R=ality, bradfitz, rsc, dsymonds, adg, qyzhai, dchest CC=golang-dev https://golang.org/cl/4536063tls13
@@ -87,7 +87,7 @@ const ( | |||||
certTypeRSASign = 1 // A certificate containing an RSA key | certTypeRSASign = 1 // A certificate containing an RSA key | ||||
certTypeDSSSign = 2 // A certificate containing a DSA key | certTypeDSSSign = 2 // A certificate containing a DSA key | ||||
certTypeRSAFixedDH = 3 // A certificate containing a static DH key | certTypeRSAFixedDH = 3 // A certificate containing a static DH key | ||||
certTypeDSSFixedDH = 4 // A certficiate containing a static DH key | |||||
certTypeDSSFixedDH = 4 // A certificate containing a static DH key | |||||
// Rest of these are reserved by the TLS spec | // Rest of these are reserved by the TLS spec | ||||
) | ) | ||||
@@ -34,7 +34,7 @@ type Conn struct { | |||||
cipherSuite uint16 | cipherSuite uint16 | ||||
ocspResponse []byte // stapled OCSP response | ocspResponse []byte // stapled OCSP response | ||||
peerCertificates []*x509.Certificate | peerCertificates []*x509.Certificate | ||||
// verifedChains contains the certificate chains that we built, as | |||||
// verifiedChains contains the certificate chains that we built, as | |||||
// opposed to the ones presented by the server. | // opposed to the ones presented by the server. | ||||
verifiedChains [][]*x509.Certificate | verifiedChains [][]*x509.Certificate | ||||
@@ -237,7 +237,7 @@ func (hc *halfConn) decrypt(b *block) (bool, alert) { | |||||
// "Password Interception in a SSL/TLS Channel", Brice | // "Password Interception in a SSL/TLS Channel", Brice | ||||
// Canvel et al. | // Canvel et al. | ||||
// | // | ||||
// However, our behaviour matches OpenSSL, so we leak | |||||
// However, our behavior matches OpenSSL, so we leak | |||||
// only as much as they do. | // only as much as they do. | ||||
default: | default: | ||||
panic("unknown cipher type") | panic("unknown cipher type") | ||||
@@ -410,7 +410,7 @@ func (hc *halfConn) freeBlock(b *block) { | |||||
// splitBlock splits a block after the first n bytes, | // splitBlock splits a block after the first n bytes, | ||||
// returning a block with those n bytes and a | // returning a block with those n bytes and a | ||||
// block with the remaindec. the latter may be nil. | |||||
// block with the remainder. the latter may be nil. | |||||
func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) { | func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) { | ||||
if len(b.data) <= n { | if len(b.data) <= n { | ||||
return b, nil | return b, nil | ||||
@@ -209,10 +209,10 @@ FindCipherSuite: | |||||
// If we received a client cert in response to our certificate request message, | // If we received a client cert in response to our certificate request message, | ||||
// the client will send us a certificateVerifyMsg immediately after the | // the client will send us a certificateVerifyMsg immediately after the | ||||
// clientKeyExchangeMsg. This message is a MD5SHA1 digest of all preceeding | |||||
// clientKeyExchangeMsg. This message is a MD5SHA1 digest of all preceding | |||||
// handshake-layer messages that is signed using the private key corresponding | // handshake-layer messages that is signed using the private key corresponding | ||||
// to the client's certificate. This allows us to verify that the client is in | // to the client's certificate. This allows us to verify that the client is in | ||||
// posession of the private key of the certificate. | |||||
// possession of the private key of the certificate. | |||||
if len(c.peerCertificates) > 0 { | if len(c.peerCertificates) > 0 { | ||||
msg, err = c.readHandshake() | msg, err = c.readHandshake() | ||||
if err != nil { | if err != nil { | ||||
@@ -236,12 +236,12 @@ func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, client | |||||
xBytes := x.Bytes() | xBytes := x.Bytes() | ||||
copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) | copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) | ||||
serialised := ka.curve.Marshal(mx, my) | |||||
serialized := ka.curve.Marshal(mx, my) | |||||
ckx := new(clientKeyExchangeMsg) | ckx := new(clientKeyExchangeMsg) | ||||
ckx.ciphertext = make([]byte, 1+len(serialised)) | |||||
ckx.ciphertext[0] = byte(len(serialised)) | |||||
copy(ckx.ciphertext[1:], serialised) | |||||
ckx.ciphertext = make([]byte, 1+len(serialized)) | |||||
ckx.ciphertext[0] = byte(len(serialized)) | |||||
copy(ckx.ciphertext[1:], serialized) | |||||
return preMasterSecret, ckx, nil | return preMasterSecret, ckx, nil | ||||
} | } |