From f0711b9192ab03b41a42bf5e3e4d49bb3751f236 Mon Sep 17 00:00:00 2001
From: Emmanuel Odeke <emm.odeke@gmail.com>
Date: Mon, 14 Mar 2016 03:35:13 -0600
Subject: [PATCH] crypto/tls: minor refactors for readability

Change-Id: I93e73f16474b4b31f7097af2f9479822dfc34c5c
Reviewed-on: https://go-review.googlesource.com/20678
Reviewed-by: Adam Langley <agl@golang.org>
---
 src/crypto/tls/handshake_client.go   | 15 +++++++-------
 src/crypto/tls/handshake_messages.go |  5 +----
 src/crypto/tls/handshake_server.go   | 29 ++++++++++++++--------------
 src/crypto/tls/ticket.go             |  6 +-----
 src/crypto/tls/tls.go                | 17 ++++++++--------
 5 files changed, 33 insertions(+), 39 deletions(-)

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index d38b061edd..f71509b25a 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -552,14 +552,15 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
 	}
 	c.scts = hs.serverHello.scts
 
-	if hs.serverResumedSession() {
-		// Restore masterSecret and peerCerts from previous state
-		hs.masterSecret = hs.session.masterSecret
-		c.peerCertificates = hs.session.serverCertificates
-		c.verifiedChains = hs.session.verifiedChains
-		return true, nil
+	if !hs.serverResumedSession() {
+		return false, nil
 	}
-	return false, nil
+
+	// Restore masterSecret and peerCerts from previous state
+	hs.masterSecret = hs.session.masterSecret
+	c.peerCertificates = hs.session.serverCertificates
+	c.verifiedChains = hs.session.verifiedChains
+	return true, nil
 }
 
 func (hs *clientHandshakeState) readFinished(out []byte) error {
diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index 111ce53487..13d013a594 100644
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go
@@ -1316,11 +1316,8 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool {
 		m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
 		cas = cas[caLen:]
 	}
-	if len(data) > 0 {
-		return false
-	}
 
-	return true
+	return len(data) == 0
 }
 
 type certificateVerifyMsg struct {
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index facc17d94e..d910730794 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -187,12 +187,13 @@ Curves:
 		}
 	}
 
-	if hs.cert, err = config.getCertificate(&ClientHelloInfo{
+	hs.cert, err = config.getCertificate(&ClientHelloInfo{
 		CipherSuites:    hs.clientHello.cipherSuites,
 		ServerName:      hs.clientHello.serverName,
 		SupportedCurves: hs.clientHello.supportedCurves,
 		SupportedPoints: hs.clientHello.supportedPoints,
-	}); err != nil {
+	})
+	if err != nil {
 		c.sendAlert(alertInternalError)
 		return false, err
 	}
@@ -710,20 +711,20 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c
 		c.verifiedChains = chains
 	}
 
-	if len(certs) > 0 {
-		var pub crypto.PublicKey
-		switch key := certs[0].PublicKey.(type) {
-		case *ecdsa.PublicKey, *rsa.PublicKey:
-			pub = key
-		default:
-			c.sendAlert(alertUnsupportedCertificate)
-			return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
-		}
-		c.peerCertificates = certs
-		return pub, nil
+	if len(certs) == 0 {
+		return nil, nil
 	}
 
-	return nil, nil
+	var pub crypto.PublicKey
+	switch key := certs[0].PublicKey.(type) {
+	case *ecdsa.PublicKey, *rsa.PublicKey:
+		pub = key
+	default:
+		c.sendAlert(alertUnsupportedCertificate)
+		return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
+	}
+	c.peerCertificates = certs
+	return pub, nil
 }
 
 // setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState
diff --git a/src/crypto/tls/ticket.go b/src/crypto/tls/ticket.go
index 7be50ce68c..3e7aa93c82 100644
--- a/src/crypto/tls/ticket.go
+++ b/src/crypto/tls/ticket.go
@@ -126,11 +126,7 @@ func (s *sessionState) unmarshal(data []byte) bool {
 		data = data[certLen:]
 	}
 
-	if len(data) > 0 {
-		return false
-	}
-
-	return true
+	return len(data) == 0
 }
 
 func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index 55e0d5f083..bfe331dd42 100644
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -210,11 +210,11 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 	if len(cert.Certificate) == 0 {
 		if len(skippedBlockTypes) == 0 {
 			return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input"))
-		} else if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
-			return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
-		} else {
-			return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
 		}
+		if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
+			return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
+		}
+		return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
 	}
 
 	skippedBlockTypes = skippedBlockTypes[:0]
@@ -224,11 +224,11 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 		if keyDERBlock == nil {
 			if len(skippedBlockTypes) == 0 {
 				return fail(errors.New("crypto/tls: failed to find any PEM data in key input"))
-			} else if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
-				return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
-			} else {
-				return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
 			}
+			if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
+				return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
+			}
+			return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
 		}
 		if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
 			break
@@ -262,7 +262,6 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 		priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
 		if !ok {
 			return fail(errors.New("crypto/tls: private key type does not match public key type"))
-
 		}
 		if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
 			return fail(errors.New("crypto/tls: private key does not match public key"))