crypto/x509: harmonise error prefixes.

crypto/x509 has ended up with a variety of error formats. This change makes them all start with "x509: ".

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/9736043

diff --git a/src/pkg/crypto/x509/pkcs1.go b/src/pkg/crypto/x509/pkcs1.go
index 873d3966eb55cf51488d2e14ec6013d17ccda157..acebe3513981aaad060a1d8816c8f2ad93262f03 100644 (file)
--- a/src/pkg/crypto/x509/pkcs1.go
+++ b/src/pkg/crypto/x509/pkcs1.go
@@ -52,7 +52,7 @@ func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error) {
        }
 
        if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 || priv.Q.Sign() <= 0 {
-               return nil, errors.New("private key contains zero or negative value")
+               return nil, errors.New("x509: private key contains zero or negative value")
        }
 
        key = new(rsa.PrivateKey)
@@ -67,7 +67,7 @@ func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error) {
        key.Primes[1] = priv.Q
        for i, a := range priv.AdditionalPrimes {
                if a.Prime.Sign() <= 0 {
-                       return nil, errors.New("private key contains zero or negative prime")
+                       return nil, errors.New("x509: private key contains zero or negative prime")
                }
                key.Primes[i+2] = a.Prime
                // We ignore the other two values because rsa will calculate

diff --git a/src/pkg/crypto/x509/pkcs8.go b/src/pkg/crypto/x509/pkcs8.go
index 8e1585e15cc840571c634e9f14c0b300d9cf50a9..ba19989cba1311bf9efac6b6f259efcf41181d04 100644 (file)
--- a/src/pkg/crypto/x509/pkcs8.go
+++ b/src/pkg/crypto/x509/pkcs8.go
@@ -32,7 +32,7 @@ func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
        case privKey.Algo.Algorithm.Equal(oidPublicKeyRSA):
                key, err = ParsePKCS1PrivateKey(privKey.PrivateKey)
                if err != nil {
-                       return nil, errors.New("crypto/x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error())
+                       return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error())
                }
                return key, nil
 
@@ -44,11 +44,11 @@ func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
                }
                key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey)
                if err != nil {
-                       return nil, errors.New("crypto/x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
+                       return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
                }
                return key, nil
 
        default:
-               return nil, fmt.Errorf("crypto/x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm)
+               return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm)
        }
 }

diff --git a/src/pkg/crypto/x509/sec1.go b/src/pkg/crypto/x509/sec1.go
index 8a2840fbef57068c3f93500437d64da440878866..3a0e29a03e3dbf45ca552164e1eb36480e9464ab 100644 (file)
--- a/src/pkg/crypto/x509/sec1.go
+++ b/src/pkg/crypto/x509/sec1.go
@@ -40,10 +40,10 @@ func ParseECPrivateKey(der []byte) (key *ecdsa.PrivateKey, err error) {
 func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
        var privKey ecPrivateKey
        if _, err := asn1.Unmarshal(der, &privKey); err != nil {
-               return nil, errors.New("crypto/x509: failed to parse EC private key: " + err.Error())
+               return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
        }
        if privKey.Version != ecPrivKeyVersion {
-               return nil, fmt.Errorf("crypto/x509: unknown EC private key version %d", privKey.Version)
+               return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
        }
 
        var curve elliptic.Curve
@@ -53,12 +53,12 @@ func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *e
                curve = namedCurveFromOID(privKey.NamedCurveOID)
        }
        if curve == nil {
-               return nil, errors.New("crypto/x509: unknown elliptic curve")
+               return nil, errors.New("x509: unknown elliptic curve")
        }
 
        k := new(big.Int).SetBytes(privKey.PrivateKey)
        if k.Cmp(curve.Params().N) >= 0 {
-               return nil, errors.New("crypto/x509: invalid elliptic curve private key value")
+               return nil, errors.New("x509: invalid elliptic curve private key value")
        }
        priv := new(ecdsa.PrivateKey)
        priv.Curve = curve

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 4dfea2c9499312d1b408eed75ef77bcdc5d36d92..d789e5c5602b95003ceae61b45ced51f712b6c9d 100644 (file)
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -40,7 +40,7 @@ func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) {
        }
        algo := getPublicKeyAlgorithmFromOID(pki.Algorithm.Algorithm)
        if algo == UnknownPublicKeyAlgorithm {
-               return nil, errors.New("ParsePKIXPublicKey: unknown public key algorithm")
+               return nil, errors.New("x509: unknown public key algorithm")
        }
        return parsePublicKey(algo, &pki)
 }
@@ -56,7 +56,7 @@ func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) {
                        E: pub.E,
                })
        default:
-               return nil, errors.New("MarshalPKIXPublicKey: unknown public key type")
+               return nil, errors.New("x509: unknown public key type")
        }
 
        pkix := pkixPublicKey{
@@ -477,7 +477,7 @@ type Certificate struct {
 
 // ErrUnsupportedAlgorithm results from attempting to perform an operation that
 // involves algorithms that are not currently implemented.
-var ErrUnsupportedAlgorithm = errors.New("crypto/x509: cannot verify signature: algorithm unimplemented")
+var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented")
 
 // ConstraintViolationError results when a requested usage is not permitted by
 // a certificate. For example: checking a signature when the public key isn't a
@@ -485,7 +485,7 @@ var ErrUnsupportedAlgorithm = errors.New("crypto/x509: cannot verify signature:
 type ConstraintViolationError struct{}
 
 func (ConstraintViolationError) Error() string {
-       return "crypto/x509: invalid signature: parent certificate cannot sign this kind of certificate"
+       return "x509: invalid signature: parent certificate cannot sign this kind of certificate"
 }
 
 func (c *Certificate) Equal(other *Certificate) bool {
@@ -604,10 +604,10 @@ func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature
                        return err
                }
                if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 {
-                       return errors.New("DSA signature contained zero or negative values")
+                       return errors.New("x509: DSA signature contained zero or negative values")
                }
                if !dsa.Verify(pub, digest, dsaSig.R, dsaSig.S) {
-                       return errors.New("DSA verification failure")
+                       return errors.New("x509: DSA verification failure")
                }
                return
        case *ecdsa.PublicKey:
@@ -616,10 +616,10 @@ func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature
                        return err
                }
                if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-                       return errors.New("crypto/x509: ECDSA signature contained zero or negative values")
+                       return errors.New("x509: ECDSA signature contained zero or negative values")
                }
                if !ecdsa.Verify(pub, digest, ecdsaSig.R, ecdsaSig.S) {
-                       return errors.New("crypto/x509: ECDSA verification failure")
+                       return errors.New("x509: ECDSA verification failure")
                }
                return
        }
@@ -635,7 +635,7 @@ func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) (err error) {
 type UnhandledCriticalExtension struct{}
 
 func (h UnhandledCriticalExtension) Error() string {
-       return "unhandled critical extension"
+       return "x509: unhandled critical extension"
 }
 
 type basicConstraints struct {
@@ -694,7 +694,7 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{
                        return nil, err
                }
                if p.Sign() <= 0 || params.P.Sign() <= 0 || params.Q.Sign() <= 0 || params.G.Sign() <= 0 {
-                       return nil, errors.New("zero or negative DSA parameter")
+                       return nil, errors.New("x509: zero or negative DSA parameter")
                }
                pub := &dsa.PublicKey{
                        Parameters: dsa.Parameters{
@@ -714,11 +714,11 @@ func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{
                }
                namedCurve := namedCurveFromOID(*namedCurveOID)
                if namedCurve == nil {
-                       return nil, errors.New("crypto/x509: unsupported elliptic curve")
+                       return nil, errors.New("x509: unsupported elliptic curve")
                }
                x, y := elliptic.Unmarshal(namedCurve, asn1Data)
                if x == nil {
-                       return nil, errors.New("crypto/x509: failed to unmarshal elliptic curve point")
+                       return nil, errors.New("x509: failed to unmarshal elliptic curve point")
                }
                pub := &ecdsa.PublicKey{
                        Curve: namedCurve,
@@ -752,7 +752,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
        }
 
        if in.TBSCertificate.SerialNumber.Sign() < 0 {
-               return nil, errors.New("negative serial number")
+               return nil, errors.New("x509: negative serial number")
        }
 
        out.Version = in.TBSCertificate.Version + 1