aboutsummaryrefslogtreecommitdiff
path: root/libgo/go/crypto/tls
diff options
context:
space:
mode:
authorIan Lance Taylor <ian@gcc.gnu.org>2011-12-03 02:17:34 +0000
committerIan Lance Taylor <ian@gcc.gnu.org>2011-12-03 02:17:34 +0000
commit2fd401c8f190f1fe43e51a7f726f6ed6119a1f96 (patch)
tree7f76eff391f37fe6467ff4ffbc0c582c9959ea30 /libgo/go/crypto/tls
parent02e9018f1616b23f1276151797216717b3564202 (diff)
downloadgcc-2fd401c8f190f1fe43e51a7f726f6ed6119a1f96.zip
gcc-2fd401c8f190f1fe43e51a7f726f6ed6119a1f96.tar.gz
gcc-2fd401c8f190f1fe43e51a7f726f6ed6119a1f96.tar.bz2
libgo: Update to weekly.2011-11-02.
From-SVN: r181964
Diffstat (limited to 'libgo/go/crypto/tls')
-rw-r--r--libgo/go/crypto/tls/cipher_suites.go9
-rw-r--r--libgo/go/crypto/tls/conn.go60
-rw-r--r--libgo/go/crypto/tls/handshake_client.go10
-rw-r--r--libgo/go/crypto/tls/handshake_server.go10
-rw-r--r--libgo/go/crypto/tls/handshake_server_test.go13
-rw-r--r--libgo/go/crypto/tls/key_agreement.go40
-rw-r--r--libgo/go/crypto/tls/prf.go3
-rw-r--r--libgo/go/crypto/tls/tls.go24
8 files changed, 83 insertions, 86 deletions
diff --git a/libgo/go/crypto/tls/cipher_suites.go b/libgo/go/crypto/tls/cipher_suites.go
index 0c62251..1134f36 100644
--- a/libgo/go/crypto/tls/cipher_suites.go
+++ b/libgo/go/crypto/tls/cipher_suites.go
@@ -13,7 +13,6 @@ import (
"crypto/sha1"
"crypto/x509"
"hash"
- "os"
)
// a keyAgreement implements the client and server side of a TLS key agreement
@@ -24,15 +23,15 @@ type keyAgreement interface {
// In the case that the key agreement protocol doesn't use a
// ServerKeyExchange message, generateServerKeyExchange can return nil,
// nil.
- generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, os.Error)
- processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, os.Error)
+ generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error)
+ processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, error)
// On the client side, the next two methods are called in order.
// This method may not be called if the server doesn't send a
// ServerKeyExchange message.
- processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) os.Error
- generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error)
+ processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error
+ generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error)
}
// A cipherSuite is a specific combination of key agreement, cipher and MAC
diff --git a/libgo/go/crypto/tls/conn.go b/libgo/go/crypto/tls/conn.go
index 9bca7d9..6312c34 100644
--- a/libgo/go/crypto/tls/conn.go
+++ b/libgo/go/crypto/tls/conn.go
@@ -11,9 +11,9 @@ import (
"crypto/cipher"
"crypto/subtle"
"crypto/x509"
+ "errors"
"io"
"net"
- "os"
"sync"
)
@@ -44,7 +44,7 @@ type Conn struct {
// first permanent error
errMutex sync.Mutex
- err os.Error
+ err error
// input/output
in, out halfConn // in.Mutex < out.Mutex
@@ -55,7 +55,7 @@ type Conn struct {
tmp [16]byte
}
-func (c *Conn) setError(err os.Error) os.Error {
+func (c *Conn) setError(err error) error {
c.errMutex.Lock()
defer c.errMutex.Unlock()
@@ -65,7 +65,7 @@ func (c *Conn) setError(err os.Error) os.Error {
return err
}
-func (c *Conn) error() os.Error {
+func (c *Conn) error() error {
c.errMutex.Lock()
defer c.errMutex.Unlock()
@@ -88,21 +88,21 @@ func (c *Conn) RemoteAddr() net.Addr {
// SetTimeout sets the read deadline associated with the connection.
// There is no write deadline.
-func (c *Conn) SetTimeout(nsec int64) os.Error {
+func (c *Conn) SetTimeout(nsec int64) error {
return c.conn.SetTimeout(nsec)
}
// SetReadTimeout sets the time (in nanoseconds) that
// Read will wait for data before returning os.EAGAIN.
// Setting nsec == 0 (the default) disables the deadline.
-func (c *Conn) SetReadTimeout(nsec int64) os.Error {
+func (c *Conn) SetReadTimeout(nsec int64) error {
return c.conn.SetReadTimeout(nsec)
}
// SetWriteTimeout exists to satisfy the net.Conn interface
// but is not implemented by TLS. It always returns an error.
-func (c *Conn) SetWriteTimeout(nsec int64) os.Error {
- return os.NewError("TLS does not support SetWriteTimeout")
+func (c *Conn) SetWriteTimeout(nsec int64) error {
+ return errors.New("TLS does not support SetWriteTimeout")
}
// A halfConn represents one direction of the record layer
@@ -129,7 +129,7 @@ func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac ma
// changeCipherSpec changes the encryption and MAC states
// to the ones previously passed to prepareCipherSpec.
-func (hc *halfConn) changeCipherSpec() os.Error {
+func (hc *halfConn) changeCipherSpec() error {
if hc.nextCipher == nil {
return alertInternalError
}
@@ -378,7 +378,7 @@ func (b *block) reserve(n int) {
// readFromUntil reads from r into b until b contains at least n bytes
// or else returns an error.
-func (b *block) readFromUntil(r io.Reader, n int) os.Error {
+func (b *block) readFromUntil(r io.Reader, n int) error {
// quick case
if len(b.data) >= n {
return nil
@@ -399,7 +399,7 @@ func (b *block) readFromUntil(r io.Reader, n int) os.Error {
return nil
}
-func (b *block) Read(p []byte) (n int, err os.Error) {
+func (b *block) Read(p []byte) (n int, err error) {
n = copy(p, b.data[b.off:])
b.off += n
return
@@ -443,7 +443,7 @@ func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) {
// readRecord reads the next TLS record from the connection
// and updates the record layer state.
// c.in.Mutex <= L; c.input == nil.
-func (c *Conn) readRecord(want recordType) os.Error {
+func (c *Conn) readRecord(want recordType) error {
// Caller must be in sync with connection:
// handshake data if handshake not yet completed,
// else application data. (We don't support renegotiation.)
@@ -502,7 +502,7 @@ Again:
}
}
if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil {
- if err == os.EOF {
+ if err == io.EOF {
err = io.ErrUnexpectedEOF
}
if e, ok := err.(net.Error); !ok || !e.Temporary() {
@@ -534,7 +534,7 @@ Again:
break
}
if alert(data[1]) == alertCloseNotify {
- c.setError(os.EOF)
+ c.setError(io.EOF)
break
}
switch data[0] {
@@ -543,7 +543,7 @@ Again:
c.in.freeBlock(b)
goto Again
case alertLevelError:
- c.setError(&net.OpError{Op: "remote error", Error: alert(data[1])})
+ c.setError(&net.OpError{Op: "remote error", Err: alert(data[1])})
default:
c.sendAlert(alertUnexpectedMessage)
}
@@ -582,7 +582,7 @@ Again:
// sendAlert sends a TLS alert message.
// c.out.Mutex <= L.
-func (c *Conn) sendAlertLocked(err alert) os.Error {
+func (c *Conn) sendAlertLocked(err alert) error {
c.tmp[0] = alertLevelError
if err == alertNoRenegotiation {
c.tmp[0] = alertLevelWarning
@@ -591,14 +591,14 @@ func (c *Conn) sendAlertLocked(err alert) os.Error {
c.writeRecord(recordTypeAlert, c.tmp[0:2])
// closeNotify is a special case in that it isn't an error:
if err != alertCloseNotify {
- return c.setError(&net.OpError{Op: "local error", Error: err})
+ return c.setError(&net.OpError{Op: "local error", Err: err})
}
return nil
}
// sendAlert sends a TLS alert message.
// L < c.out.Mutex.
-func (c *Conn) sendAlert(err alert) os.Error {
+func (c *Conn) sendAlert(err alert) error {
c.out.Lock()
defer c.out.Unlock()
return c.sendAlertLocked(err)
@@ -607,7 +607,7 @@ func (c *Conn) sendAlert(err alert) os.Error {
// writeRecord writes a TLS record with the given type and payload
// to the connection and updates the record layer state.
// c.out.Mutex <= L.
-func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) {
+func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) {
b := c.out.newBlock()
for len(data) > 0 {
m := len(data)
@@ -643,7 +643,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) {
c.tmp[0] = alertLevelError
c.tmp[1] = byte(err.(alert))
c.writeRecord(recordTypeAlert, c.tmp[0:2])
- c.err = &net.OpError{Op: "local error", Error: err}
+ c.err = &net.OpError{Op: "local error", Err: err}
return n, c.err
}
}
@@ -653,7 +653,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) {
// readHandshake reads the next handshake message from
// the record layer.
// c.in.Mutex < L; c.out.Mutex < L.
-func (c *Conn) readHandshake() (interface{}, os.Error) {
+func (c *Conn) readHandshake() (interface{}, error) {
for c.hand.Len() < 4 {
if c.err != nil {
return nil, c.err
@@ -720,7 +720,7 @@ func (c *Conn) readHandshake() (interface{}, os.Error) {
}
// Write writes data to the connection.
-func (c *Conn) Write(b []byte) (n int, err os.Error) {
+func (c *Conn) Write(b []byte) (n int, err error) {
if err = c.Handshake(); err != nil {
return
}
@@ -739,7 +739,7 @@ func (c *Conn) Write(b []byte) (n int, err os.Error) {
// Read can be made to time out and return err == os.EAGAIN
// after a fixed time limit; see SetTimeout and SetReadTimeout.
-func (c *Conn) Read(b []byte) (n int, err os.Error) {
+func (c *Conn) Read(b []byte) (n int, err error) {
if err = c.Handshake(); err != nil {
return
}
@@ -765,8 +765,8 @@ func (c *Conn) Read(b []byte) (n int, err os.Error) {
}
// Close closes the connection.
-func (c *Conn) Close() os.Error {
- var alertErr os.Error
+func (c *Conn) Close() error {
+ var alertErr error
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
@@ -784,7 +784,7 @@ func (c *Conn) Close() os.Error {
// protocol if it has not yet been run.
// Most uses of this package need not call Handshake
// explicitly: the first Read or Write will call it automatically.
-func (c *Conn) Handshake() os.Error {
+func (c *Conn) Handshake() error {
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
if err := c.error(); err != nil {
@@ -828,16 +828,16 @@ func (c *Conn) OCSPResponse() []byte {
}
// VerifyHostname checks that the peer certificate chain is valid for
-// connecting to host. If so, it returns nil; if not, it returns an os.Error
+// connecting to host. If so, it returns nil; if not, it returns an error
// describing the problem.
-func (c *Conn) VerifyHostname(host string) os.Error {
+func (c *Conn) VerifyHostname(host string) error {
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
if !c.isClient {
- return os.NewError("VerifyHostname called on TLS server connection")
+ return errors.New("VerifyHostname called on TLS server connection")
}
if !c.handshakeComplete {
- return os.NewError("TLS handshake has not yet been performed")
+ return errors.New("TLS handshake has not yet been performed")
}
return c.peerCertificates[0].VerifyHostname(host)
}
diff --git a/libgo/go/crypto/tls/handshake_client.go b/libgo/go/crypto/tls/handshake_client.go
index 575a121..aed991cc 100644
--- a/libgo/go/crypto/tls/handshake_client.go
+++ b/libgo/go/crypto/tls/handshake_client.go
@@ -9,11 +9,11 @@ import (
"crypto/rsa"
"crypto/subtle"
"crypto/x509"
+ "errors"
"io"
- "os"
)
-func (c *Conn) clientHandshake() os.Error {
+func (c *Conn) clientHandshake() error {
finishedHash := newFinishedHash(versionTLS10)
if c.config == nil {
@@ -40,7 +40,7 @@ func (c *Conn) clientHandshake() os.Error {
_, err := io.ReadFull(c.config.rand(), hello.random[4:])
if err != nil {
c.sendAlert(alertInternalError)
- return os.NewError("short read from Rand")
+ return errors.New("short read from Rand")
}
finishedHash.Write(hello.marshal())
@@ -69,7 +69,7 @@ func (c *Conn) clientHandshake() os.Error {
if !hello.nextProtoNeg && serverHello.nextProtoNeg {
c.sendAlert(alertHandshakeFailure)
- return os.NewError("server advertised unrequested NPN")
+ return errors.New("server advertised unrequested NPN")
}
suite, suiteId := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite)
@@ -92,7 +92,7 @@ func (c *Conn) clientHandshake() os.Error {
cert, err := x509.ParseCertificate(asn1Data)
if err != nil {
c.sendAlert(alertBadCertificate)
- return os.NewError("failed to parse certificate from server: " + err.String())
+ return errors.New("failed to parse certificate from server: " + err.Error())
}
certs[i] = cert
}
diff --git a/libgo/go/crypto/tls/handshake_server.go b/libgo/go/crypto/tls/handshake_server.go
index ed9a2e6a..d5af084 100644
--- a/libgo/go/crypto/tls/handshake_server.go
+++ b/libgo/go/crypto/tls/handshake_server.go
@@ -9,11 +9,11 @@ import (
"crypto/rsa"
"crypto/subtle"
"crypto/x509"
+ "errors"
"io"
- "os"
)
-func (c *Conn) serverHandshake() os.Error {
+func (c *Conn) serverHandshake() error {
config := c.config
msg, err := c.readHandshake()
if err != nil {
@@ -177,7 +177,7 @@ FindCipherSuite:
cert, err := x509.ParseCertificate(asn1Data)
if err != nil {
c.sendAlert(alertBadCertificate)
- return os.NewError("could not parse client's certificate: " + err.String())
+ return errors.New("could not parse client's certificate: " + err.Error())
}
certs[i] = cert
}
@@ -186,7 +186,7 @@ FindCipherSuite:
for i := 1; i < len(certs); i++ {
if err := certs[i-1].CheckSignatureFrom(certs[i]); err != nil {
c.sendAlert(alertBadCertificate)
- return os.NewError("could not validate certificate signature: " + err.String())
+ return errors.New("could not validate certificate signature: " + err.Error())
}
}
@@ -233,7 +233,7 @@ FindCipherSuite:
err = rsa.VerifyPKCS1v15(pub, crypto.MD5SHA1, digest, certVerify.signature)
if err != nil {
c.sendAlert(alertBadCertificate)
- return os.NewError("could not validate signature of connection nonces: " + err.String())
+ return errors.New("could not validate signature of connection nonces: " + err.Error())
}
finishedHash.Write(certVerify.marshal())
diff --git a/libgo/go/crypto/tls/handshake_server_test.go b/libgo/go/crypto/tls/handshake_server_test.go
index 1939f3d..f2b0a14 100644
--- a/libgo/go/crypto/tls/handshake_server_test.go
+++ b/libgo/go/crypto/tls/handshake_server_test.go
@@ -12,7 +12,6 @@ import (
"flag"
"io"
"net"
- "os"
"strconv"
"strings"
"testing"
@@ -20,7 +19,7 @@ import (
type zeroSource struct{}
-func (zeroSource) Read(b []byte) (n int, err os.Error) {
+func (zeroSource) Read(b []byte) (n int, err error) {
for i := range b {
b[i] = 0
}
@@ -41,7 +40,7 @@ func init() {
testConfig.InsecureSkipVerify = true
}
-func testClientHelloFailure(t *testing.T, m handshakeMessage, expected os.Error) {
+func testClientHelloFailure(t *testing.T, m handshakeMessage, expected error) {
// Create in-memory network connection,
// send message to server. Should return
// expected error.
@@ -56,7 +55,7 @@ func testClientHelloFailure(t *testing.T, m handshakeMessage, expected os.Error)
}()
err := Server(s, testConfig).Handshake()
s.Close()
- if e, ok := err.(*net.OpError); !ok || e.Error != expected {
+ if e, ok := err.(*net.OpError); !ok || e.Err != expected {
t.Errorf("Got error: %s; expected: %s", err, expected)
}
}
@@ -93,7 +92,7 @@ func TestAlertForwarding(t *testing.T) {
err := Server(s, testConfig).Handshake()
s.Close()
- if e, ok := err.(*net.OpError); !ok || e.Error != os.Error(alertUnknownCA) {
+ if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) {
t.Errorf("Got error: %s; expected: %s", err, alertUnknownCA)
}
}
@@ -104,8 +103,8 @@ func TestClose(t *testing.T) {
err := Server(s, testConfig).Handshake()
s.Close()
- if err != os.EOF {
- t.Errorf("Got error: %s; expected: %s", err, os.EOF)
+ if err != io.EOF {
+ t.Errorf("Got error: %s; expected: %s", err, io.EOF)
}
}
diff --git a/libgo/go/crypto/tls/key_agreement.go b/libgo/go/crypto/tls/key_agreement.go
index e347528..ba34606 100644
--- a/libgo/go/crypto/tls/key_agreement.go
+++ b/libgo/go/crypto/tls/key_agreement.go
@@ -12,19 +12,19 @@ import (
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
+ "errors"
"io"
- "os"
)
// rsaKeyAgreement implements the standard TLS key agreement where the client
// encrypts the pre-master secret to the server's public key.
type rsaKeyAgreement struct{}
-func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) {
+func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
return nil, nil
}
-func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, os.Error) {
+func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
preMasterSecret := make([]byte, 48)
_, err := io.ReadFull(config.rand(), preMasterSecret[2:])
if err != nil {
@@ -32,14 +32,14 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe
}
if len(ckx.ciphertext) < 2 {
- return nil, os.NewError("bad ClientKeyExchange")
+ return nil, errors.New("bad ClientKeyExchange")
}
ciphertext := ckx.ciphertext
if version != versionSSL30 {
ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1])
if ciphertextLen != len(ckx.ciphertext)-2 {
- return nil, os.NewError("bad ClientKeyExchange")
+ return nil, errors.New("bad ClientKeyExchange")
}
ciphertext = ckx.ciphertext[2:]
}
@@ -57,11 +57,11 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe
return preMasterSecret, nil
}
-func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
- return os.NewError("unexpected ServerKeyExchange")
+func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
+ return errors.New("unexpected ServerKeyExchange")
}
-func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {
+func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
preMasterSecret := make([]byte, 48)
preMasterSecret[0] = byte(clientHello.vers >> 8)
preMasterSecret[1] = byte(clientHello.vers)
@@ -109,7 +109,7 @@ type ecdheRSAKeyAgreement struct {
x, y *big.Int
}
-func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) {
+func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
var curveid uint16
Curve:
@@ -131,7 +131,7 @@ Curve:
}
var x, y *big.Int
- var err os.Error
+ var err error
ka.privateKey, x, y, err = ka.curve.GenerateKey(config.rand())
if err != nil {
return nil, err
@@ -149,7 +149,7 @@ Curve:
md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams)
sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1)
if err != nil {
- return nil, os.NewError("failed to sign ECDHE parameters: " + err.String())
+ return nil, errors.New("failed to sign ECDHE parameters: " + err.Error())
}
skx := new(serverKeyExchangeMsg)
@@ -163,13 +163,13 @@ Curve:
return skx, nil
}
-func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, os.Error) {
+func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 {
- return nil, os.NewError("bad ClientKeyExchange")
+ return nil, errors.New("bad ClientKeyExchange")
}
x, y := ka.curve.Unmarshal(ckx.ciphertext[1:])
if x == nil {
- return nil, os.NewError("bad ClientKeyExchange")
+ return nil, errors.New("bad ClientKeyExchange")
}
x, _ = ka.curve.ScalarMult(x, y, ka.privateKey)
preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3)
@@ -179,14 +179,14 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl
return preMasterSecret, nil
}
-var errServerKeyExchange = os.NewError("invalid ServerKeyExchange")
+var errServerKeyExchange = errors.New("invalid ServerKeyExchange")
-func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
+func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
if len(skx.key) < 4 {
return errServerKeyExchange
}
if skx.key[0] != 3 { // named curve
- return os.NewError("server selected unsupported curve")
+ return errors.New("server selected unsupported curve")
}
curveid := uint16(skx.key[1])<<8 | uint16(skx.key[2])
@@ -198,7 +198,7 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
case curveP521:
ka.curve = elliptic.P521()
default:
- return os.NewError("server selected unsupported curve")
+ return errors.New("server selected unsupported curve")
}
publicLen := int(skx.key[3])
@@ -225,9 +225,9 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig)
}
-func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {
+func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
if ka.curve == nil {
- return nil, nil, os.NewError("missing ServerKeyExchange message")
+ return nil, nil, errors.New("missing ServerKeyExchange message")
}
priv, mx, my, err := ka.curve.GenerateKey(config.rand())
if err != nil {
diff --git a/libgo/go/crypto/tls/prf.go b/libgo/go/crypto/tls/prf.go
index 2d58dc5..d758f21 100644
--- a/libgo/go/crypto/tls/prf.go
+++ b/libgo/go/crypto/tls/prf.go
@@ -9,7 +9,6 @@ import (
"crypto/md5"
"crypto/sha1"
"hash"
- "os"
)
// Split a premaster secret in two as specified in RFC 4346, section 5.
@@ -156,7 +155,7 @@ type finishedHash struct {
version uint16
}
-func (h finishedHash) Write(msg []byte) (n int, err os.Error) {
+func (h finishedHash) Write(msg []byte) (n int, err error) {
h.clientMD5.Write(msg)
h.clientSHA1.Write(msg)
h.serverMD5.Write(msg)
diff --git a/libgo/go/crypto/tls/tls.go b/libgo/go/crypto/tls/tls.go
index 4f0859f..3ca6240 100644
--- a/libgo/go/crypto/tls/tls.go
+++ b/libgo/go/crypto/tls/tls.go
@@ -10,9 +10,9 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
+ "errors"
"io/ioutil"
"net"
- "os"
"strings"
)
@@ -41,7 +41,7 @@ type Listener struct {
// Accept waits for and returns the next incoming TLS connection.
// The returned connection c is a *tls.Conn.
-func (l *Listener) Accept() (c net.Conn, err os.Error) {
+func (l *Listener) Accept() (c net.Conn, err error) {
c, err = l.listener.Accept()
if err != nil {
return
@@ -51,7 +51,7 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) {
}
// Close closes the listener.
-func (l *Listener) Close() os.Error { return l.listener.Close() }
+func (l *Listener) Close() error { return l.listener.Close() }
// Addr returns the listener's network address.
func (l *Listener) Addr() net.Addr { return l.listener.Addr() }
@@ -71,9 +71,9 @@ func NewListener(listener net.Listener, config *Config) (l *Listener) {
// given network address using net.Listen.
// The configuration config must be non-nil and must have
// at least one certificate.
-func Listen(network, laddr string, config *Config) (*Listener, os.Error) {
+func Listen(network, laddr string, config *Config) (*Listener, error) {
if config == nil || len(config.Certificates) == 0 {
- return nil, os.NewError("tls.Listen: no certificates in configuration")
+ return nil, errors.New("tls.Listen: no certificates in configuration")
}
l, err := net.Listen(network, laddr)
if err != nil {
@@ -88,7 +88,7 @@ func Listen(network, laddr string, config *Config) (*Listener, os.Error) {
// Dial interprets a nil configuration as equivalent to
// the zero configuration; see the documentation of Config
// for the defaults.
-func Dial(network, addr string, config *Config) (*Conn, os.Error) {
+func Dial(network, addr string, config *Config) (*Conn, error) {
raddr := addr
c, err := net.Dial(network, raddr)
if err != nil {
@@ -120,7 +120,7 @@ func Dial(network, addr string, config *Config) (*Conn, os.Error) {
// LoadX509KeyPair reads and parses a public/private key pair from a pair of
// files. The files must contain PEM encoded data.
-func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.Error) {
+func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err error) {
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
return
@@ -134,7 +134,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
// X509KeyPair parses a public/private key pair from a pair of
// PEM encoded data.
-func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Error) {
+func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) {
var certDERBlock *pem.Block
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
@@ -147,19 +147,19 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err
}
if len(cert.Certificate) == 0 {
- err = os.NewError("crypto/tls: failed to parse certificate PEM data")
+ err = errors.New("crypto/tls: failed to parse certificate PEM data")
return
}
keyDERBlock, _ := pem.Decode(keyPEMBlock)
if keyDERBlock == nil {
- err = os.NewError("crypto/tls: failed to parse key PEM data")
+ err = errors.New("crypto/tls: failed to parse key PEM data")
return
}
key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes)
if err != nil {
- err = os.NewError("crypto/tls: failed to parse key: " + err.String())
+ err = errors.New("crypto/tls: failed to parse key: " + err.Error())
return
}
@@ -173,7 +173,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err
}
if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
- err = os.NewError("crypto/tls: private key does not match public key")
+ err = errors.New("crypto/tls: private key does not match public key")
return
}
generated by cgit v1.1 at 2025-02-08 10:46:33 +0000