respect goto restrictions

R=gri
CC=golang-dev
https://golang.org/cl/4625044
This commit is contained in:
Russ Cox 2011-06-17 06:07:13 -04:00
parent 5a4918e635
commit 35e8279c86

View File

@ -176,9 +176,11 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl
return preMasterSecret, nil return preMasterSecret, nil
} }
var errServerKeyExchange = os.ErrorString("invalid ServerKeyExchange")
func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error { func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
if len(skx.key) < 4 { if len(skx.key) < 4 {
goto Error return errServerKeyExchange
} }
if skx.key[0] != 3 { // named curve if skx.key[0] != 3 { // named curve
return os.ErrorString("server selected unsupported curve") return os.ErrorString("server selected unsupported curve")
@ -198,29 +200,26 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
publicLen := int(skx.key[3]) publicLen := int(skx.key[3])
if publicLen+4 > len(skx.key) { if publicLen+4 > len(skx.key) {
goto Error return errServerKeyExchange
} }
ka.x, ka.y = ka.curve.Unmarshal(skx.key[4 : 4+publicLen]) ka.x, ka.y = ka.curve.Unmarshal(skx.key[4 : 4+publicLen])
if ka.x == nil { if ka.x == nil {
goto Error return errServerKeyExchange
} }
serverECDHParams := skx.key[:4+publicLen] serverECDHParams := skx.key[:4+publicLen]
sig := skx.key[4+publicLen:] sig := skx.key[4+publicLen:]
if len(sig) < 2 { if len(sig) < 2 {
goto Error return errServerKeyExchange
} }
sigLen := int(sig[0])<<8 | int(sig[1]) sigLen := int(sig[0])<<8 | int(sig[1])
if sigLen+2 != len(sig) { if sigLen+2 != len(sig) {
goto Error return errServerKeyExchange
} }
sig = sig[2:] sig = sig[2:]
md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECDHParams) md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECDHParams)
return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig) return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig)
Error:
return os.ErrorString("invalid ServerKeyExchange")
} }
func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) { func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {