diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:52:07 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:21:31 -0700 |
| commit | 9383d4be92981a4c956c775479bb48b7eec9db79 (patch) | |
| tree | 2a075cdaf2ae2dbda1d74e92ea1d97ac6515feed /crypto | |
| parent | 209a2d1419ea575fd316bd9975fb63e40cce7a77 (diff) | |
crypto: improve errors
ErrKeyLock:
Rename to ErrMlockUlimit for clarity.
ErrGetrandomFail:
ErrKeyAlloc:
ErrKeyFree:
ErrNegativeLength:
Replace these with one-off unnamed errors because these were all
returned in only one place and were never checked for. Also
these were all either wrapped backwards or discarded an
underlying error, so fix that too.
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/crypto.go | 10 | ||||
| -rw-r--r-- | crypto/crypto_test.go | 2 | ||||
| -rw-r--r-- | crypto/key.go | 10 | ||||
| -rw-r--r-- | crypto/rand.go | 7 |
4 files changed, 12 insertions, 17 deletions
diff --git a/crypto/crypto.go b/crypto/crypto.go index 9a138d0..1f64b38 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -50,13 +50,9 @@ import ( // Crypto error values var ( - ErrBadAuth = errors.New("key authentication check failed") - ErrNegativeLength = errors.New("keys cannot have negative lengths") - ErrRecoveryCode = errors.New("invalid recovery code") - ErrGetrandomFail = util.SystemError("getrandom() failed") - ErrKeyAlloc = util.SystemError("could not allocate memory for key") - ErrKeyFree = util.SystemError("could not free memory of key") - ErrKeyLock = errors.New("could not lock key in memory") + ErrBadAuth = errors.New("key authentication check failed") + ErrRecoveryCode = errors.New("invalid recovery code") + ErrMlockUlimit = errors.New("could not lock key in memory") ) // panicInputLength panics if "name" has invalid length (expected != actual) diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index 6eb0b02..10b3d17 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -257,7 +257,7 @@ func TestBigKeyGen(t *testing.T) { case nil: key.Wipe() return - case ErrKeyLock: + case ErrMlockUlimit: // Don't fail just because "ulimit -l" is too low. return default: diff --git a/crypto/key.go b/crypto/key.go index 77adc95..2e57443 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -98,7 +98,7 @@ func NewBlankKey(length int) (*Key, error) { if length == 0 { return &Key{data: nil}, nil } else if length < 0 { - return nil, errors.Wrapf(ErrNegativeLength, "length of %d requested", length) + return nil, errors.Errorf("requested key length %d is negative", length) } flags := keyMmapFlags @@ -109,11 +109,11 @@ func NewBlankKey(length int) (*Key, error) { // See MAP_ANONYMOUS in http://man7.org/linux/man-pages/man2/mmap.2.html data, err := unix.Mmap(-1, 0, length, keyProtection, flags) if err == unix.EAGAIN { - return nil, ErrKeyLock + return nil, ErrMlockUlimit } if err != nil { - log.Printf("unix.Mmap() with length=%d failed: %v", length, err) - return nil, ErrKeyAlloc + return nil, errors.Wrapf(err, + "failed to allocate (mmap) key buffer of length %d", length) } key := &Key{data: data} @@ -139,7 +139,7 @@ func (key *Key) Wipe() error { if err := unix.Munmap(data); err != nil { log.Printf("unix.Munmap() failed: %v", err) - return ErrKeyFree + return errors.Wrapf(err, "failed to free (munmap) key buffer") } } return nil diff --git a/crypto/rand.go b/crypto/rand.go index 4d8c044..7d1e55b 100644 --- a/crypto/rand.go +++ b/crypto/rand.go @@ -90,10 +90,9 @@ func (r randReader) Read(buffer []byte) (int, error) { case nil: return n, nil case unix.EAGAIN: - return 0, errors.Wrap(ErrGetrandomFail, "insufficient entropy in pool") + err = errors.New("insufficient entropy in pool") case unix.ENOSYS: - return 0, errors.Wrap(ErrGetrandomFail, "kernel must be v3.17 or later") - default: - return 0, errors.Wrap(ErrGetrandomFail, err.Error()) + err = errors.New("kernel must be v3.17 or later") } + return 0, errors.Wrap(err, "getrandom() failed") } |