 +41,10 @@ pub extern "system" fn sq_packet_pile_from_reader(ctx: *mut Context,
 ///
 /// See `sq_packet_pile_from_reader` for more details and caveats.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_packet_pile_from_file(ctx: *mut Context,
+pub extern "system" fn sq_packet_pile_from_file(errp: Option<&mut *mut failure::Error>,
                                                 filename: *const c_char)
                                                 -> *mut PacketPile {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let filename = ffi_param_cstr!(filename).to_string_lossy().into_owned();
     ffi_try_box!(PacketPile::from_file(&filename))
 }
@@ -56,11 +53,10 @@ pub extern "system" fn sq_packet_pile_from_file(ctx: *mut Context,
 ///
 /// See `sq_packet_pile_from_reader` for more details and caveats.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_packet_pile_from_bytes(ctx: *mut Context,
+pub extern "system" fn sq_packet_pile_from_bytes(errp: Option<&mut *mut failure::Error>,
                                                  b: *const uint8_t, len: size_t)
                                                  -> *mut PacketPile {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     assert!(!b.is_null());
     let buf = unsafe {
         slice::from_raw_parts(b, len as usize)
@@ -86,12 +82,11 @@ pub extern "system" fn sq_packet_pile_clone(packet_pile: *const PacketPile)
 
 /// Serializes the packet pile.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_packet_pile_serialize(ctx: *mut Context,
+pub extern "system" fn sq_packet_pile_serialize(errp: Option<&mut *mut failure::Error>,
                                                 packet_pile: *const PacketPile,
                                                 writer: *mut Box<Write>)
                                                 -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let packet_pile = ffi_param_ref!(packet_pile);
     let writer = ffi_param_ref_mut!(writer);
     ffi_try_status!(packet_pile.serialize(writer))
diff --git a/ffi/src/openpgp/tpk.rs b/ffi/src/openpgp/tpk.rs
index 0df7071f..e93827fe 100644
--- a/ffi/src/openpgp/tpk.rs
+++ b/ffi/src/openpgp/tpk.rs
@@ -34,27 +34,24 @@ use self::sequoia_openpgp::{
     },
 };
 
-use ::core::Context;
 use ::error::Status;
 
 /// Returns the first TPK encountered in the reader.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_from_reader(ctx: *mut Context,
+pub extern "system" fn sq_tpk_from_reader(errp: Option<&mut *mut failure::Error>,
                                           reader: *mut Box<Read>)
                                           -> *mut TPK {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let reader = ffi_param_ref_mut!(reader);
     ffi_try_box!(TPK::from_reader(reader))
 }
 
 /// Returns the first TPK encountered in the file.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_from_file(ctx: *mut Context,
+pub extern "system" fn sq_tpk_from_file(errp: Option<&mut *mut failure::Error>,
                                         filename: *const c_char)
                                         -> *mut TPK {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let filename = ffi_param_cstr!(filename).to_string_lossy().into_owned();
     ffi_try_box!(TPK::from_file(&filename))
 }
@@ -63,11 +60,10 @@ pub extern "system" fn sq_tpk_from_file(ctx: *mut Context,
 ///
 /// Consumes `m`.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_from_packet_pile(ctx: *mut Context,
+pub extern "system" fn sq_tpk_from_packet_pile(errp: Option<&mut *mut failure::Error>,
                                                m: *mut PacketPile)
                                                -> *mut TPK {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let m = ffi_param_move!(m);
     ffi_try_box!(TPK::from_packet_pile(*m))
 }
@@ -76,11 +72,10 @@ pub extern "system" fn sq_tpk_from_packet_pile(ctx: *mut Context,
 ///
 /// `buf` must be an OpenPGP-encoded TPK.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_from_bytes(ctx: *mut Context,
+pub extern "system" fn sq_tpk_from_bytes(errp: Option<&mut *mut failure::Error>,
                                          b: *const uint8_t, len: size_t)
                                          -> *mut TPK {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     assert!(!b.is_null());
     let buf = unsafe {
         slice::from_raw_parts(b, len as usize)
@@ -93,12 +88,11 @@ pub extern "system" fn sq_tpk_from_bytes(ctx: *mut Context,
 ///
 /// Consumes the packet parser result.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_from_packet_parser(ctx: *mut Context,
+pub extern "system" fn sq_tpk_from_packet_parser(errp: Option<&mut *mut failure::Error>,
                                                  ppr: *mut PacketParserResult)
     -> *mut TPK
 {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let ppr = ffi_param_move!(ppr);
 
     ffi_try_box!(TPK::from_packet_parser(*ppr))
@@ -130,12 +124,11 @@ pub extern "system" fn sq_tpk_equal(a: *const TPK,
 
 /// Serializes the TPK.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_serialize(ctx: *mut Context,
+pub extern "system" fn sq_tpk_serialize(errp: Option<&mut *mut failure::Error>,
                                         tpk: *const TPK,
                                         writer: *mut Box<Write>)
                                         -> Status {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let tpk = ffi_param_ref!(tpk);
     let writer = ffi_param_ref_mut!(writer);
     ffi_try_status!(tpk.serialize(writer))
@@ -148,12 +141,11 @@ pub extern "system" fn sq_tpk_serialize(ctx: *mut Context,
 ///
 /// Consumes `tpk` and `other`.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_merge(ctx: *mut Context,
+pub extern "system" fn sq_tpk_merge(errp: Option<&mut *mut failure::Error>,
                                     tpk: *mut TPK,
                                     other: *mut TPK)
                                     -> *mut TPK {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let tpk = ffi_param_move!(tpk);
     let other = ffi_param_move!(other);
     ffi_try_box!(tpk.merge(*other))
@@ -167,13 +159,12 @@ pub extern "system" fn sq_tpk_merge(ctx: *mut Context,
 /// Consumes `tpk` and the packets in `packets`.  The buffer, however,
 /// must be managed by the caller.
 #[::ffi_catch_abort] #[no_mangle]
-pub extern "system" fn sq_tpk_merge_packets(ctx: *mut Context,
+pub extern "system" fn sq_tpk_merge_packets(errp: Option<&mut *mut failure::Error>,
                                             tpk: *mut TPK,
                                             packets: *mut *mut Packet,
                                             packets_len: size_t)
                                             -> *mut TPK {
-    let ctx = ffi_param_ref_mut!(ctx);
-    ffi_make_fry_from_ctx!(ctx);
+    ffi_make_fry_from_errp!(errp);
     let tpk = ffi_param_move!(tpk);
     let packets = unsafe {
         slice::from_raw_parts_mut(packets, packets_len)
@@ -255,7 +246,6 @@ fn int_to_reason_for_revocation(code: c_int) -> ReasonForRevocation {
 /// #include <assert.h>
 /// #include <sequoia.h>
 ///
-/// sq_context_t ctx;
 /// sq_tpk_builder_t builder;
 /// sq_tpk_t tpk;
 /// sq_signature_t revocation;
@@ -263,21 +253,19 @@ fn int_to_reason_for_revocation(code: c_int) -> ReasonForRevocation {
 /// sq_key_pair_t primary_keypair;
 /// sq_signer_t primary_signer;
 ///
-/// ctx = sq_context_new ("org.sequoia-pgp.tests", NULL);
-///
 /// builder = sq_tpk_builder_default ();
 /// sq_tpk_builder_set_cipher_suite (&builder, SQ_TPK_CIPHER_SUITE_CV25519);
-/// sq_tpk_builder_generate (ctx, builder, &tpk, &revocation);
+/// sq_tpk_builder_generate (NULL, builder, &tpk, &revocation);
 /// assert (tpk);
 /// assert (revocation);
 /// sq_signature_free (revocation);    /* Free the generated one.  */
 ///
 /// primary_key = sq_p_key_clone (sq_tpk_primary (tpk));
 /// assert (primary_key);
-/// primary_keypair = sq_p_key_into_key_pair (ctx, primary_key);
+/// primary_keypair = sq_p_key_into_key_pair (NULL, primary_key);
 /// assert (primary_keypair);
 /// primary_signer = sq_key_p