diff --git a/auth.go b/auth.go index 88face4..a27db45 100644 --- a/auth.go +++ b/auth.go @@ -23,10 +23,9 @@ import ( func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []SignatureScheme, tlsVersion uint16) (sigAlg SignatureScheme, sigType uint8, hashFunc crypto.Hash, err error) { if tlsVersion < VersionTLS12 || len(peerSigAlgs) == 0 { // For TLS 1.1 and before, the signature algorithm could not be - // negotiated and the hash is fixed based on the signature type. - // For TLS 1.2, if the client didn't send signature_algorithms - // extension then we can assume that it supports SHA1. See - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + // negotiated and the hash is fixed based on the signature type. For TLS + // 1.2, if the client didn't send signature_algorithms extension then we + // can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1. switch pubkey.(type) { case *rsa.PublicKey: if tlsVersion < VersionTLS12 { diff --git a/cipher_suites.go b/cipher_suites.go index 3c8dc4b..d232996 100644 --- a/cipher_suites.go +++ b/cipher_suites.go @@ -13,9 +13,8 @@ import ( "crypto/sha1" "crypto/sha256" "crypto/x509" - "hash" - "golang_org/x/crypto/chacha20poly1305" + "hash" ) // a keyAgreement implements the client and server side of a TLS key agreement @@ -303,7 +302,7 @@ func newConstantTimeHash(h func() hash.Hash) func() hash.Hash { } } -// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3. +// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, Section 6.2.3. type tls10MAC struct { h hash.Hash } @@ -390,7 +389,6 @@ const ( TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca9 // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator - // that the client is doing version fallback. See - // https://tools.ietf.org/html/rfc7507. + // that the client is doing version fallback. See RFC 7507. TLS_FALLBACK_SCSV uint16 = 0x5600 ) diff --git a/common.go b/common.go index 7b627fc..50db88e 100644 --- a/common.go +++ b/common.go @@ -79,7 +79,7 @@ const ( extensionSupportedPoints uint16 = 11 extensionSignatureAlgorithms uint16 = 13 extensionALPN uint16 = 16 - extensionSCT uint16 = 18 // https://tools.ietf.org/html/rfc6962#section-6 + extensionSCT uint16 = 18 // RFC 6962, Section 6 extensionSessionTicket uint16 = 35 extensionNextProtoNeg uint16 = 13172 // not IANA assigned extensionRenegotiationInfo uint16 = 0xff01 @@ -128,7 +128,7 @@ const ( ) // Signature algorithms (for internal signaling use). Starting at 16 to avoid overlap with -// TLS 1.2 codepoints (RFC 5246, section A.4.1), with which these have nothing to do. +// TLS 1.2 codepoints (RFC 5246, Appendix A.4.1), with which these have nothing to do. const ( signaturePKCS1v15 uint8 = iota + 16 signatureECDSA @@ -177,9 +177,9 @@ type ConnectionState struct { } // ExportKeyingMaterial returns length bytes of exported key material in a new -// slice as defined in https://tools.ietf.org/html/rfc5705. If context is nil, -// it is not used as part of the seed. If the connection was set to allow -// renegotiation via Config.Renegotiation, this function will return an error. +// slice as defined in RFC 5705. If context is nil, it is not used as part of +// the seed. If the connection was set to allow renegotiation via +// Config.Renegotiation, this function will return an error. func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) { return cs.ekm(label, context, length) } @@ -222,7 +222,7 @@ type ClientSessionCache interface { } // SignatureScheme identifies a signature algorithm supported by TLS. See -// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3. +// RFC 8446, Section 4.2.3. type SignatureScheme uint16 const ( @@ -252,32 +252,27 @@ type ClientHelloInfo struct { // ServerName indicates the name of the server requested by the client // in order to support virtual hosting. ServerName is only set if the - // client is using SNI (see - // https://tools.ietf.org/html/rfc4366#section-3.1). + // client is using SNI (see RFC 4366, Section 3.1). ServerName string // SupportedCurves lists the elliptic curves supported by the client. // SupportedCurves is set only if the Supported Elliptic Curves - // Extension is being used (see - // https://tools.ietf.org/html/rfc4492#section-5.1.1). + // Extension is being used (see RFC 4492, Section 5.1.1). SupportedCurves []CurveID // SupportedPoints lists the point formats supported by the client. // SupportedPoints is set only if the Supported Point Formats Extension - // is being used (see - // https://tools.ietf.org/html/rfc4492#section-5.1.2). + // is being used (see RFC 4492, Section 5.1.2). SupportedPoints []uint8 // SignatureSchemes lists the signature and hash schemes that the client // is willing to verify. SignatureSchemes is set only if the Signature - // Algorithms Extension is being used (see - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1). + // Algorithms Extension is being used (see RFC 5246, Section 7.4.1.4.1). SignatureSchemes []SignatureScheme // SupportedProtos lists the application protocols supported by the client. // SupportedProtos is set only if the Application-Layer Protocol - // Negotiation Extension is being used (see - // https://tools.ietf.org/html/rfc7301#section-3.1). + // Negotiation Extension is being used (see RFC 7301, Section 3.1). // // Servers can select a protocol by setting Config.NextProtos in a // GetConfigForClient return value. diff --git a/conn.go b/conn.go index 6e27e69..f05135b 100644 --- a/conn.go +++ b/conn.go @@ -205,7 +205,7 @@ func (hc *halfConn) incSeq() { // extractPadding returns, in constant time, the length of the padding to remove // from the end of payload. It also returns a byte which is equal to 255 if the -// padding was valid and 0 otherwise. See RFC 2246, section 6.2.3.2 +// padding was valid and 0 otherwise. See RFC 2246, Section 6.2.3.2. func extractPadding(payload []byte) (toRemove int, good byte) { if len(payload) < 1 { return 0, 0 diff --git a/handshake_client.go b/handshake_client.go index 32fdc6d..af290e3 100644 --- a/handshake_client.go +++ b/handshake_client.go @@ -845,7 +845,7 @@ func mutualProtocol(protos, preferenceProtos []string) (string, bool) { // hostnameInSNI converts name into an approriate hostname for SNI. // Literal IP addresses and absolute FQDNs are not permitted as SNI values. -// See https://tools.ietf.org/html/rfc6066#section-3. +// See RFC 6066, Section 3. func hostnameInSNI(name string) string { host := name if len(host) > 0 && host[0] == '[' && host[len(host)-1] == ']' { diff --git a/handshake_messages.go b/handshake_messages.go index a5bf10e..27004b2 100644 --- a/handshake_messages.go +++ b/handshake_messages.go @@ -155,7 +155,7 @@ func (m *clientHelloMsg) marshal() []byte { z[3] = byte(l) z = z[4:] - // RFC 3546, section 3.1 + // RFC 3546, Section 3.1 // // struct { // NameType name_type; @@ -182,7 +182,7 @@ func (m *clientHelloMsg) marshal() []byte { z = z[l:] } if m.ocspStapling { - // RFC 4366, section 3.6 + // RFC 4366, Section 3.6 z[0] = byte(extensionStatusRequest >> 8) z[1] = byte(extensionStatusRequest) z[2] = 0 @@ -192,7 +192,7 @@ func (m *clientHelloMsg) marshal() []byte { z = z[9:] } if len(m.supportedCurves) > 0 { - // https://tools.ietf.org/html/rfc4492#section-5.5.1 + // RFC 4492, Section 5.5.1 z[0] = byte(extensionSupportedCurves >> 8) z[1] = byte(extensionSupportedCurves) l := 2 + 2*len(m.supportedCurves) @@ -209,7 +209,7 @@ func (m *clientHelloMsg) marshal() []byte { } } if len(m.supportedPoints) > 0 { - // https://tools.ietf.org/html/rfc4492#section-5.5.2 + // RFC 4492, Section 5.5.2 z[0] = byte(extensionSupportedPoints >> 8) z[1] = byte(extensionSupportedPoints) l := 1 + len(m.supportedPoints) @@ -224,7 +224,7 @@ func (m *clientHelloMsg) marshal() []byte { } } if m.ticketSupported { - // https://tools.ietf.org/html/rfc5077#section-3.2 + // RFC 5077, Section 3.2 z[0] = byte(extensionSessionTicket >> 8) z[1] = byte(extensionSessionTicket) l := len(m.sessionTicket) @@ -235,7 +235,7 @@ func (m *clientHelloMsg) marshal() []byte { z = z[len(m.sessionTicket):] } if len(m.supportedSignatureAlgorithms) > 0 { - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + // RFC 5246, Section 7.4.1.4.1 z[0] = byte(extensionSignatureAlgorithms >> 8) z[1] = byte(extensionSignatureAlgorithms) l := 2 + 2*len(m.supportedSignatureAlgorithms) @@ -285,7 +285,7 @@ func (m *clientHelloMsg) marshal() []byte { lengths[1] = byte(stringsLength) } if m.scts { - // https://tools.ietf.org/html/rfc6962#section-3.3.1 + // RFC 6962, Section 3.3.1 z[0] = byte(extensionSCT >> 8) z[1] = byte(extensionSCT) // zero uint16 for the zero-length extension_data @@ -396,9 +396,8 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { } if nameType == 0 { m.serverName = string(d[:nameLen]) - // An SNI value may not include a - // trailing dot. See - // https://tools.ietf.org/html/rfc6066#section-3. + // An SNI value may not include a trailing dot. + // See RFC 6066, Section 3. if strings.HasSuffix(m.serverName, ".") { return false } @@ -414,7 +413,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { case extensionStatusRequest: m.ocspStapling = length > 0 && data[0] == statusTypeOCSP case extensionSupportedCurves: - // https://tools.ietf.org/html/rfc4492#section-5.5.1 + // RFC 4492, Section 5.5.1 if length < 2 { return false } @@ -430,7 +429,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { d = d[2:] } case extensionSupportedPoints: - // https://tools.ietf.org/html/rfc4492#section-5.5.2 + // RFC 4492, Section 5.5.2 if length < 1 { return false } @@ -441,11 +440,11 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { m.supportedPoints = make([]uint8, l) copy(m.supportedPoints, data[1:]) case extensionSessionTicket: - // https://tools.ietf.org/html/rfc5077#section-3.2 + // RFC 5077, Section 3.2 m.ticketSupported = true m.sessionTicket = data[:length] case extensionSignatureAlgorithms: - // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + // RFC 5246, Section 7.4.1.4.1 if length < 2 || length&1 != 0 { return false } @@ -1224,7 +1223,7 @@ func (m *certificateRequestMsg) marshal() (x []byte) { return m.raw } - // See https://tools.ietf.org/html/rfc4346#section-7.4.4 + // See RFC 4346, Section 7.4.4. length := 1 + len(m.certificateTypes) + 2 casLength := 0 for _, ca := range m.certificateAuthorities { @@ -1374,7 +1373,7 @@ func (m *certificateVerifyMsg) marshal() (x []byte) { return m.raw } - // See https://tools.ietf.org/html/rfc4346#section-7.4.8 + // See RFC 4346, Section 7.4.8. siglength := len(m.signature) length := 2 + siglength if m.hasSignatureAndHash { @@ -1452,7 +1451,7 @@ func (m *newSessionTicketMsg) marshal() (x []byte) { return m.raw } - // See https://tools.ietf.org/html/rfc5077#section-3.3 + // See RFC 5077, Section 3.3. ticketLen := len(m.ticket) length := 2 + 4 + ticketLen x = make([]byte, 4+length) diff --git a/handshake_messages_test.go b/handshake_messages_test.go index 4a4a466..52c5d30 100644 --- a/handshake_messages_test.go +++ b/handshake_messages_test.go @@ -271,8 +271,7 @@ func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value { } func TestRejectEmptySCTList(t *testing.T) { - // https://tools.ietf.org/html/rfc6962#section-3.3.1 specifies that - // empty SCT lists are invalid. + // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid. var random [32]byte sct := []byte{0x42, 0x42, 0x42, 0x42} diff --git a/handshake_server.go b/handshake_server.go index ac491ba..b077c90 100644 --- a/handshake_server.go +++ b/handshake_server.go @@ -49,7 +49,7 @@ func (c *Conn) serverHandshake() error { return err } - // For an overview of TLS handshaking, see https://tools.ietf.org/html/rfc5246#section-7.3 + // For an overview of TLS handshaking, see RFC 5246, Section 7.3. c.buffering = true if isResume { // The client has included a session ticket and so we do an abbreviated handshake. @@ -268,7 +268,7 @@ Curves: return false, errors.New("tls: no cipher suite supported by both client and server") } - // See https://tools.ietf.org/html/rfc7507. + // See RFC 7507. for _, id := range hs.clientHello.cipherSuites { if id == TLS_FALLBACK_SCSV { // The client is doing a fallback connection. diff --git a/key_agreement.go b/key_agreement.go index 1e77fac..1baa901 100644 --- a/key_agreement.go +++ b/key_agreement.go @@ -12,10 +12,9 @@ import ( "crypto/sha1" "crypto/x509" "errors" + "golang_org/x/crypto/curve25519" "io" "math/big" - - "golang_org/x/crypto/curve25519" ) var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message") @@ -200,7 +199,7 @@ NextCandidate: ecdhePublic = elliptic.Marshal(curve, x, y) } - // https://tools.ietf.org/html/rfc4492#section-5.4 + // See RFC 4492, Section 5.4. serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic)) serverECDHParams[0] = 3 // named curve serverECDHParams[1] = byte(ka.curveid >> 8) diff --git a/prf.go b/prf.go index a8cf21d..a31a50d 100644 --- a/prf.go +++ b/prf.go @@ -16,14 +16,14 @@ import ( "hash" ) -// Split a premaster secret in two as specified in RFC 4346, section 5. +// Split a premaster secret in two as specified in RFC 4346, Section 5. func splitPreMasterSecret(secret []byte) (s1, s2 []byte) { s1 = secret[0 : (len(secret)+1)/2] s2 = secret[len(secret)/2:] return } -// pHash implements the P_hash function, as defined in RFC 4346, section 5. +// pHash implements the P_hash function, as defined in RFC 4346, Section 5. func pHash(result, secret, seed []byte, hash func() hash.Hash) { h := hmac.New(hash, secret) h.Write(seed) @@ -44,7 +44,7 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { } } -// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5. +// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. func prf10(result, secret, label, seed []byte) { hashSHA1 := sha1.New hashMD5 := md5.New @@ -63,7 +63,7 @@ func prf10(result, secret, label, seed []byte) { } } -// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, section 5. +// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { return func(result, secret, label, seed []byte) { labelAndSeed := make([]byte, len(label)+len(seed)) @@ -140,7 +140,7 @@ func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, labe } // masterFromPreMasterSecret generates the master secret from the pre-master -// secret. See https://tools.ietf.org/html/rfc5246#section-8.1 +// secret. See RFC 5246, Section 8.1. func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte { seed := make([]byte, 0, len(clientRandom)+len(serverRandom)) seed = append(seed, clientRandom...) @@ -153,7 +153,7 @@ func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecr // keysFromMasterSecret generates the connection keys from the master // secret, given the lengths of the MAC key, cipher key and IV, as defined in -// RFC 2246, section 6.3. +// RFC 2246, Section 6.3. func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { seed := make([]byte, 0, len(serverRandom)+len(clientRandom)) seed = append(seed, serverRandom...) @@ -353,8 +353,7 @@ func noExportedKeyingMaterial(label string, context []byte, length int) ([]byte, return nil, errors.New("crypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled") } -// ekmFromMasterSecret generates exported keying material as defined in -// https://tools.ietf.org/html/rfc5705. +// ekmFromMasterSecret generates exported keying material as defined in RFC 5705. func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte) func(string, []byte, int) ([]byte, error) { return func(label string, context []byte, length int) ([]byte, error) { switch label {