From 597b8983b0a278e9328ae3b0cad3372e9c1ba1b1 Mon Sep 17 00:00:00 2001 From: "Masih H. Derkani" Date: Mon, 19 Jul 2021 16:47:21 +0100 Subject: [PATCH] Address `staticcheck` issues Fix `staticcheck` issues: - S1028 use `fmt.Errorf` to construct formatted errors - ST1017 yoda conditions - ST1005 error message capitalization - ST1006 avoid `self` as receiver name - S1030 use `buf.String` - S1011 avoid redundant loop when `append` suffices - SA4006 unused value - S1019 remove redundant capacity on `make` call - SA2002 `t.Fatal` called outside of test Exported error violates ST1012, which is ignored by this PR since rename may cause breaking changes. Remove redundant parentheses wrapping, and use CamelCase naming while at it. --- bio.go | 78 ++++++++++++++++++++++++------------------------- cert.go | 6 ++-- ciphers.go | 10 +++---- ciphers_gcm.go | 16 +++++----- ciphers_test.go | 21 ++++++------- conn.go | 32 ++++++++++---------- ctx.go | 28 +++++++++--------- dh_test.go | 2 +- hmac.go | 2 +- hostname.go | 2 +- init.go | 5 ++-- key.go | 38 ++++++++++++------------ key_test.go | 32 +++++++++----------- md4.go | 10 +++---- md5.go | 10 +++---- pem.go | 9 ++---- sha1.go | 10 +++---- sha256.go | 10 +++---- ssl_test.go | 51 ++++++++++++++++---------------- utils/future.go | 36 +++++++++++------------ 20 files changed, 196 insertions(+), 212 deletions(-) diff --git a/bio.go b/bio.go index 9fe32aa8..caf2b37a 100644 --- a/bio.go +++ b/bio.go @@ -112,14 +112,14 @@ func writeBioPending(b *C.BIO) C.long { return C.long(len(ptr.buf)) } -func (b *writeBio) WriteTo(w io.Writer) (rv int64, err error) { - b.op_mtx.Lock() - defer b.op_mtx.Unlock() +func (wb *writeBio) WriteTo(w io.Writer) (rv int64, err error) { + wb.op_mtx.Lock() + defer wb.op_mtx.Unlock() // write whatever data we currently have - b.data_mtx.Lock() - data := b.buf - b.data_mtx.Unlock() + wb.data_mtx.Lock() + data := wb.buf + wb.data_mtx.Unlock() if len(data) == 0 { return 0, nil @@ -127,26 +127,26 @@ func (b *writeBio) WriteTo(w io.Writer) (rv int64, err error) { n, err := w.Write(data) // subtract however much data we wrote from the buffer - b.data_mtx.Lock() - b.buf = b.buf[:copy(b.buf, b.buf[n:])] - if b.release_buffers && len(b.buf) == 0 { - b.buf = nil + wb.data_mtx.Lock() + wb.buf = wb.buf[:copy(wb.buf, wb.buf[n:])] + if wb.release_buffers && len(wb.buf) == 0 { + wb.buf = nil } - b.data_mtx.Unlock() + wb.data_mtx.Unlock() return int64(n), err } -func (self *writeBio) Disconnect(b *C.BIO) { - if loadWritePtr(b) == self { +func (wb *writeBio) Disconnect(b *C.BIO) { + if loadWritePtr(b) == wb { writeBioMapping.Del(token(C.X_BIO_get_data(b))) C.X_BIO_set_data(b, nil) } } -func (b *writeBio) MakeCBIO() *C.BIO { +func (wb *writeBio) MakeCBIO() *C.BIO { rv := C.X_BIO_new_write_bio() - token := writeBioMapping.Add(unsafe.Pointer(b)) + token := writeBioMapping.Add(unsafe.Pointer(wb)) C.X_BIO_set_data(rv, unsafe.Pointer(token)) return rv } @@ -228,53 +228,53 @@ func readBioPending(b *C.BIO) C.long { return C.long(len(ptr.buf)) } -func (b *readBio) ReadFromOnce(r io.Reader) (n int, err error) { - b.op_mtx.Lock() - defer b.op_mtx.Unlock() +func (rb *readBio) ReadFromOnce(r io.Reader) (n int, err error) { + rb.op_mtx.Lock() + defer rb.op_mtx.Unlock() // make sure we have a destination that fits at least one SSL record - b.data_mtx.Lock() - if cap(b.buf) < len(b.buf)+SSLRecordSize { - new_buf := make([]byte, len(b.buf), len(b.buf)+SSLRecordSize) - copy(new_buf, b.buf) - b.buf = new_buf + rb.data_mtx.Lock() + if cap(rb.buf) < len(rb.buf)+SSLRecordSize { + new_buf := make([]byte, len(rb.buf), len(rb.buf)+SSLRecordSize) + copy(new_buf, rb.buf) + rb.buf = new_buf } - dst := b.buf[len(b.buf):cap(b.buf)] - dst_slice := b.buf - b.data_mtx.Unlock() + dst := rb.buf[len(rb.buf):cap(rb.buf)] + dst_slice := rb.buf + rb.data_mtx.Unlock() n, err = r.Read(dst) - b.data_mtx.Lock() - defer b.data_mtx.Unlock() + rb.data_mtx.Lock() + defer rb.data_mtx.Unlock() if n > 0 { - if len(dst_slice) != len(b.buf) { + if len(dst_slice) != len(rb.buf) { // someone shrunk the buffer, so we read in too far ahead and we // need to slide backwards - copy(b.buf[len(b.buf):len(b.buf)+n], dst) + copy(rb.buf[len(rb.buf):len(rb.buf)+n], dst) } - b.buf = b.buf[:len(b.buf)+n] + rb.buf = rb.buf[:len(rb.buf)+n] } return n, err } -func (b *readBio) MakeCBIO() *C.BIO { +func (rb *readBio) MakeCBIO() *C.BIO { rv := C.X_BIO_new_read_bio() - token := readBioMapping.Add(unsafe.Pointer(b)) + token := readBioMapping.Add(unsafe.Pointer(rb)) C.X_BIO_set_data(rv, unsafe.Pointer(token)) return rv } -func (self *readBio) Disconnect(b *C.BIO) { - if loadReadPtr(b) == self { +func (rb *readBio) Disconnect(b *C.BIO) { + if loadReadPtr(b) == rb { readBioMapping.Del(token(C.X_BIO_get_data(b))) C.X_BIO_set_data(b, nil) } } -func (b *readBio) MarkEOF() { - b.data_mtx.Lock() - defer b.data_mtx.Unlock() - b.eof = true +func (rb *readBio) MarkEOF() { + rb.data_mtx.Lock() + defer rb.data_mtx.Unlock() + rb.eof = true } type anyBio C.BIO diff --git a/cert.go b/cert.go index 82dfc369..97c788f7 100644 --- a/cert.go +++ b/cert.go @@ -267,8 +267,8 @@ func (c *Certificate) Sign(privKey PrivateKey, digest EVP_MD) error { case EVP_SHA384: case EVP_SHA512: default: - return errors.New("Unsupported digest" + - "You're probably looking for 'EVP_SHA256' or 'EVP_SHA512'.") + return errors.New("unsupported digest; " + + "you're probably looking for 'EVP_SHA256' or 'EVP_SHA512'") } return c.insecureSign(privKey, digest) } @@ -336,7 +336,7 @@ func (c *Certificate) AddCustomExtension(nid NID, value []byte) error { val := (*C.char)(C.CBytes(value)) defer C.free(unsafe.Pointer(val)) if int(C.add_custom_ext(c.x, C.int(nid), val, C.int(len(value)))) == 0 { - return errors.New("Unable to add extension") + return errors.New("unable to add extension") } return nil } diff --git a/ciphers.go b/ciphers.go index 509bf641..a3a597c4 100644 --- a/ciphers.go +++ b/ciphers.go @@ -125,7 +125,7 @@ func (ctx *cipherCtx) applyKeyAndIV(key, iv []byte) error { } else { res = C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, kptr, iptr) } - if 1 != res { + if res != 1 { return errors.New("failed to apply key/IV") } } @@ -243,7 +243,7 @@ func newEncryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) ( if e != nil { eptr = e.e } - if 1 != C.EVP_EncryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) { + if C.EVP_EncryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) != 1 { return nil, errors.New("failed to initialize cipher context") } err = ctx.applyKeyAndIV(key, iv) @@ -266,7 +266,7 @@ func newDecryptionCipherCtx(c *Cipher, e *Engine, key, iv []byte) ( if e != nil { eptr = e.e } - if 1 != C.EVP_DecryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) { + if C.EVP_DecryptInit_ex(ctx.ctx, c.ptr, eptr, nil, nil) != 1 { return nil, errors.New("failed to initialize cipher context") } err = ctx.applyKeyAndIV(key, iv) @@ -317,7 +317,7 @@ func (ctx *decryptionCipherCtx) DecryptUpdate(input []byte) ([]byte, error) { func (ctx *encryptionCipherCtx) EncryptFinal() ([]byte, error) { outbuf := make([]byte, ctx.BlockSize()) var outlen C.int - if 1 != C.EVP_EncryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) { + if C.EVP_EncryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) != 1 { return nil, errors.New("encryption failed") } return outbuf[:outlen], nil @@ -326,7 +326,7 @@ func (ctx *encryptionCipherCtx) EncryptFinal() ([]byte, error) { func (ctx *decryptionCipherCtx) DecryptFinal() ([]byte, error) { outbuf := make([]byte, ctx.BlockSize()) var outlen C.int - if 1 != C.EVP_DecryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) { + if C.EVP_DecryptFinal_ex(ctx.ctx, (*C.uchar)(&outbuf[0]), &outlen) != 1 { // this may mean the tag failed to verify- all previous plaintext // returned must be considered faked and invalid return nil, errors.New("decryption failed") diff --git a/ciphers_gcm.go b/ciphers_gcm.go index 7b08e0fd..06ba0fed 100644 --- a/ciphers_gcm.go +++ b/ciphers_gcm.go @@ -86,8 +86,8 @@ func NewGCMEncryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( return nil, fmt.Errorf("could not set IV len to %d: %s", len(iv), err) } - if 1 != C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, nil, - (*C.uchar)(&iv[0])) { + if C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) != 1 { return nil, errors.New("failed to apply IV") } } @@ -110,8 +110,8 @@ func NewGCMDecryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( return nil, fmt.Errorf("could not set IV len to %d: %s", len(iv), err) } - if 1 != C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, nil, - (*C.uchar)(&iv[0])) { + if C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) != 1 { return nil, errors.New("failed to apply IV") } } @@ -123,8 +123,8 @@ func (ctx *authEncryptionCipherCtx) ExtraData(aad []byte) error { return nil } var outlen C.int - if 1 != C.EVP_EncryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), - C.int(len(aad))) { + if C.EVP_EncryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) != 1 { return errors.New("failed to add additional authenticated data") } return nil @@ -135,8 +135,8 @@ func (ctx *authDecryptionCipherCtx) ExtraData(aad []byte) error { return nil } var outlen C.int - if 1 != C.EVP_DecryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), - C.int(len(aad))) { + if C.EVP_DecryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) != 1 { return errors.New("failed to add additional authenticated data") } return nil diff --git a/ciphers_test.go b/ciphers_test.go index fe991ab4..0f1e3404 100644 --- a/ciphers_test.go +++ b/ciphers_test.go @@ -185,17 +185,16 @@ func TestBadTag(t *testing.T) { } // flip the last bit tag[len(tag)-1] ^= 1 - plaintext_out, err := doDecryption(key, iv, nil, ciphertext, tag, 128, 129) - if err == nil { + if _, err := doDecryption(key, iv, nil, ciphertext, tag, 128, 129); err == nil { t.Fatal("Expected error for bad tag, but got none") } // flip it back, try again just to make sure tag[len(tag)-1] ^= 1 - plaintext_out, err = doDecryption(key, iv, nil, ciphertext, tag, 128, 129) + plaintextOut, err := doDecryption(key, iv, nil, ciphertext, tag, 128, 129) if err != nil { t.Fatal("Decryption failure:", err) } - checkEqual(t, plaintext_out, plaintext) + checkEqual(t, plaintextOut, plaintext) } func TestBadCiphertext(t *testing.T) { @@ -211,17 +210,16 @@ func TestBadCiphertext(t *testing.T) { } // flip the last bit ciphertext[len(ciphertext)-1] ^= 1 - plaintext_out, err := doDecryption(key, iv, aad, ciphertext, tag, 192, 192) - if err == nil { + if _, err := doDecryption(key, iv, aad, ciphertext, tag, 192, 192); err == nil { t.Fatal("Expected error for bad ciphertext, but got none") } // flip it back, try again just to make sure ciphertext[len(ciphertext)-1] ^= 1 - plaintext_out, err = doDecryption(key, iv, aad, ciphertext, tag, 192, 192) + plaintextOut, err := doDecryption(key, iv, aad, ciphertext, tag, 192, 192) if err != nil { t.Fatal("Decryption failure:", err) } - checkEqual(t, plaintext_out, plaintext) + checkEqual(t, plaintextOut, plaintext) } func TestBadAAD(t *testing.T) { @@ -237,17 +235,16 @@ func TestBadAAD(t *testing.T) { } // flip the last bit aad[len(aad)-1] ^= 1 - plaintext_out, err := doDecryption(key, iv, aad, ciphertext, tag, 256, 256) - if err == nil { + if _, err := doDecryption(key, iv, aad, ciphertext, tag, 256, 256); err == nil { t.Fatal("Expected error for bad AAD, but got none") } // flip it back, try again just to make sure aad[len(aad)-1] ^= 1 - plaintext_out, err = doDecryption(key, iv, aad, ciphertext, tag, 256, 256) + plaintextOut, err := doDecryption(key, iv, aad, ciphertext, tag, 256, 256) if err != nil { t.Fatal("Decryption failure:", err) } - checkEqual(t, plaintext_out, plaintext) + checkEqual(t, plaintextOut, plaintext) } func TestNonAuthenticatedEncryption(t *testing.T) { diff --git a/conn.go b/conn.go index 27580341..757f382a 100644 --- a/conn.go +++ b/conn.go @@ -31,10 +31,10 @@ import ( ) var ( - zeroReturn = errors.New("zero return") - wantRead = errors.New("want read") - wantWrite = errors.New("want write") - tryAgain = errors.New("try again") + errZeroReturn = errors.New("zero return") + errWantRead = errors.New("want read") + errWantWrite = errors.New("want write") + errTryAgain = errors.New("try again") ) type Conn struct { @@ -192,7 +192,7 @@ func (c *Conn) GetCtx() *Ctx { return c.ctx } func (c *Conn) CurrentCipher() (string, error) { p := C.X_SSL_get_cipher_name(c.ssl) if p == nil { - return "", errors.New("Session not established") + return "", errors.New("session not established") } return C.GoString(p), nil @@ -247,7 +247,7 @@ func (c *Conn) getErrorHandler(rv C.int, errno error) func() error { if err != nil { return err } - return tryAgain + return errTryAgain } case C.SSL_ERROR_WANT_WRITE: return func() error { @@ -255,7 +255,7 @@ func (c *Conn) getErrorHandler(rv C.int, errno error) func() error { if err != nil { return err } - return tryAgain + return errTryAgain } case C.SSL_ERROR_SYSCALL: var err error @@ -303,8 +303,8 @@ func (c *Conn) handshake() func() error { // Handshake performs an SSL handshake. If a handshake is not manually // triggered, it will run before the first I/O on the encrypted stream. func (c *Conn) Handshake() error { - err := tryAgain - for err == tryAgain { + err := errTryAgain + for err == errTryAgain { err = c.handleError(c.handshake()) } go c.flushOutputBuffer() @@ -404,15 +404,15 @@ func (c *Conn) shutdown() func() error { } func (c *Conn) shutdownLoop() error { - err := tryAgain + err := errTryAgain shutdown_tries := 0 - for err == tryAgain { + for err == errTryAgain { shutdown_tries = shutdown_tries + 1 err = c.handleError(c.shutdown()) if err == nil { return c.flushOutputBuffer() } - if err == tryAgain && shutdown_tries >= 2 { + if err == errTryAgain && shutdown_tries >= 2 { return errors.New("shutdown requested a third time?") } } @@ -463,8 +463,8 @@ func (c *Conn) Read(b []byte) (n int, err error) { if len(b) == 0 { return 0, nil } - err = tryAgain - for err == tryAgain { + err = errTryAgain + for err == errTryAgain { n, errcb := c.read(b) err = c.handleError(errcb) if err == nil { @@ -504,8 +504,8 @@ func (c *Conn) Write(b []byte) (written int, err error) { if len(b) == 0 { return 0, nil } - err = tryAgain - for err == tryAgain { + err = errTryAgain + for err == errTryAgain { n, errcb := c.write(b) err = c.handleError(errcb) if err == nil { diff --git a/ctx.go b/ctx.go index 271defa1..496ac63c 100644 --- a/ctx.go +++ b/ctx.go @@ -127,7 +127,7 @@ func NewCtxFromFiles(cert_file string, key_file string) (*Ctx, error) { certs := SplitPEM(cert_bytes) if len(certs) == 0 { - return nil, fmt.Errorf("No PEM certificate found in '%s'", cert_file) + return nil, fmt.Errorf("no PEM certificate found in '%s'", cert_file) } first, certs := certs[0], certs[1:] cert, err := LoadCertificateFromPEM(first) @@ -190,7 +190,7 @@ func (c *Ctx) SetEllipticCurve(curve EllipticCurve) error { k := C.EC_KEY_new_by_curve_name(C.int(curve)) if k == nil { - return errors.New("Unknown curve") + return errors.New("unknown curve") } defer C.EC_KEY_free(k) @@ -302,12 +302,12 @@ type CertificateStoreCtx struct { ssl_ctx *Ctx } -func (self *CertificateStoreCtx) VerifyResult() VerifyResult { - return VerifyResult(C.X509_STORE_CTX_get_error(self.ctx)) +func (csc *CertificateStoreCtx) VerifyResult() VerifyResult { + return VerifyResult(C.X509_STORE_CTX_get_error(csc.ctx)) } -func (self *CertificateStoreCtx) Err() error { - code := C.X509_STORE_CTX_get_error(self.ctx) +func (csc *CertificateStoreCtx) Err() error { + code := C.X509_STORE_CTX_get_error(csc.ctx) if code == C.X509_V_OK { return nil } @@ -315,19 +315,19 @@ func (self *CertificateStoreCtx) Err() error { C.GoString(C.X509_verify_cert_error_string(C.long(code)))) } -func (self *CertificateStoreCtx) Depth() int { - return int(C.X509_STORE_CTX_get_error_depth(self.ctx)) +func (csc *CertificateStoreCtx) Depth() int { + return int(C.X509_STORE_CTX_get_error_depth(csc.ctx)) } -// the certicate returned is only valid for the lifetime of the underlying +// the certificate returned is only valid for the lifetime of the underlying // X509_STORE_CTX -func (self *CertificateStoreCtx) GetCurrentCert() *Certificate { - x509 := C.X509_STORE_CTX_get_current_cert(self.ctx) +func (csc *CertificateStoreCtx) GetCurrentCert() *Certificate { + x509 := C.X509_STORE_CTX_get_current_cert(csc.ctx) if x509 == nil { return nil } // add a ref - if 1 != C.X_X509_add_ref(x509) { + if C.X_X509_add_ref(x509) != 1 { return nil } cert := &Certificate{ @@ -531,7 +531,7 @@ func (c *Ctx) SetNextProtos(protos []string) error { for _, proto := range protos { if len(proto) > 255 { return fmt.Errorf( - "Proto length can't be more than 255. But got a proto %s with length %d", + "proto length can't be more than 255. But got a proto %s with length %d", proto, len(proto)) } vector = append(vector, byte(uint8(len(proto)))) @@ -540,7 +540,7 @@ func (c *Ctx) SetNextProtos(protos []string) error { ret := int(C.SSL_CTX_set_alpn_protos(c.ctx, (*C.uchar)(unsafe.Pointer(&vector[0])), C.uint(len(vector)))) if ret != 0 { - return errors.New("Error while setting protos to ctx") + return errors.New("error while setting protos to ctx") } return nil } diff --git a/dh_test.go b/dh_test.go index fbe3e356..811020b7 100644 --- a/dh_test.go +++ b/dh_test.go @@ -40,7 +40,7 @@ func TestECDH(t *testing.T) { t.Fatal(err) } - if bytes.Compare(mySecret, theirSecret) != 0 { + if !bytes.Equal(mySecret, theirSecret) { t.Fatal("shared secrets are different") } } diff --git a/hmac.go b/hmac.go index a8640cfa..77e8dc58 100644 --- a/hmac.go +++ b/hmac.go @@ -74,7 +74,7 @@ func (h *HMAC) Write(data []byte) (n int, err error) { } func (h *HMAC) Reset() error { - if 1 != C.X_HMAC_Init_ex(h.ctx, nil, 0, nil, nil) { + if C.X_HMAC_Init_ex(h.ctx, nil, 0, nil, nil) != 1 { return errors.New("failed to reset HMAC_CTX") } return nil diff --git a/hostname.go b/hostname.go index c92d959e..0fae97fb 100644 --- a/hostname.go +++ b/hostname.go @@ -40,7 +40,7 @@ import ( ) var ( - ValidationError = errors.New("Host validation error") + ValidationError = errors.New("host validation error") //lint:ignore ST1012 rename may cause breaking changes; research before renaming. ) type CheckFlags int diff --git a/init.go b/init.go index 17dc6f38..107adee1 100644 --- a/init.go +++ b/init.go @@ -88,14 +88,13 @@ package openssl import "C" import ( - "errors" "fmt" "strings" ) func init() { if rc := C.X_shim_init(); rc != 0 { - panic(fmt.Errorf("X_shim_init failed with %d", rc)) + panic(fmt.Errorf("x_shim_init failed with %d", rc)) } } @@ -113,5 +112,5 @@ func errorFromErrorQueue() error { C.GoString(C.ERR_func_error_string(err)), C.GoString(C.ERR_reason_error_string(err)))) } - return errors.New(fmt.Sprintf("SSL errors: %s", strings.Join(errs, "\n"))) + return fmt.Errorf("SSL errors: %s", strings.Join(errs, "\n")) } diff --git a/key.go b/key.go index d70bdbbd..25be635b 100644 --- a/key.go +++ b/key.go @@ -143,36 +143,36 @@ func (key *pKey) SignPKCS1v15(method Method, data []byte) ([]byte, error) { return nil, errors.New("signpkcs1v15: 0-length data or non-null digest") } - if 1 != C.X_EVP_DigestSignInit(ctx, nil, nil, nil, key.key) { + if C.X_EVP_DigestSignInit(ctx, nil, nil, nil, key.key) != 1 { return nil, errors.New("signpkcs1v15: failed to init signature") } // evp signatures are 64 bytes - sig := make([]byte, 64, 64) + sig := make([]byte, 64) var sigblen C.size_t = 64 - if 1 != C.X_EVP_DigestSign(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), + if C.X_EVP_DigestSign(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), &sigblen, (*C.uchar)(unsafe.Pointer(&data[0])), - C.size_t(len(data))) { + C.size_t(len(data))) != 1 { return nil, errors.New("signpkcs1v15: failed to do one-shot signature") } return sig[:sigblen], nil } else { - if 1 != C.X_EVP_SignInit(ctx, method) { + if C.X_EVP_SignInit(ctx, method) != 1 { return nil, errors.New("signpkcs1v15: failed to init signature") } if len(data) > 0 { - if 1 != C.X_EVP_SignUpdate( - ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { + if C.X_EVP_SignUpdate( + ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) != 1 { return nil, errors.New("signpkcs1v15: failed to update signature") } } sig := make([]byte, C.X_EVP_PKEY_size(key.key)) var sigblen C.uint - if 1 != C.X_EVP_SignFinal(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), &sigblen, key.key) { + if C.X_EVP_SignFinal(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), &sigblen, key.key) != 1 { return nil, errors.New("signpkcs1v15: failed to finalize signature") } return sig[:sigblen], nil @@ -194,32 +194,32 @@ func (key *pKey) VerifyPKCS1v15(method Method, data, sig []byte) error { return errors.New("verifypkcs1v15: 0-length data or non-null digest") } - if 1 != C.X_EVP_DigestVerifyInit(ctx, nil, nil, nil, key.key) { + if C.X_EVP_DigestVerifyInit(ctx, nil, nil, nil, key.key) != 1 { return errors.New("verifypkcs1v15: failed to init verify") } - if 1 != C.X_EVP_DigestVerify(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), + if C.X_EVP_DigestVerify(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), C.size_t(len(sig)), (*C.uchar)(unsafe.Pointer(&data[0])), - C.size_t(len(data))) { + C.size_t(len(data))) != 1 { return errors.New("verifypkcs1v15: failed to do one-shot verify") } return nil } else { - if 1 != C.X_EVP_VerifyInit(ctx, method) { + if C.X_EVP_VerifyInit(ctx, method) != 1 { return errors.New("verifypkcs1v15: failed to init verify") } if len(data) > 0 { - if 1 != C.X_EVP_VerifyUpdate( - ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { + if C.X_EVP_VerifyUpdate( + ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) != 1 { return errors.New("verifypkcs1v15: failed to update verify") } } - if 1 != C.X_EVP_VerifyFinal(ctx, - ((*C.uchar)(unsafe.Pointer(&sig[0]))), C.uint(len(sig)), key.key) { + if C.X_EVP_VerifyFinal(ctx, + (*C.uchar)(unsafe.Pointer(&sig[0])), C.uint(len(sig)), key.key) != 1 { return errors.New("verifypkcs1v15: failed to finalize verify") } return nil diff --git a/key_test.go b/key_test.go index 56541981..82129dac 100644 --- a/key_test.go +++ b/key_test.go @@ -187,12 +187,10 @@ func TestGenerateEd25519(t *testing.T) { if err != nil { t.Fatal(err) } - _, err = key.MarshalPKIXPublicKeyPEM() - if err != nil { + if _, err = key.MarshalPKIXPublicKeyPEM(); err != nil { t.Fatal(err) } - _, err = key.MarshalPKCS1PrivateKeyPEM() - if err != nil { + if _, err = key.MarshalPKCS1PrivateKeyPEM(); err != nil { t.Fatal(err) } } @@ -289,8 +287,7 @@ func TestSignED25519(t *testing.T) { } func TestMarshalEC(t *testing.T) { - key, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes) - if err != nil { + if _, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(prime256v1CertBytes) @@ -299,7 +296,7 @@ func TestMarshalEC(t *testing.T) { } privateBlock, _ := pem_pkg.Decode(prime256v1KeyBytes) - key, err = LoadPrivateKeyFromDER(privateBlock.Bytes) + key, err := LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } @@ -410,8 +407,7 @@ func TestMarshalEd25519(t *testing.T) { t.SkipNow() } - key, err := LoadPrivateKeyFromPEM(ed25519KeyBytes) - if err != nil { + if _, err := LoadPrivateKeyFromPEM(ed25519KeyBytes); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(ed25519CertBytes) @@ -420,7 +416,7 @@ func TestMarshalEd25519(t *testing.T) { } privateBlock, _ := pem_pkg.Decode(ed25519KeyBytes) - key, err = LoadPrivateKeyFromDER(privateBlock.Bytes) + key, err := LoadPrivateKeyFromDER(privateBlock.Bytes) if err != nil { t.Fatal(err) } @@ -435,17 +431,15 @@ func TestMarshalEd25519(t *testing.T) { t.Fatal("invalid cert pem bytes") } - pem, err = key.MarshalPKCS1PrivateKeyPEM() - if err != nil { + if _, err = key.MarshalPKCS1PrivateKeyPEM(); err != nil { t.Fatal(err) } - der, err := key.MarshalPKCS1PrivateKeyDER() - if err != nil { + if _, err := key.MarshalPKCS1PrivateKeyDER(); err != nil { t.Fatal(err) } - der, err = key.MarshalPKIXPublicKeyDER() + der, err := key.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } @@ -455,22 +449,22 @@ func TestMarshalEd25519(t *testing.T) { t.Fatal(err) } - loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem) + loadedPubkeyFromPem, err := LoadPublicKeyFromPEM(pem) if err != nil { t.Fatal(err) } - loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der) + loadedPubkeyFromDer, err := LoadPublicKeyFromDER(der) if err != nil { t.Fatal(err) } - _, err = loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER() + _, err = loadedPubkeyFromPem.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } - _, err = loaded_pubkey_from_der.MarshalPKIXPublicKeyDER() + _, err = loadedPubkeyFromDer.MarshalPKIXPublicKeyDER() if err != nil { t.Fatal(err) } diff --git a/md4.go b/md4.go index e5cc7d86..7977af1d 100644 --- a/md4.go +++ b/md4.go @@ -51,7 +51,7 @@ func (s *MD4Hash) Close() { } func (s *MD4Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md4(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md4(), engineRef(s.engine)) != 1 { return errors.New("openssl: md4: cannot init digest ctx") } return nil @@ -61,16 +61,16 @@ func (s *MD4Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: md4: cannot update digest") } return len(p), nil } func (s *MD4Hash) Sum() (result [16]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: md4: cannot finalize ctx") } return result, s.Reset() diff --git a/md5.go b/md5.go index 82f2eb2f..d7e771ee 100644 --- a/md5.go +++ b/md5.go @@ -51,7 +51,7 @@ func (s *MD5Hash) Close() { } func (s *MD5Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md5(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_md5(), engineRef(s.engine)) != 1 { return errors.New("openssl: md5: cannot init digest ctx") } return nil @@ -61,16 +61,16 @@ func (s *MD5Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: md5: cannot update digest") } return len(p), nil } func (s *MD5Hash) Sum() (result [16]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: md5: cannot finalize ctx") } return result, s.Reset() diff --git a/pem.go b/pem.go index 14771097..6127cf07 100644 --- a/pem.go +++ b/pem.go @@ -16,18 +16,13 @@ package openssl import ( "regexp" - ) var pemSplit *regexp.Regexp = regexp.MustCompile(`(?sm)` + `(^-----[\s-]*?BEGIN.*?-----[\s-]*?$` + `.*?` + `^-----[\s-]*?END.*?-----[\s-]*?$)`) - + func SplitPEM(data []byte) [][]byte { - var results [][]byte - for _, block := range pemSplit.FindAll(data, -1) { - results = append(results, block) - } - return results + return pemSplit.FindAll(data, -1) } diff --git a/sha1.go b/sha1.go index c227bee8..ab4ad87f 100644 --- a/sha1.go +++ b/sha1.go @@ -58,7 +58,7 @@ func engineRef(e *Engine) *C.ENGINE { } func (s *SHA1Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha1(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha1(), engineRef(s.engine)) != 1 { return errors.New("openssl: sha1: cannot init digest ctx") } return nil @@ -68,16 +68,16 @@ func (s *SHA1Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: sha1: cannot update digest") } return len(p), nil } func (s *SHA1Hash) Sum() (result [20]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: sha1: cannot finalize ctx") } return result, s.Reset() diff --git a/sha256.go b/sha256.go index d25c7a95..d9189a94 100644 --- a/sha256.go +++ b/sha256.go @@ -51,7 +51,7 @@ func (s *SHA256Hash) Close() { } func (s *SHA256Hash) Reset() error { - if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha256(), engineRef(s.engine)) { + if C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha256(), engineRef(s.engine)) != 1 { return errors.New("openssl: sha256: cannot init digest ctx") } return nil @@ -61,16 +61,16 @@ func (s *SHA256Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), - C.size_t(len(p))) { + if C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), + C.size_t(len(p))) != 1 { return 0, errors.New("openssl: sha256: cannot update digest") } return len(p), nil } func (s *SHA256Hash) Sum() (result [32]byte, err error) { - if 1 != C.X_EVP_DigestFinal_ex(s.ctx, - (*C.uchar)(unsafe.Pointer(&result[0])), nil) { + if C.X_EVP_DigestFinal_ex(s.ctx, + (*C.uchar)(unsafe.Pointer(&result[0])), nil) != 1 { return result, errors.New("openssl: sha256: cannot finalize ctx") } return result, s.Reset() diff --git a/ssl_test.go b/ssl_test.go index 38cc20d3..db48aeb2 100644 --- a/ssl_test.go +++ b/ssl_test.go @@ -197,7 +197,7 @@ func SimpleConnTest(t testing.TB, constructor func( if err != nil { t.Fatal(err) } - if string(buf.Bytes()) != data { + if buf.String() != data { t.Fatal("mismatched data") } @@ -304,21 +304,21 @@ func ThroughputBenchmark(b *testing.B, constructor func( wg.Add(2) go func() { defer wg.Done() - _, err = io.Copy(client, bytes.NewReader([]byte(data))) - if err != nil { - b.Fatal(err) + if _, err = io.Copy(client, bytes.NewReader(data)); err != nil { + b.Error(err) + return } }() go func() { defer wg.Done() buf := &bytes.Buffer{} - _, err = io.CopyN(buf, server, int64(len(data))) - if err != nil { - b.Fatal(err) + if _, err = io.CopyN(buf, server, int64(len(data))); err != nil { + b.Error(err) + return } if !bytes.Equal(buf.Bytes(), data) { - b.Fatal("mismatched data") + b.Error("mismatched data") } }() wg.Wait() @@ -551,27 +551,27 @@ func LotsOfConns(t *testing.T, payload_size int64, loops, clients int, for { conn, err := ssl_listener.Accept() if err != nil { - t.Fatalf("failed accept: %s", err) + t.Errorf("failed accept: %s", err) continue } go func() { defer func() { err = conn.Close() if err != nil { - t.Fatalf("failed closing: %s", err) + t.Errorf("failed closing: %s", err) } }() for i := 0; i < loops; i++ { _, err := io.Copy(ioutil.Discard, io.LimitReader(conn, payload_size)) if err != nil { - t.Fatalf("failed reading: %s", err) + t.Errorf("failed reading: %s", err) return } _, err = io.Copy(conn, io.LimitReader(rand.Reader, payload_size)) if err != nil { - t.Fatalf("failed writing: %s", err) + t.Errorf("failed writing: %s", err) return } } @@ -581,35 +581,37 @@ func LotsOfConns(t *testing.T, payload_size int64, loops, clients int, }() var wg sync.WaitGroup for i := 0; i < clients; i++ { - tcp_client, err := net.Dial(tcp_listener.Addr().Network(), + tcpClient, err := net.Dial(tcp_listener.Addr().Network(), tcp_listener.Addr().String()) if err != nil { - t.Fatal(err) + t.Error(err) + return } - ssl_client, err := newClient(tcp_client) + ssl_client, err := newClient(tcpClient) if err != nil { - t.Fatal(err) + t.Error(err) + return } wg.Add(1) go func(i int) { + defer wg.Done() defer func() { err = ssl_client.Close() if err != nil { - t.Fatalf("failed closing: %s", err) + t.Errorf("failed closing: %s", err) } - wg.Done() }() for i := 0; i < loops; i++ { _, err := io.Copy(ssl_client, io.LimitReader(rand.Reader, payload_size)) if err != nil { - t.Fatalf("failed writing: %s", err) + t.Errorf("failed writing: %s", err) return } _, err = io.Copy(ioutil.Discard, io.LimitReader(ssl_client, payload_size)) if err != nil { - t.Fatalf("failed reading: %s", err) + t.Errorf("failed reading: %s", err) return } } @@ -645,20 +647,17 @@ func TestOpenSSLLotsOfConns(t *testing.T) { if err != nil { t.Fatal(err) } - err = ctx.UsePrivateKey(key) - if err != nil { + if err = ctx.UsePrivateKey(key); err != nil { t.Fatal(err) } cert, err := LoadCertificateFromPEM(certBytes) if err != nil { t.Fatal(err) } - err = ctx.UseCertificate(cert) - if err != nil { + if err = ctx.UseCertificate(cert); err != nil { t.Fatal(err) } - err = ctx.SetCipherList("AES128-SHA") - if err != nil { + if err = ctx.SetCipherList("AES128-SHA"); err != nil { t.Fatal(err) } LotsOfConns(t, 1024*64, 10, 100, 0*time.Second, diff --git a/utils/future.go b/utils/future.go index fa1bbbfb..df2d8312 100644 --- a/utils/future.go +++ b/utils/future.go @@ -45,35 +45,35 @@ func NewFuture() *Future { } // Get blocks until the Future has a value set. -func (self *Future) Get() (interface{}, error) { - self.mutex.Lock() - defer self.mutex.Unlock() +func (f *Future) Get() (interface{}, error) { + f.mutex.Lock() + defer f.mutex.Unlock() for { - if self.received { - return self.val, self.err + if f.received { + return f.val, f.err } - self.cond.Wait() + f.cond.Wait() } } // Fired returns whether or not a value has been set. If Fired is true, Get // won't block. -func (self *Future) Fired() bool { - self.mutex.Lock() - defer self.mutex.Unlock() - return self.received +func (f *Future) Fired() bool { + f.mutex.Lock() + defer f.mutex.Unlock() + return f.received } // Set provides the value to present and future Get calls. If Set has already // been called, this is a no-op. -func (self *Future) Set(val interface{}, err error) { - self.mutex.Lock() - defer self.mutex.Unlock() - if self.received { +func (f *Future) Set(val interface{}, err error) { + f.mutex.Lock() + defer f.mutex.Unlock() + if f.received { return } - self.received = true - self.val = val - self.err = err - self.cond.Broadcast() + f.received = true + f.val = val + f.err = err + f.cond.Broadcast() }