respect goto restrictions
R=gri CC=golang-dev https://golang.org/cl/4625044
This commit is contained in:
parent
5a4918e635
commit
35e8279c86
@ -176,9 +176,11 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl
|
|||||||
return preMasterSecret, nil
|
return preMasterSecret, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var errServerKeyExchange = os.ErrorString("invalid ServerKeyExchange")
|
||||||
|
|
||||||
func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
|
func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
|
||||||
if len(skx.key) < 4 {
|
if len(skx.key) < 4 {
|
||||||
goto Error
|
return errServerKeyExchange
|
||||||
}
|
}
|
||||||
if skx.key[0] != 3 { // named curve
|
if skx.key[0] != 3 { // named curve
|
||||||
return os.ErrorString("server selected unsupported curve")
|
return os.ErrorString("server selected unsupported curve")
|
||||||
@ -198,29 +200,26 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
|
|||||||
|
|
||||||
publicLen := int(skx.key[3])
|
publicLen := int(skx.key[3])
|
||||||
if publicLen+4 > len(skx.key) {
|
if publicLen+4 > len(skx.key) {
|
||||||
goto Error
|
return errServerKeyExchange
|
||||||
}
|
}
|
||||||
ka.x, ka.y = ka.curve.Unmarshal(skx.key[4 : 4+publicLen])
|
ka.x, ka.y = ka.curve.Unmarshal(skx.key[4 : 4+publicLen])
|
||||||
if ka.x == nil {
|
if ka.x == nil {
|
||||||
goto Error
|
return errServerKeyExchange
|
||||||
}
|
}
|
||||||
serverECDHParams := skx.key[:4+publicLen]
|
serverECDHParams := skx.key[:4+publicLen]
|
||||||
|
|
||||||
sig := skx.key[4+publicLen:]
|
sig := skx.key[4+publicLen:]
|
||||||
if len(sig) < 2 {
|
if len(sig) < 2 {
|
||||||
goto Error
|
return errServerKeyExchange
|
||||||
}
|
}
|
||||||
sigLen := int(sig[0])<<8 | int(sig[1])
|
sigLen := int(sig[0])<<8 | int(sig[1])
|
||||||
if sigLen+2 != len(sig) {
|
if sigLen+2 != len(sig) {
|
||||||
goto Error
|
return errServerKeyExchange
|
||||||
}
|
}
|
||||||
sig = sig[2:]
|
sig = sig[2:]
|
||||||
|
|
||||||
md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECDHParams)
|
md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECDHParams)
|
||||||
return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig)
|
return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig)
|
||||||
|
|
||||||
Error:
|
|
||||||
return os.ErrorString("invalid ServerKeyExchange")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {
|
func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {
|
||||||
|
Loading…
Reference in New Issue
Block a user