From 92eea721f76d8e7a74285e94ea7579753c27e2cd Mon Sep 17 00:00:00 2001 From: Oleg Kovalov Date: Fri, 28 Aug 2020 17:58:49 +0200 Subject: [PATCH] internal hardening --- algo_es.go | 10 +++++----- algo_hs.go | 4 ++-- algo_ps.go | 14 +++++++------- algo_rs.go | 14 +++++++------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/algo_es.go b/algo_es.go index 22f0cbb..c9fe2ff 100644 --- a/algo_es.go +++ b/algo_es.go @@ -71,14 +71,14 @@ func (es esAlg) SignSize() int { } func (es esAlg) Sign(payload []byte) ([]byte, error) { - signed, err := hashPayload(es.hash, payload) + digest, err := hashPayload(es.hash, payload) if err != nil { return nil, err } - r, s, err := ecdsa.Sign(rand.Reader, es.privateKey, signed) + r, s, errSign := ecdsa.Sign(rand.Reader, es.privateKey, digest) if err != nil { - return nil, err + return nil, errSign } pivot := es.SignSize() / 2 @@ -95,7 +95,7 @@ func (es esAlg) Verify(payload, signature []byte) error { return ErrInvalidSignature } - signed, err := hashPayload(es.hash, payload) + digest, err := hashPayload(es.hash, payload) if err != nil { return err } @@ -104,7 +104,7 @@ func (es esAlg) Verify(payload, signature []byte) error { r := big.NewInt(0).SetBytes(signature[:pivot]) s := big.NewInt(0).SetBytes(signature[pivot:]) - if !ecdsa.Verify(es.publickey, signed, r, s) { + if !ecdsa.Verify(es.publickey, digest, r, s) { return ErrInvalidSignature } return nil diff --git a/algo_hs.go b/algo_hs.go index 3ab9c75..6d3d1b6 100644 --- a/algo_hs.go +++ b/algo_hs.go @@ -78,11 +78,11 @@ func (hs hsAlg) Sign(payload []byte) ([]byte, error) { } func (hs hsAlg) Verify(payload, signature []byte) error { - signed, err := hs.sign(payload) + digest, err := hs.sign(payload) if err != nil { return err } - if !hmac.Equal(signature, signed) { + if !hmac.Equal(signature, digest) { return ErrInvalidSignature } return nil diff --git a/algo_ps.go b/algo_ps.go index 6a3a947..622d8f8 100644 --- a/algo_ps.go +++ b/algo_ps.go @@ -87,26 +87,26 @@ func (ps psAlg) Algorithm() Algorithm { } func (ps psAlg) Sign(payload []byte) ([]byte, error) { - signed, err := hashPayload(ps.hash, payload) + digest, err := hashPayload(ps.hash, payload) if err != nil { return nil, err } - signature, err := rsa.SignPSS(rand.Reader, ps.privateKey, ps.hash, signed, ps.opts) - if err != nil { - return nil, err + signature, errSign := rsa.SignPSS(rand.Reader, ps.privateKey, ps.hash, digest, ps.opts) + if errSign != nil { + return nil, errSign } return signature, nil } func (ps psAlg) Verify(payload, signature []byte) error { - signed, err := hashPayload(ps.hash, payload) + digest, err := hashPayload(ps.hash, payload) if err != nil { return err } - err = rsa.VerifyPSS(ps.publicKey, ps.hash, signed, signature, ps.opts) - if err != nil { + errVerify := rsa.VerifyPSS(ps.publicKey, ps.hash, digest, signature, ps.opts) + if errVerify != nil { return ErrInvalidSignature } return nil diff --git a/algo_rs.go b/algo_rs.go index 039fec2..80b3132 100644 --- a/algo_rs.go +++ b/algo_rs.go @@ -67,26 +67,26 @@ func (rs rsAlg) SignSize() int { } func (rs rsAlg) Sign(payload []byte) ([]byte, error) { - signed, err := hashPayload(rs.hash, payload) + digest, err := hashPayload(rs.hash, payload) if err != nil { return nil, err } - signature, err := rsa.SignPKCS1v15(rand.Reader, rs.privateKey, rs.hash, signed) - if err != nil { - return nil, err + signature, errSign := rsa.SignPKCS1v15(rand.Reader, rs.privateKey, rs.hash, digest) + if errSign != nil { + return nil, errSign } return signature, nil } func (rs rsAlg) Verify(payload, signature []byte) error { - signed, err := hashPayload(rs.hash, payload) + digest, err := hashPayload(rs.hash, payload) if err != nil { return err } - err = rsa.VerifyPKCS1v15(rs.publickey, rs.hash, signed, signature) - if err != nil { + errVerify := rsa.VerifyPKCS1v15(rs.publickey, rs.hash, digest, signature) + if errVerify != nil { return ErrInvalidSignature } return nil