Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Sat, 18 May 2024 17:35:39 +0000 (19:35 +0200)
committer	Gopher Robot <gobot@golang.org>
	Wed, 22 May 2024 14:19:11 +0000 (14:19 +0000)
commit	3128ebfad748b5f160faa8cb8981bd0eaf6e3227
tree	e1ea4fe27d60ccc526b7e0ac4e8c9433bfb7c348	tree
parent	33496c2dd310aad1d56bae9febcbd2f02b4985cb	commit \| diff

crypto/tls: clarify group selection logic

I initially thought the logic was broken, but writing the test I
realized it was actually very clever (derogative). It was relying on the
outer loop continuing after a supported match without a key share,
allowing a later key share to override it (but not a later supported
match because of the "if selectedGroup != 0 { continue }").

Replaced the clever loop with two hopefully more understandable loops,
and added a test (which was already passing).

We were however not checking that the selected group is in the supported
list if we found it in key shares first. (This was only a MAY.) Fixed.

Fixes #65686

Change-Id: I09ea44f90167ffa36809deb78255ed039a217b6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586655
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

src/crypto/tls/boring_test.go		diff \| blob \| history
src/crypto/tls/common.go		diff \| blob \| history
src/crypto/tls/conn.go		diff \| blob \| history
src/crypto/tls/handshake_client_test.go		diff \| blob \| history
src/crypto/tls/handshake_client_tls13.go		diff \| blob \| history
src/crypto/tls/handshake_server_test.go		diff \| blob \| history
src/crypto/tls/handshake_server_tls13.go		diff \| blob \| history
src/crypto/tls/handshake_test.go		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv13-KeySharePreference	[new file with mode: 0644]	blob