diff --git a/blockcipher/blockcipher.go b/blockcipher/blockcipher.go index 4aa6eb9..0c485d5 100644 --- a/blockcipher/blockcipher.go +++ b/blockcipher/blockcipher.go @@ -17,10 +17,11 @@ package blockcipher import ( + "errors" + "fmt" "io" "github.com/opencontainers/go-digest" - "github.com/pkg/errors" ) // LayerCipherType is the ciphertype as specified in the layer metadata @@ -129,7 +130,7 @@ func (h *LayerBlockCipherHandler) Encrypt(plainDataReader io.Reader, typ LayerCi } return encDataReader, fin, err } - return nil, nil, errors.Errorf("unsupported cipher type: %s", typ) + return nil, nil, fmt.Errorf("unsupported cipher type: %s", typ) } // Decrypt is the handler for the layer decryption routine @@ -141,7 +142,7 @@ func (h *LayerBlockCipherHandler) Decrypt(encDataReader io.Reader, opt LayerBloc if c, ok := h.cipherMap[typ]; ok { return c.Decrypt(encDataReader, opt) } - return nil, LayerBlockCipherOptions{}, errors.Errorf("unsupported cipher type: %s", typ) + return nil, LayerBlockCipherOptions{}, fmt.Errorf("unsupported cipher type: %s", typ) } // NewLayerBlockCipherHandler returns a new default handler @@ -153,7 +154,7 @@ func NewLayerBlockCipherHandler() (*LayerBlockCipherHandler, error) { var err error h.cipherMap[AES256CTR], err = NewAESCTRLayerBlockCipher(256) if err != nil { - return nil, errors.Wrap(err, "unable to set up Cipher AES-256-CTR") + return nil, fmt.Errorf("unable to set up Cipher AES-256-CTR: %w", err) } return &h, nil diff --git a/blockcipher/blockcipher_aes_ctr.go b/blockcipher/blockcipher_aes_ctr.go index 095a53e..7db03e2 100644 --- a/blockcipher/blockcipher_aes_ctr.go +++ b/blockcipher/blockcipher_aes_ctr.go @@ -22,12 +22,12 @@ import ( "crypto/hmac" "crypto/rand" "crypto/sha256" + "errors" "fmt" "hash" "io" "github.com/containers/ocicrypt/utils" - "github.com/pkg/errors" ) // AESCTRLayerBlockCipher implements the AES CTR stream cipher @@ -74,7 +74,7 @@ func (r *aesctrcryptor) Read(p []byte) (int, error) { if !r.bc.encrypt { if _, err := r.bc.hmac.Write(p[:o]); err != nil { - r.bc.err = errors.Wrapf(err, "could not write to hmac") + r.bc.err = fmt.Errorf("could not write to hmac: %w", err) return 0, r.bc.err } @@ -92,7 +92,7 @@ func (r *aesctrcryptor) Read(p []byte) (int, error) { if r.bc.encrypt { if _, err := r.bc.hmac.Write(p[:o]); err != nil { - r.bc.err = errors.Wrapf(err, "could not write to hmac") + r.bc.err = fmt.Errorf("could not write to hmac: %w", err) return 0, r.bc.err } @@ -120,13 +120,13 @@ func (bc *AESCTRLayerBlockCipher) init(encrypt bool, reader io.Reader, opts Laye if !ok { nonce = make([]byte, aes.BlockSize) if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - return LayerBlockCipherOptions{}, errors.Wrap(err, "unable to generate random nonce") + return LayerBlockCipherOptions{}, fmt.Errorf("unable to generate random nonce: %w", err) } } block, err := aes.NewCipher(key) if err != nil { - return LayerBlockCipherOptions{}, errors.Wrap(err, "aes.NewCipher failed") + return LayerBlockCipherOptions{}, fmt.Errorf("aes.NewCipher failed: %w", err) } bc.reader = reader diff --git a/config/constructors.go b/config/constructors.go index 697b665..f7f29cd 100644 --- a/config/constructors.go +++ b/config/constructors.go @@ -17,10 +17,11 @@ package config import ( + "errors" + "fmt" "strings" "github.com/containers/ocicrypt/crypto/pkcs11" - "github.com/pkg/errors" "gopkg.in/yaml.v3" ) @@ -85,7 +86,7 @@ func EncryptWithPkcs11(pkcs11Config *pkcs11.Pkcs11Config, pkcs11Pubkeys, pkcs11Y } p11confYaml, err := yaml.Marshal(pkcs11Config) if err != nil { - return CryptoConfig{}, errors.Wrapf(err, "Could not marshal Pkcs11Config to Yaml") + return CryptoConfig{}, fmt.Errorf("Could not marshal Pkcs11Config to Yaml: %w", err) } dc = DecryptConfig{ @@ -223,7 +224,7 @@ func DecryptWithGpgPrivKeys(gpgPrivKeys, gpgPrivKeysPwds [][]byte) (CryptoConfig func DecryptWithPkcs11Yaml(pkcs11Config *pkcs11.Pkcs11Config, pkcs11Yamls [][]byte) (CryptoConfig, error) { p11confYaml, err := yaml.Marshal(pkcs11Config) if err != nil { - return CryptoConfig{}, errors.Wrapf(err, "Could not marshal Pkcs11Config to Yaml") + return CryptoConfig{}, fmt.Errorf("Could not marshal Pkcs11Config to Yaml: %w", err) } dc := DecryptConfig{ diff --git a/config/keyprovider-config/config.go b/config/keyprovider-config/config.go index 07be8b0..4785a83 100644 --- a/config/keyprovider-config/config.go +++ b/config/keyprovider-config/config.go @@ -18,9 +18,8 @@ package config import ( "encoding/json" + "fmt" "os" - - "github.com/pkg/errors" ) // Command describes the structure of command, it consist of path and args, where path defines the location of @@ -72,7 +71,7 @@ func GetConfiguration() (*OcicryptConfig, error) { if len(filename) > 0 { ic, err = parseConfigFile(filename) if err != nil { - return nil, errors.Wrap(err, "Error while parsing keyprovider config file") + return nil, fmt.Errorf("Error while parsing keyprovider config file: %w", err) } } else { return nil, nil diff --git a/config/pkcs11config/config.go b/config/pkcs11config/config.go index 802714f..b4f0e4d 100644 --- a/config/pkcs11config/config.go +++ b/config/pkcs11config/config.go @@ -17,12 +17,12 @@ package pkcs11config import ( + "errors" "fmt" "os" "path" "github.com/containers/ocicrypt/crypto/pkcs11" - "github.com/pkg/errors" "gopkg.in/yaml.v3" ) diff --git a/crypto/pkcs11/common.go b/crypto/pkcs11/common.go index aaeb33c..473e23f 100644 --- a/crypto/pkcs11/common.go +++ b/crypto/pkcs11/common.go @@ -16,7 +16,6 @@ package pkcs11 import ( "fmt" - "github.com/pkg/errors" pkcs11uri "github.com/stefanberger/go-pkcs11uri" "gopkg.in/yaml.v3" ) @@ -43,7 +42,7 @@ func ParsePkcs11Uri(uri string) (*pkcs11uri.Pkcs11URI, error) { p11uri := pkcs11uri.New() err := p11uri.Parse(uri) if err != nil { - return nil, errors.Wrapf(err, "Could not parse Pkcs11URI from file") + return nil, fmt.Errorf("Could not parse Pkcs11URI from file: %w", err) } return p11uri, err } @@ -58,7 +57,7 @@ func ParsePkcs11KeyFile(yamlstr []byte) (*Pkcs11KeyFileObject, error) { err := yaml.Unmarshal(yamlstr, &p11keyfile) if err != nil { - return nil, errors.Wrapf(err, "Could not unmarshal pkcs11 keyfile") + return nil, fmt.Errorf("Could not unmarshal pkcs11 keyfile: %w", err) } p11uri, err := ParsePkcs11Uri(p11keyfile.Pkcs11.Uri) @@ -129,7 +128,7 @@ func ParsePkcs11ConfigFile(yamlstr []byte) (*Pkcs11Config, error) { err := yaml.Unmarshal(yamlstr, &p11conf) if err != nil { - return &p11conf, errors.Wrapf(err, "Could not parse Pkcs11Config") + return &p11conf, fmt.Errorf("Could not parse Pkcs11Config: %w", err) } return &p11conf, nil } diff --git a/crypto/pkcs11/pkcs11helpers.go b/crypto/pkcs11/pkcs11helpers.go index 7287b4d..fe047a1 100644 --- a/crypto/pkcs11/pkcs11helpers.go +++ b/crypto/pkcs11/pkcs11helpers.go @@ -26,6 +26,7 @@ import ( "crypto/sha256" "encoding/base64" "encoding/json" + "errors" "fmt" "hash" "net/url" @@ -34,7 +35,6 @@ import ( "strings" "github.com/miekg/pkcs11" - "github.com/pkg/errors" pkcs11uri "github.com/stefanberger/go-pkcs11uri" ) @@ -77,11 +77,11 @@ func rsaPublicEncryptOAEP(pubKey *rsa.PublicKey, plaintext []byte) ([]byte, stri hashfunc = sha256.New() hashalg = "sha256" default: - return nil, "", errors.Errorf("Unsupported OAEP hash '%s'", oaephash) + return nil, "", fmt.Errorf("Unsupported OAEP hash '%s'", oaephash) } ciphertext, err := rsa.EncryptOAEP(hashfunc, rand.Reader, pubKey, plaintext, OAEPLabel) if err != nil { - return nil, "", errors.Wrapf(err, "rss.EncryptOAEP failed") + return nil, "", fmt.Errorf("rss.EncryptOAEP failed: %w", err) } return ciphertext, hashalg, nil @@ -105,7 +105,7 @@ func pkcs11UriGetLoginParameters(p11uri *pkcs11uri.Pkcs11URI, privateKeyOperatio module, err := p11uri.GetModule() if err != nil { - return "", "", 0, errors.Wrap(err, "No module available in pkcs11 URI") + return "", "", 0, fmt.Errorf("No module available in pkcs11 URI: %w", err) } slotid := int64(-1) @@ -114,7 +114,7 @@ func pkcs11UriGetLoginParameters(p11uri *pkcs11uri.Pkcs11URI, privateKeyOperatio if ok { slotid, err = strconv.ParseInt(slot, 10, 64) if err != nil { - return "", "", 0, errors.Wrap(err, "slot-id is not a valid number") + return "", "", 0, fmt.Errorf("slot-id is not a valid number: %w", err) } if slotid < 0 { return "", "", 0, fmt.Errorf("slot-id is a negative number") @@ -141,13 +141,13 @@ func pkcs11UriGetKeyIdAndLabel(p11uri *pkcs11uri.Pkcs11URI) (string, string, err func pkcs11OpenSession(p11ctx *pkcs11.Ctx, slotid uint, pin string) (session pkcs11.SessionHandle, err error) { session, err = p11ctx.OpenSession(slotid, pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION) if err != nil { - return 0, errors.Wrapf(err, "OpenSession to slot %d failed", slotid) + return 0, fmt.Errorf("OpenSession to slot %d failed: %w", slotid, err) } if len(pin) > 0 { err = p11ctx.Login(session, pkcs11.CKU_USER, pin) if err != nil { _ = p11ctx.CloseSession(session) - return 0, errors.Wrap(err, "Could not login to device") + return 0, fmt.Errorf("Could not login to device: %w", err) } } return session, nil @@ -171,7 +171,7 @@ func pkcs11UriLogin(p11uri *pkcs11uri.Pkcs11URI, privateKeyOperation bool) (ctx if err != nil { p11Err := err.(pkcs11.Error) if p11Err != pkcs11.CKR_CRYPTOKI_ALREADY_INITIALIZED { - return nil, 0, errors.Wrap(err, "Initialize failed") + return nil, 0, fmt.Errorf("Initialize failed: %w", err) } } @@ -182,7 +182,7 @@ func pkcs11UriLogin(p11uri *pkcs11uri.Pkcs11URI, privateKeyOperation bool) (ctx slots, err := p11ctx.GetSlotList(true) if err != nil { - return nil, 0, errors.Wrap(err, "GetSlotList failed") + return nil, 0, fmt.Errorf("GetSlotList failed: %w", err) } tokenlabel, ok := p11uri.GetPathAttribute("token", false) @@ -234,24 +234,24 @@ func findObject(p11ctx *pkcs11.Ctx, session pkcs11.SessionHandle, class uint, ke } if err := p11ctx.FindObjectsInit(session, template); err != nil { - return 0, errors.Wrap(err, "FindObjectsInit failed") + return 0, fmt.Errorf("FindObjectsInit failed: %w", err) } obj, _, err := p11ctx.FindObjects(session, 100) if err != nil { - return 0, errors.Wrap(err, "FindObjects failed") + return 0, fmt.Errorf("FindObjects failed: %w", err) } if err := p11ctx.FindObjectsFinal(session); err != nil { - return 0, errors.Wrap(err, "FindObjectsFinal failed") + return 0, fmt.Errorf("FindObjectsFinal failed: %w", err) } if len(obj) > 1 { - return 0, errors.Errorf("There are too many (=%d) keys with %s", len(obj), msg) + return 0, fmt.Errorf("There are too many (=%d) keys with %s", len(obj), msg) } else if len(obj) == 1 { return obj[0], nil } - return 0, errors.Errorf("Could not find any object with %s", msg) + return 0, fmt.Errorf("Could not find any object with %s", msg) } // publicEncryptOAEP uses a public key described by a pkcs11 URI to OAEP encrypt the given plaintext @@ -291,17 +291,17 @@ func publicEncryptOAEP(pubKey *Pkcs11KeyFileObject, plaintext []byte) ([]byte, s oaep = OAEPSha256Params hashalg = "sha256" default: - return nil, "", errors.Errorf("Unsupported OAEP hash '%s'", oaephash) + return nil, "", fmt.Errorf("Unsupported OAEP hash '%s'", oaephash) } err = p11ctx.EncryptInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS_OAEP, oaep)}, p11PubKey) if err != nil { - return nil, "", errors.Wrap(err, "EncryptInit error") + return nil, "", fmt.Errorf("EncryptInit error: %w", err) } ciphertext, err := p11ctx.Encrypt(session, plaintext) if err != nil { - return nil, "", errors.Wrap(err, "Encrypt failed") + return nil, "", fmt.Errorf("Encrypt failed: %w", err) } return ciphertext, hashalg, nil } @@ -339,16 +339,16 @@ func privateDecryptOAEP(privKeyObj *Pkcs11KeyFileObject, ciphertext []byte, hash case "sha256": oaep = OAEPSha256Params default: - return nil, errors.Errorf("Unsupported hash algorithm '%s' for decryption", hashalg) + return nil, fmt.Errorf("Unsupported hash algorithm '%s' for decryption", hashalg) } err = p11ctx.DecryptInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_RSA_PKCS_OAEP, oaep)}, p11PrivKey) if err != nil { - return nil, errors.Wrapf(err, "DecryptInit failed") + return nil, fmt.Errorf("DecryptInit failed: %w", err) } plaintext, err := p11ctx.Decrypt(session, ciphertext) if err != nil { - return nil, errors.Wrapf(err, "Decrypt failed") + return nil, fmt.Errorf("Decrypt failed: %w", err) } return plaintext, err } @@ -403,7 +403,7 @@ func EncryptMultiple(pubKeys []interface{}, data []byte) ([]byte, error) { case *Pkcs11KeyFileObject: ciphertext, hashalg, err = publicEncryptOAEP(pkey, data) default: - err = errors.Errorf("Unsupported key object type for pkcs11 public key") + err = fmt.Errorf("Unsupported key object type for pkcs11 public key") } if err != nil { return nil, err @@ -442,13 +442,13 @@ func Decrypt(privKeyObjs []*Pkcs11KeyFileObject, pkcs11blobstr []byte) ([]byte, pkcs11blob := Pkcs11Blob{} err := json.Unmarshal(pkcs11blobstr, &pkcs11blob) if err != nil { - return nil, errors.Wrapf(err, "Could not parse Pkcs11Blob") + return nil, fmt.Errorf("Could not parse Pkcs11Blob: %w", err) } switch pkcs11blob.Version { case 0: // latest supported version default: - return nil, errors.Errorf("found Pkcs11Blob with version %d but maximum supported version is 0", pkcs11blob.Version) + return nil, fmt.Errorf("found Pkcs11Blob with version %d but maximum supported version is 0", pkcs11blob.Version) } // since we do trial and error, collect all encountered errors errs := "" @@ -458,7 +458,7 @@ func Decrypt(privKeyObjs []*Pkcs11KeyFileObject, pkcs11blobstr []byte) ([]byte, case 0: // last supported version default: - return nil, errors.Errorf("found Pkcs11Recipient with version %d but maximum supported version is 0", recipient.Version) + return nil, fmt.Errorf("found Pkcs11Recipient with version %d but maximum supported version is 0", recipient.Version) } ciphertext, err := base64.StdEncoding.DecodeString(recipient.Blob) @@ -481,5 +481,5 @@ func Decrypt(privKeyObjs []*Pkcs11KeyFileObject, pkcs11blobstr []byte) ([]byte, } } - return nil, errors.Errorf("Could not find a pkcs11 key for decryption:\n%s", errs) + return nil, fmt.Errorf("Could not find a pkcs11 key for decryption:\n%s", errs) } diff --git a/crypto/pkcs11/pkcs11helpers_nocgo.go b/crypto/pkcs11/pkcs11helpers_nocgo.go index 6edf752..6cf0aa2 100644 --- a/crypto/pkcs11/pkcs11helpers_nocgo.go +++ b/crypto/pkcs11/pkcs11helpers_nocgo.go @@ -1,3 +1,4 @@ +//go:build !cgo // +build !cgo /* @@ -18,14 +19,12 @@ package pkcs11 -import ( - "github.com/pkg/errors" -) +import "fmt" func EncryptMultiple(pubKeys []interface{}, data []byte) ([]byte, error) { - return nil, errors.Errorf("ocicrypt pkcs11 not supported on this build") + return nil, fmt.Errorf("ocicrypt pkcs11 not supported on this build") } func Decrypt(privKeyObjs []*Pkcs11KeyFileObject, pkcs11blobstr []byte) ([]byte, error) { - return nil, errors.Errorf("ocicrypt pkcs11 not supported on this build") + return nil, fmt.Errorf("ocicrypt pkcs11 not supported on this build") } diff --git a/crypto/pkcs11/utils.go b/crypto/pkcs11/utils.go index 306e372..391b98b 100644 --- a/crypto/pkcs11/utils.go +++ b/crypto/pkcs11/utils.go @@ -17,12 +17,11 @@ package pkcs11 import ( + "fmt" "os" "runtime" "strings" "sync" - - "github.com/pkg/errors" ) var ( @@ -45,7 +44,7 @@ func setEnvVars(env map[string]string) ([]string, error) { err := os.Setenv(k, v) if err != nil { restoreEnv(oldenv) - return nil, errors.Wrapf(err, "Could not set environment variable '%s' to '%s'", k, v) + return nil, fmt.Errorf("Could not set environment variable '%s' to '%s': %w", k, v, err) } } diff --git a/encryption.go b/encryption.go index 7b2677b..b6fa9db 100644 --- a/encryption.go +++ b/encryption.go @@ -19,6 +19,7 @@ package ocicrypt import ( "encoding/base64" "encoding/json" + "errors" "fmt" "io" "strings" @@ -34,7 +35,6 @@ import ( "github.com/containers/ocicrypt/keywrap/pkcs7" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" log "github.com/sirupsen/logrus" ) @@ -133,11 +133,11 @@ func EncryptLayer(ec *config.EncryptConfig, encOrPlainLayerReader io.Reader, des } privOptsData, err = json.Marshal(opts.Private) if err != nil { - return nil, errors.Wrapf(err, "could not JSON marshal opts") + return nil, fmt.Errorf("could not JSON marshal opts: %w", err) } pubOptsData, err = json.Marshal(opts.Public) if err != nil { - return nil, errors.Wrapf(err, "could not JSON marshal opts") + return nil, fmt.Errorf("could not JSON marshal opts: %w", err) } } @@ -243,9 +243,9 @@ func decryptLayerKeyOptsData(dc *config.DecryptConfig, desc ocispec.Descriptor) } } if !privKeyGiven { - return nil, errors.Errorf("missing private key needed for decryption:\n%s", errs) + return nil, fmt.Errorf("missing private key needed for decryption:\n%s", errs) } - return nil, errors.Errorf("no suitable key unwrapper found or none of the private keys could be used for decryption:\n%s", errs) + return nil, fmt.Errorf("no suitable key unwrapper found or none of the private keys could be used for decryption:\n%s", errs) } func getLayerPubOpts(desc ocispec.Descriptor) ([]byte, error) { @@ -276,7 +276,7 @@ func preUnwrapKey(keywrapper keywrap.KeyWrapper, dc *config.DecryptConfig, b64An } return optsData, nil } - return nil, errors.Errorf("no suitable key found for decrypting layer key:\n%s", errs) + return nil, fmt.Errorf("no suitable key found for decrypting layer key:\n%s", errs) } // commonEncryptLayer is a function to encrypt the plain layer using a new random @@ -311,7 +311,7 @@ func commonDecryptLayer(encLayerReader io.Reader, privOptsData []byte, pubOptsDa privOpts := blockcipher.PrivateLayerBlockCipherOptions{} err := json.Unmarshal(privOptsData, &privOpts) if err != nil { - return nil, "", errors.Wrapf(err, "could not JSON unmarshal privOptsData") + return nil, "", fmt.Errorf("could not JSON unmarshal privOptsData: %w", err) } lbch, err := blockcipher.NewLayerBlockCipherHandler() @@ -323,7 +323,7 @@ func commonDecryptLayer(encLayerReader io.Reader, privOptsData []byte, pubOptsDa if len(pubOptsData) > 0 { err := json.Unmarshal(pubOptsData, &pubOpts) if err != nil { - return nil, "", errors.Wrapf(err, "could not JSON unmarshal pubOptsData") + return nil, "", fmt.Errorf("could not JSON unmarshal pubOptsData: %w", err) } } diff --git a/go.mod b/go.mod index b1c70f0..9a75a7b 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,6 @@ require ( github.com/miekg/pkcs11 v1.1.1 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.2 - github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.7.0 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 github.com/stretchr/testify v1.3.0 diff --git a/go.sum b/go.sum index 86e36e7..93ea57e 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,6 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= diff --git a/gpg.go b/gpg.go index 16b05ac..3912e82 100644 --- a/gpg.go +++ b/gpg.go @@ -17,6 +17,7 @@ package ocicrypt import ( + "errors" "fmt" "io" "os" @@ -27,7 +28,6 @@ import ( "sync" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" "golang.org/x/term" ) @@ -133,7 +133,7 @@ func (gc *gpgv2Client) GetGPGPrivateKey(keyid uint64, passphrase string) ([]byte rfile, wfile, err := os.Pipe() if err != nil { - return nil, errors.Wrapf(err, "could not create pipe") + return nil, fmt.Errorf("could not create pipe: %w", err) } defer func() { rfile.Close() @@ -359,7 +359,7 @@ func GPGGetPrivateKey(descs []ocispec.Descriptor, gpgClient GPGClient, gpgVault } keywrapper := GetKeyWrapper(scheme) if keywrapper == nil { - return nil, nil, errors.Errorf("could not get KeyWrapper for %s", scheme) + return nil, nil, fmt.Errorf("could not get KeyWrapper for %s", scheme) } keyIds, err := keywrapper.GetKeyIdsFromPacket(b64pgpPackets) if err != nil { @@ -418,7 +418,7 @@ func GPGGetPrivateKey(descs []ocispec.Descriptor, gpgClient GPGClient, gpgVault if !found && len(b64pgpPackets) > 0 && mustFindKey { ids := uint64ToStringArray("0x%x", keyIds) - return nil, nil, errors.Errorf("missing key for decryption of layer %x of %s. Need one of the following keys: %s", desc.Digest, desc.Platform, strings.Join(ids, ", ")) + return nil, nil, fmt.Errorf("missing key for decryption of layer %x of %s. Need one of the following keys: %s", desc.Digest, desc.Platform, strings.Join(ids, ", ")) } } } diff --git a/gpgvault.go b/gpgvault.go index ff34278..f1bd0d9 100644 --- a/gpgvault.go +++ b/gpgvault.go @@ -18,9 +18,9 @@ package ocicrypt import ( "bytes" + "fmt" "os" - "github.com/pkg/errors" "golang.org/x/crypto/openpgp" "golang.org/x/crypto/openpgp/packet" ) @@ -55,7 +55,7 @@ func (g *gpgVault) AddSecretKeyRingData(gpgSecretKeyRingData []byte) error { r := bytes.NewReader(gpgSecretKeyRingData) entityList, err := openpgp.ReadKeyRing(r) if err != nil { - return errors.Wrapf(err, "could not read keyring") + return fmt.Errorf("could not read keyring: %w", err) } g.entityLists = append(g.entityLists, entityList) g.keyDataList = append(g.keyDataList, gpgSecretKeyRingData) diff --git a/helpers/parse_helpers.go b/helpers/parse_helpers.go index 8b4232b..18f4fa9 100644 --- a/helpers/parse_helpers.go +++ b/helpers/parse_helpers.go @@ -1,6 +1,7 @@ package helpers import ( + "errors" "fmt" "os" "strconv" @@ -11,8 +12,6 @@ import ( "github.com/containers/ocicrypt/config/pkcs11config" "github.com/containers/ocicrypt/crypto/pkcs11" encutils "github.com/containers/ocicrypt/utils" - - "github.com/pkg/errors" ) // processRecipientKeys sorts the array of recipients by type. Recipients may be either @@ -44,7 +43,7 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, [] case "jwe": tmp, err := os.ReadFile(value) if err != nil { - return nil, nil, nil, nil, nil, nil, errors.Wrap(err, "Unable to read file") + return nil, nil, nil, nil, nil, nil, fmt.Errorf("Unable to read file: %w", err) } if !encutils.IsPublicKey(tmp) { return nil, nil, nil, nil, nil, nil, errors.New("File provided is not a public key") @@ -54,7 +53,7 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, [] case "pkcs7": tmp, err := os.ReadFile(value) if err != nil { - return nil, nil, nil, nil, nil, nil, errors.Wrap(err, "Unable to read file") + return nil, nil, nil, nil, nil, nil, fmt.Errorf("Unable to read file: %w", err) } if !encutils.IsCertificate(tmp) { return nil, nil, nil, nil, nil, nil, errors.New("File provided is not an x509 cert") @@ -64,7 +63,7 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, [] case "pkcs11": tmp, err := os.ReadFile(value) if err != nil { - return nil, nil, nil, nil, nil, nil, errors.Wrap(err, "Unable to read file") + return nil, nil, nil, nil, nil, nil, fmt.Errorf("Unable to read file: %w", err) } if encutils.IsPkcs11PublicKey(tmp) { pkcs11Yamls = append(pkcs11Yamls, tmp) @@ -94,7 +93,7 @@ func processx509Certs(keys []string) ([][]byte, error) { } tmp, err := os.ReadFile(fileName) if err != nil { - return nil, errors.Wrap(err, "Unable to read file") + return nil, fmt.Errorf("Unable to read file: %w", err) } if !encutils.IsCertificate(tmp) { continue @@ -119,7 +118,7 @@ func processPwdString(pwdString string) ([]byte, error) { fdStr := pwdString[3:] fd, err := strconv.Atoi(fdStr) if err != nil { - return nil, errors.Wrapf(err, "could not parse file descriptor %s", fdStr) + return nil, fmt.Errorf("could not parse file descriptor %s: %w", fdStr, err) } f := os.NewFile(uintptr(fd), "pwdfile") if f == nil { @@ -129,7 +128,7 @@ func processPwdString(pwdString string) ([]byte, error) { pwd := make([]byte, 64) n, err := f.Read(pwd) if err != nil { - return nil, errors.Wrapf(err, "could not read from file descriptor") + return nil, fmt.Errorf("could not read from file descriptor: %w", err) } return pwd[:n], nil } diff --git a/keywrap/jwe/keywrapper_jwe.go b/keywrap/jwe/keywrapper_jwe.go index 41d0f1b..9d1fe20 100644 --- a/keywrap/jwe/keywrapper_jwe.go +++ b/keywrap/jwe/keywrapper_jwe.go @@ -18,11 +18,12 @@ package jwe import ( "crypto/ecdsa" + "errors" + "fmt" "github.com/containers/ocicrypt/config" "github.com/containers/ocicrypt/keywrap" "github.com/containers/ocicrypt/utils" - "github.com/pkg/errors" jose "gopkg.in/square/go-jose.v2" ) @@ -54,11 +55,11 @@ func (kw *jweKeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []byte) ([] encrypter, err := jose.NewMultiEncrypter(jose.A256GCM, joseRecipients, nil) if err != nil { - return nil, errors.Wrapf(err, "jose.NewMultiEncrypter failed") + return nil, fmt.Errorf("jose.NewMultiEncrypter failed: %w", err) } jwe, err := encrypter.Encrypt(optsData) if err != nil { - return nil, errors.Wrapf(err, "JWE Encrypt failed") + return nil, fmt.Errorf("JWE Encrypt failed: %w", err) } return []byte(jwe.FullSerialize()), nil } diff --git a/keywrap/keyprovider/keyprovider.go b/keywrap/keyprovider/keyprovider.go index 4f61b36..ddb244a 100644 --- a/keywrap/keyprovider/keyprovider.go +++ b/keywrap/keyprovider/keyprovider.go @@ -19,13 +19,14 @@ package keyprovider import ( "context" "encoding/json" + "errors" + "fmt" "github.com/containers/ocicrypt/config" keyproviderconfig "github.com/containers/ocicrypt/config/keyprovider-config" "github.com/containers/ocicrypt/keywrap" "github.com/containers/ocicrypt/utils" keyproviderpb "github.com/containers/ocicrypt/utils/keyprovider" - "github.com/pkg/errors" log "github.com/sirupsen/logrus" "google.golang.org/grpc" ) @@ -113,13 +114,13 @@ func (kw *keyProviderKeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []b if kw.attrs.Command != nil { protocolOuput, err := getProviderCommandOutput(input, kw.attrs.Command) if err != nil { - return nil, errors.Wrap(err, "error while retrieving keyprovider protocol command output") + return nil, fmt.Errorf("error while retrieving keyprovider protocol command output: %w", err) } return protocolOuput.KeyWrapResults.Annotation, nil } else if kw.attrs.Grpc != "" { protocolOuput, err := getProviderGRPCOutput(input, kw.attrs.Grpc, OpKeyWrap) if err != nil { - return nil, errors.Wrap(err, "error while retrieving keyprovider protocol grpc output") + return nil, fmt.Errorf("error while retrieving keyprovider protocol grpc output: %w", err) } return protocolOuput.KeyWrapResults.Annotation, nil @@ -171,7 +172,7 @@ func getProviderGRPCOutput(input []byte, connString string, operation KeyProvide var grpcOutput *keyproviderpb.KeyProviderKeyWrapProtocolOutput cc, err := grpc.Dial(connString, grpc.WithInsecure()) if err != nil { - return nil, errors.Wrap(err, "error while dialing rpc server") + return nil, fmt.Errorf("error while dialing rpc server: %w", err) } defer func() { derr := cc.Close() @@ -188,12 +189,12 @@ func getProviderGRPCOutput(input []byte, connString string, operation KeyProvide if operation == OpKeyWrap { grpcOutput, err = client.WrapKey(context.Background(), req) if err != nil { - return nil, errors.Wrap(err, "Error from grpc method") + return nil, fmt.Errorf("Error from grpc method: %w", err) } } else if operation == OpKeyUnwrap { grpcOutput, err = client.UnWrapKey(context.Background(), req) if err != nil { - return nil, errors.Wrap(err, "Error from grpc method") + return nil, fmt.Errorf("Error from grpc method: %w", err) } } else { return nil, errors.New("Unsupported operation") @@ -202,7 +203,7 @@ func getProviderGRPCOutput(input []byte, connString string, operation KeyProvide respBytes := grpcOutput.GetKeyProviderKeyWrapProtocolOutput() err = json.Unmarshal(respBytes, &protocolOuput) if err != nil { - return nil, errors.Wrap(err, "Error while unmarshalling grpc method output") + return nil, fmt.Errorf("Error while unmarshalling grpc method output: %w", err) } return &protocolOuput, nil @@ -217,7 +218,7 @@ func getProviderCommandOutput(input []byte, command *keyproviderconfig.Command) } err = json.Unmarshal(respBytes, &protocolOuput) if err != nil { - return nil, errors.Wrap(err, "Error while unmarshalling binary executable command output") + return nil, fmt.Errorf("Error while unmarshalling binary executable command output: %w", err) } return &protocolOuput, nil } diff --git a/keywrap/pgp/keywrapper_gpg.go b/keywrap/pgp/keywrapper_gpg.go index 8b551cc..4ab9bd9 100644 --- a/keywrap/pgp/keywrapper_gpg.go +++ b/keywrap/pgp/keywrapper_gpg.go @@ -21,6 +21,7 @@ import ( "crypto" "crypto/rand" "encoding/base64" + "errors" "fmt" "io" "net/mail" @@ -29,7 +30,6 @@ import ( "github.com/containers/ocicrypt/config" "github.com/containers/ocicrypt/keywrap" - "github.com/pkg/errors" "golang.org/x/crypto/openpgp" "golang.org/x/crypto/openpgp/packet" ) @@ -63,7 +63,7 @@ func (kw *gpgKeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []byte) ([] ciphertext := new(bytes.Buffer) el, err := kw.createEntityList(ec) if err != nil { - return nil, errors.Wrap(err, "unable to create entity list") + return nil, fmt.Errorf("unable to create entity list: %w", err) } if len(el) == 0 { // nothing to do -- not an error @@ -99,7 +99,7 @@ func (kw *gpgKeyWrapper) UnwrapKey(dc *config.DecryptConfig, pgpPacket []byte) ( r := bytes.NewBuffer(pgpPrivateKey) entityList, err := openpgp.ReadKeyRing(r) if err != nil { - return nil, errors.Wrap(err, "unable to parse private keys") + return nil, fmt.Errorf("unable to parse private keys: %w", err) } var prompt openpgp.PromptFunction @@ -141,7 +141,7 @@ func (kw *gpgKeyWrapper) GetKeyIdsFromPacket(b64pgpPackets string) ([]uint64, er for _, b64pgpPacket := range strings.Split(b64pgpPackets, ",") { pgpPacket, err := base64.StdEncoding.DecodeString(b64pgpPacket) if err != nil { - return nil, errors.Wrapf(err, "could not decode base64 encoded PGP packet") + return nil, fmt.Errorf("could not decode base64 encoded PGP packet: %w", err) } newids, err := kw.getKeyIDs(pgpPacket) if err != nil { @@ -165,7 +165,7 @@ ParsePackets: break ParsePackets } if err != nil { - return []uint64{}, errors.Wrapf(err, "packets.Next() failed") + return []uint64{}, fmt.Errorf("packets.Next() failed: %w", err) } switch p := p.(type) { case *packet.EncryptedKey: diff --git a/keywrap/pkcs11/keywrapper_pkcs11.go b/keywrap/pkcs11/keywrapper_pkcs11.go index c44c453..236764d 100644 --- a/keywrap/pkcs11/keywrapper_pkcs11.go +++ b/keywrap/pkcs11/keywrapper_pkcs11.go @@ -17,12 +17,13 @@ package pkcs11 import ( + "errors" + "fmt" + "github.com/containers/ocicrypt/config" "github.com/containers/ocicrypt/crypto/pkcs11" "github.com/containers/ocicrypt/keywrap" "github.com/containers/ocicrypt/utils" - - "github.com/pkg/errors" ) type pkcs11KeyWrapper struct { @@ -51,7 +52,7 @@ func (kw *pkcs11KeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []byte) jsonString, err := pkcs11.EncryptMultiple(pkcs11Recipients, optsData) if err != nil { - return nil, errors.Wrapf(err, "PKCS11 EncryptMulitple failed") + return nil, fmt.Errorf("PKCS11 EncryptMulitple failed: %w", err) } return jsonString, nil } @@ -91,7 +92,7 @@ func (kw *pkcs11KeyWrapper) UnwrapKey(dc *config.DecryptConfig, jsonString []byt return plaintext, nil } - return nil, errors.Wrapf(err, "PKCS11: No suitable private key found for decryption") + return nil, fmt.Errorf("PKCS11: No suitable private key found for decryption: %w", err) } func (kw *pkcs11KeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool { diff --git a/keywrap/pkcs7/keywrapper_pkcs7.go b/keywrap/pkcs7/keywrapper_pkcs7.go index 1feae46..603925d 100644 --- a/keywrap/pkcs7/keywrapper_pkcs7.go +++ b/keywrap/pkcs7/keywrapper_pkcs7.go @@ -19,11 +19,12 @@ package pkcs7 import ( "crypto" "crypto/x509" + "errors" + "fmt" "github.com/containers/ocicrypt/config" "github.com/containers/ocicrypt/keywrap" "github.com/containers/ocicrypt/utils" - "github.com/pkg/errors" "go.mozilla.org/pkcs7" ) @@ -104,7 +105,7 @@ func (kw *pkcs7KeyWrapper) UnwrapKey(dc *config.DecryptConfig, pkcs7Packet []byt p7, err := pkcs7.Parse(pkcs7Packet) if err != nil { - return nil, errors.Wrapf(err, "could not parse PKCS7 packet") + return nil, fmt.Errorf("could not parse PKCS7 packet: %w", err) } for idx, privKey := range privKeys { diff --git a/utils/ioutils.go b/utils/ioutils.go index 675042a..c626516 100644 --- a/utils/ioutils.go +++ b/utils/ioutils.go @@ -18,10 +18,9 @@ package utils import ( "bytes" + "fmt" "io" "os/exec" - - "github.com/pkg/errors" ) // FillBuffer fills the given buffer with as many bytes from the reader as possible. It returns @@ -53,7 +52,7 @@ func (r Runner) Exec(cmdName string, args []string, input []byte) ([]byte, error cmd.Stderr = &stderr err := cmd.Run() if err != nil { - return nil, errors.Wrapf(err, "Error while running command: %s. stderr: %s", cmdName, stderr.String()) + return nil, fmt.Errorf("Error while running command: %s. stderr: %s: %w", cmdName, stderr.String(), err) } return out.Bytes(), nil } diff --git a/utils/softhsm/softhsm.go b/utils/softhsm/softhsm.go index 3600aaf..cc97a1e 100644 --- a/utils/softhsm/softhsm.go +++ b/utils/softhsm/softhsm.go @@ -18,11 +18,11 @@ package softhsm import ( "bytes" + "errors" + "fmt" "os" "os/exec" "strings" - - "github.com/pkg/errors" ) type SoftHSMSetup struct { @@ -43,7 +43,7 @@ func (s *SoftHSMSetup) GetConfigFilename() string { func (s *SoftHSMSetup) RunSoftHSMSetup(softhsmSetup string) (string, error) { statedir, err := os.MkdirTemp("", "ocicrypt") if err != nil { - return "", errors.Wrapf(err, "Could not create temporary directory fot softhsm state") + return "", fmt.Errorf("Could not create temporary directory fot softhsm state: %w", err) } s.statedir = statedir @@ -54,7 +54,7 @@ func (s *SoftHSMSetup) RunSoftHSMSetup(softhsmSetup string) (string, error) { err = cmd.Run() if err != nil { os.RemoveAll(s.statedir) - return "", errors.Wrapf(err, "%s setup failed: %s", softhsmSetup, out.String()) + return "", fmt.Errorf("%s setup failed: %s: %w", softhsmSetup, out.String(), err) } o := out.String() @@ -75,7 +75,7 @@ func (s *SoftHSMSetup) RunSoftHSMGetPubkey(softhsmSetup string) (string, error) cmd.Env = append(cmd.Env, "SOFTHSM_SETUP_CONFIGDIR="+s.statedir) err := cmd.Run() if err != nil { - return "", errors.Wrapf(err, "%s getpubkey failed: %s", softhsmSetup, out.String()) + return "", fmt.Errorf("%s getpubkey failed: %s: %w", softhsmSetup, out.String(), err) } return out.String(), nil diff --git a/utils/testing.go b/utils/testing.go index 38633b1..69bb9d1 100644 --- a/utils/testing.go +++ b/utils/testing.go @@ -24,17 +24,16 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/pem" + "fmt" "math/big" "time" - - "github.com/pkg/errors" ) // CreateRSAKey creates an RSA key func CreateRSAKey(bits int) (*rsa.PrivateKey, error) { key, err := rsa.GenerateKey(rand.Reader, bits) if err != nil { - return nil, errors.Wrap(err, "rsa.GenerateKey failed") + return nil, fmt.Errorf("rsa.GenerateKey failed: %w", err) } return key, nil } @@ -49,7 +48,7 @@ func CreateRSATestKey(bits int, password []byte, pemencode bool) ([]byte, []byte pubData, err := x509.MarshalPKIXPublicKey(&key.PublicKey) if err != nil { - return nil, nil, errors.Wrap(err, "x509.MarshalPKIXPublicKey failed") + return nil, nil, fmt.Errorf("x509.MarshalPKIXPublicKey failed: %w", err) } privData := x509.MarshalPKCS1PrivateKey(key) @@ -69,7 +68,7 @@ func CreateRSATestKey(bits int, password []byte, pemencode bool) ([]byte, []byte if len(password) > 0 { block, err = x509.EncryptPEMBlock(rand.Reader, typ, privData, password, x509.PEMCipherAES256) //nolint:staticcheck // ignore SA1019, which is kept for backward compatibility if err != nil { - return nil, nil, errors.Wrap(err, "x509.EncryptPEMBlock failed") + return nil, nil, fmt.Errorf("x509.EncryptPEMBlock failed: %w", err) } } else { block = &pem.Block{ @@ -88,17 +87,17 @@ func CreateRSATestKey(bits int, password []byte, pemencode bool) ([]byte, []byte func CreateECDSATestKey(curve elliptic.Curve) ([]byte, []byte, error) { key, err := ecdsa.GenerateKey(curve, rand.Reader) if err != nil { - return nil, nil, errors.Wrapf(err, "ecdsa.GenerateKey failed") + return nil, nil, fmt.Errorf("ecdsa.GenerateKey failed: %w", err) } pubData, err := x509.MarshalPKIXPublicKey(&key.PublicKey) if err != nil { - return nil, nil, errors.Wrapf(err, "x509.MarshalPKIXPublicKey failed") + return nil, nil, fmt.Errorf("x509.MarshalPKIXPublicKey failed: %w", err) } privData, err := x509.MarshalECPrivateKey(key) if err != nil { - return nil, nil, errors.Wrapf(err, "x509.MarshalECPrivateKey failed") + return nil, nil, fmt.Errorf("x509.MarshalECPrivateKey failed: %w", err) } return pubData, privData, nil @@ -108,7 +107,7 @@ func CreateECDSATestKey(curve elliptic.Curve) ([]byte, []byte, error) { func CreateTestCA() (*rsa.PrivateKey, *x509.Certificate, error) { key, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { - return nil, nil, errors.Wrap(err, "rsa.GenerateKey failed") + return nil, nil, fmt.Errorf("rsa.GenerateKey failed: %w", err) } ca := &x509.Certificate{ @@ -154,12 +153,12 @@ func certifyKey(pub interface{}, template *x509.Certificate, caKey *rsa.PrivateK certDER, err := x509.CreateCertificate(rand.Reader, template, caCert, pub, caKey) if err != nil { - return nil, errors.Wrap(err, "x509.CreateCertificate failed") + return nil, fmt.Errorf("x509.CreateCertificate failed: %w", err) } cert, err := x509.ParseCertificate(certDER) if err != nil { - return nil, errors.Wrap(err, "x509.ParseCertificate failed") + return nil, fmt.Errorf("x509.ParseCertificate failed: %w", err) } return cert, nil diff --git a/utils/utils.go b/utils/utils.go index 07fe6d3..c24ee3b 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -21,12 +21,12 @@ import ( "crypto/x509" "encoding/base64" "encoding/pem" + "errors" "fmt" "strings" "github.com/containers/ocicrypt/crypto/pkcs11" - "github.com/pkg/errors" "golang.org/x/crypto/openpgp" json "gopkg.in/square/go-jose.v2" ) @@ -36,7 +36,7 @@ func parseJWKPrivateKey(privKey []byte, prefix string) (interface{}, error) { jwk := json.JSONWebKey{} err := jwk.UnmarshalJSON(privKey) if err != nil { - return nil, errors.Wrapf(err, "%s: Could not parse input as JWK", prefix) + return nil, fmt.Errorf("%s: Could not parse input as JWK: %w", prefix, err) } if jwk.IsPublic() { return nil, fmt.Errorf("%s: JWK is not a private key", prefix) @@ -49,7 +49,7 @@ func parseJWKPublicKey(privKey []byte, prefix string) (interface{}, error) { jwk := json.JSONWebKey{} err := jwk.UnmarshalJSON(privKey) if err != nil { - return nil, errors.Wrapf(err, "%s: Could not parse input as JWK", prefix) + return nil, fmt.Errorf("%s: Could not parse input as JWK: %w", prefix, err) } if !jwk.IsPublic() { return nil, fmt.Errorf("%s: JWK is not a public key", prefix) @@ -97,11 +97,11 @@ func ParsePrivateKey(privKey, privKeyPassword []byte, prefix string) (interface{ var der []byte if x509.IsEncryptedPEMBlock(block) { //nolint:staticcheck // ignore SA1019, which is kept for backward compatibility if privKeyPassword == nil { - return nil, errors.Errorf("%s: Missing password for encrypted private key", prefix) + return nil, fmt.Errorf("%s: Missing password for encrypted private key", prefix) } der, err = x509.DecryptPEMBlock(block, privKeyPassword) //nolint:staticcheck // ignore SA1019, which is kept for backward compatibility if err != nil { - return nil, errors.Errorf("%s: Wrong password: could not decrypt private key", prefix) + return nil, fmt.Errorf("%s: Wrong password: could not decrypt private key", prefix) } } else { der = block.Bytes @@ -111,7 +111,7 @@ func ParsePrivateKey(privKey, privKeyPassword []byte, prefix string) (interface{ if err != nil { key, err = x509.ParsePKCS1PrivateKey(der) if err != nil { - return nil, errors.Wrapf(err, "%s: Could not parse private key", prefix) + return nil, fmt.Errorf("%s: Could not parse private key: %w", prefix, err) } } } else { @@ -145,7 +145,7 @@ func ParsePublicKey(pubKey []byte, prefix string) (interface{}, error) { if block != nil { key, err = x509.ParsePKIXPublicKey(block.Bytes) if err != nil { - return nil, errors.Wrapf(err, "%s: Could not parse public key", prefix) + return nil, fmt.Errorf("%s: Could not parse public key: %w", prefix, err) } } else { key, err = parseJWKPublicKey(pubKey, prefix) @@ -179,7 +179,7 @@ func ParseCertificate(certBytes []byte, prefix string) (*x509.Certificate, error } x509Cert, err = x509.ParseCertificate(block.Bytes) if err != nil { - return nil, errors.Wrapf(err, "%s: Could not parse x509 certificate", prefix) + return nil, fmt.Errorf("%s: Could not parse x509 certificate: %w", prefix, err) } } return x509Cert, err