From ccd90bcf3570eb9d4af8332b736dc28f102525b8 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Tue, 26 Jun 2018 15:24:30 -0700 Subject: [PATCH] lang/funcs: never include the private key in error output This is based on c811440188df3cc376aafcfedd1fd5722e0a929f made against the old "config" package implementations, but also catches a few other cases where we would previously have printed the private key into the error messages. --- lang/funcs/crypto.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lang/funcs/crypto.go b/lang/funcs/crypto.go index c2a0741927..abec789ca4 100644 --- a/lang/funcs/crypto.go +++ b/lang/funcs/crypto.go @@ -144,17 +144,17 @@ var RsaDecryptFunc = function.New(&function.Spec{ b, err := base64.StdEncoding.DecodeString(s) if err != nil { - return cty.UnknownVal(cty.String), fmt.Errorf("Failed to decode input %q: cipher text must be base64-encoded", key) + return cty.UnknownVal(cty.String), fmt.Errorf("failed to decode input %q: cipher text must be base64-encoded", s) } block, _ := pem.Decode([]byte(key)) if block == nil { - return cty.UnknownVal(cty.String), fmt.Errorf("Failed to read key %q: no key found", key) + return cty.UnknownVal(cty.String), fmt.Errorf("failed to parse key: no key found") } if block.Headers["Proc-Type"] == "4,ENCRYPTED" { return cty.UnknownVal(cty.String), fmt.Errorf( - "Failed to read key %q: password protected keys are\n"+ - "not supported. Please decrypt the key prior to use.", key) + "failed to parse key: password protected keys are not supported. Please decrypt the key prior to use", + ) } x509Key, err := x509.ParsePKCS1PrivateKey(block.Bytes)