crypto/tls,crypto/x509: normalize RFC references

Use the format "RFC XXXX, Section X.X" (or "Appendix Y.X") as it fits
more properly in prose than a link, is more future-proof, and as there
are multiple ways to render an RFC. Capital "S" to follow the quoting
standard of RFCs themselves.

Applied the new goimports grouping to all files in those packages, too.

Change-Id: I01267bb3a3b02664f8f822e97b129075bb14d404
Reviewed-on: https://go-review.googlesource.com/c/141918
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

auth.go

@@ -23,10 +23,9 @@ import (
 func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []SignatureScheme, tlsVersion uint16) (sigAlg SignatureScheme, sigType uint8, hashFunc crypto.Hash, err error) {
 	if tlsVersion < VersionTLS12 || len(peerSigAlgs) == 0 {
 		// For TLS 1.1 and before, the signature algorithm could not be
-		// negotiated and the hash is fixed based on the signature type.
-		// For TLS 1.2, if the client didn't send signature_algorithms
-		// extension then we can assume that it supports SHA1. See
-		// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+		// negotiated and the hash is fixed based on the signature type. For TLS
+		// 1.2, if the client didn't send signature_algorithms extension then we
+		// can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1.
 		switch pubkey.(type) {
 		case *rsa.PublicKey:
 			if tlsVersion < VersionTLS12 {

cipher_suites.go

@@ -13,9 +13,8 @@ import (
 	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/x509"
-	"hash"
-
 	"golang_org/x/crypto/chacha20poly1305"
+	"hash"
 )
 
 // a keyAgreement implements the client and server side of a TLS key agreement
@@ -303,7 +302,7 @@ func newConstantTimeHash(h func() hash.Hash) func() hash.Hash {
 	}
 }
 
-// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3.
+// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, Section 6.2.3.
 type tls10MAC struct {
 	h hash.Hash
 }
@@ -390,7 +389,6 @@ const (
 	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305  uint16 = 0xcca9
 
 	// TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
-	// that the client is doing version fallback. See
-	// https://tools.ietf.org/html/rfc7507.
+	// that the client is doing version fallback. See RFC 7507.
 	TLS_FALLBACK_SCSV uint16 = 0x5600
 )

common.go

@@ -79,7 +79,7 @@ const (
 	extensionSupportedPoints     uint16 = 11
 	extensionSignatureAlgorithms uint16 = 13
 	extensionALPN                uint16 = 16
-	extensionSCT                 uint16 = 18 // https://tools.ietf.org/html/rfc6962#section-6
+	extensionSCT                 uint16 = 18 // RFC 6962, Section 6
 	extensionSessionTicket       uint16 = 35
 	extensionNextProtoNeg        uint16 = 13172 // not IANA assigned
 	extensionRenegotiationInfo   uint16 = 0xff01
@@ -128,7 +128,7 @@ const (
 )
 
 // Signature algorithms (for internal signaling use). Starting at 16 to avoid overlap with
-// TLS 1.2 codepoints (RFC 5246, section A.4.1), with which these have nothing to do.
+// TLS 1.2 codepoints (RFC 5246, Appendix A.4.1), with which these have nothing to do.
 const (
 	signaturePKCS1v15 uint8 = iota + 16
 	signatureECDSA
@@ -177,9 +177,9 @@ type ConnectionState struct {
 }
 
 // ExportKeyingMaterial returns length bytes of exported key material in a new
-// slice as defined in https://tools.ietf.org/html/rfc5705. If context is nil,
-// it is not used as part of the seed. If the connection was set to allow
-// renegotiation via Config.Renegotiation, this function will return an error.
+// slice as defined in RFC 5705. If context is nil, it is not used as part of
+// the seed. If the connection was set to allow renegotiation via
+// Config.Renegotiation, this function will return an error.
 func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) {
 	return cs.ekm(label, context, length)
 }
@@ -222,7 +222,7 @@ type ClientSessionCache interface {
 }
 
 // SignatureScheme identifies a signature algorithm supported by TLS. See
-// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3.
+// RFC 8446, Section 4.2.3.
 type SignatureScheme uint16
 
 const (
@@ -252,32 +252,27 @@ type ClientHelloInfo struct {
 
 	// ServerName indicates the name of the server requested by the client
 	// in order to support virtual hosting. ServerName is only set if the
-	// client is using SNI (see
-	// https://tools.ietf.org/html/rfc4366#section-3.1).
+	// client is using SNI (see RFC 4366, Section 3.1).
 	ServerName string
 
 	// SupportedCurves lists the elliptic curves supported by the client.
 	// SupportedCurves is set only if the Supported Elliptic Curves
-	// Extension is being used (see
-	// https://tools.ietf.org/html/rfc4492#section-5.1.1).
+	// Extension is being used (see RFC 4492, Section 5.1.1).
 	SupportedCurves []CurveID
 
 	// SupportedPoints lists the point formats supported by the client.
 	// SupportedPoints is set only if the Supported Point Formats Extension
-	// is being used (see
-	// https://tools.ietf.org/html/rfc4492#section-5.1.2).
+	// is being used (see RFC 4492, Section 5.1.2).
 	SupportedPoints []uint8
 
 	// SignatureSchemes lists the signature and hash schemes that the client
 	// is willing to verify. SignatureSchemes is set only if the Signature
-	// Algorithms Extension is being used (see
-	// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1).
+	// Algorithms Extension is being used (see RFC 5246, Section 7.4.1.4.1).
 	SignatureSchemes []SignatureScheme
 
 	// SupportedProtos lists the application protocols supported by the client.
 	// SupportedProtos is set only if the Application-Layer Protocol
-	// Negotiation Extension is being used (see
-	// https://tools.ietf.org/html/rfc7301#section-3.1).
+	// Negotiation Extension is being used (see RFC 7301, Section 3.1).
 	//
 	// Servers can select a protocol by setting Config.NextProtos in a
 	// GetConfigForClient return value.

conn.go

@@ -205,7 +205,7 @@ func (hc *halfConn) incSeq() {
 
 // extractPadding returns, in constant time, the length of the padding to remove
 // from the end of payload. It also returns a byte which is equal to 255 if the
-// padding was valid and 0 otherwise. See RFC 2246, section 6.2.3.2
+// padding was valid and 0 otherwise. See RFC 2246, Section 6.2.3.2.
 func extractPadding(payload []byte) (toRemove int, good byte) {
 	if len(payload) < 1 {
 		return 0, 0

handshake_client.go

@@ -845,7 +845,7 @@ func mutualProtocol(protos, preferenceProtos []string) (string, bool) {
 
 // hostnameInSNI converts name into an approriate hostname for SNI.
 // Literal IP addresses and absolute FQDNs are not permitted as SNI values.
-// See https://tools.ietf.org/html/rfc6066#section-3.
+// See RFC 6066, Section 3.
 func hostnameInSNI(name string) string {
 	host := name
 	if len(host) > 0 && host[0] == '[' && host[len(host)-1] == ']' {

handshake_messages.go

@@ -155,7 +155,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		z[3] = byte(l)
 		z = z[4:]
 
-		// RFC 3546, section 3.1
+		// RFC 3546, Section 3.1
 		//
 		// struct {
 		//     NameType name_type;
@@ -182,7 +182,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		z = z[l:]
 	}
 	if m.ocspStapling {
-		// RFC 4366, section 3.6
+		// RFC 4366, Section 3.6
 		z[0] = byte(extensionStatusRequest >> 8)
 		z[1] = byte(extensionStatusRequest)
 		z[2] = 0
@@ -192,7 +192,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		z = z[9:]
 	}
 	if len(m.supportedCurves) > 0 {
-		// https://tools.ietf.org/html/rfc4492#section-5.5.1
+		// RFC 4492, Section 5.5.1
 		z[0] = byte(extensionSupportedCurves >> 8)
 		z[1] = byte(extensionSupportedCurves)
 		l := 2 + 2*len(m.supportedCurves)
@@ -209,7 +209,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		}
 	}
 	if len(m.supportedPoints) > 0 {
-		// https://tools.ietf.org/html/rfc4492#section-5.5.2
+		// RFC 4492, Section 5.5.2
 		z[0] = byte(extensionSupportedPoints >> 8)
 		z[1] = byte(extensionSupportedPoints)
 		l := 1 + len(m.supportedPoints)
@@ -224,7 +224,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		}
 	}
 	if m.ticketSupported {
-		// https://tools.ietf.org/html/rfc5077#section-3.2
+		// RFC 5077, Section 3.2
 		z[0] = byte(extensionSessionTicket >> 8)
 		z[1] = byte(extensionSessionTicket)
 		l := len(m.sessionTicket)
@@ -235,7 +235,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		z = z[len(m.sessionTicket):]
 	}
 	if len(m.supportedSignatureAlgorithms) > 0 {
-		// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+		// RFC 5246, Section 7.4.1.4.1
 		z[0] = byte(extensionSignatureAlgorithms >> 8)
 		z[1] = byte(extensionSignatureAlgorithms)
 		l := 2 + 2*len(m.supportedSignatureAlgorithms)
@@ -285,7 +285,7 @@ func (m *clientHelloMsg) marshal() []byte {
 		lengths[1] = byte(stringsLength)
 	}
 	if m.scts {
-		// https://tools.ietf.org/html/rfc6962#section-3.3.1
+		// RFC 6962, Section 3.3.1
 		z[0] = byte(extensionSCT >> 8)
 		z[1] = byte(extensionSCT)
 		// zero uint16 for the zero-length extension_data
@@ -396,9 +396,8 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 				}
 				if nameType == 0 {
 					m.serverName = string(d[:nameLen])
-					// An SNI value may not include a
-					// trailing dot. See
-					// https://tools.ietf.org/html/rfc6066#section-3.
+					// An SNI value may not include a trailing dot.
+					// See RFC 6066, Section 3.
 					if strings.HasSuffix(m.serverName, ".") {
 						return false
 					}
@@ -414,7 +413,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 		case extensionStatusRequest:
 			m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
 		case extensionSupportedCurves:
-			// https://tools.ietf.org/html/rfc4492#section-5.5.1
+			// RFC 4492, Section 5.5.1
 			if length < 2 {
 				return false
 			}
@@ -430,7 +429,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 				d = d[2:]
 			}
 		case extensionSupportedPoints:
-			// https://tools.ietf.org/html/rfc4492#section-5.5.2
+			// RFC 4492, Section 5.5.2
 			if length < 1 {
 				return false
 			}
@@ -441,11 +440,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
 			m.supportedPoints = make([]uint8, l)
 			copy(m.supportedPoints, data[1:])
 		case extensionSessionTicket:
-			// https://tools.ietf.org/html/rfc5077#section-3.2
+			// RFC 5077, Section 3.2
 			m.ticketSupported = true
 			m.sessionTicket = data[:length]
 		case extensionSignatureAlgorithms:
-			// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
+			// RFC 5246, Section 7.4.1.4.1
 			if length < 2 || length&1 != 0 {
 				return false
 			}
@@ -1224,7 +1223,7 @@ func (m *certificateRequestMsg) marshal() (x []byte) {
 		return m.raw
 	}
 
-	// See https://tools.ietf.org/html/rfc4346#section-7.4.4
+	// See RFC 4346, Section 7.4.4.
 	length := 1 + len(m.certificateTypes) + 2
 	casLength := 0
 	for _, ca := range m.certificateAuthorities {
@@ -1374,7 +1373,7 @@ func (m *certificateVerifyMsg) marshal() (x []byte) {
 		return m.raw
 	}
 
-	// See https://tools.ietf.org/html/rfc4346#section-7.4.8
+	// See RFC 4346, Section 7.4.8.
 	siglength := len(m.signature)
 	length := 2 + siglength
 	if m.hasSignatureAndHash {
@@ -1452,7 +1451,7 @@ func (m *newSessionTicketMsg) marshal() (x []byte) {
 		return m.raw
 	}
 
-	// See https://tools.ietf.org/html/rfc5077#section-3.3
+	// See RFC 5077, Section 3.3.
 	ticketLen := len(m.ticket)
 	length := 2 + 4 + ticketLen
 	x = make([]byte, 4+length)

handshake_messages_test.go

@@ -271,8 +271,7 @@ func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value {
 }
 
 func TestRejectEmptySCTList(t *testing.T) {
-	// https://tools.ietf.org/html/rfc6962#section-3.3.1 specifies that
-	// empty SCT lists are invalid.
+	// RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid.
 
 	var random [32]byte
 	sct := []byte{0x42, 0x42, 0x42, 0x42}

handshake_server.go

@@ -49,7 +49,7 @@ func (c *Conn) serverHandshake() error {
 		return err
 	}
 
-	// For an overview of TLS handshaking, see https://tools.ietf.org/html/rfc5246#section-7.3
+	// For an overview of TLS handshaking, see RFC 5246, Section 7.3.
 	c.buffering = true
 	if isResume {
 		// The client has included a session ticket and so we do an abbreviated handshake.
@@ -268,7 +268,7 @@ Curves:
 		return false, errors.New("tls: no cipher suite supported by both client and server")
 	}
 
-	// See https://tools.ietf.org/html/rfc7507.
+	// See RFC 7507.
 	for _, id := range hs.clientHello.cipherSuites {
 		if id == TLS_FALLBACK_SCSV {
 			// The client is doing a fallback connection.

key_agreement.go

@@ -12,10 +12,9 @@ import (
 	"crypto/sha1"
 	"crypto/x509"
 	"errors"
+	"golang_org/x/crypto/curve25519"
 	"io"
 	"math/big"
-
-	"golang_org/x/crypto/curve25519"
 )
 
 var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message")
@@ -200,7 +199,7 @@ NextCandidate:
 		ecdhePublic = elliptic.Marshal(curve, x, y)
 	}
 
-	// https://tools.ietf.org/html/rfc4492#section-5.4
+	// See RFC 4492, Section 5.4.
 	serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic))
 	serverECDHParams[0] = 3 // named curve
 	serverECDHParams[1] = byte(ka.curveid >> 8)

prf.go

@@ -16,14 +16,14 @@ import (
 	"hash"
 )
 
-// Split a premaster secret in two as specified in RFC 4346, section 5.
+// Split a premaster secret in two as specified in RFC 4346, Section 5.
 func splitPreMasterSecret(secret []byte) (s1, s2 []byte) {
 	s1 = secret[0 : (len(secret)+1)/2]
 	s2 = secret[len(secret)/2:]
 	return
 }
 
-// pHash implements the P_hash function, as defined in RFC 4346, section 5.
+// pHash implements the P_hash function, as defined in RFC 4346, Section 5.
 func pHash(result, secret, seed []byte, hash func() hash.Hash) {
 	h := hmac.New(hash, secret)
 	h.Write(seed)
@@ -44,7 +44,7 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) {
 	}
 }
 
-// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5.
+// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5.
 func prf10(result, secret, label, seed []byte) {
 	hashSHA1 := sha1.New
 	hashMD5 := md5.New
@@ -63,7 +63,7 @@ func prf10(result, secret, label, seed []byte) {
 	}
 }
 
-// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, section 5.
+// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5.
 func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) {
 	return func(result, secret, label, seed []byte) {
 		labelAndSeed := make([]byte, len(label)+len(seed))
@@ -140,7 +140,7 @@ func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, labe
 }
 
 // masterFromPreMasterSecret generates the master secret from the pre-master
-// secret. See https://tools.ietf.org/html/rfc5246#section-8.1
+// secret. See RFC 5246, Section 8.1.
 func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte {
 	seed := make([]byte, 0, len(clientRandom)+len(serverRandom))
 	seed = append(seed, clientRandom...)
@@ -153,7 +153,7 @@ func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecr
 
 // keysFromMasterSecret generates the connection keys from the master
 // secret, given the lengths of the MAC key, cipher key and IV, as defined in
-// RFC 2246, section 6.3.
+// RFC 2246, Section 6.3.
 func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) {
 	seed := make([]byte, 0, len(serverRandom)+len(clientRandom))
 	seed = append(seed, serverRandom...)
@@ -353,8 +353,7 @@ func noExportedKeyingMaterial(label string, context []byte, length int) ([]byte,
 	return nil, errors.New("crypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled")
 }
 
-// ekmFromMasterSecret generates exported keying material as defined in
-// https://tools.ietf.org/html/rfc5705.
+// ekmFromMasterSecret generates exported keying material as defined in RFC 5705.
 func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte) func(string, []byte, int) ([]byte, error) {
 	return func(label string, context []byte, length int) ([]byte, error) {
 		switch label {