From 9383d4be92981a4c956c775479bb48b7eec9db79 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 9 May 2020 14:52:07 -0700 Subject: crypto: improve errors ErrKeyLock: Rename to ErrMlockUlimit for clarity. ErrGetrandomFail: ErrKeyAlloc: ErrKeyFree: ErrNegativeLength: Replace these with one-off unnamed errors because these were all returned in only one place and were never checked for. Also these were all either wrapped backwards or discarded an underlying error, so fix that too. --- cmd/fscrypt/errors.go | 2 +- crypto/crypto.go | 10 +++------- crypto/crypto_test.go | 2 +- crypto/key.go | 10 +++++----- crypto/rand.go | 7 +++---- 5 files changed, 13 insertions(+), 18 deletions(-) diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index 3e5beed..f4f3ddb 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -92,7 +92,7 @@ func getErrorSuggestions(err error) string { switch errors.Cause(err) { case filesystem.ErrNotSetup: return fmt.Sprintf(`Run "fscrypt setup %s" to use fscrypt on this filesystem.`, mountpointArg) - case crypto.ErrKeyLock: + case crypto.ErrMlockUlimit: return `Too much memory was requested to be locked in RAM. The current limit for this user can be checked with "ulimit -l". The limit can be modified by either changing the diff --git a/crypto/crypto.go b/crypto/crypto.go index 9a138d0..1f64b38 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -50,13 +50,9 @@ import ( // Crypto error values var ( - ErrBadAuth = errors.New("key authentication check failed") - ErrNegativeLength = errors.New("keys cannot have negative lengths") - ErrRecoveryCode = errors.New("invalid recovery code") - ErrGetrandomFail = util.SystemError("getrandom() failed") - ErrKeyAlloc = util.SystemError("could not allocate memory for key") - ErrKeyFree = util.SystemError("could not free memory of key") - ErrKeyLock = errors.New("could not lock key in memory") + ErrBadAuth = errors.New("key authentication check failed") + ErrRecoveryCode = errors.New("invalid recovery code") + ErrMlockUlimit = errors.New("could not lock key in memory") ) // panicInputLength panics if "name" has invalid length (expected != actual) diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index 6eb0b02..10b3d17 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -257,7 +257,7 @@ func TestBigKeyGen(t *testing.T) { case nil: key.Wipe() return - case ErrKeyLock: + case ErrMlockUlimit: // Don't fail just because "ulimit -l" is too low. return default: diff --git a/crypto/key.go b/crypto/key.go index 77adc95..2e57443 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -98,7 +98,7 @@ func NewBlankKey(length int) (*Key, error) { if length == 0 { return &Key{data: nil}, nil } else if length < 0 { - return nil, errors.Wrapf(ErrNegativeLength, "length of %d requested", length) + return nil, errors.Errorf("requested key length %d is negative", length) } flags := keyMmapFlags @@ -109,11 +109,11 @@ func NewBlankKey(length int) (*Key, error) { // See MAP_ANONYMOUS in http://man7.org/linux/man-pages/man2/mmap.2.html data, err := unix.Mmap(-1, 0, length, keyProtection, flags) if err == unix.EAGAIN { - return nil, ErrKeyLock + return nil, ErrMlockUlimit } if err != nil { - log.Printf("unix.Mmap() with length=%d failed: %v", length, err) - return nil, ErrKeyAlloc + return nil, errors.Wrapf(err, + "failed to allocate (mmap) key buffer of length %d", length) } key := &Key{data: data} @@ -139,7 +139,7 @@ func (key *Key) Wipe() error { if err := unix.Munmap(data); err != nil { log.Printf("unix.Munmap() failed: %v", err) - return ErrKeyFree + return errors.Wrapf(err, "failed to free (munmap) key buffer") } } return nil diff --git a/crypto/rand.go b/crypto/rand.go index 4d8c044..7d1e55b 100644 --- a/crypto/rand.go +++ b/crypto/rand.go @@ -90,10 +90,9 @@ func (r randReader) Read(buffer []byte) (int, error) { case nil: return n, nil case unix.EAGAIN: - return 0, errors.Wrap(ErrGetrandomFail, "insufficient entropy in pool") + err = errors.New("insufficient entropy in pool") case unix.ENOSYS: - return 0, errors.Wrap(ErrGetrandomFail, "kernel must be v3.17 or later") - default: - return 0, errors.Wrap(ErrGetrandomFail, err.Error()) + err = errors.New("kernel must be v3.17 or later") } + return 0, errors.Wrap(err, "getrandom() failed") } -- cgit v1.2.3