Avoid leaking crypto errors

djc · djc · commit 895cb2f4244c · 2025-07-06T23:26:02.000+02:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -71,7 +71,6 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [package.metadata.cargo_check_external_types]
 allowed_external_types = [
-    "aws_lc_rs::*",
     "bytes::*",
     "http::*",
     "http_body::*",
diff --git a/src/account.rs b/src/account.rs
@@ -537,7 +537,8 @@ impl Key {
     pub fn generate() -> Result<(Self, PrivateKeyDer<'static>), Error> {
         let rng = crypto::SystemRandom::new();
         let pkcs8 =
-            crypto::EcdsaKeyPair::generate_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;
+            crypto::EcdsaKeyPair::generate_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)
+                .map_err(|_| Error::Crypto)?;
         Ok((
             Self::new(pkcs8.as_ref(), rng)?,
             PrivatePkcs8KeyDer::from(pkcs8.as_ref().to_vec()).into(),
@@ -577,7 +578,10 @@ impl Signer for Key {
     }
 
     fn sign(&self, payload: &[u8]) -> Result<Self::Signature, Error> {
-        Ok(self.inner.sign(&self.rng, payload)?)
+        self
+            .inner
+            .sign(&self.rng, payload)
+            .map_err(|_| Error::Crypto)
     }
 }
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -321,26 +321,29 @@ mod crypto {
     pub(crate) use ring as ring_like;
 
     pub(crate) use ring_like::digest::{Digest, SHA256, digest};
-    pub(crate) use ring_like::error::{KeyRejected, Unspecified};
     pub(crate) use ring_like::hmac;
     pub(crate) use ring_like::rand::SystemRandom;
     pub(crate) use ring_like::signature::{ECDSA_P256_SHA256_FIXED_SIGNING, EcdsaKeyPair};
     pub(crate) use ring_like::signature::{KeyPair, Signature};
 
+    use super::Error;
+
     #[cfg(feature = "aws-lc-rs")]
     pub(crate) fn p256_key_pair_from_pkcs8(
         pkcs8: &[u8],
         _: &SystemRandom,
-    ) -> Result<EcdsaKeyPair, KeyRejected> {
+    ) -> Result<EcdsaKeyPair, Error> {
         EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8)
+            .map_err(|_| Error::KeyRejected)
     }
 
     #[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
     pub(crate) fn p256_key_pair_from_pkcs8(
         pkcs8: &[u8],
         rng: &SystemRandom,
-    ) -> Result<EcdsaKeyPair, KeyRejected> {
+    ) -> Result<EcdsaKeyPair, Error> {
         EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8, rng)
+            .map_err(|_| Error::KeyRejected)
     }
 }
 
diff --git a/src/types.rs b/src/types.rs
@@ -31,11 +31,11 @@ pub enum Error {
     #[error(transparent)]
     Api(#[from] Problem),
     /// Failed from cryptographic operations
-    #[error("cryptographic operation failed: {0}")]
-    Crypto(#[from] crypto::Unspecified),
+    #[error("cryptographic operation failed")]
+    Crypto,
     /// Failed to instantiate a private key
-    #[error("invalid key bytes: {0}")]
-    CryptoKey(#[from] crypto::KeyRejected),
+    #[error("invalid key bytes")]
+    KeyRejected,
     /// HTTP failure
     #[error("HTTP request failure: {0}")]
     Http(#[from] http::Error),

Original file line number	Diff line number	Diff line change
`@@ -537,7 +537,8 @@ impl Key {`
`537`	`537`	`pub fn generate() -> Result<(Self, PrivateKeyDer<'static>), Error> {`
`538`	`538`	`let rng = crypto::SystemRandom::new();`
`539`	`539`	`let pkcs8 =`
`540`		`- crypto::EcdsaKeyPair::generate_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;`
	`540`	`+ crypto::EcdsaKeyPair::generate_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)`
	`541`	`+ .map_err(\|_\| Error::Crypto)?;`
`541`	`542`	`Ok((`
`542`	`543`	`Self::new(pkcs8.as_ref(), rng)?,`
`543`	`544`	`PrivatePkcs8KeyDer::from(pkcs8.as_ref().to_vec()).into(),`
`@@ -577,7 +578,10 @@ impl Signer for Key {`
`577`	`578`	`}`
`578`	`579`
`579`	`580`	`fn sign(&self, payload: &[u8]) -> Result<Self::Signature, Error> {`
`580`		`- Ok(self.inner.sign(&self.rng, payload)?)`
	`581`	`+ self`
	`582`	`+ .inner`
	`583`	`+ .sign(&self.rng, payload)`
	`584`	`+ .map_err(\|_\| Error::Crypto)`
`581`	`585`	`}`
`582`	`586`	`}`
`583`	`587`