crypto/tls: don't assume an RSA private key in the API.

We still very much assume it in the code, but with this change in place we can implement other things later without changing and users of the package. Fixes #2319. R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/5489073
2011-12-19 10:39:30 -05:00 · 2011-12-19 10:39:30 -05:00 · b5b0822258
commit b5b0822258
parent 0cd0abb180
3 changed files with 5 additions and 5 deletions
--- a/common.go
+++ b/common.go
@ -5,8 +5,8 @@
 package tls

 import (
+	"crypto"
 	"crypto/rand"
-	"crypto/rsa"
 	"crypto/x509"
 	"io"
 	"strings"
@ -255,7 +255,7 @@ func (c *Config) BuildNameToCertificate() {
 // A Certificate is a chain of one or more certificates, leaf first.
 type Certificate struct {
 	Certificate [][]byte
-	PrivateKey  *rsa.PrivateKey
+	PrivateKey  crypto.PrivateKey // supported types: *rsa.PrivateKey
 	// OCSPStaple contains an optional OCSP response which will be served
 	// to clients that request it.
 	OCSPStaple []byte
--- a/handshake_client.go
+++ b/handshake_client.go
@ -234,7 +234,7 @@ func (c *Conn) clientHandshake() error {
 		digest := make([]byte, 0, 36)
 		digest = finishedHash.serverMD5.Sum(digest)
 		digest = finishedHash.serverSHA1.Sum(digest)
-		signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey, crypto.MD5SHA1, digest)
+		signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey.(*rsa.PrivateKey), crypto.MD5SHA1, digest)
 		if err != nil {
 			return c.sendAlert(alertInternalError)
 		}
--- a/key_agreement.go
+++ b/key_agreement.go
@ -44,7 +44,7 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe
 		ciphertext = ckx.ciphertext[2:]
 	}

-	err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0].PrivateKey, ciphertext, preMasterSecret)
+	err = rsa.DecryptPKCS1v15SessionKey(config.rand(), config.Certificates[0].PrivateKey.(*rsa.PrivateKey), ciphertext, preMasterSecret)
 	if err != nil {
 		return nil, err
 	}
@ -147,7 +147,7 @@ Curve:
 	copy(serverECDHParams[4:], ecdhePublic)

 	md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams)
-	sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1)
+	sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey.(*rsa.PrivateKey), crypto.MD5SHA1, md5sha1)
 	if err != nil {
 		return nil, errors.New("failed to sign ECDHE parameters: " + err.Error())
 	}