(ctx context.Context)
| 257 | } |
| 258 | |
| 259 | func (c *Conn) clientHandshake(ctx context.Context) (err error) { |
| 260 | if c.config == nil { |
| 261 | c.config = defaultConfig() |
| 262 | } |
| 263 | |
| 264 | // This may be a renegotiation handshake, in which case some fields |
| 265 | // need to be reset. |
| 266 | c.didResume = false |
| 267 | c.curveID = 0 |
| 268 | |
| 269 | hello, keyShareKeys, ech, err := c.makeClientHello() |
| 270 | if err != nil { |
| 271 | return err |
| 272 | } |
| 273 | c.serverName = hello.serverName |
| 274 | |
| 275 | session, earlySecret, binderKey, err := c.loadSession(hello) |
| 276 | if err != nil { |
| 277 | return err |
| 278 | } |
| 279 | if session != nil { |
| 280 | defer func() { |
| 281 | // If we got a handshake failure when resuming a session, throw away |
| 282 | // the session ticket. See RFC 5077, Section 3.2. |
| 283 | // |
| 284 | // RFC 8446 makes no mention of dropping tickets on failure, but it |
| 285 | // does require servers to abort on invalid binders, so we need to |
| 286 | // delete tickets to recover from a corrupted PSK. |
| 287 | if err != nil { |
| 288 | if cacheKey := c.clientSessionCacheKey(); cacheKey != "" { |
| 289 | c.config.ClientSessionCache.Put(cacheKey, nil) |
| 290 | } |
| 291 | } |
| 292 | }() |
| 293 | } |
| 294 | |
| 295 | if ech != nil { |
| 296 | // Split hello into inner and outer |
| 297 | ech.innerHello = hello.clone() |
| 298 | |
| 299 | // Overwrite the server name in the outer hello with the public facing |
| 300 | // name. |
| 301 | hello.serverName = string(ech.config.PublicName) |
| 302 | // Generate a new random for the outer hello. |
| 303 | hello.random = make([]byte, 32) |
| 304 | _, err = io.ReadFull(c.config.rand(), hello.random) |
| 305 | if err != nil { |
| 306 | return errors.New("tls: short read from Rand: " + err.Error()) |
| 307 | } |
| 308 | |
| 309 | // NOTE: we don't do PSK GREASE, in line with boringssl, it's meant to |
| 310 | // work around _possibly_ broken middleboxes, but there is little-to-no |
| 311 | // evidence that this is actually a problem. |
| 312 | |
| 313 | if err := computeAndUpdateOuterECHExtension(hello, ech.innerHello, ech, true); err != nil { |
| 314 | return err |
| 315 | } |
| 316 | } |
no test coverage detected