crypto/tls: minor refactors for readability
Change-Id: I93e73f16474b4b31f7097af2f9479822dfc34c5c
Reviewed-on: https://go-review.googlesource.com/20678
Reviewed-by: Adam Langley <agl@golang.org>
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index d38b061..f71509b 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -552,14 +552,15 @@
}
c.scts = hs.serverHello.scts
- if hs.serverResumedSession() {
- // Restore masterSecret and peerCerts from previous state
- hs.masterSecret = hs.session.masterSecret
- c.peerCertificates = hs.session.serverCertificates
- c.verifiedChains = hs.session.verifiedChains
- return true, nil
+ if !hs.serverResumedSession() {
+ return false, nil
}
- return false, nil
+
+ // Restore masterSecret and peerCerts from previous state
+ hs.masterSecret = hs.session.masterSecret
+ c.peerCertificates = hs.session.serverCertificates
+ c.verifiedChains = hs.session.verifiedChains
+ return true, nil
}
func (hs *clientHandshakeState) readFinished(out []byte) error {
diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index 111ce53..13d013a 100644
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go
@@ -1316,11 +1316,8 @@
m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
cas = cas[caLen:]
}
- if len(data) > 0 {
- return false
- }
- return true
+ return len(data) == 0
}
type certificateVerifyMsg struct {
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index facc17d..d910730 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -187,12 +187,13 @@
}
}
- if hs.cert, err = config.getCertificate(&ClientHelloInfo{
+ hs.cert, err = config.getCertificate(&ClientHelloInfo{
CipherSuites: hs.clientHello.cipherSuites,
ServerName: hs.clientHello.serverName,
SupportedCurves: hs.clientHello.supportedCurves,
SupportedPoints: hs.clientHello.supportedPoints,
- }); err != nil {
+ })
+ if err != nil {
c.sendAlert(alertInternalError)
return false, err
}
@@ -710,20 +711,20 @@
c.verifiedChains = chains
}
- if len(certs) > 0 {
- var pub crypto.PublicKey
- switch key := certs[0].PublicKey.(type) {
- case *ecdsa.PublicKey, *rsa.PublicKey:
- pub = key
- default:
- c.sendAlert(alertUnsupportedCertificate)
- return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
- }
- c.peerCertificates = certs
- return pub, nil
+ if len(certs) == 0 {
+ return nil, nil
}
- return nil, nil
+ var pub crypto.PublicKey
+ switch key := certs[0].PublicKey.(type) {
+ case *ecdsa.PublicKey, *rsa.PublicKey:
+ pub = key
+ default:
+ c.sendAlert(alertUnsupportedCertificate)
+ return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
+ }
+ c.peerCertificates = certs
+ return pub, nil
}
// setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState
diff --git a/src/crypto/tls/ticket.go b/src/crypto/tls/ticket.go
index 7be50ce..3e7aa93 100644
--- a/src/crypto/tls/ticket.go
+++ b/src/crypto/tls/ticket.go
@@ -126,11 +126,7 @@
data = data[certLen:]
}
- if len(data) > 0 {
- return false
- }
-
- return true
+ return len(data) == 0
}
func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index 55e0d5f..bfe331d 100644
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -210,11 +210,11 @@
if len(cert.Certificate) == 0 {
if len(skippedBlockTypes) == 0 {
return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input"))
- } else if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
- return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
- } else {
- return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
}
+ if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
+ return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
+ }
+ return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
}
skippedBlockTypes = skippedBlockTypes[:0]
@@ -224,11 +224,11 @@
if keyDERBlock == nil {
if len(skippedBlockTypes) == 0 {
return fail(errors.New("crypto/tls: failed to find any PEM data in key input"))
- } else if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
- return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
- } else {
- return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
}
+ if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
+ return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
+ }
+ return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
}
if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
break
@@ -262,7 +262,6 @@
priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
if !ok {
return fail(errors.New("crypto/tls: private key type does not match public key type"))
-
}
if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
return fail(errors.New("crypto/tls: private key does not match public key"))
