code review 9736043: crypto/x509: harmonise error prefixes. (issue 9736043)

[a...@golang.org]

Reviewers: golang-dev1,

Message:
Hello golan...@googlegroups.com (cc: golan...@googlegroups.com),

I'd like you to review this change to
https://code.google.com/p/go/


Description:
crypto/x509: harmonise error prefixes.

crypto/x509 has ended up with a variety of error formats. This change
makes them all start with "crypto/x509: ".

Please review this at https://codereview.appspot.com/9736043/

Affected files:
M src/pkg/crypto/x509/pem_decrypt.go
M src/pkg/crypto/x509/pkcs1.go
M src/pkg/crypto/x509/verify.go
M src/pkg/crypto/x509/x509.go


Index: src/pkg/crypto/x509/pem_decrypt.go
===================================================================
--- a/src/pkg/crypto/x509/pem_decrypt.go
+++ b/src/pkg/crypto/x509/pem_decrypt.go
@@ -102,7 +102,7 @@
}

// IncorrectPasswordError is returned when an incorrect password is
detected.
-var IncorrectPasswordError = errors.New("x509: decryption password
incorrect")
+var IncorrectPasswordError = errors.New("crypto/x509: decryption password
incorrect")

// DecryptPEMBlock takes a password encrypted PEM block and the password
used to
// encrypt it and returns a slice of decrypted DER encoded bytes. It
inspects
@@ -112,25 +112,25 @@
func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error) {
dek, ok := b.Headers["DEK-Info"]
if !ok {
- return nil, errors.New("x509: no DEK-Info header in block")
+ return nil, errors.New("crypto/x509: no DEK-Info header in block")
}

idx := strings.Index(dek, ",")
if idx == -1 {
- return nil, errors.New("x509: malformed DEK-Info header")
+ return nil, errors.New("crypto/x509: malformed DEK-Info header")
}

mode, hexIV := dek[:idx], dek[idx+1:]
ciph := cipherByName(mode)
if ciph == nil {
- return nil, errors.New("x509: unknown encryption mode")
+ return nil, errors.New("crypto/x509: unknown encryption mode")
}
iv, err := hex.DecodeString(hexIV)
if err != nil {
return nil, err
}
if len(iv) != ciph.blockSize {
- return nil, errors.New("x509: incorrect IV size")
+ return nil, errors.New("crypto/x509: incorrect IV size")
}

// Based on the OpenSSL implementation. The salt is the first 8 bytes
@@ -153,7 +153,7 @@
// If we detect a bad padding, we assume it is an invalid password.
dlen := len(data)
if dlen == 0 || dlen%ciph.blockSize != 0 {
- return nil, errors.New("x509: invalid padding")
+ return nil, errors.New("crypto/x509: invalid padding")
}
last := int(data[dlen-1])
if dlen < last {
@@ -176,11 +176,11 @@
func EncryptPEMBlock(rand io.Reader, blockType string, data, password
[]byte, alg PEMCipher) (*pem.Block, error) {
ciph := cipherByKey(alg)
if ciph == nil {
- return nil, errors.New("x509: unknown encryption mode")
+ return nil, errors.New("crypto/x509: unknown encryption mode")
}
iv := make([]byte, ciph.blockSize)
if _, err := io.ReadFull(rand, iv); err != nil {
- return nil, errors.New("x509: cannot generate IV: " + err.Error())
+ return nil, errors.New("crypto/x509: cannot generate IV: " + err.Error())
}
// The salt is the first 8 bytes of the initialization vector,
// matching the key derivation in DecryptPEMBlock.
Index: src/pkg/crypto/x509/pkcs1.go
===================================================================
--- a/src/pkg/crypto/x509/pkcs1.go
+++ b/src/pkg/crypto/x509/pkcs1.go
@@ -48,11 +48,11 @@
}

if priv.Version > 1 {
- return nil, errors.New("x509: unsupported private key version")
+ return nil, errors.New("crypto/x509: unsupported private key version")
}

if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 ||
priv.Q.Sign() <= 0 {
- return nil, errors.New("private key contains zero or negative value")
+ return nil, errors.New("crypto/x509: private key contains zero or
negative value")
}

key = new(rsa.PrivateKey)
@@ -67,7 +67,7 @@
key.Primes[1] = priv.Q
for i, a := range priv.AdditionalPrimes {
if a.Prime.Sign() <= 0 {
- return nil, errors.New("private key contains zero or negative prime")
+ return nil, errors.New("crypto/x509: private key contains zero or
negative prime")
}
key.Primes[i+2] = a.Prime
// We ignore the other two values because rsa will calculate
Index: src/pkg/crypto/x509/verify.go
===================================================================
--- a/src/pkg/crypto/x509/verify.go
+++ b/src/pkg/crypto/x509/verify.go
@@ -44,17 +44,17 @@
func (e CertificateInvalidError) Error() string {
switch e.Reason {
case NotAuthorizedToSign:
- return "x509: certificate is not authorized to sign other certificates"
+ return "crypto/x509: certificate is not authorized to sign other
certificates"
case Expired:
- return "x509: certificate has expired or is not yet valid"
+ return "crypto/x509: certificate has expired or is not yet valid"
case CANotAuthorizedForThisName:
- return "x509: a root or intermediate certificate is not authorized to
sign in this domain"
+ return "crypto/x509: a root or intermediate certificate is not
authorized to sign in this domain"
case TooManyIntermediates:
- return "x509: too many intermediates for path length constraint"
+ return "crypto/x509: too many intermediates for path length constraint"
case IncompatibleUsage:
- return "x509: certificate specifies an incompatible key usage"
+ return "crypto/x509: certificate specifies an incompatible key usage"
}
- return "x509: unknown error"
+ return "crypto/x509: unknown error"
}

// HostnameError results when the set of authorized names doesn't match the
@@ -71,7 +71,7 @@
if ip := net.ParseIP(h.Host); ip != nil {
// Trying to validate an IP
if len(c.IPAddresses) == 0 {
- return "x509: cannot validate certificate for " + h.Host + " because it
doesn't contain any IP SANs"
+ return "crypto/x509: cannot validate certificate for " + h.Host + "
because it doesn't contain any IP SANs"
}
for _, san := range c.IPAddresses {
if len(valid) > 0 {
@@ -86,7 +86,7 @@
valid = c.Subject.CommonName
}
}
- return "x509: certificate is valid for " + valid + ", not " + h.Host
+ return "crypto/x509: certificate is valid for " + valid + ", not " +
h.Host
}

// UnknownAuthorityError results when the certificate issuer is unknown
@@ -101,7 +101,7 @@
}

func (e UnknownAuthorityError) Error() string {
- s := "x509: certificate signed by unknown authority"
+ s := "crypto/x509: certificate signed by unknown authority"
if e.hintErr != nil {
certName := e.hintCert.Subject.CommonName
if len(certName) == 0 {
@@ -120,7 +120,7 @@
}

func (e SystemRootsError) Error() string {
- return "x509: failed to load system roots and no roots provided"
+ return "crypto/x509: failed to load system roots and no roots provided"
}

// VerifyOptions contains parameters for Certificate.Verify. It's a
structure
Index: src/pkg/crypto/x509/x509.go
===================================================================
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -40,7 +40,7 @@
}
algo := getPublicKeyAlgorithmFromOID(pki.Algorithm.Algorithm)
if algo == UnknownPublicKeyAlgorithm {
- return nil, errors.New("ParsePKIXPublicKey: unknown public key
algorithm")
+ return nil, errors.New("crypto/x509: unknown public key algorithm")
}
return parsePublicKey(algo, &pki)
}
@@ -56,7 +56,7 @@
E: pub.E,
})
default:
- return nil, errors.New("MarshalPKIXPublicKey: unknown public key type")
+ return nil, errors.New("crypto/x509: unknown public key type")
}

pkix := pkixPublicKey{
@@ -604,10 +604,10 @@
return err
}
if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 {
- return errors.New("DSA signature contained zero or negative values")
+ return errors.New("crypto/x509: DSA signature contained zero or
negative values")
}
if !dsa.Verify(pub, digest, dsaSig.R, dsaSig.S) {
- return errors.New("DSA verification failure")
+ return errors.New("crypto/x509: DSA verification failure")
}
return
case *ecdsa.PublicKey:
@@ -635,7 +635,7 @@
type UnhandledCriticalExtension struct{}

func (h UnhandledCriticalExtension) Error() string {
- return "unhandled critical extension"
+ return "crypto/x509: unhandled critical extension"
}

type basicConstraints struct {
@@ -670,10 +670,10 @@
}

if p.N.Sign() <= 0 {
- return nil, errors.New("x509: RSA modulus is not a positive number")
+ return nil, errors.New("crypto/x509: RSA modulus is not a positive
number")
}
if p.E <= 0 {
- return nil, errors.New("x509: RSA public exponent is not a positive
number")
+ return nil, errors.New("crypto/x509: RSA public exponent is not a
positive number")
}

pub := &rsa.PublicKey{
@@ -694,7 +694,7 @@
return nil, err
}
if p.Sign() <= 0 || params.P.Sign() <= 0 || params.Q.Sign() <= 0 ||
params.G.Sign() <= 0 {
- return nil, errors.New("zero or negative DSA parameter")
+ return nil, errors.New("crypto/x509: zero or negative DSA parameter")
}
pub := &dsa.PublicKey{
Parameters: dsa.Parameters{
@@ -752,7 +752,7 @@
}

if in.TBSCertificate.SerialNumber.Sign() < 0 {
- return nil, errors.New("negative serial number")
+ return nil, errors.New("crypto/x509: negative serial number")
}

out.Version = in.TBSCertificate.Version + 1
@@ -848,7 +848,7 @@
case net.IPv4len, net.IPv6len:
out.IPAddresses = append(out.IPAddresses, v.Bytes)
default:
- return nil, errors.New("x509: certificate contained IP address of
length " + strconv.Itoa(len(v.Bytes)))
+ return nil, errors.New("crypto/x509: certificate contained IP
address of length " + strconv.Itoa(len(v.Bytes)))
}
}
}
@@ -1189,7 +1189,7 @@
case *ecdsa.PublicKey:
oid, ok := oidFromNamedCurve(pub.Curve)
if !ok {
- return nil, errors.New("x509: unknown elliptic curve")
+ return nil, errors.New("crypto/x509: unknown elliptic curve")
}
publicKeyAlgorithm.Algorithm = oidPublicKeyECDSA
var paramBytes []byte
@@ -1200,7 +1200,7 @@
publicKeyAlgorithm.Parameters.FullBytes = paramBytes
publicKeyBytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
default:
- return nil, errors.New("x509: only RSA and ECDSA public keys supported")
+ return nil, errors.New("crypto/x509: only RSA and ECDSA public keys
supported")
}

var signatureAlgorithm pkix.AlgorithmIdentifier
@@ -1222,10 +1222,10 @@
hashFunc = crypto.SHA512
signatureAlgorithm.Algorithm = oidSignatureECDSAWithSHA512
default:
- return nil, errors.New("x509: unknown elliptic curve")
+ return nil, errors.New("crypto/x509: unknown elliptic curve")
}
default:
- return nil, errors.New("x509: only RSA and ECDSA private keys supported")
+ return nil, errors.New("crypto/x509: only RSA and ECDSA private keys
supported")
}

if err != nil {
@@ -1339,7 +1339,7 @@
func (c *Certificate) CreateCRL(rand io.Reader, priv interface{},
revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes
[]byte, err error) {
rsaPriv, ok := priv.(*rsa.PrivateKey)
if !ok {
- return nil, errors.New("x509: non-RSA private keys not supported")
+ return nil, errors.New("crypto/x509: non-RSA private keys not supported")
}
tbsCertList := pkix.TBSCertificateList{
Version: 2,

[a...@golang.org]

(cc'ing r, since I'm not sure whether "crypto/x509" is a better prefix
than "x509".)

https://codereview.appspot.com/9736043/

[r...@golang.org]

LGtm
i prefer x509, so change it if you like, but either is ok.


https://codereview.appspot.com/9736043/

[a...@golang.org]

Have switched everything to "x509: ". Thanks.

https://codereview.appspot.com/9736043/

[a...@golang.org]

*** Submitted as
https://code.google.com/p/go/source/detail?r=5993bd419cf0 ***

crypto/x509: harmonise error prefixes.

crypto/x509 has ended up with a variety of error formats. This change

makes them all start with "x509: ".

R=golang-dev, r
CC=golang-dev
https://codereview.appspot.com/9736043


https://codereview.appspot.com/9736043/