More linting; improve 'nCryptDeleteKey' error handling.

joshdrake · joshdrake · commit 85735d6e2e47 · 2025-05-19T09:04:23.000-05:00
diff --git a/internal/bcrypt_pbkdf/bcrypt_pbkdf_test.go b/internal/bcrypt_pbkdf/bcrypt_pbkdf_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //
-//nolint:revive,stylecheck // ignore underscore in package
+//nolint:revive,staticcheck // ignore underscore in package
 package bcrypt_pbkdf
 
 import (
diff --git a/jose/encrypt_test.go b/jose/encrypt_test.go
@@ -103,7 +103,7 @@ func rsaEqual(priv *rsa.PrivateKey, x crypto.PrivateKey) bool {
 	if !ok {
 		return false
 	}
-	if !(priv.PublicKey.N.Cmp(xx.N) == 0 && priv.PublicKey.E == xx.E) || priv.D.Cmp(xx.D) != 0 {
+	if (priv.PublicKey.N.Cmp(xx.N) != 0 || priv.PublicKey.E != xx.E) || priv.D.Cmp(xx.D) != 0 {
 		return false
 	}
 	if len(priv.Primes) != len(xx.Primes) {
diff --git a/kms/capi/ncrypt_windows.go b/kms/capi/ncrypt_windows.go
@@ -292,10 +292,13 @@ func nCryptOpenKey(provisionerHandle uintptr, containerName string, legacyKeySpe
 }
 
 func nCryptDeleteKey(keyHandle uintptr) error {
-	r, _, _ := procNCryptDeleteKey.Call(
+	r, _, err := procNCryptDeleteKey.Call(
 		keyHandle,
 		0,
 	)
+	if !errors.Is(err, windows.Errno(0)) {
+		return fmt.Errorf("NCryptDeleteKey returned %w", err)
+	}
 	if r != 0 {
 		return fmt.Errorf("NCryptDeleteKey returned %v", errNoToStr(uint32(r)))
 	}
diff --git a/x509util/certificate.go b/x509util/certificate.go
@@ -188,7 +188,7 @@ func (c *Certificate) GetCertificate() *x509.Certificate {
 // See also https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.1.6
 func (c *Certificate) hasExtendedSANs() bool {
 	for _, san := range c.SANs {
-		if !(san.Type == DNSType || san.Type == EmailType || san.Type == IPType || san.Type == URIType || san.Type == AutoType || san.Type == "") {
+		if !(san.Type == DNSType || san.Type == EmailType || san.Type == IPType || san.Type == URIType || san.Type == AutoType || san.Type == "") { //nolint:staticcheck // QF1001, this version is more semantically readable
 			return true
 		}
 	}
diff --git a/x509util/certificate_request.go b/x509util/certificate_request.go
@@ -320,7 +320,7 @@ func (c *CertificateRequest) GetLeafCertificate() *Certificate {
 // See also https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.1.6
 func (c *CertificateRequest) hasExtendedSANs() bool {
 	for _, san := range c.SANs {
-		if !(san.Type == DNSType || san.Type == EmailType || san.Type == IPType || san.Type == URIType || san.Type == AutoType || san.Type == "") {
+		if !(san.Type == DNSType || san.Type == EmailType || san.Type == IPType || san.Type == URIType || san.Type == AutoType || san.Type == "") { //nolint:staticcheck // QF1001, this version is more semantically readable
 			return true
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ func rsaEqual(priv *rsa.PrivateKey, x crypto.PrivateKey) bool {`
`103`	`103`	`if !ok {`
`104`	`104`	`return false`
`105`	`105`	`}`
`106`		`- if !(priv.PublicKey.N.Cmp(xx.N) == 0 && priv.PublicKey.E == xx.E) \|\| priv.D.Cmp(xx.D) != 0 {`
	`106`	`+ if (priv.PublicKey.N.Cmp(xx.N) != 0 \|\| priv.PublicKey.E != xx.E) \|\| priv.D.Cmp(xx.D) != 0 {`
`107`	`107`	`return false`
`108`	`108`	`}`
`109`	`109`	`if len(priv.Primes) != len(xx.Primes) {`
Original file line number	Diff line number	Diff line change
`@@ -292,10 +292,13 @@ func nCryptOpenKey(provisionerHandle uintptr, containerName string, legacyKeySpe`
`292`	`292`	`}`
`293`	`293`
`294`	`294`	`func nCryptDeleteKey(keyHandle uintptr) error {`
`295`		`- r, _, _ := procNCryptDeleteKey.Call(`
	`295`	`+ r, _, err := procNCryptDeleteKey.Call(`
`296`	`296`	`keyHandle,`
`297`	`297`	`0,`
`298`	`298`	`)`
	`299`	`+ if !errors.Is(err, windows.Errno(0)) {`
	`300`	`+ return fmt.Errorf("NCryptDeleteKey returned %w", err)`
	`301`	`+ }`
`299`	`302`	`if r != 0 {`
`300`	`303`	`return fmt.Errorf("NCryptDeleteKey returned %v", errNoToStr(uint32(r)))`
`301`	`304`	`}`
Original file line number	Diff line number	Diff line change
`@@ -188,7 +188,7 @@ func (c Certificate) GetCertificate() x509.Certificate {`
`188`	`188`	`// See also https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.1.6`
`189`	`189`	`func (c *Certificate) hasExtendedSANs() bool {`
`190`	`190`	`for _, san := range c.SANs {`
`191`		`- if !(san.Type == DNSType \|\| san.Type == EmailType \|\| san.Type == IPType \|\| san.Type == URIType \|\| san.Type == AutoType \|\| san.Type == "") {`
	`191`	`+ if !(san.Type == DNSType \|\| san.Type == EmailType \|\| san.Type == IPType \|\| san.Type == URIType \|\| san.Type == AutoType \|\| san.Type == "") { //nolint:staticcheck // QF1001, this version is more semantically readable`
`192`	`192`	`return true`
`193`	`193`	`}`
`194`	`194`	`}`
Original file line number	Diff line number	Diff line change
`@@ -320,7 +320,7 @@ func (c CertificateRequest) GetLeafCertificate() Certificate {`
`320`	`320`	`// See also https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.1.6`
`321`	`321`	`func (c *CertificateRequest) hasExtendedSANs() bool {`
`322`	`322`	`for _, san := range c.SANs {`
`323`		`- if !(san.Type == DNSType \|\| san.Type == EmailType \|\| san.Type == IPType \|\| san.Type == URIType \|\| san.Type == AutoType \|\| san.Type == "") {`
	`323`	`+ if !(san.Type == DNSType \|\| san.Type == EmailType \|\| san.Type == IPType \|\| san.Type == URIType \|\| san.Type == AutoType \|\| san.Type == "") { //nolint:staticcheck // QF1001, this version is more semantically readable`
`324`	`324`	`return true`
`325`	`325`	`}`
`326`	`326`	`}`