]> Cypherpunks.ru repositories - gostls13.git/blobdiff - src/crypto/tls/handshake_client.go
projects / gostls13.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[dev.boringcrypto] all: merge master into dev.boringcrypto
[gostls13.git] / src / crypto / tls / handshake_client.go
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index e089762b9f9a635ef396fde94afa808075d64bcc..6d32a72fd33eb14e9308dd3f889867e6714026f1 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -6,6 +6,7 @@ package tls
 
 import (
        "bytes"
+       "context"
        "crypto"
        "crypto/ecdsa"
        "crypto/ed25519"
@@ -14,6 +15,7 @@ import (
        "crypto/x509"
        "errors"
        "fmt"
+       "hash"
        "io"
        "net"
        "strings"
@@ -23,6 +25,7 @@ import (
 
 type clientHandshakeState struct {
        c            *Conn
+       ctx          context.Context
        serverHello  *serverHelloMsg
        hello        *clientHelloMsg
        suite        *cipherSuite
@@ -136,7 +139,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
        return hello, params, nil
 }
 
-func (c *Conn) clientHandshake() (err error) {
+func (c *Conn) clientHandshake(ctx context.Context) (err error) {
        if c.config == nil {
                c.config = defaultConfig()
        }
@@ -200,6 +203,7 @@ func (c *Conn) clientHandshake() (err error) {
        if c.vers == VersionTLS13 {
                hs := &clientHandshakeStateTLS13{
                        c:           c,
+                       ctx:         ctx,
                        serverHello: serverHello,
                        hello:       hello,
                        ecdheParams: ecdheParams,
@@ -214,6 +218,7 @@ func (c *Conn) clientHandshake() (err error) {
 
        hs := &clientHandshakeState{
                c:           c,
+               ctx:         ctx,
                serverHello: serverHello,
                hello:       hello,
                session:     session,
@@ -542,7 +547,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
                certRequested = true
                hs.finishedHash.Write(certReq.marshal())
 
-               cri := certificateRequestInfoFromMsg(c.vers, certReq)
+               cri := certificateRequestInfoFromMsg(hs.ctx, c.vers, certReq)
                if chainToSend, err = c.getClientCertificate(cri); err != nil {
                        c.sendAlert(alertInternalError)
                        return err
@@ -650,12 +655,12 @@ func (hs *clientHandshakeState) establishKeys() error {
        clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV :=
                keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.random, hs.serverHello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen)
        var clientCipher, serverCipher interface{}
-       var clientHash, serverHash macFunction
+       var clientHash, serverHash hash.Hash
        if hs.suite.cipher != nil {
                clientCipher = hs.suite.cipher(clientKey, clientIV, false /* not for reading */)
-               clientHash = hs.suite.mac(c.vers, clientMAC)
+               clientHash = hs.suite.mac(clientMAC)
                serverCipher = hs.suite.cipher(serverKey, serverIV, true /* for reading */)
-               serverHash = hs.suite.mac(c.vers, serverMAC)
+               serverHash = hs.suite.mac(serverMAC)
        } else {
                clientCipher = hs.suite.aead(clientKey, clientIV)
                serverCipher = hs.suite.aead(serverKey, serverIV)
@@ -884,10 +889,11 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 
 // certificateRequestInfoFromMsg generates a CertificateRequestInfo from a TLS
 // <= 1.2 CertificateRequest, making an effort to fill in missing information.
-func certificateRequestInfoFromMsg(vers uint16, certReq *certificateRequestMsg) *CertificateRequestInfo {
+func certificateRequestInfoFromMsg(ctx context.Context, vers uint16, certReq *certificateRequestMsg) *CertificateRequestInfo {
        cri := &CertificateRequestInfo{
                AcceptableCAs: certReq.certificateAuthorities,
                Version:       vers,
+               ctx:           ctx,
        }
 
        var rsaAvail, ecAvail bool
Go GOST TLS 1.3