crypto/tls: implement TLS 1.3 client handshake (base)

Implement a basic TLS 1.3 client handshake, only enabled if explicitly requested with MaxVersion. This CL intentionally leaves for future CLs: - PSK modes and resumption - client authentication - post-handshake messages - downgrade protection - KeyLogWriter support Updates #9671 Change-Id: Ieb6130fb6f25aea4f0d39e3a2448dfc942e1de7a Reviewed-on: https://go-review.googlesource.com/c/146559 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2018-11-01 01:01:09 -04:00 · 2018-11-01 01:01:09 -04:00 · 2c3ff7ba06
commit 2c3ff7ba06
parent ed74f7823e
25 changed files with 2074 additions and 362 deletions
--- a/handshake_messages.go
+++ b/handshake_messages.go
@ -466,7 +466,8 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 			}
 		case extensionCookie:
 			// RFC 8446, Section 4.2.2
-			if !readUint16LengthPrefixed(&extData, &m.cookie) {
+			if !readUint16LengthPrefixed(&extData, &m.cookie) ||
+				len(m.cookie) == 0 {
 				return false
 			}
 		case extensionKeyShare:
@ -757,7 +758,8 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
 				return false
 			}
 		case extensionCookie:
-			if !readUint16LengthPrefixed(&extData, &m.cookie) {
+			if !readUint16LengthPrefixed(&extData, &m.cookie) ||
+				len(m.cookie) == 0 {
 				return false
 			}
 		case extensionKeyShare: