diff options
Diffstat (limited to 'libgo/go/crypto/tls/tls.go')
| -rw-r--r-- | libgo/go/crypto/tls/tls.go | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/libgo/go/crypto/tls/tls.go b/libgo/go/crypto/tls/tls.go index 578035c..ba6d5eb 100644 --- a/libgo/go/crypto/tls/tls.go +++ b/libgo/go/crypto/tls/tls.go @@ -5,14 +5,9 @@ // Package tls partially implements TLS 1.2, as specified in RFC 5246, // and TLS 1.3, as specified in RFC 8446. // -// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable +// TLS 1.3 is available on an opt-out basis in Go 1.13. To disable // it, set the GODEBUG environment variable (comma-separated key=value -// options) such that it includes "tls13=1". To enable it from within -// the process, set the environment variable before any use of TLS: -// -// func init() { -// os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1") -// } +// options) such that it includes "tls13=0". package tls // BUG(agl): The crypto/tls package only implements some countermeasures @@ -21,8 +16,10 @@ package tls // https://www.imperialviolet.org/2013/02/04/luckythirteen.html. import ( + "bytes" "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/rsa" "crypto/x509" "encoding/pem" @@ -276,6 +273,14 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) { if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 { return fail(errors.New("tls: private key does not match public key")) } + case ed25519.PublicKey: + priv, ok := cert.PrivateKey.(ed25519.PrivateKey) + if !ok { + return fail(errors.New("tls: private key type does not match public key type")) + } + if !bytes.Equal(priv.Public().(ed25519.PublicKey), pub) { + return fail(errors.New("tls: private key does not match public key")) + } default: return fail(errors.New("tls: unknown public key algorithm")) } @@ -292,7 +297,7 @@ func parsePrivateKey(der []byte) (crypto.PrivateKey, error) { } if key, err := x509.ParsePKCS8PrivateKey(der); err == nil { switch key := key.(type) { - case *rsa.PrivateKey, *ecdsa.PrivateKey: + case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey: return key, nil default: return nil, errors.New("tls: found unknown private key type in PKCS#8 wrapping") |