crypto/tls: rewrite some messages with golang.org/x/crypto/cryptobyte

As a first round, rewrite those handshake message types which can be reused in TLS 1.3 with golang.org/x/crypto/cryptobyte. All other types changed significantly in TLS 1.3 and will require separate implementations. They will be ported to cryptobyte in a later CL. The only semantic changes should be enforcing the random length on the marshaling side, enforcing a couple more "must not be empty" on the unmarshaling side, and checking the rest of the SNI list even if we only take the first. Change-Id: Idd2ced60c558fafcf02ee489195b6f3b4735fe22 Reviewed-on: https://go-review.googlesource.com/c/144115 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
golang · Oct 29, 2018 · 4c8b09e · 4c8b09e
1 parent cf6e423
commit 4c8b09e
Show file tree

Hide file tree

Showing 7 changed files with 450 additions and 679 deletions.
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
@@ -899,7 +899,7 @@ func (c *Conn) readHandshake() (interface{}, error) {
  m = new(certificateMsg)
  case typeCertificateRequest:
  m = &certificateRequestMsg{
- hasSignatureAndHash: c.vers >= VersionTLS12,
+ hasSignatureAlgorithm: c.vers >= VersionTLS12,
  }
  case typeCertificateStatus:
  m = new(certificateStatusMsg)
@@ -911,7 +911,7 @@ func (c *Conn) readHandshake() (interface{}, error) {
  m = new(clientKeyExchangeMsg)
  case typeCertificateVerify:
  m = &certificateVerifyMsg{
- hasSignatureAndHash: c.vers >= VersionTLS12,
+ hasSignatureAlgorithm: c.vers >= VersionTLS12,
  }
  case typeNextProtocol:
  m = new(nextProtoMsg)

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
@@ -471,7 +471,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 
  if chainToSend != nil && len(chainToSend.Certificate) > 0 {
  certVerify := &certificateVerifyMsg{
- hasSignatureAndHash: c.vers >= VersionTLS12,
+ hasSignatureAlgorithm: c.vers >= VersionTLS12,
  }
 
  key, ok := chainToSend.PrivateKey.(crypto.Signer)
@@ -486,7 +486,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
  return err
  }
  // SignatureAndHashAlgorithm was introduced in TLS 1.2.
- if certVerify.hasSignatureAndHash {
+ if certVerify.hasSignatureAlgorithm {
  certVerify.signatureAlgorithm = signatureAlgorithm
  }
  digest, err := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
@@ -739,7 +739,7 @@ func (hs *clientHandshakeState) getCertificate(certReq *certificateRequestMsg) (
  if c.config.GetClientCertificate != nil {
  var signatureSchemes []SignatureScheme
 
- if !certReq.hasSignatureAndHash {
+ if !certReq.hasSignatureAlgorithm {
  // Prior to TLS 1.2, the signature schemes were not
  // included in the certificate request message. In this
  // case we use a plausible list based on the acceptable