diff options
Diffstat (limited to 'src/pkg/crypto/tls/handshake_server.go')
| -rw-r--r-- | src/pkg/crypto/tls/handshake_server.go | 60 |
1 files changed, 36 insertions, 24 deletions
diff --git a/src/pkg/crypto/tls/handshake_server.go b/src/pkg/crypto/tls/handshake_server.go index c9ccf675c..75111eba0 100644 --- a/src/pkg/crypto/tls/handshake_server.go +++ b/src/pkg/crypto/tls/handshake_server.go @@ -12,6 +12,7 @@ import ( "crypto/x509" "encoding/asn1" "errors" + "fmt" "io" ) @@ -100,11 +101,13 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { var ok bool hs.clientHello, ok = msg.(*clientHelloMsg) if !ok { - return false, c.sendAlert(alertUnexpectedMessage) + c.sendAlert(alertUnexpectedMessage) + return false, unexpectedMessageError(hs.clientHello, msg) } c.vers, ok = config.mutualVersion(hs.clientHello.vers) if !ok { - return false, c.sendAlert(alertProtocolVersion) + c.sendAlert(alertProtocolVersion) + return false, fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", hs.clientHello.vers) } c.haveVers = true @@ -114,12 +117,14 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { hs.hello = new(serverHelloMsg) supportedCurve := false + preferredCurves := config.curvePreferences() Curves: for _, curve := range hs.clientHello.supportedCurves { - switch curve { - case curveP256, curveP384, curveP521: - supportedCurve = true - break Curves + for _, supported := range preferredCurves { + if supported == curve { + supportedCurve = true + break Curves + } } } @@ -142,20 +147,18 @@ Curves: } if !foundCompression { - return false, c.sendAlert(alertHandshakeFailure) + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: client does not support uncompressed connections") } hs.hello.vers = c.vers - t := uint32(config.time().Unix()) hs.hello.random = make([]byte, 32) - hs.hello.random[0] = byte(t >> 24) - hs.hello.random[1] = byte(t >> 16) - hs.hello.random[2] = byte(t >> 8) - hs.hello.random[3] = byte(t) - _, err = io.ReadFull(config.rand(), hs.hello.random[4:]) + _, err = io.ReadFull(config.rand(), hs.hello.random) if err != nil { - return false, c.sendAlert(alertInternalError) + c.sendAlert(alertInternalError) + return false, err } + hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation hs.hello.compressionMethod = compressionNone if len(hs.clientHello.serverName) > 0 { c.serverName = hs.clientHello.serverName @@ -170,7 +173,8 @@ Curves: } if len(config.Certificates) == 0 { - return false, c.sendAlert(alertInternalError) + c.sendAlert(alertInternalError) + return false, errors.New("tls: no certificates configured") } hs.cert = &config.Certificates[0] if len(hs.clientHello.serverName) > 0 { @@ -199,7 +203,8 @@ Curves: } if hs.suite == nil { - return false, c.sendAlert(alertHandshakeFailure) + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: no cipher suite supported by both client and server") } return false, nil @@ -349,7 +354,8 @@ func (hs *serverHandshakeState) doFullHandshake() error { // certificate message, even if it's empty. if config.ClientAuth >= RequestClientCert { if certMsg, ok = msg.(*certificateMsg); !ok { - return c.sendAlert(alertHandshakeFailure) + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certMsg, msg) } hs.finishedHash.Write(certMsg.marshal()) @@ -376,7 +382,8 @@ func (hs *serverHandshakeState) doFullHandshake() error { // Get client key exchange ckx, ok := msg.(*clientKeyExchangeMsg) if !ok { - return c.sendAlert(alertUnexpectedMessage) + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(ckx, msg) } hs.finishedHash.Write(ckx.marshal()) @@ -393,7 +400,8 @@ func (hs *serverHandshakeState) doFullHandshake() error { } certVerify, ok := msg.(*certificateVerifyMsg) if !ok { - return c.sendAlert(alertUnexpectedMessage) + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certVerify, msg) } switch key := pub.(type) { @@ -462,7 +470,7 @@ func (hs *serverHandshakeState) readFinished() error { c := hs.c c.readRecord(recordTypeChangeCipherSpec) - if err := c.error(); err != nil { + if err := c.in.error(); err != nil { return err } @@ -473,7 +481,8 @@ func (hs *serverHandshakeState) readFinished() error { } nextProto, ok := msg.(*nextProtoMsg) if !ok { - return c.sendAlert(alertUnexpectedMessage) + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(nextProto, msg) } hs.finishedHash.Write(nextProto.marshal()) c.clientProtocol = nextProto.proto @@ -485,13 +494,15 @@ func (hs *serverHandshakeState) readFinished() error { } clientFinished, ok := msg.(*finishedMsg) if !ok { - return c.sendAlert(alertUnexpectedMessage) + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(clientFinished, msg) } verify := hs.finishedHash.clientSum(hs.masterSecret) if len(verify) != len(clientFinished.verifyData) || subtle.ConstantTimeCompare(verify, clientFinished.verifyData) != 1 { - return c.sendAlert(alertHandshakeFailure) + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: client's Finished message is incorrect") } hs.finishedHash.Write(clientFinished.marshal()) @@ -594,7 +605,8 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c case *ecdsa.PublicKey, *rsa.PublicKey: pub = key default: - return nil, c.sendAlert(alertUnsupportedCertificate) + c.sendAlert(alertUnsupportedCertificate) + return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey) } c.peerCertificates = certs return pub, nil |