internal hardening

cristalhq · Aug 28, 2020 · 92eea72 · 92eea72
1 parent 4e677c1
commit 92eea72
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 21 deletions.
diff --git a/algo_es.go b/algo_es.go
@@ -71,14 +71,14 @@ func (es esAlg) SignSize() int {
 }
 
 func (es esAlg) Sign(payload []byte) ([]byte, error) {
-	signed, err := hashPayload(es.hash, payload)
+	digest, err := hashPayload(es.hash, payload)
 	if err != nil {
 		return nil, err
 	}
 
-	r, s, err := ecdsa.Sign(rand.Reader, es.privateKey, signed)
+	r, s, errSign := ecdsa.Sign(rand.Reader, es.privateKey, digest)
 	if err != nil {
-		return nil, err
+		return nil, errSign
 	}
 
 	pivot := es.SignSize() / 2
@@ -95,7 +95,7 @@ func (es esAlg) Verify(payload, signature []byte) error {
 		return ErrInvalidSignature
 	}
 
-	signed, err := hashPayload(es.hash, payload)
+	digest, err := hashPayload(es.hash, payload)
 	if err != nil {
 		return err
 	}
@@ -104,7 +104,7 @@ func (es esAlg) Verify(payload, signature []byte) error {
 	r := big.NewInt(0).SetBytes(signature[:pivot])
 	s := big.NewInt(0).SetBytes(signature[pivot:])
 
-	if !ecdsa.Verify(es.publickey, signed, r, s) {
+	if !ecdsa.Verify(es.publickey, digest, r, s) {
 		return ErrInvalidSignature
 	}
 	return nil

diff --git a/algo_hs.go b/algo_hs.go
@@ -78,11 +78,11 @@ func (hs hsAlg) Sign(payload []byte) ([]byte, error) {
 }
 
 func (hs hsAlg) Verify(payload, signature []byte) error {
-	signed, err := hs.sign(payload)
+	digest, err := hs.sign(payload)
 	if err != nil {
 		return err
 	}
-	if !hmac.Equal(signature, signed) {
+	if !hmac.Equal(signature, digest) {
 		return ErrInvalidSignature
 	}
 	return nil

diff --git a/algo_ps.go b/algo_ps.go
@@ -87,26 +87,26 @@ func (ps psAlg) Algorithm() Algorithm {
 }
 
 func (ps psAlg) Sign(payload []byte) ([]byte, error) {
-	signed, err := hashPayload(ps.hash, payload)
+	digest, err := hashPayload(ps.hash, payload)
 	if err != nil {
 		return nil, err
 	}
 
-	signature, err := rsa.SignPSS(rand.Reader, ps.privateKey, ps.hash, signed, ps.opts)
-	if err != nil {
-		return nil, err
+	signature, errSign := rsa.SignPSS(rand.Reader, ps.privateKey, ps.hash, digest, ps.opts)
+	if errSign != nil {
+		return nil, errSign
 	}
 	return signature, nil
 }
 
 func (ps psAlg) Verify(payload, signature []byte) error {
-	signed, err := hashPayload(ps.hash, payload)
+	digest, err := hashPayload(ps.hash, payload)
 	if err != nil {
 		return err
 	}
 
-	err = rsa.VerifyPSS(ps.publicKey, ps.hash, signed, signature, ps.opts)
-	if err != nil {
+	errVerify := rsa.VerifyPSS(ps.publicKey, ps.hash, digest, signature, ps.opts)
+	if errVerify != nil {
 		return ErrInvalidSignature
 	}
 	return nil

diff --git a/algo_rs.go b/algo_rs.go
@@ -67,26 +67,26 @@ func (rs rsAlg) SignSize() int {
 }
 
 func (rs rsAlg) Sign(payload []byte) ([]byte, error) {
-	signed, err := hashPayload(rs.hash, payload)
+	digest, err := hashPayload(rs.hash, payload)
 	if err != nil {
 		return nil, err
 	}
 
-	signature, err := rsa.SignPKCS1v15(rand.Reader, rs.privateKey, rs.hash, signed)
-	if err != nil {
-		return nil, err
+	signature, errSign := rsa.SignPKCS1v15(rand.Reader, rs.privateKey, rs.hash, digest)
+	if errSign != nil {
+		return nil, errSign
 	}
 	return signature, nil
 }
 
 func (rs rsAlg) Verify(payload, signature []byte) error {
-	signed, err := hashPayload(rs.hash, payload)
+	digest, err := hashPayload(rs.hash, payload)
 	if err != nil {
 		return err
 	}
 
-	err = rsa.VerifyPKCS1v15(rs.publickey, rs.hash, signed, signature)
-	if err != nil {
+	errVerify := rsa.VerifyPKCS1v15(rs.publickey, rs.hash, digest, signature)
+	if errVerify != nil {
 		return ErrInvalidSignature
 	}
 	return nil