aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2020-05-09 14:52:07 -0700
committerEric Biggers <ebiggers@google.com>2020-05-09 15:21:31 -0700
commit9383d4be92981a4c956c775479bb48b7eec9db79 (patch)
tree2a075cdaf2ae2dbda1d74e92ea1d97ac6515feed
parent209a2d1419ea575fd316bd9975fb63e40cce7a77 (diff)
crypto: improve errors
ErrKeyLock: Rename to ErrMlockUlimit for clarity. ErrGetrandomFail: ErrKeyAlloc: ErrKeyFree: ErrNegativeLength: Replace these with one-off unnamed errors because these were all returned in only one place and were never checked for. Also these were all either wrapped backwards or discarded an underlying error, so fix that too.
Diffstat
-rw-r--r--cmd/fscrypt/errors.go2
-rw-r--r--crypto/crypto.go10
-rw-r--r--crypto/crypto_test.go2
-rw-r--r--crypto/key.go10
-rw-r--r--crypto/rand.go7
5 files changed, 13 insertions, 18 deletions
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go
index 3e5beed..f4f3ddb 100644
--- a/cmd/fscrypt/errors.go
+++ b/cmd/fscrypt/errors.go
@@ -92,7 +92,7 @@ func getErrorSuggestions(err error) string {
switch errors.Cause(err) {
case filesystem.ErrNotSetup:
return fmt.Sprintf(`Run "fscrypt setup %s" to use fscrypt on this filesystem.`, mountpointArg)
- case crypto.ErrKeyLock:
+ case crypto.ErrMlockUlimit:
return `Too much memory was requested to be locked in RAM. The
current limit for this user can be checked with "ulimit
-l". The limit can be modified by either changing the
diff --git a/crypto/crypto.go b/crypto/crypto.go
index 9a138d0..1f64b38 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -50,13 +50,9 @@ import (
// Crypto error values
var (
- ErrBadAuth = errors.New("key authentication check failed")
- ErrNegativeLength = errors.New("keys cannot have negative lengths")
- ErrRecoveryCode = errors.New("invalid recovery code")
- ErrGetrandomFail = util.SystemError("getrandom() failed")
- ErrKeyAlloc = util.SystemError("could not allocate memory for key")
- ErrKeyFree = util.SystemError("could not free memory of key")
- ErrKeyLock = errors.New("could not lock key in memory")
+ ErrBadAuth = errors.New("key authentication check failed")
+ ErrRecoveryCode = errors.New("invalid recovery code")
+ ErrMlockUlimit = errors.New("could not lock key in memory")
)
// panicInputLength panics if "name" has invalid length (expected != actual)
diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index 6eb0b02..10b3d17 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -257,7 +257,7 @@ func TestBigKeyGen(t *testing.T) {
case nil:
key.Wipe()
return
- case ErrKeyLock:
+ case ErrMlockUlimit:
// Don't fail just because "ulimit -l" is too low.
return
default:
diff --git a/crypto/key.go b/crypto/key.go
index 77adc95..2e57443 100644
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -98,7 +98,7 @@ func NewBlankKey(length int) (*Key, error) {
if length == 0 {
return &Key{data: nil}, nil
} else if length < 0 {
- return nil, errors.Wrapf(ErrNegativeLength, "length of %d requested", length)
+ return nil, errors.Errorf("requested key length %d is negative", length)
}
flags := keyMmapFlags
@@ -109,11 +109,11 @@ func NewBlankKey(length int) (*Key, error) {
// See MAP_ANONYMOUS in http://man7.org/linux/man-pages/man2/mmap.2.html
data, err := unix.Mmap(-1, 0, length, keyProtection, flags)
if err == unix.EAGAIN {
- return nil, ErrKeyLock
+ return nil, ErrMlockUlimit
}
if err != nil {
- log.Printf("unix.Mmap() with length=%d failed: %v", length, err)
- return nil, ErrKeyAlloc
+ return nil, errors.Wrapf(err,
+ "failed to allocate (mmap) key buffer of length %d", length)
}
key := &Key{data: data}
@@ -139,7 +139,7 @@ func (key *Key) Wipe() error {
if err := unix.Munmap(data); err != nil {
log.Printf("unix.Munmap() failed: %v", err)
- return ErrKeyFree
+ return errors.Wrapf(err, "failed to free (munmap) key buffer")
}
}
return nil
diff --git a/crypto/rand.go b/crypto/rand.go
index 4d8c044..7d1e55b 100644
--- a/crypto/rand.go
+++ b/crypto/rand.go
@@ -90,10 +90,9 @@ func (r randReader) Read(buffer []byte) (int, error) {
case nil:
return n, nil
case unix.EAGAIN:
- return 0, errors.Wrap(ErrGetrandomFail, "insufficient entropy in pool")
+ err = errors.New("insufficient entropy in pool")
case unix.ENOSYS:
- return 0, errors.Wrap(ErrGetrandomFail, "kernel must be v3.17 or later")
- default:
- return 0, errors.Wrap(ErrGetrandomFail, err.Error())
+ err = errors.New("kernel must be v3.17 or later")
}
+ return 0, errors.Wrap(err, "getrandom() failed")
}
generated by cgit v1.3 (git 2.53.0) at 2026-05-10 23:46:10 +0000