qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-19 15:14:45 -07:00
Code Releases Activity

crypto/tls: minor refactors for readability

Browse Source 
Change-Id: I93e73f16474b4b31f7097af2f9479822dfc34c5c
Reviewed-on: https://go-review.googlesource.com/20678
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Emmanuel Odeke 2016-03-14 03:35:13 -06:00 committed by Adam Langley
parent c278f9302e
commit f0711b9192
5 changed files with 33 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/crypto/tls/handshake_client.go
View File

@ -552,14 +552,15 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
} }
c.scts = hs.serverHello.scts c.scts = hs.serverHello.scts
if hs.serverResumedSession() { if !hs.serverResumedSession() {
return false, nil
}
// Restore masterSecret and peerCerts from previous state // Restore masterSecret and peerCerts from previous state
hs.masterSecret = hs.session.masterSecret hs.masterSecret = hs.session.masterSecret
c.peerCertificates = hs.session.serverCertificates c.peerCertificates = hs.session.serverCertificates
c.verifiedChains = hs.session.verifiedChains c.verifiedChains = hs.session.verifiedChains
return true, nil return true, nil
}
return false, nil
} }
func (hs *clientHandshakeState) readFinished(out []byte) error { func (hs *clientHandshakeState) readFinished(out []byte) error {

5
src/crypto/tls/handshake_messages.go
View File

@ -1316,11 +1316,8 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool {
m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen]) m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
cas = cas[caLen:] cas = cas[caLen:]
} }
if len(data) > 0 {
return false
}
return true return len(data) == 0
} }
type certificateVerifyMsg struct { type certificateVerifyMsg struct {

13
src/crypto/tls/handshake_server.go
View File

@ -187,12 +187,13 @@ Curves:
} }
} }
if hs.cert, err = config.getCertificate(&ClientHelloInfo{ hs.cert, err = config.getCertificate(&ClientHelloInfo{
CipherSuites: hs.clientHello.cipherSuites, CipherSuites: hs.clientHello.cipherSuites,
ServerName: hs.clientHello.serverName, ServerName: hs.clientHello.serverName,
SupportedCurves: hs.clientHello.supportedCurves, SupportedCurves: hs.clientHello.supportedCurves,
SupportedPoints: hs.clientHello.supportedPoints, SupportedPoints: hs.clientHello.supportedPoints,
}); err != nil { })
if err != nil {
c.sendAlert(alertInternalError) c.sendAlert(alertInternalError)
return false, err return false, err
} }
@ -710,7 +711,10 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c
c.verifiedChains = chains c.verifiedChains = chains
} }
if len(certs) > 0 { if len(certs) == 0 {
return nil, nil
}
var pub crypto.PublicKey var pub crypto.PublicKey
switch key := certs[0].PublicKey.(type) { switch key := certs[0].PublicKey.(type) {
case *ecdsa.PublicKey, *rsa.PublicKey: case *ecdsa.PublicKey, *rsa.PublicKey:
@ -721,9 +725,6 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c
} }
c.peerCertificates = certs c.peerCertificates = certs
return pub, nil return pub, nil
}
return nil, nil
} }
// setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState // setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState

6
src/crypto/tls/ticket.go
View File

@ -126,11 +126,7 @@ func (s *sessionState) unmarshal(data []byte) bool {
data = data[certLen:] data = data[certLen:]
} }
if len(data) > 0 { return len(data) == 0
return false
}
return true
} }
func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) { func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {

17
src/crypto/tls/tls.go
View File

@ -210,11 +210,11 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
if len(cert.Certificate) == 0 { if len(cert.Certificate) == 0 {
if len(skippedBlockTypes) == 0 { if len(skippedBlockTypes) == 0 {
return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input")) return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input"))
} else if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
} else {
return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
} }
if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
}
return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
} }
skippedBlockTypes = skippedBlockTypes[:0] skippedBlockTypes = skippedBlockTypes[:0]
@ -224,11 +224,11 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
if keyDERBlock == nil { if keyDERBlock == nil {
if len(skippedBlockTypes) == 0 { if len(skippedBlockTypes) == 0 {
return fail(errors.New("crypto/tls: failed to find any PEM data in key input")) return fail(errors.New("crypto/tls: failed to find any PEM data in key input"))
} else if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
} else {
return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
} }
if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
}
return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
} }
if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
break break
@ -262,7 +262,6 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey) priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
if !ok { if !ok {
return fail(errors.New("crypto/tls: private key type does not match public key type")) return fail(errors.New("crypto/tls: private key type does not match public key type"))
} }
if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 { if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
return fail(errors.New("crypto/tls: private key does not match public key")) return fail(errors.New("crypto/tls: private key does not match public key"))