diff --git a/bio.go b/bio.go index 9fe32aa..caf2b37 100644 --- a/bio.go +++ b/bio.go @@ -112,14 +112,14 @@ func writeBioPending(b *C.BIO) C.long { return C.long(len(ptr.buf)) } -func (b *writeBio) WriteTo(w io.Writer) (rv int64, err error) { - b.op_mtx.Lock() - defer b.op_mtx.Unlock() +func (wb *writeBio) WriteTo(w io.Writer) (rv int64, err error) { + wb.op_mtx.Lock() + defer wb.op_mtx.Unlock() // write whatever data we currently have - b.data_mtx.Lock() - data := b.buf - b.data_mtx.Unlock() + wb.data_mtx.Lock() + data := wb.buf + wb.data_mtx.Unlock() if len(data) == 0 { return 0, nil @@ -127,26 +127,26 @@ func (b *writeBio) WriteTo(w io.Writer) (rv int64, err error) { n, err := w.Write(data) // subtract however much data we wrote from the buffer - b.data_mtx.Lock() - b.buf = b.buf[:copy(b.buf, b.buf[n:])] - if b.release_buffers && len(b.buf) == 0 { - b.buf = nil + wb.data_mtx.Lock() + wb.buf = wb.buf[:copy(wb.buf, wb.buf[n:])] + if wb.release_buffers && len(wb.buf) == 0 { + wb.buf = nil } - b.data_mtx.Unlock() + wb.data_mtx.Unlock() return int64(n), err } -func (self *writeBio) Disconnect(b *C.BIO) { - if loadWritePtr(b) == self { +func (wb *writeBio) Disconnect(b *C.BIO) { + if loadWritePtr(b) == wb { writeBioMapping.Del(token(C.X_BIO_get_data(b))) C.X_BIO_set_data(b, nil) } } -func (b *writeBio) MakeCBIO() *C.BIO { +func (wb *writeBio) MakeCBIO() *C.BIO { rv := C.X_BIO_new_write_bio() - token := writeBioMapping.Add(unsafe.Pointer(b)) + token := writeBioMapping.Add(unsafe.Pointer(wb)) C.X_BIO_set_data(rv, unsafe.Pointer(token)) return rv } @@ -228,53 +228,53 @@ func readBioPending(b *C.BIO) C.long { return C.long(len(ptr.buf)) } -func (b *readBio) ReadFromOnce(r io.Reader) (n int, err error) { - b.op_mtx.Lock() - defer b.op_mtx.Unlock() +func (rb *readBio) ReadFromOnce(r io.Reader) (n int, err error) { + rb.op_mtx.Lock() + defer rb.op_mtx.Unlock() // make sure we have a destination that fits at least one SSL record - b.data_mtx.Lock() - if cap(b.buf) < len(b.buf)+SSLRecordSize { - new_buf := make([]byte, len(b.buf), len(b.buf)+SSLRecordSize) - copy(new_buf, b.buf) - b.buf = new_buf + rb.data_mtx.Lock() + if cap(rb.buf) < len(rb.buf)+SSLRecordSize { + new_buf := make([]byte, len(rb.buf), len(rb.buf)+SSLRecordSize) + copy(new_buf, rb.buf) + rb.buf = new_buf } - dst := b.buf[len(b.buf):cap(b.buf)] - dst_slice := b.buf - b.data_mtx.Unlock() + dst := rb.buf[len(rb.buf):cap(rb.buf)] + dst_slice := rb.buf + rb.data_mtx.Unlock() n, err = r.Read(dst) - b.data_mtx.Lock() - defer b.data_mtx.Unlock() + rb.data_mtx.Lock() + defer rb.data_mtx.Unlock() if n > 0 { - if len(dst_slice) != len(b.buf) { + if len(dst_slice) != len(rb.buf) { // someone shrunk the buffer, so we read in too far ahead and we // need to slide backwards - copy(b.buf[len(b.buf):len(b.buf)+n], dst) + copy(rb.buf[len(rb.buf):len(rb.buf)+n], dst) } - b.buf = b.buf[:len(b.buf)+n] + rb.buf = rb.buf[:len(rb.buf)+n] } return n, err } -func (b *readBio) MakeCBIO() *C.BIO { +func (rb *readBio) MakeCBIO() *C.BIO { rv := C.X_BIO_new_read_bio() - token := readBioMapping.Add(unsafe.Pointer(b)) + token := readBioMapping.Add(unsafe.Pointer(rb)) C.X_BIO_set_data(rv, unsafe.Pointer(token)) return rv } -func (self *readBio) Disconnect(b *C.BIO) { - if loadReadPtr(b) == self { +func (rb *readBio) Disconnect(b *C.BIO) { + if loadReadPtr(b) == rb { readBioMapping.Del(token(C.X_BIO_get_data(b))) C.X_BIO_set_data(b, nil) } } -func (b *readBio) MarkEOF() { - b.data_mtx.Lock() - defer b.data_mtx.Unlock() - b.eof = true +func (rb *readBio) MarkEOF() { + rb.data_mtx.Lock() + defer rb.data_mtx.Unlock() + rb.eof = true } type anyBio C.BIO diff --git a/cert.go b/cert.go index 82dfc36..97c788f 100644 --- a/cert.go +++ b/cert.go @@ -267,8 +267,8 @@ func (c *Certificate) Sign(privKey PrivateKey, digest EVP_MD) error { case EVP_SHA384: case EVP_SHA512: default: - return errors.New("Unsupported digest" + - "You're probably looking for 'EVP_SHA256' or 'EVP_SHA512'.") + return errors.New("unsupported digest; " + + "you're probably looking for 'EVP_SHA256' or 'EVP_SHA512'") } return c.insecureSign(privKey, digest) } @@ -336,7 +336,7 @@ func (c *Certificate) AddCustomExtension(nid NID, value []byte) error { val := (*C.char)(C.CBytes(value)) defer C.free(unsafe.Pointer(val)) if int(C.add_custom_ext(c.x, C.int(nid), val, C.int(len(value)))) == 0 { - return errors.New("Unable to add extension") + return errors.New("unable to add extension") } return nil } diff --git a/ciphers.go b/ciphers.go index 509bf64..a3a597c 100644 --- a/ciphers.go +++ b/ciphers.go @@ -125,7 +125,7 @@ func (ctx *cipherCtx) applyKeyAndIV(key, iv []byte) error { } else { res = C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, kptr, iptr) } - if 1 != res { + if res != 1 { return errors.New("failed to apply key/IV") } } @@ -243,7 +243,7 @@ func newEncryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) ( if e != nil { eptr = e.e } - if 1 != C.EVP_EncryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) { + if C.EVP_EncryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) != 1 { return nil, errors.New("failed to initialize cipher context") } err = ctx.applyKeyAndIV(key, iv) @@ -266,7 +266,7 @@ func newDecryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) ( if e != nil { eptr = e.e } - if 1 != C.EVP_DecryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) { + if C.EVP_DecryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) != 1 { return nil, errors.New("failed to initialize cipher context") } err = ctx.applyKeyAndIV(key, iv) @@ -317,7 +317,7 @@ func (ctx *decryptionCipherCtx) DecryptUpdate(input []byte) ([]byte, error) { func (ctx *encryptionCipherCtx) EncryptFinal() ([]byte, error) { outbuf := make([]byte, ctx.BlockSize()) var outlen C.int - if 1 != C.EVP_EncryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) { + if C.EVP_EncryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) != 1 { return nil, errors.New("encryption failed") } return outbuf[:outlen], nil @@ -326,7 +326,7 @@ func (ctx *encryptionCipherCtx) EncryptFinal() ([]byte, error) { func (ctx *decryptionCipherCtx) DecryptFinal() ([]byte, error) { outbuf := make([]byte, ctx.BlockSize()) var outlen C.int - if 1 != C.EVP_DecryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) { + if C.EVP_DecryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) != 1 { // this may mean the tag failed to verify- all previous plaintext // returned must be considered faked and invalid return nil, errors.New("decryption failed") diff --git a/ciphers_gcm.go b/ciphers_gcm.go index 7b08e0f..06ba0fe 100644 --- a/ciphers_gcm.go +++ b/ciphers_gcm.go @@ -86,8 +86,8 @@ func NewGCMEncryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( return nil, fmt.Errorf("could not set IV len to %d: %s", len(iv), err) } - if 1 != C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, nil, - (*C.uchar)(&iv[0])) { + if C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) != 1 { return nil, errors.New("failed to apply IV") } } @@ -110,8 +110,8 @@ func NewGCMDecryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( return nil, fmt.Errorf("could not set IV len to %d: %s", len(iv), err) } - if 1 != C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, nil, - (*C.uchar)(&iv[0])) { + if C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) != 1 { return nil, errors.New("failed to apply IV") } } @@ -123,8 +123,8 @@ func (ctx *authEncryptionCipherCtx) ExtraData(aad []byte) error { return nil } var outlen C.int - if 1 != C.EVP_EncryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), - C.int(len(aad))) { + if C.EVP_EncryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) != 1 { return errors.New("failed to add additional authenticated data") } return nil @@ -135,8 +135,8 @@ func (ctx *authDecryptionCipherCtx) ExtraData(aad []byte) error { return nil } var outlen C.int - if 1 != C.EVP_DecryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), - C.int(len(aad))) { + if C.EVP_DecryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) != 1 { return errors.New("failed to add additional authenticated data") } return nil diff --git a/ciphers_test.go b/ciphers_test.go index fe991ab..0f1e340 100644 --- a/ciphers_test.go +++ b/ciphers_test.go @@ -185,17 +185,16 @@ func TestBadTag(t *testing.T) { } // flip the last bit tag[len(tag)-1] ^= 1 - plaintext_out, err := doDecryption(key, iv, nil, ciphertext, tag, 128, 129) - if err == nil { + if _, err := doDecryption(key, iv, nil, ciphertext, tag, 128, 129); err == nil { t.Fatal("Expected error for bad tag, but got none") } // flip it back, try again just to make sure tag[len(tag)-1] ^= 1 - plaintext_out, err = doDecryption(key, iv, nil, ciphertext, tag, 128, 129) + plaintextOut, err := doDecryption(key, iv, nil, ciphertext, tag, 128, 129) if err != nil { t.Fatal("Decryption failure:", err) } - checkEqual(t, plaintext_out, plaintext) + checkEqual(t, plaintextOut, plaintext) } func TestBadCiphertext(t *testing.T) { @@ -211,17 +210,16 @@ func TestBadCiphertext(t *testing.T) { } // flip the last bit ciphertext[len(ciphertext)-1] ^= 1 - plaintext_out, err := doDecryption(key, iv, aad, ciphertext, tag, 192, 192) - if err == nil { + if _, err := doDecryption(key, iv, aad, ciphertext, tag, 192, 192); err == nil { t.Fatal("Expected error for bad ciphertext, but got none") } // flip it back, try again just to make sure ciphertext[len(ciphertext)-1] ^= 1 - plaintext_out, err = doDecryption(key, iv, aad, ciphertext, tag, 192, 192) + plaintextOut, err := doDecryption(key, iv, aad, ciphertext, tag, 192, 192) if err != nil { t.Fatal("Decryption failure:", err) } - checkEqual(t, plaintext_out, plaintext) + checkEqual(t, plaintextOut, plaintext) } func TestBadAAD(t *testing.T) { @@ -237,17 +235,16 @@ func TestBadAAD(t *testing.T) { } // flip the last bit aad[len(aad)-1] ^= 1 - plaintext_out, err := doDecryption(key, iv, aad, ciphertext, tag, 256, 256) - if err == nil { + if _, err := doDecryption(key, iv, aad, ciphertext, tag, 256, 256); err == nil { t.Fatal("Expected error for bad AAD, but got none") } // flip it back, try again just to make sure aad[len(aad)-1] ^= 1 - plaintext_out, err = doDecryption(key, iv, aad, ciphertext, tag, 256, 256) + plaintextOut, err := doDecryption(key, iv, aad, ciphertext, tag, 256, 256) if err != nil { t.Fatal("Decryption failure:", err) } - checkEqual(t, plaintext_out, plaintext) + checkEqual(t, plaintextOut, plaintext) } func TestNonAuthenticatedEncryption(t *testing.T) { diff --git a/conn.go b/conn.go index 2758034..757f382 100644 --- a/conn.go +++ b/conn.go @@ -31,10 +31,10 @@ import ( ) var ( - zeroReturn = errors.New("zero return") - wantRead = errors.New("want read") - wantWrite = errors.New("want write") - tryAgain = errors.New("try again") + errZeroReturn = errors.New("zero return") + errWantRead = errors.New("want read") + errWantWrite = errors.New("want write") + errTryAgain = errors.New("try again") ) type Conn struct { @@ -192,7 +192,7 @@ func (c *Conn) GetCtx() *Ctx { return c.ctx } func (c *Conn) CurrentCipher() (string, error) { p := C.X_SSL_get_cipher_name(c.ssl) if p == nil { - return "", errors.New("Session not established") + return "", errors.New("session not established") } return C.GoString(p), nil @@ -247,7 +247,7 @@ func (c *Conn) getErrorHandler(rv C.int, errno error) func() error { if err != nil { return err } - return tryAgain + return errTryAgain } case C.SSL_ERROR_WANT_WRITE: return func() error { @@ -255,7 +255,7 @@ func (c *Conn) getErrorHandler(rv C.int, errno error) func() error { if err != nil { return err } - return tryAgain + return errTryAgain } case C.SSL_ERROR_SYSCALL: var err error @@ -303,8 +303,8 @@ func (c *Conn) handshake() func() error { // Handshake performs an SSL handshake. If a handshake is not manually // triggered, it will run before the first I/O on the encrypted stream. func (c *Conn) Handshake() error { - err := tryAgain - for err == tryAgain { + err := errTryAgain + for err == errTryAgain { err = c.handleError(c.handshake()) } go c.flushOutputBuffer() @@ -404,15 +404,15 @@ func (c *Conn) shutdown() func() error { } func (c *Conn) shutdownLoop() error { - err := tryAgain + err := errTryAgain shutdown_tries := 0 - for err == tryAgain { + for err == errTryAgain { shutdown_tries = shutdown_tries + 1 err = c.handleError(c.shutdown()) if err == nil { return c.flushOutputBuffer() } - if err == tryAgain && shutdown_tries >= 2 { + if err == errTryAgain && shutdown_tries >= 2 { return errors.New("shutdown requested a third time?") } } @@ -463,8 +463,8 @@ func (c *Conn) Read(b []byte) (n int, err error) { if len(b) == 0 { return 0, nil } - err = tryAgain - for err == tryAgain { + err = errTryAgain + for err == errTryAgain { n, errcb := c.read(b) err = c.handleError(errcb) if err == nil { @@ -504,8 +504,8 @@ func (c *Conn) Write(b []byte) (written int, err error) { if len(b) == 0 { return 0, nil } - err = tryAgain - for err == tryAgain { + err = errTryAgain + for err == errTryAgain { n, errcb := c.write(b) err = c.handleError(errcb) if err == nil { diff --git a/ctx.go b/ctx.go index 271defa..496ac63 100644 --- a/ctx.go +++ b/ctx.go @@ -127,7 +127,7 @@ func NewCtxFromFiles(cert_file string, key_file string) (*Ctx, error) { certs := SplitPEM(cert_bytes) if len(certs) == 0 { - return nil, fmt.Errorf("No PEM certificate found in '%s'", cert_file) + return nil, fmt.Errorf("no PEM certificate found in '%s'", cert_file) } first, certs := certs[0], certs[1:] cert, err := LoadCertificateFromPEM(first) @@ -190,7 +190,7 @@ func (c *Ctx) SetEllipticCurve(curve EllipticCurve) error { k := C.EC_KEY_new_by_curve_name(C.int(curve)) if k == nil { - return errors.New("Unknown curve") + return errors.New("unknown curve") } defer C.EC_KEY_free(k) @@ -302,12 +302,12 @@ type CertificateStoreCtx struct { ssl_ctx *Ctx } -func (self *CertificateStoreCtx) VerifyResult() VerifyResult { - return VerifyResult(C.X509_STORE_CTX_get_error(self.ctx)) +func (csc *CertificateStoreCtx) VerifyResult() VerifyResult { + return VerifyResult(C.X509_STORE_CTX_get_error(csc.ctx)) } -func (self *CertificateStoreCtx) Err() error { - code := C.X509_STORE_CTX_get_error(self.ctx) +func (csc *CertificateStoreCtx) Err() error { + code := C.X509_STORE_CTX_get_error(csc.ctx) if code == C.X509_V_OK { return nil } @@ -315,19 +315,19 @@ func (self *CertificateStoreCtx) Err() error { C.GoString(C.X509_verify_cert_error_string(C.long(code)))) } -func (self *CertificateStoreCtx) Depth() int { - return int(C.X509_STORE_CTX_get_error_depth(self.ctx)) +func (csc *CertificateStoreCtx) Depth() int { + return int(C.X509_STORE_CTX_get_error_depth(csc.ctx)) } -// the certicate returned is only valid for the lifetime of the underlying +// the certificate returned is only valid for the lifetime of the underlying // X509_STORE_CTX -func (self *CertificateStoreCtx) GetCurrentCert() *Certificate { - x509 := C.X509_STORE_CTX_get_current_cert(self.ctx) +func (csc *CertificateStoreCtx) GetCurrentCert() *Certificate { + x509 := C.X509_STORE_CTX_get_current_cert(csc.ctx) if x509 == nil { return nil } // add a ref - if 1 != C.X_X509_add_ref(x509) { + if C.X_X509_add_ref(x509) != 1 { return nil } cert := &Certificate{ @@ -531,7 +531,7 @@ func (c *Ctx) SetNextProtos(protos []string) error { for _, proto := range protos { if len(proto) > 255 { return fmt.Errorf( - "Proto length can't be more than 255. But got a proto %s with length %d", + "proto length can't be more than 255. But got a proto %s with length %d", proto, len(proto)) } vector = append(vector, byte(uint8(len(proto)))) @@ -540,7 +540,7 @@ func (c *Ctx) SetNextProtos(protos []string) error { ret := int(C.SSL_CTX_set_alpn_protos(c.ctx, (*C.uchar)(unsafe.Pointer(&vector[0])), C.uint(len(vector)))) if ret != 0 { - return errors.New("Error while setting protos to ctx") + return errors.New("error while setting protos to ctx") } return nil } diff --git a/dh_test.go b/dh_test.go index fbe3e35..811020b 100644 --- a/dh_test.go +++ b/dh_test.go @@ -40,7 +40,7 @@ func TestECDH(t *testing.T) { t.Fatal(err) } - if bytes.Compare(mySecret, theirSecret) != 0 { + if !bytes.Equal(mySecret, theirSecret) { t.Fatal("shared secrets are different") } } diff --git a/hmac.go b/hmac.go index a8640cf..77e8dc5 100644 --- a/hmac.go +++ b/hmac.go @@ -74,7 +74,7 @@ func (h *HMAC) Write(data []byte) (n int, err error) { } func (h *HMAC) Reset() error { - if 1 != C.X_HMAC_Init_ex(h.ctx, nil, 0, nil, nil) { + if C.X_HMAC_Init_ex(h.ctx, nil, 0, nil, nil) != 1 { return errors.New("failed to reset HMAC_CTX") } return nil diff --git a/hostname.go b/hostname.go index c92d959..0fae97f 100644 --- a/hostname.go +++ b/hostname.go @@ -40,7 +40,7 @@ import ( ) var ( - ValidationError = errors.New("Host validation error") + ValidationError = errors.New("host validation error") //lint:ignore ST1012 rename may cause breaking changes; research before renaming. ) type CheckFlags int diff --git a/init.go b/init.go index 17dc6f3..107adee 100644 --- a/init.go +++ b/init.go @@ -88,14 +88,13 @@ package openssl import "C" import ( - "errors" "fmt" "strings" ) func init() { if rc := C.X_shim_init(); rc != 0 { - panic(fmt.Errorf("X_shim_init failed with %d", rc)) + panic(fmt.Errorf("x_shim_init failed with %d", rc)) } } @@ -113,5 +112,5 @@ func errorFromErrorQueue() error { C.GoString(C.ERR_func_error_string(err)), C.GoString(C.ERR_reason_error_string(err)))) } - return errors.New(fmt.Sprintf("SSL errors: %s", strings.Join(errs, "\n"))) + return fmt.Errorf("SSL errors: %s", strings.Join(errs, "\n")) } diff --git a/key.go b/key.go index d70bdbb..25be635 100644 --- a/key.go +++ b/key.go @@ -143,36 +143,36 @@ func (key *pKey) SignPKCS1v15(method Method, data []byte) ([]byte, error) { return nil, errors.New("signpkcs1v15: 0-length data or non-null digest") } - if 1 != C.X_EVP_DigestSignInit(ctx, nil, nil, nil, key.key) { + if C.X_EVP_DigestSignInit(ctx, nil, nil, nil, key.key) != 1 { return nil, errors.New("signpkcs1v15: failed to init signature") } // evp signatures are 64 bytes - sig := make([]byte, 64, 64) + sig := make([]byte, 64) var sigblen C.size_t = 64 - if 1 != C.X_EVP_DigestSign(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), + if C.X_EVP_DigestSign(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), &sigblen, (*C.uchar)(unsafe.Pointer(&data[0])), - C.size_t(len(data))) { + C.size_t(len(data))) != 1 { return nil, errors.New("signpkcs1v15: failed to do one-shot signature") } return sig[:sigblen], nil } else { - if 1 != C.X_EVP_SignInit(ctx, method) { + if C.X_EVP_SignInit(ctx, method) != 1 { return nil, errors.New("signpkcs1v15: failed to init signature") } if len(data) > 0 { - if 1 != C.X_EVP_SignUpdate( - ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { + if C.X_EVP_SignUpdate( + ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) != 1 { return nil, errors.New("signpkcs1v15: failed to update signature") } } sig := make([]byte, C.X_EVP_PKEY_size(key.key)) var sigblen C.uint - if 1 != C.X_EVP_SignFinal(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), &sigblen, key.key) { + if C.X_EVP_SignFinal(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), &sigblen, key.key) != 1 { return nil, errors.New("signpkcs1v15: failed to finalize signature") } return sig[:sigblen], nil @@ -194,32 +194,32 @@ func (key *pKey) VerifyPKCS1v15(method Method, data, sig []byte) error { return errors.New("verifypkcs1v15: 0-length data or non-null digest") } - if 1 != C.X_EVP_DigestVerifyInit(ctx, nil, nil, nil, key.key) { + if C.X_EVP_DigestVerifyInit(ctx, nil, nil, nil, key.key) != 1 { return errors.New("verifypkcs1v15: failed to init verify") } - if 1 != C.X_EVP_DigestVerify(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), + if C.X_EVP_DigestVerify(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), C.size_t(len(sig)), (*C.uchar)(unsafe.Pointer(&data[0])), - C.size_t(len(data))) { + C.size_t(len(data))) != 1 { return errors.New("verifypkcs1v15: failed to do one-shot verify") } return nil } else { - if 1 != C.X_EVP_VerifyInit(ctx, method) { + if C.X_EVP_VerifyInit(ctx, method) != 1 { return errors.New("verifypkcs1v15: failed to init verify") } if len(data) > 0 { - if 1 != C.X_EVP_VerifyUpdate( - ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { + if C.X_EVP_VerifyUpdate( + ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) != 1 { return errors.New("verifypkcs1v15: failed to update verify") } } - if 1 != C.X_EVP_VerifyFinal(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), C.uint(len(sig)), key.key) { + if C.X_EVP_VerifyFinal(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), C.uint(len(sig)), key.key) != 1 { return errors.New("verifypkcs1v15: failed to finalize verify") } return nil diff --git a/key_test.go b/key_test.go index 5654198..82129da 100644 --- a/key_test.go +++ b/key_test.go @@ -187,12 +187,10 @@ func TestGenerateEd25519(t *testing.T) { if err != nil { t.Fatal(err) } - _, err = key.MarshalPKIXPublicKeyPEM() - if err != nil { + if _, err = key.MarshalPKIXPublicKeyPEM(); err != nil { t.Fatal(err) } - _, err = key.MarshalPKCS1PrivateKeyPEM() - if err != nil { + if _, err = key.MarshalPKCS1PrivateKeyPEM(); err != nil { t.Fatal(err) } } @@ -289,8 +287,7 @@ func TestSignED25519(t *testing.T) { } func TestMarshalEC(t *testing.T) { - key, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes) - if err != nil { + if _, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(prime256v1CertBytes) @@ -299,7 +296,7 @@ func TestMarshalEC(t *testing.T) { } privateBlock, _ := pem_pkg.Decode(prime256v1KeyBytes) - key, err = LoadPrivateKeyFromDER(privateBlock.Bytes) + key, err := LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } @@ -410,8 +407,7 @@ func TestMarshalEd25519(t *testing.T) { t.SkipNow() } - key, err := LoadPrivateKeyFromPEM(ed25519KeyBytes) - if err != nil { + if _, err := LoadPrivateKeyFromPEM(ed25519KeyBytes); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(ed25519CertBytes) @@ -420,7 +416,7 @@ func TestMarshalEd25519(t *testing.T) { } privateBlock, _ := pem_pkg.Decode(ed25519KeyBytes) - key, err = LoadPrivateKeyFromDER(privateBlock.Bytes) + key, err := LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } @@ -435,17 +431,15 @@ func TestMarshalEd25519(t *testing.T) { t.Fatal("invalid cert pem bytes") } - pem, err = key.MarshalPKCS1PrivateKeyPEM() - if err != nil { + if _, err = key.MarshalPKCS1PrivateKeyPEM(); err != nil { t.Fatal(err) } - der, err := key.MarshalPKCS1PrivateKeyDER() - if err != nil { + if _, err := key.MarshalPKCS1PrivateKeyDER(); err != nil { t.Fatal(err) } - der, err = key.MarshalPKIXPublicKeyDER() + der, err := key.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } @@ -455,22 +449,22 @@ func TestMarshalEd25519(t *testing.T) { t.Fatal(err) } - loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem) + loadedPubkeyFromPem, err := LoadPublicKeyFromPEM(pem) if err != nil { t.Fatal(err) } - loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der) + loadedPubkeyFromDer, err := LoadPublicKeyFromDER(der) if err != nil { t.Fatal(err) } - _, err = loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER() + _, err = loadedPubkeyFromPem.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } - _, err = loaded_pubkey_from_der.MarshalPKIXPublicKeyDER() + _, err = loadedPubkeyFromDer.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } diff --git a/md4.go b/md4.go index e5cc7d8..7977af1 100644 --- a/md4.go +++ b/md4.go @@ -51,7 +51,7 @@ func (s *MD4Hash) Close() { } func (s *MD4Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md4(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md4(), engineRef(s.engine)) != 1 { return errors.New("openssl: md4: cannot init digest ctx") } return nil @@ -61,16 +61,16 @@ func (s *MD4Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: md4: cannot update digest") } return len(p), nil } func (s *MD4Hash) Sum() (result [16]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: md4: cannot finalize ctx") } return result, s.Reset() diff --git a/md5.go b/md5.go index 82f2eb2..d7e771e 100644 --- a/md5.go +++ b/md5.go @@ -51,7 +51,7 @@ func (s *MD5Hash) Close() { } func (s *MD5Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md5(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md5(), engineRef(s.engine)) != 1 { return errors.New("openssl: md5: cannot init digest ctx") } return nil @@ -61,16 +61,16 @@ func (s *MD5Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: md5: cannot update digest") } return len(p), nil } func (s *MD5Hash) Sum() (result [16]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: md5: cannot finalize ctx") } return result, s.Reset() diff --git a/pem.go b/pem.go index 1477109..6127cf0 100644 --- a/pem.go +++ b/pem.go @@ -16,18 +16,13 @@ package openssl import ( "regexp" - ) var pemSplit *regexp.Regexp = regexp.MustCompile(`(?sm)` + `(^-----[\s-]*?BEGIN.*?-----[\s-]*?$` + `.*?` + `^-----[\s-]*?END.*?-----[\s-]*?$)`) - + func SplitPEM(data []byte) [][]byte { - var results [][]byte - for _, block := range pemSplit.FindAll(data, -1) { - results = append(results, block) - } - return results + return pemSplit.FindAll(data, -1) } diff --git a/sha1.go b/sha1.go index c227bee..ab4ad87 100644 --- a/sha1.go +++ b/sha1.go @@ -58,7 +58,7 @@ func engineRef(e *Engine) *C.ENGINE { } func (s *SHA1Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha1(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha1(), engineRef(s.engine)) != 1 { return errors.New("openssl: sha1: cannot init digest ctx") } return nil @@ -68,16 +68,16 @@ func (s *SHA1Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: sha1: cannot update digest") } return len(p), nil } func (s *SHA1Hash) Sum() (result [20]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: sha1: cannot finalize ctx") } return result, s.Reset() diff --git a/sha256.go b/sha256.go index d25c7a9..d9189a9 100644 --- a/sha256.go +++ b/sha256.go @@ -51,7 +51,7 @@ func (s *SHA256Hash) Close() { } func (s *SHA256Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha256(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha256(), engineRef(s.engine)) != 1 { return errors.New("openssl: sha256: cannot init digest ctx") } return nil @@ -61,16 +61,16 @@ func (s *SHA256Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: sha256: cannot update digest") } return len(p), nil } func (s *SHA256Hash) Sum() (result [32]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: sha256: cannot finalize ctx") } return result, s.Reset() diff --git a/ssl_test.go b/ssl_test.go index 38cc20d..db48aeb 100644 --- a/ssl_test.go +++ b/ssl_test.go @@ -197,7 +197,7 @@ func SimpleConnTest(t testing.TB, constructor func( if err != nil { t.Fatal(err) } - if string(buf.Bytes()) != data { + if buf.String() != data { t.Fatal("mismatched data") } @@ -304,21 +304,21 @@ func ThroughputBenchmark(b *testing.B, constructor func( wg.Add(2) go func() { defer wg.Done() - _, err = io.Copy(client, bytes.NewReader([]byte(data))) - if err != nil { - b.Fatal(err) + if _, err = io.Copy(client, bytes.NewReader(data)); err != nil { + b.Error(err) + return } }() go func() { defer wg.Done() buf := &bytes.Buffer{} - _, err = io.CopyN(buf, server, int64(len(data))) - if err != nil { - b.Fatal(err) + if _, err = io.CopyN(buf, server, int64(len(data))); err != nil { + b.Error(err) + return } if !bytes.Equal(buf.Bytes(), data) { - b.Fatal("mismatched data") + b.Error("mismatched data") } }() wg.Wait() @@ -551,27 +551,27 @@ func LotsOfConns(t *testing.T, payload_size int64, loops, clients int, for { conn, err := ssl_listener.Accept() if err != nil { - t.Fatalf("failed accept: %s", err) + t.Errorf("failed accept: %s", err) continue } go func() { defer func() { err = conn.Close() if err != nil { - t.Fatalf("failed closing: %s", err) + t.Errorf("failed closing: %s", err) } }() for i := 0; i < loops; i++ { _, err := io.Copy(ioutil.Discard, io.LimitReader(conn, payload_size)) if err != nil { - t.Fatalf("failed reading: %s", err) + t.Errorf("failed reading: %s", err) return } _, err = io.Copy(conn, io.LimitReader(rand.Reader, payload_size)) if err != nil { - t.Fatalf("failed writing: %s", err) + t.Errorf("failed writing: %s", err) return } } @@ -581,35 +581,37 @@ func LotsOfConns(t *testing.T, payload_size int64, loops, clients int, }() var wg sync.WaitGroup for i := 0; i < clients; i++ { - tcp_client, err := net.Dial(tcp_listener.Addr().Network(), + tcpClient, err := net.Dial(tcp_listener.Addr().Network(), tcp_listener.Addr().String()) if err != nil { - t.Fatal(err) + t.Error(err) + return } - ssl_client, err := newClient(tcp_client) + ssl_client, err := newClient(tcpClient) if err != nil { - t.Fatal(err) + t.Error(err) + return } wg.Add(1) go func(i int) { + defer wg.Done() defer func() { err = ssl_client.Close() if err != nil { - t.Fatalf("failed closing: %s", err) + t.Errorf("failed closing: %s", err) } - wg.Done() }() for i := 0; i < loops; i++ { _, err := io.Copy(ssl_client, io.LimitReader(rand.Reader, payload_size)) if err != nil { - t.Fatalf("failed writing: %s", err) + t.Errorf("failed writing: %s", err) return } _, err = io.Copy(ioutil.Discard, io.LimitReader(ssl_client, payload_size)) if err != nil { - t.Fatalf("failed reading: %s", err) + t.Errorf("failed reading: %s", err) return } } @@ -645,20 +647,17 @@ func TestOpenSSLLotsOfConns(t *testing.T) { if err != nil { t.Fatal(err) } - err = ctx.UsePrivateKey(key) - if err != nil { + if err = ctx.UsePrivateKey(key); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(certBytes) if err != nil { t.Fatal(err) } - err = ctx.UseCertificate(cert) - if err != nil { + if err = ctx.UseCertificate(cert); err != nil { t.Fatal(err) } - err = ctx.SetCipherList("AES128-SHA") - if err != nil { + if err = ctx.SetCipherList("AES128-SHA"); err != nil { t.Fatal(err) } LotsOfConns(t, 1024*64, 10, 100, 0*time.Second, diff --git a/utils/future.go b/utils/future.go index fa1bbbf..df2d831 100644 --- a/utils/future.go +++ b/utils/future.go @@ -45,35 +45,35 @@ func NewFuture() *Future { } // Get blocks until the Future has a value set. -func (self *Future) Get() (interface{}, error) { - self.mutex.Lock() - defer self.mutex.Unlock() +func (f *Future) Get() (interface{}, error) { + f.mutex.Lock() + defer f.mutex.Unlock() for { - if self.received { - return self.val, self.err + if f.received { + return f.val, f.err } - self.cond.Wait() + f.cond.Wait() } } // Fired returns whether or not a value has been set. If Fired is true, Get // won't block. -func (self *Future) Fired() bool { - self.mutex.Lock() - defer self.mutex.Unlock() - return self.received +func (f *Future) Fired() bool { + f.mutex.Lock() + defer f.mutex.Unlock() + return f.received } // Set provides the value to present and future Get calls. If Set has already // been called, this is a no-op. -func (self *Future) Set(val interface{}, err error) { - self.mutex.Lock() - defer self.mutex.Unlock() - if self.received { +func (f *Future) Set(val interface{}, err error) { + f.mutex.Lock() + defer f.mutex.Unlock() + if f.received { return } - self.received = true - self.val = val - self.err = err - self.cond.Broadcast() + f.received = true + f.val = val + f.err = err + f.cond.Broadcast() }