crypto/tls: disable SHA-1 signature algorithms in TLS 1.2

This implements RFC 9155 by removing support for SHA-1 algorithms: - we don't advertise them in ClientHello and CertificateRequest (where supportedSignatureAlgorithms is used directly) - we don't select them in our ServerKeyExchange and CertificateVerify (where supportedSignatureAlgorithms filters signatureSchemesForCertificate) - we reject them in the peer's ServerKeyExchange and CertificateVerify (where we check against the algorithms we advertised in ClientHello and CertificateRequest) Fixes #72883 Change-Id: I6a6a4656e2aafd2c38cdd32090d3d8a9a8047818 Reviewed-on: https://go-review.googlesource.com/c/go/+/658216 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
author: Filippo Valsorda <filippo@golang.org> 2025-03-15 15:12:39 +0100
committer: Gopher Robot <gobot@golang.org> 2025-05-21 15:09:29 -0700
commit: 59211acb5dbde14647e025eb7379675debcf3930 (patch)
tree: db98ad31b32d59f381e701cadda32590233d096c /src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
parent: 4158ca8d7c521aee5cc48f285f559e74845e973c (diff)
download: go-59211acb5dbde14647e025eb7379675debcf3930.tar.xz
1 files changed, 49 insertions, 50 deletions
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
index 7356bfebfc..c20bd95d7f 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
@@ -1,5 +1,5 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 01 1c 01 00 01  18 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 01 18 01 00 01  14 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@@ -7,23 +7,22 @@
 00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
 00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
 00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
-00000080  01 00 00 9d 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
+00000080  01 00 00 99 00 0b 00 02  01 00 ff 01 00 01 00 00  |................|
 00000090  17 00 00 00 12 00 00 00  05 00 05 01 00 00 00 00  |................|
 000000a0  00 0a 00 0a 00 08 00 1d  00 17 00 18 00 19 00 0d  |................|
-000000b0  00 1a 00 18 08 04 04 03  08 07 08 05 08 06 04 01  |................|
-000000c0  05 01 06 01 05 03 06 03  02 01 02 03 00 32 00 1a  |.............2..|
-000000d0  00 18 08 04 04 03 08 07  08 05 08 06 04 01 05 01  |................|
-000000e0  06 01 05 03 06 03 02 01  02 03 00 2b 00 09 08 03  |...........+....|
-000000f0  04 03 03 03 02 03 01 00  33 00 26 00 24 00 1d 00  |........3.&.$...|
-00000100  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
-00000110  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-00000120  74                                                |t|
+000000b0  00 16 00 14 08 04 04 03  08 07 08 05 08 06 04 01  |................|
+000000c0  05 01 06 01 05 03 06 03  00 32 00 1a 00 18 08 04  |.........2......|
+000000d0  04 03 08 07 08 05 08 06  04 01 05 01 06 01 05 03  |................|
+000000e0  06 03 02 01 02 03 00 2b  00 09 08 03 04 03 03 03  |.......+........|
+000000f0  02 03 01 00 33 00 26 00  24 00 1d 00 20 2f e5 7d  |....3.&.$... /.}|
+00000100  a3 47 cd 62 43 15 28 da  ac 5f bb 29 07 30 ff f6  |.G.bC.(.._.).0..|
+00000110  84 af c4 cf c2 ed 90 99  5f 58 cb 3b 74           |........_X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 5d 02 00 00  59 03 03 26 62 0d 9d 45  |....]...Y..&b..E|
-00000010  3d 25 b7 ed ec ce b8 d6  8f fd a6 68 0b 07 05 28  |=%.........h...(|
-00000020  d4 2a 9c d9 cf bf e9 a0  92 71 6f 20 18 af a0 13  |.*.......qo ....|
-00000030  72 10 57 69 cf 63 db 73  c4 44 b8 a9 27 cd 9a a0  |r.Wi.c.s.D..'...|
-00000040  3b be f1 57 ef 10 19 80  0b c0 51 94 c0 2f 00 00  |;..W......Q../..|
+00000000  16 03 03 00 5d 02 00 00  59 03 03 48 41 85 3e fc  |....]...Y..HA.>.|
+00000010  9f e7 b6 84 da fe 2f a7  1d e9 ba 12 4e a1 cf cb  |....../.....N...|
+00000020  9e f8 df 76 7c e7 29 c1  3b 9e 23 20 07 c9 55 c7  |...v|.).;.# ..U.|
+00000030  0e 45 5c 26 17 94 b4 14  6b 58 39 27 43 4e dc 9b  |.E\&....kX9'CN..|
+00000040  65 30 0e f2 bd 59 d9 a2  a1 f3 0a 01 c0 2f 00 00  |e0...Y......./..|
 00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
 00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
 00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
@@ -63,18 +62,18 @@
 00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
 000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
 000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
-000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 22 fe 67  |............ ".g|
-000002d0  48 d3 90 04 ee 7d c2 2a  6d 9f 3a 36 3c b2 f8 14  |H....}.*m.:6<...|
-000002e0  24 76 54 5a ae ed 2f 62  fc 76 e0 00 07 08 04 00  |$vTZ../b.v......|
-000002f0  80 6d 8b e6 52 be ed 40  b8 b1 51 53 94 08 93 76  |.m..R..@..QS...v|
-00000300  9b 84 06 66 60 b9 be a8  f1 bb 5d fa 81 42 28 8e  |...f`.....]..B(.|
-00000310  aa ce 72 9f df a3 53 2d  c9 6d 34 10 78 36 da 33  |..r...S-.m4.x6.3|
-00000320  09 0c a0 5e ea 56 2e 6f  62 fc 3c 5e 5b 6d 97 c9  |...^.V.ob.<^[m..|
-00000330  39 1b 3c eb 6d 1f 0a b5  02 06 6d 9e 99 24 14 ee  |9.<.m.....m..$..|
-00000340  f9 55 cc 4d 7f 77 0c 58  2c 59 0f a4 66 4b 81 b4  |.U.M.w.X,Y..fK..|
-00000350  d9 e4 f6 24 4f ba 05 83  6c c3 6c 2f 5e 74 42 09  |...$O...l.l/^tB.|
-00000360  b3 be d1 c9 6a c8 a6 34  5c bc 36 65 58 cd 02 ae  |....j..4\.6eX...|
-00000370  16 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |.....:...6...@..|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 73 d3 a9  |............ s..|
+000002d0  7e 93 32 e3 dd ad 1c b3  c1 ff 03 c2 b9 08 da 09  |~.2.............|
+000002e0  d3 1b 67 95 9c 8c d1 05  12 2e 8b dc 7a 08 04 00  |..g.........z...|
+000002f0  80 85 af 3b 06 67 b0 ab  07 70 21 02 b1 3a 89 40  |...;.g...p!..:.@|
+00000300  d6 90 ef a5 5b 89 49 81  18 20 74 9f 7b dd 58 65  |....[.I.. t.{.Xe|
+00000310  28 6f 2a f1 aa 3f 35 91  b9 88 79 27 a0 f3 e7 41  |(o*..?5...y'...A|
+00000320  9a a5 77 be 55 5e 70 89  37 b6 4a 7b 3b 8c df ad  |..w.U^p.7.J{;...|
+00000330  47 cc ac 45 47 43 05 05  ad c9 7b d8 1d d6 a8 fa  |G..EGC....{.....|
+00000340  38 45 c3 54 35 0c 28 a1  29 be 1f 73 98 a6 02 01  |8E.T5.(.)..s....|
+00000350  fb 9d 12 64 1a 9c f3 82  e5 3f f6 0c 20 67 59 72  |...d.....?.. gYr|
+00000360  3f a7 59 4e ef b4 58 ba  49 4e c9 b6 ea 95 b2 b3  |?.YN..X.IN......|
+00000370  78 16 03 03 00 3a 0d 00  00 36 03 01 02 40 00 2e  |x....:...6...@..|
 00000380  04 03 05 03 06 03 08 07  08 08 08 09 08 0a 08 0b  |................|
 00000390  08 04 08 05 08 06 04 01  05 01 06 01 03 03 02 03  |................|
 000003a0  03 01 02 01 03 02 02 02  04 02 05 02 06 02 00 00  |................|
@@ -115,28 +114,28 @@
 00000200  e4 fa cc b1 8a ce e2 23  a0 87 f0 e1 67 51 eb 16  |.......#....gQ..|
 00000210  03 03 00 25 10 00 00 21  20 2f e5 7d a3 47 cd 62  |...%...! /.}.G.b|
 00000220  43 15 28 da ac 5f bb 29  07 30 ff f6 84 af c4 cf  |C.(.._.).0......|
-00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 92 0f 00  |...._X.;t.......|
-00000240  00 8e 04 03 00 8a 30 81  87 02 42 00 8e 41 5f 48  |......0...B..A_H|
-00000250  64 4e 6e 7e 7d ed 5b da  88 7a 38 1f bd 04 ee 93  |dNn~}.[..z8.....|
-00000260  88 f8 3d e5 b7 51 4a 43  6b c5 c1 02 06 c5 2c c1  |..=..QJCk.....,.|
-00000270  48 18 2e 11 63 8a 9d 94  35 98 bc d1 d7 19 1f c0  |H...c...5.......|
-00000280  f6 dc 10 15 89 bf 99 0c  87 7d 3e bf e2 02 41 4f  |.........}>...AO|
-00000290  e3 d4 a0 b2 4d 80 ec 21  2f b3 fc df 6c b7 bd 6d  |....M..!/...l..m|
-000002a0  c7 6d 0a 7a 24 56 a4 c8  36 ec 7d 2d 65 ff 8c 4b  |.m.z$V..6.}-e..K|
-000002b0  c7 cd 52 99 f1 2d e5 19  57 89 fe 52 44 ca e0 c3  |..R..-..W..RD...|
-000002c0  34 fc c5 4a da 59 f5 62  eb c4 c5 cb 1d d7 4b 63  |4..J.Y.b......Kc|
-000002d0  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-000002e0  00 00 00 5d 34 16 3d d0  04 3f b7 3d a2 be 20 8b  |...]4.=..?.=.. .|
-000002f0  19 20 09 7b f0 7e 52 95  e6 b8 f1 06 08 93 6b 91  |. .{.~R.......k.|
-00000300  ee fa c8                                          |...|
+00000230  c2 ed 90 99 5f 58 cb 3b  74 16 03 03 00 91 0f 00  |...._X.;t.......|
+00000240  00 8d 04 03 00 89 30 81  86 02 41 66 64 90 bc df  |......0...Afd...|
+00000250  a5 d0 19 89 2b ed fc a5  8f 7e 14 d0 9f a2 07 6b  |....+....~.....k|
+00000260  d3 09 07 46 f8 29 4d b5  6c 01 e5 2e 0d d8 a4 b9  |...F.)M.l.......|
+00000270  1a 86 2f b1 10 4c 29 5b  de e7 29 e6 b9 32 53 ca  |../..L)[..)..2S.|
+00000280  d0 fc 7b a1 82 6e 34 2f  11 7a 2b 98 02 41 74 a4  |..{..n4/.z+..At.|
+00000290  51 21 0c 57 ac 99 d1 a3  8c 86 f6 f2 b8 66 b8 1f  |Q!.W.........f..|
+000002a0  2d db 49 1a c1 34 e6 02  fd ce 50 14 7c 9b a4 52  |-.I..4....P.|..R|
+000002b0  17 bc 96 ab 11 5f 97 9a  7f be ab 26 f7 1f 2b cf  |....._.....&..+.|
+000002c0  30 f1 da 80 b5 82 a0 da  44 be c1 00 51 1d b4 14  |0.......D...Q...|
+000002d0  03 03 00 01 01 16 03 03  00 28 00 00 00 00 00 00  |.........(......|
+000002e0  00 00 39 c2 3d 4e 74 16  e2 8c 4b f9 11 38 94 12  |..9.=Nt...K..8..|
+000002f0  8f d3 16 18 9b ad 41 ef  c9 ed 56 7f e3 ed d7 e5  |......A...V.....|
+00000300  0e 52                                             |.R|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 c1 1c 19 bc 14  |..........(.....|
-00000010  d3 44 ec 5d 6e 84 c4 06  ba c2 83 00 80 ea dd 7d  |.D.]n..........}|
-00000020  9b 2e 75 c7 9d 75 40 e8  89 d1 9b 69 16 20 0b 23  |..u..u@....i. .#|
-00000030  94 48 42                                          |.HB|
+00000000  14 03 03 00 01 01 16 03  03 00 28 c0 9a 2a 35 ef  |..........(..*5.|
+00000010  fa 87 1f 74 0a e9 b7 ea  3c 1c ab 1c ce 6e bb 95  |...t....<....n..|
+00000020  ef 92 f3 cb 07 c0 e6 af  b1 2a 60 fb 09 2a d7 68  |.........*`..*.h|
+00000030  27 b0 f1                                          |'..|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 20 ce 1a  |............. ..|
-00000010  b6 65 88 6d 17 9e 9c 9d  ec 36 af d3 7e fa e5 63  |.e.m.....6..~..c|
-00000020  bc 90 f0 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  e5 a6 0e 68 bc 75 29 7e  c1 ee 6b 3b d3 03 c8 0a  |...h.u)~..k;....|
-00000040  4d 75                                             |Mu|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 b1 98 56  |...............V|
+00000010  38 68 a7 d0 da c6 83 4b  00 31 40 d7 1e 81 35 1a  |8h.....K.1@...5.|
+00000020  2f e3 42 15 03 03 00 1a  00 00 00 00 00 00 00 02  |/.B.............|
+00000030  1d 8f a1 cf 12 2f 53 37  4d 60 46 90 e2 db 97 ce  |...../S7M`F.....|
+00000040  3e 99                                             |>.|
author	Filippo Valsorda <filippo@golang.org>	2025-03-15 15:12:39 +0100
committer	Gopher Robot <gobot@golang.org>	2025-05-21 15:09:29 -0700
commit	59211acb5dbde14647e025eb7379675debcf3930 (patch)
tree	db98ad31b32d59f381e701cadda32590233d096c /src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA
parent	4158ca8d7c521aee5cc48f285f559e74845e973c (diff)
download	go-59211acb5dbde14647e025eb7379675debcf3930.tar.xz