[ruby/openssl] pkey: unify error classes into PKeyError

Remove the following subclasses of OpenSSL::PKey::PKeyError and make
them aliases of it.

 - OpenSSL::PKey::DHError
 - OpenSSL::PKey::DSAError
 - OpenSSL::PKey::ECError
 - OpenSSL::PKey::RSAError

Historically, methods defined on OpenSSL::PKey and OpenSSL::PKey::PKey
raise OpenSSL::PKey::PKeyError, while methods on the subclasses raise
their respective exception classes. However, this distinction is not
particularly useful since all those exception classes represent the
same kind of errors from the underlying EVP_PKEY API.

I think this convention comes from the fact that OpenSSL::PKey::{DH,
DSA,RSA} originally wrapped the corresponding OpenSSL structs DH, DSA,
and RSA, before they were unified to wrap EVP_PKEY, way back in 2002.

OpenSSL::PKey::EC::Group::Error and OpenSSL::PKey::EC::Point::Error
are out of scope of this change, as they are not subclasses of
OpenSSL::PKey::PKeyError and do not represent errors from the EVP_PKEY
API.

ruby/openssl@e74ff3e272

Author: rhenium

ext/openssl/lib/openssl/pkey.rb

@@ -7,6 +7,9 @@
 require_relative 'marshal'
 
 module OpenSSL::PKey
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  DHError = PKeyError
+
   class DH
     include OpenSSL::Marshal
 
@@ -102,7 +105,7 @@ def compute_key(pub_bn)
     #   puts dh0.pub_key == dh.pub_key #=> false
     def generate_key!
       if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x30000000
-        raise DHError, "OpenSSL::PKey::DH is immutable on OpenSSL 3.0; " \
+        raise PKeyError, "OpenSSL::PKey::DH is immutable on OpenSSL 3.0; " \
         "use OpenSSL::PKey.generate_key instead"
       end
 
@@ -147,6 +150,9 @@ def new(*args, &blk) # :nodoc:
     end
   end
 
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  DSAError = PKeyError
+
   class DSA
     include OpenSSL::Marshal
 
@@ -242,13 +248,9 @@ def new(*args, &blk) # :nodoc:
     #   sig = dsa.sign_raw(nil, digest)
     #   p dsa.verify_raw(nil, sig, digest) #=> true
     def syssign(string)
-      q or raise OpenSSL::PKey::DSAError, "incomplete DSA"
-      private? or raise OpenSSL::PKey::DSAError, "Private DSA key needed!"
-      begin
-        sign_raw(nil, string)
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::DSAError, $!.message
-      end
+      q or raise PKeyError, "incomplete DSA"
+      private? or raise PKeyError, "Private DSA key needed!"
+      sign_raw(nil, string)
     end
 
     # :call-seq:
@@ -266,12 +268,13 @@ def syssign(string)
     #   A \DSA signature value.
     def sysverify(digest, sig)
       verify_raw(nil, sig, digest)
-    rescue OpenSSL::PKey::PKeyError
-      raise OpenSSL::PKey::DSAError, $!.message
     end
   end
 
   if defined?(EC)
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  ECError = PKeyError
+
   class EC
     include OpenSSL::Marshal
 
@@ -282,8 +285,6 @@ class EC
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
     def dsa_sign_asn1(data)
       sign_raw(nil, data)
-    rescue OpenSSL::PKey::PKeyError
-      raise OpenSSL::PKey::ECError, $!.message
     end
 
     # :call-seq:
@@ -293,8 +294,6 @@ def dsa_sign_asn1(data)
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
     def dsa_verify_asn1(data, sig)
       verify_raw(nil, sig, data)
-    rescue OpenSSL::PKey::PKeyError
-      raise OpenSSL::PKey::ECError, $!.message
     end
 
     # :call-seq:
@@ -334,6 +333,9 @@ def to_bn(conversion_form = group.point_conversion_form)
   end
   end
 
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  RSAError = PKeyError
+
   class RSA
     include OpenSSL::Marshal
 
@@ -407,15 +409,11 @@ def new(*args, &blk) # :nodoc:
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
     # PKey::PKey#verify_recover instead.
     def private_encrypt(string, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      private? or raise OpenSSL::PKey::RSAError, "private key needed."
-      begin
-        sign_raw(nil, string, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      private? or raise PKeyError, "private key needed."
+      sign_raw(nil, string, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     # :call-seq:
@@ -430,14 +428,10 @@ def private_encrypt(string, padding = PKCS1_PADDING)
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
     # PKey::PKey#verify_recover instead.
     def public_decrypt(string, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      begin
-        verify_recover(nil, string, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      verify_recover(nil, string, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     # :call-seq:
@@ -452,14 +446,10 @@ def public_decrypt(string, padding = PKCS1_PADDING)
     # <b>Deprecated in version 3.0</b>.
     # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
     def public_encrypt(data, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      begin
-        encrypt(data, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      encrypt(data, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     # :call-seq:
@@ -473,15 +463,11 @@ def public_encrypt(data, padding = PKCS1_PADDING)
     # <b>Deprecated in version 3.0</b>.
     # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
     def private_decrypt(data, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      private? or raise OpenSSL::PKey::RSAError, "private key needed."
-      begin
-        decrypt(data, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      private? or raise PKeyError, "private key needed."
+      decrypt(data, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     PKCS1_PADDING = 1
@@ -500,7 +486,7 @@ def private_decrypt(data, padding = PKCS1_PADDING)
       when PKCS1_OAEP_PADDING
         "oaep"
       else
-        raise OpenSSL::PKey::PKeyError, "unsupported padding mode"
+        raise PKeyError, "unsupported padding mode"
       end
     end
   end

ext/openssl/ossl_pkey.c

@@ -1718,7 +1718,16 @@ Init_ossl_pkey(void)
 
     /* Document-class: OpenSSL::PKey::PKeyError
      *
-     *Raised when errors occur during PKey#sign or PKey#verify.
+     * Raised when errors occur during PKey#sign or PKey#verify.
+     *
+     * Before version 4.0.0, OpenSSL::PKey::PKeyError had the following
+     * subclasses. These subclasses have been removed and the constants are
+     * now defined as aliases of OpenSSL::PKey::PKeyError.
+     *
+     * * OpenSSL::PKey::DHError
+     * * OpenSSL::PKey::DSAError
+     * * OpenSSL::PKey::ECError
+     * * OpenSSL::PKey::RSAError
      */
     ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
 

ext/openssl/ossl_pkey_dh.c

@@ -22,14 +22,13 @@
     GetPKeyDH((obj), _pkey); \
     (dh) = EVP_PKEY_get0_DH(_pkey); \
     if ((dh) == NULL) \
-        ossl_raise(eDHError, "failed to get DH from EVP_PKEY"); \
+        ossl_raise(ePKeyError, "failed to get DH from EVP_PKEY"); \
 } while (0)
 
 /*
  * Classes
  */
 VALUE cDH;
-static VALUE eDHError;
 
 /*
  * Private
@@ -94,7 +93,7 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
 #else
         dh = DH_new();
         if (!dh)
-            ossl_raise(eDHError, "DH_new");
+            ossl_raise(ePKeyError, "DH_new");
         goto legacy;
 #endif
     }
@@ -114,12 +113,12 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
     pkey = ossl_pkey_read_generic(in, Qnil);
     BIO_free(in);
     if (!pkey)
-        ossl_raise(eDHError, "could not parse pkey");
+        ossl_raise(ePKeyError, "could not parse pkey");
 
     type = EVP_PKEY_base_id(pkey);
     if (type != EVP_PKEY_DH) {
         EVP_PKEY_free(pkey);
-        rb_raise(eDHError, "incorrect pkey type: %s", OBJ_nid2sn(type));
+        rb_raise(ePKeyError, "incorrect pkey type: %s", OBJ_nid2sn(type));
     }
     RTYPEDDATA_DATA(self) = pkey;
     return self;
@@ -130,7 +129,7 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
     if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) {
         EVP_PKEY_free(pkey);
         DH_free(dh);
-        ossl_raise(eDHError, "EVP_PKEY_assign_DH");
+        ossl_raise(ePKeyError, "EVP_PKEY_assign_DH");
     }
     RTYPEDDATA_DATA(self) = pkey;
     return self;
@@ -152,7 +151,7 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
 
     dh = DHparams_dup(dh_other);
     if (!dh)
-	ossl_raise(eDHError, "DHparams_dup");
+	ossl_raise(ePKeyError, "DHparams_dup");
 
     DH_get0_key(dh_other, &pub, &priv);
     if (pub) {
@@ -162,7 +161,7 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
         if (!pub2 || (priv && !priv2)) {
 	    BN_clear_free(pub2);
 	    BN_clear_free(priv2);
-	    ossl_raise(eDHError, "BN_dup");
+	    ossl_raise(ePKeyError, "BN_dup");
 	}
 	DH_set0_key(dh, pub2, priv2);
     }
@@ -171,7 +170,7 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
     if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) {
         EVP_PKEY_free(pkey);
         DH_free(dh);
-        ossl_raise(eDHError, "EVP_PKEY_assign_DH");
+        ossl_raise(ePKeyError, "EVP_PKEY_assign_DH");
     }
     RTYPEDDATA_DATA(self) = pkey;
     return self;
@@ -250,11 +249,11 @@ ossl_dh_export(VALUE self)
 
     GetDH(self, dh);
     if (!(out = BIO_new(BIO_s_mem()))) {
-	ossl_raise(eDHError, NULL);
+	ossl_raise(ePKeyError, NULL);
     }
     if (!PEM_write_bio_DHparams(out, dh)) {
 	BIO_free(out);
-	ossl_raise(eDHError, NULL);
+	ossl_raise(ePKeyError, NULL);
     }
     str = ossl_membio2str(out);
 
@@ -284,11 +283,11 @@ ossl_dh_to_der(VALUE self)
 
     GetDH(self, dh);
     if((len = i2d_DHparams(dh, NULL)) <= 0)
-	ossl_raise(eDHError, NULL);
+	ossl_raise(ePKeyError, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
     if(i2d_DHparams(dh, &p) < 0)
-	ossl_raise(eDHError, NULL);
+	ossl_raise(ePKeyError, NULL);
     ossl_str_adjust(str, p);
 
     return str;
@@ -315,7 +314,7 @@ ossl_dh_check_params(VALUE self)
     GetPKey(self, pkey);
     pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
     if (!pctx)
-        ossl_raise(eDHError, "EVP_PKEY_CTX_new");
+        ossl_raise(ePKeyError, "EVP_PKEY_CTX_new");
     ret = EVP_PKEY_param_check(pctx);
     EVP_PKEY_CTX_free(pctx);
 #else
@@ -364,13 +363,6 @@ Init_ossl_dh(void)
     ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
 #endif
 
-    /* Document-class: OpenSSL::PKey::DHError
-     *
-     * Generic exception that is raised if an operation on a DH PKey
-     * fails unexpectedly or in case an instantiation of an instance of DH
-     * fails due to non-conformant input data.
-     */
-    eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError);
     /* Document-class: OpenSSL::PKey::DH
      *
      * An implementation of the Diffie-Hellman key exchange protocol based on