From: Mike Faraponov <mikefaraponov@gmail.com>
Date: Wed, 13 Apr 2022 12:58:29 +0000 (+0000)
Subject: crypto/tls: remove unused hashForClientCertificate param
X-Git-Tag: go1.20rc1~1643
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=03fb5d7574eaceb26e99586dec20691663fe6b82;p=gostls13.git

crypto/tls: remove unused hashForClientCertificate param

Change-Id: I86af2508a31ea1e79d362c22ff4fac8900536761
GitHub-Last-Rev: d2a1ddccbd32499d7c379941daff528e7f2017c3
GitHub-Pull-Request: golang/go#52328
Reviewed-on: https://go-review.googlesource.com/c/go/+/399829
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
---

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index f5e24cbc6d..721143cb75 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -629,7 +629,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 			}
 		}
 
-		signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret)
+		signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash)
 		signOpts := crypto.SignerOpts(sigHash)
 		if sigType == signatureRSAPSS {
 			signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 844e887af3..cf6dfad3a7 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -660,7 +660,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 			}
 		}
 
-		signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret)
+		signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash)
 		if err := verifyHandshakeSignature(sigType, pub, sigHash, signed, certVerify.signature); err != nil {
 			c.sendAlert(alertDecryptError)
 			return errors.New("tls: invalid signature by the client certificate: " + err.Error())
diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go
index 13bfa009ca..b60166dee3 100644
--- a/src/crypto/tls/prf.go
+++ b/src/crypto/tls/prf.go
@@ -215,7 +215,7 @@ func (h finishedHash) serverSum(masterSecret []byte) []byte {
 
 // hashForClientCertificate returns the handshake messages so far, pre-hashed if
 // necessary, suitable for signing by a TLS client certificate.
-func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash, masterSecret []byte) []byte {
+func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash) []byte {
 	if (h.version >= VersionTLS12 || sigType == signatureEd25519) && h.buffer == nil {
 		panic("tls: handshake hash for a client certificate requested after discarding the handshake buffer")
 	}