From b5b08222589d508e6d89e456f7eb24f80d818a60 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 19 Dec 2011 10:39:30 -0500 Subject: [PATCH] crypto/tls: don't assume an RSA private key in the API. We still very much assume it in the code, but with this change in place we can implement other things later without changing and users of the package. Fixes #2319. R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/5489073 --- common.go | 4 ++-- handshake_client.go | 2 +- key_agreement.go | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/common.go b/common.go index f57d932..a461ad9 100644 --- a/common.go +++ b/common.go @@ -5,8 +5,8 @@ package tls import ( + "crypto" "crypto/rand" - "crypto/rsa" "crypto/x509" "io" "strings" @@ -255,7 +255,7 @@ func (c *Config) BuildNameToCertificate() { // A Certificate is a chain of one or more certificates, leaf first. type Certificate struct { Certificate [][]byte - PrivateKey *rsa.PrivateKey + PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey // OCSPStaple contains an optional OCSP response which will be served // to clients that request it. OCSPStaple []byte diff --git a/handshake_client.go b/handshake_client.go index e39e59c..7364800 100644 --- a/handshake_client.go +++ b/handshake_client.go @@ -234,7 +234,7 @@ func (c *Conn) clientHandshake() error { digest := make([]byte, 0, 36) digest = finishedHash.serverMD5.Sum(digest) digest = finishedHash.serverSHA1.Sum(digest) - signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey, crypto.MD5SHA1, digest) + signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey.(*rsa.PrivateKey), crypto.MD5SHA1, digest) if err != nil { return c.sendAlert(alertInternalError) } diff --git a/key_agreement.go b/key_agreement.go index b531717..c3c1664 100644 --- a/key_agreement.go +++ b/key_agreement.go @@ -44,7 +44,7 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe ciphertext = ckx.ciphertext[2:] } - err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0].PrivateKey, ciphertext, preMasterSecret) + err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0].PrivateKey.(*rsa.PrivateKey), ciphertext, preMasterSecret) if err != nil { return nil, err } @@ -147,7 +147,7 @@ Curve: copy(serverECDHParams[4:], ecdhePublic) md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams) - sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1) + sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey.(*rsa.PrivateKey), crypto.MD5SHA1, md5sha1) if err != nil { return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) }