1 files changed, 110 insertions, 32 deletions
diff --git a/libgo/go/crypto/tls/common.go b/libgo/go/crypto/tls/common.go
index a4f2b804f10..7135f3d0f71 100644
--- a/libgo/go/crypto/tls/common.go
+++ b/libgo/go/crypto/tls/common.go
@@ -20,7 +20,7 @@ const (
 	maxHandshake    = 65536        // maximum handshake we support (protocol max is 16 MB)
 
 	minVersion = 0x0301 // minimum supported version - TLS 1.0
-	maxVersion = 0x0302 // maximum supported version - TLS 1.1
+	maxVersion = 0x0301 // maximum supported version - TLS 1.0
 )
 
 // TLS record types.
@@ -38,6 +38,7 @@ const (
 	typeClientHello        uint8 = 1
 	typeServerHello        uint8 = 2
 	typeCertificate        uint8 = 11
+	typeServerKeyExchange  uint8 = 12
 	typeCertificateRequest uint8 = 13
 	typeServerHelloDone    uint8 = 14
 	typeCertificateVerify  uint8 = 15
@@ -47,11 +48,6 @@ const (
 	typeNextProtocol       uint8 = 67 // Not IANA assigned
 )
 
-// TLS cipher suites.
-const (
-	TLS_RSA_WITH_RC4_128_SHA uint16 = 5
-)
-
 // TLS compression types.
 const (
 	compressionNone uint8 = 0
@@ -59,9 +55,25 @@ const (
 
 // TLS extension numbers
 var (
-	extensionServerName    uint16 = 0
-	extensionStatusRequest uint16 = 5
-	extensionNextProtoNeg  uint16 = 13172 // not IANA assigned
+	extensionServerName      uint16 = 0
+	extensionStatusRequest   uint16 = 5
+	extensionSupportedCurves uint16 = 10
+	extensionSupportedPoints uint16 = 11
+	extensionNextProtoNeg    uint16 = 13172 // not IANA assigned
+)
+
+// TLS Elliptic Curves
+// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
+var (
+	curveP256 uint16 = 23
+	curveP384 uint16 = 24
+	curveP521 uint16 = 25
+)
+
+// TLS Elliptic Curve Point Formats
+// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
+var (
+	pointFormatUncompressed uint8 = 0
 )
 
 // TLS CertificateStatusType (RFC 3546)
@@ -78,6 +90,7 @@ const (
 	// Rest of these are reserved by the TLS spec
 )
 
+// ConnectionState records basic TLS details about the connection.
 type ConnectionState struct {
 	HandshakeComplete  bool
 	CipherSuite        uint16
@@ -88,28 +101,77 @@ type ConnectionState struct {
 // has been passed to a TLS function it must not be modified.
 type Config struct {
 	// Rand provides the source of entropy for nonces and RSA blinding.
+	// If Rand is nil, TLS uses the cryptographic random reader in package
+	// crypto/rand.
 	Rand io.Reader
+
 	// Time returns the current time as the number of seconds since the epoch.
+	// If Time is nil, TLS uses the system time.Seconds.
 	Time func() int64
-	// Certificates contains one or more certificate chains.
+
+	// Certificates contains one or more certificate chains
+	// to present to the other side of the connection.
+	// Server configurations must include at least one certificate.
 	Certificates []Certificate
-	RootCAs      *CASet
+
+	// RootCAs defines the set of root certificate authorities
+	// that clients use when verifying server certificates.
+	// If RootCAs is nil, TLS uses the host's root CA set.
+	RootCAs *CASet
+
 	// NextProtos is a list of supported, application level protocols.
 	// Currently only server-side handling is supported.
 	NextProtos []string
+
 	// ServerName is included in the client's handshake to support virtual
 	// hosting.
 	ServerName string
-	// AuthenticateClient determines if a server will request a certificate
+
+	// AuthenticateClient controls whether a server will request a certificate
 	// from the client. It does not require that the client send a
-	// certificate nor, if it does, that the certificate is anything more
-	// than self-signed.
+	// certificate nor does it require that the certificate sent be
+	// anything more than self-signed.
 	AuthenticateClient bool
+
+	// CipherSuites is a list of supported cipher suites. If CipherSuites
+	// is nil, TLS uses a list of suites supported by the implementation.
+	CipherSuites []uint16
+}
+
+func (c *Config) rand() io.Reader {
+	r := c.Rand
+	if r == nil {
+		return rand.Reader
+	}
+	return r
+}
+
+func (c *Config) time() int64 {
+	t := c.Time
+	if t == nil {
+		t = time.Seconds
+	}
+	return t()
 }
 
+func (c *Config) rootCAs() *CASet {
+	s := c.RootCAs
+	if s == nil {
+		s = defaultRoots()
+	}
+	return s
+}
+
+func (c *Config) cipherSuites() []uint16 {
+	s := c.CipherSuites
+	if s == nil {
+		s = defaultCipherSuites()
+	}
+	return s
+}
+
+// A Certificate is a chain of one or more certificates, leaf first.
 type Certificate struct {
-	// Certificate contains a chain of one or more certificates. Leaf
-	// certificate first.
 	Certificate [][]byte
 	PrivateKey  *rsa.PrivateKey
 }
@@ -126,11 +188,6 @@ type handshakeMessage interface {
 	unmarshal([]byte) bool
 }
 
-type encryptor interface {
-	// XORKeyStream xors the contents of the slice with bytes from the key stream.
-	XORKeyStream(buf []byte)
-}
-
 // mutualVersion returns the protocol version to use given the advertised
 // version of the peer.
 func mutualVersion(vers uint16) (uint16, bool) {
@@ -143,14 +200,10 @@ func mutualVersion(vers uint16) (uint16, bool) {
 	return vers, true
 }
 
-// The defaultConfig is used in place of a nil *Config in the TLS server and client.
-var varDefaultConfig *Config
-
-var once sync.Once
+var emptyConfig Config
 
 func defaultConfig() *Config {
-	once.Do(initDefaultConfig)
-	return varDefaultConfig
+	return &emptyConfig
 }
 
 // Possible certificate files; stop after finding one.
@@ -162,7 +215,26 @@ var certFiles = []string{
 	"/usr/share/curl/curl-ca-bundle.crt", // OS X
 }
 
-func initDefaultConfig() {
+var once sync.Once
+
+func defaultRoots() *CASet {
+	once.Do(initDefaults)
+	return varDefaultRoots
+}
+
+func defaultCipherSuites() []uint16 {
+	once.Do(initDefaults)
+	return varDefaultCipherSuites
+}
+
+func initDefaults() {
+	initDefaultRoots()
+	initDefaultCipherSuites()
+}
+
+var varDefaultRoots *CASet
+
+func initDefaultRoots() {
 	roots := NewCASet()
 	for _, file := range certFiles {
 		data, err := ioutil.ReadFile(file)
@@ -171,10 +243,16 @@ func initDefaultConfig() {
 			break
 		}
 	}
+	varDefaultRoots = roots
+}
+
+var varDefaultCipherSuites []uint16
 
-	varDefaultConfig = &Config{
-		Rand:    rand.Reader,
-		Time:    time.Seconds,
-		RootCAs: roots,
+func initDefaultCipherSuites() {
+	varDefaultCipherSuites = make([]uint16, len(cipherSuites))
+	i := 0
+	for id, _ := range cipherSuites {
+		varDefaultCipherSuites[i] = id
+		i++
 	}
 }