crypto/tls: minor refactors for readability

Change-Id: I93e73f16474b4b31f7097af2f9479822dfc34c5c
Reviewed-on: https://go-review.googlesource.com/20678
Reviewed-by: Adam Langley <agl@golang.org>

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index d38b061edd3f0d22d2db84df7fc7b3b4a5b82e22..f71509b25adb76f7417d5e2b87448ede0824c9d1 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -552,14 +552,15 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
        }
        c.scts = hs.serverHello.scts
 
-       if hs.serverResumedSession() {
-               // Restore masterSecret and peerCerts from previous state
-               hs.masterSecret = hs.session.masterSecret
-               c.peerCertificates = hs.session.serverCertificates
-               c.verifiedChains = hs.session.verifiedChains
-               return true, nil
-       }
-       return false, nil
+       if !hs.serverResumedSession() {
+               return false, nil
+       }
+
+       // Restore masterSecret and peerCerts from previous state
+       hs.masterSecret = hs.session.masterSecret
+       c.peerCertificates = hs.session.serverCertificates
+       c.verifiedChains = hs.session.verifiedChains
+       return true, nil
 }
 
 func (hs *clientHandshakeState) readFinished(out []byte) error {

diff --git a/src/crypto/tls/handshake_messages.go b/src/crypto/tls/handshake_messages.go
index 111ce53487a79116cc88f74d3afe2c47a5b0133e..13d013a594b936b0cacc66cdcfa016a6ab6e9d8c 100644 (file)
--- a/src/crypto/tls/handshake_messages.go
+++ b/src/crypto/tls/handshake_messages.go
@@ -1316,11 +1316,8 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool {
                m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen])
                cas = cas[caLen:]
        }
-       if len(data) > 0 {
-               return false
-       }
 
-       return true
+       return len(data) == 0
 }
 
 type certificateVerifyMsg struct {

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index facc17d94e2795eb29079497d383779659505cca..d910730794fc26a31fca94fa03dc098da9cac979 100644 (file)
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -187,12 +187,13 @@ Curves:
                }
        }
 
-       if hs.cert, err = config.getCertificate(&ClientHelloInfo{
+       hs.cert, err = config.getCertificate(&ClientHelloInfo{
                CipherSuites:    hs.clientHello.cipherSuites,
                ServerName:      hs.clientHello.serverName,
                SupportedCurves: hs.clientHello.supportedCurves,
                SupportedPoints: hs.clientHello.supportedPoints,
-       }); err != nil {
+       })
+       if err != nil {
                c.sendAlert(alertInternalError)
                return false, err
        }
@@ -710,20 +711,20 @@ func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (c
                c.verifiedChains = chains
        }
 
-       if len(certs) > 0 {
-               var pub crypto.PublicKey
-               switch key := certs[0].PublicKey.(type) {
-               case *ecdsa.PublicKey, *rsa.PublicKey:
-                       pub = key
-               default:
-                       c.sendAlert(alertUnsupportedCertificate)
-                       return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
-               }
-               c.peerCertificates = certs
-               return pub, nil
+       if len(certs) == 0 {
+               return nil, nil
        }
 
-       return nil, nil
+       var pub crypto.PublicKey
+       switch key := certs[0].PublicKey.(type) {
+       case *ecdsa.PublicKey, *rsa.PublicKey:
+               pub = key
+       default:
+               c.sendAlert(alertUnsupportedCertificate)
+               return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
+       }
+       c.peerCertificates = certs
+       return pub, nil
 }
 
 // setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState

diff --git a/src/crypto/tls/ticket.go b/src/crypto/tls/ticket.go
index 7be50ce68c959f07554e10eb6b92cb7b1b530aac..3e7aa93c82a7f1eb0605b02967ad1eda22fa926d 100644 (file)
--- a/src/crypto/tls/ticket.go
+++ b/src/crypto/tls/ticket.go
@@ -126,11 +126,7 @@ func (s *sessionState) unmarshal(data []byte) bool {
                data = data[certLen:]
        }
 
-       if len(data) > 0 {
-               return false
-       }
-
-       return true
+       return len(data) == 0
 }
 
 func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {

diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index 55e0d5f083197b7b2bc30d7de42d05476a9083a5..bfe331dd429fe71dc4a9ecf04b286bb813db1696 100644 (file)
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -210,11 +210,11 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
        if len(cert.Certificate) == 0 {
                if len(skippedBlockTypes) == 0 {
                        return fail(errors.New("crypto/tls: failed to find any PEM data in certificate input"))
-               } else if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
+               }
+               if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") {
                        return fail(errors.New("crypto/tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched"))
-               } else {
-                       return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
                }
+               return fail(fmt.Errorf("crypto/tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
        }
 
        skippedBlockTypes = skippedBlockTypes[:0]
@@ -224,11 +224,11 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
                if keyDERBlock == nil {
                        if len(skippedBlockTypes) == 0 {
                                return fail(errors.New("crypto/tls: failed to find any PEM data in key input"))
-                       } else if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
+                       }
+                       if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" {
                                return fail(errors.New("crypto/tls: found a certificate rather than a key in the PEM for the private key"))
-                       } else {
-                               return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
                        }
+                       return fail(fmt.Errorf("crypto/tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes))
                }
                if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
                        break
@@ -262,7 +262,6 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
                priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
                if !ok {
                        return fail(errors.New("crypto/tls: private key type does not match public key type"))
-
                }
                if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
                        return fail(errors.New("crypto/tls: private key does not match public key"))