hashForClientCertificate returns the handshake messages so far, pre-hashed if necessary, suitable for signing by a TLS client certificate.
(sigType uint8, hashAlg crypto.Hash, masterSecret []byte)
| 216 | // hashForClientCertificate returns the handshake messages so far, pre-hashed if |
| 217 | // necessary, suitable for signing by a TLS client certificate. |
| 218 | func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash, masterSecret []byte) []byte { |
| 219 | if (h.version >= VersionTLS12 || sigType == signatureEd25519) && h.buffer == nil { |
| 220 | panic("tls: handshake hash for a client certificate requested after discarding the handshake buffer") |
| 221 | } |
| 222 | |
| 223 | if sigType == signatureEd25519 { |
| 224 | return h.buffer |
| 225 | } |
| 226 | |
| 227 | if h.version >= VersionTLS12 { |
| 228 | hash := hashAlg.New() |
| 229 | hash.Write(h.buffer) |
| 230 | return hash.Sum(nil) |
| 231 | } |
| 232 | |
| 233 | if sigType == signatureECDSA { |
| 234 | return h.server.Sum(nil) |
| 235 | } |
| 236 | |
| 237 | return h.Sum() |
| 238 | } |
| 239 | |
| 240 | // discardHandshakeBuffer is called when there is no more need to |
| 241 | // buffer the entirety of the handshake messages. |
no test coverage detected