mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 12:37:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: make ConnectionState.ExportKeyingMaterial a method

Browse source 
The unexported field is hidden from reflect based marshalers, which
would break otherwise. Also, make it return an error, as there are
multiple reasons it might fail.

Fixes #27125

Change-Id: I92adade2fe456103d2d5c0315629ca0256953764
Reviewed-on: https://go-review.googlesource.com/130535
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Filippo Valsorda 2018-08-21 14:50:04 -06:00 committed by Filippo Valsorda
parent 6d965709ab
commit 0a9fc9c88a
11 changed files with 429 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

15
common.go
View file

@ -164,11 +164,8 @@ type ConnectionState struct {
SignedCertificateTimestamps [][]byte // SCTs from the server, if any
OCSPResponse []byte // stapled OCSP response from server, if any
// ExportKeyMaterial returns length bytes of exported key material as
// defined in https://tools.ietf.org/html/rfc5705. If context is nil, it is
// not used as part of the seed. If Config.Renegotiation was set to allow
// renegotiation, this function will always return nil, false.
ExportKeyingMaterial func(label string, context []byte, length int) ([]byte, bool)
// ekm is a closure exposed via ExportKeyingMaterial.
ekm func(label string, context []byte, length int) ([]byte, error)
// TLSUnique contains the "tls-unique" channel binding value (see RFC
// 5929, section 3). For resumed sessions this value will be nil
@ -179,6 +176,14 @@ type ConnectionState struct {
TLSUnique []byte
}
// ExportKeyingMaterial returns length bytes of exported key material in a new
// slice as defined in https://tools.ietf.org/html/rfc5705. If context is nil,
// it is not used as part of the seed. If the connection was set to allow
// renegotiation via Config.Renegotiation, this function will return an error.
func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
return cs.ekm(label, context, length)
}
// ClientAuthType declares the policy the server will follow for
// TLS Client Authentication.
type ClientAuthType int