initLegacySessionTicketKeyRLocked ensures the legacy SessionTicketKey field is randomized if empty, and that sessionTicketKeys is populated from it otherwise.
()
| 1027 | // initLegacySessionTicketKeyRLocked ensures the legacy SessionTicketKey field is |
| 1028 | // randomized if empty, and that sessionTicketKeys is populated from it otherwise. |
| 1029 | func (c *Config) initLegacySessionTicketKeyRLocked() { |
| 1030 | // Don't write if SessionTicketKey is already defined as our deprecated string, |
| 1031 | // or if it is defined by the user but sessionTicketKeys is already set. |
| 1032 | if c.SessionTicketKey != [32]byte{} && |
| 1033 | (bytes.HasPrefix(c.SessionTicketKey[:], deprecatedSessionTicketKey) || len(c.sessionTicketKeys) > 0) { |
| 1034 | return |
| 1035 | } |
| 1036 | |
| 1037 | // We need to write some data, so get an exclusive lock and re-check any conditions. |
| 1038 | c.mutex.RUnlock() |
| 1039 | defer c.mutex.RLock() |
| 1040 | c.mutex.Lock() |
| 1041 | defer c.mutex.Unlock() |
| 1042 | if c.SessionTicketKey == [32]byte{} { |
| 1043 | if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil { |
| 1044 | panic(fmt.Sprintf("tls: unable to generate random session ticket key: %v", err)) |
| 1045 | } |
| 1046 | // Write the deprecated prefix at the beginning so we know we created |
| 1047 | // it. This key with the DEPRECATED prefix isn't used as an actual |
| 1048 | // session ticket key, and is only randomized in case the application |
| 1049 | // reuses it for some reason. |
| 1050 | copy(c.SessionTicketKey[:], deprecatedSessionTicketKey) |
| 1051 | } else if !bytes.HasPrefix(c.SessionTicketKey[:], deprecatedSessionTicketKey) && len(c.sessionTicketKeys) == 0 { |
| 1052 | c.sessionTicketKeys = []ticketKey{c.ticketKeyFromBytes(c.SessionTicketKey)} |
| 1053 | } |
| 1054 | |
| 1055 | } |
| 1056 | |
| 1057 | // ticketKeys returns the ticketKeys for this connection. |
| 1058 | // If configForClient has explicitly set keys, those will |
no test coverage detected