aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
diff options
context:
space:
mode:
authorFilippo Valsorda <filippo@golang.org>2019-06-13 18:33:33 -0400
committerFilippo Valsorda <filippo@golang.org>2019-06-19 19:59:14 +0000
commit0b3a57b5374bba3fdf88258e2be4c8be65e6a5de (patch)
tree60f2c993a944c3c0f7f82a5c265ac8d5d956b375 /src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
parent0ab1cc33ef35147b0e1248f2a9d669ae193d6b3e (diff)
downloadgo-0b3a57b5374bba3fdf88258e2be4c8be65e6a5de.tar.xz
crypto/tls: disable RSA-PSS in TLS 1.2 again
Signing with RSA-PSS can uncover faulty crypto.Signer implementations, and it can fail for (broken) small keys. We'll have to take that breakage eventually, but it would be nice for it to be opt-out at first. TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS to TLS 1.2 until TLS 1.3 is on without opt-out. Note that since the Client Hello is sent before a protocol version is selected, we have to advertise RSA-PSS there to support TLS 1.3. That means that we still support RSA-PSS on the client in TLS 1.2 for verifying server certificates, which is fine, as all issues arise on the signing side. We have to be careful not to pick (or consider available) RSA-PSS on the client for client certificates, though. We'd expect tests to change only in TLS 1.2: * the server won't pick PSS to sign the key exchange (Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS); * the server won't advertise PSS in CertificateRequest (Server-TLSv12-ClientAuthRequested*, TestClientAuth); * and the client won't pick PSS for its CertificateVerify (Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS, Client-TLSv12-Renegotiate* because "R" requests a client cert). Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test. This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7. Testing was made more complex by the undocumented semantics of OpenSSL's -[client_]sigalgs (see openssl/openssl#9172). Updates #32425 Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349 Reviewed-on: https://go-review.googlesource.com/c/go/+/182339 Reviewed-by: Adam Langley <agl@golang.org>
Diffstat (limited to 'src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven')
-rw-r--r--src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven79
1 files changed, 39 insertions, 40 deletions
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
index c8e4998a7e..b65a7b70f4 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 66 1f 74 64 d2 |...........f.td.|
-00000010 fb 53 f5 a4 7e ea ad 25 d8 e9 91 62 49 87 de 60 |.S..~..%...bI..`|
-00000020 0d 30 d5 34 21 7a 34 b4 2f 95 02 00 00 04 00 2f |.0.4!z4./....../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 75 b5 bf db ae |...........u....|
+00000010 ee 3a 8d d7 23 e1 22 9a 42 d9 7a de ac 41 81 60 |.:..#.".B.z..A.`|
+00000020 4d 05 6e f1 11 c5 c0 de 21 46 d2 00 00 04 00 2f |M.n.....!F...../|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -51,10 +51,9 @@
00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......|
00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..|
00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.|
-00000290 3b e9 fa e7 16 03 03 00 23 0d 00 00 1f 02 01 40 |;.......#......@|
-000002a0 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 |................|
-000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................|
-000002c0 04 0e 00 00 00 |.....|
+00000290 3b e9 fa e7 16 03 03 00 1d 0d 00 00 19 02 01 40 |;..............@|
+000002a0 00 12 04 01 04 03 08 07 05 01 06 01 05 03 06 03 |................|
+000002b0 02 01 02 03 00 00 16 03 03 00 04 0e 00 00 00 |...............|
>>> Flow 3 (client to server)
00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0|
00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5|
@@ -89,40 +88,40 @@
000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.|
000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W|
00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..|
-00000210 03 03 00 86 10 00 00 82 00 80 2f 1e 5b 62 64 9e |........../.[bd.|
-00000220 68 97 bc 17 8d aa e1 4e c7 cb 48 a1 cf dd bf e7 |h......N..H.....|
-00000230 18 5e e0 6f da 03 68 f0 be 8a e8 4f a6 c6 e1 58 |.^.o..h....O...X|
-00000240 eb 8f 10 82 36 de bf 7a f2 ca eb af 42 9a 4e b2 |....6..z....B.N.|
-00000250 25 36 4f e5 dd 04 a2 93 f0 af 4c ca c7 cc 3e 5c |%6O.......L...>\|
-00000260 5b 90 31 1a a8 e8 d5 a8 db c1 9d 51 ec 6d 36 20 |[.1........Q.m6 |
-00000270 ef 64 41 a7 0e 5a cd 51 9d 0c e4 1d 27 0b 0a 4f |.dA..Z.Q....'..O|
-00000280 2b c3 92 8d ff 9e 6a f7 47 f8 34 5a 24 e6 ce 47 |+.....j.G.4Z$..G|
-00000290 d6 da 88 1f 2c f1 93 ba 0e 3f 16 03 03 00 93 0f |....,....?......|
-000002a0 00 00 8f 04 03 00 8b 30 81 88 02 42 01 c1 a5 6a |.......0...B...j|
-000002b0 ed 3b c8 6e 4c 41 96 db 17 f3 f1 56 8a 9d a4 9e |.;.nLA.....V....|
-000002c0 31 8f f9 a7 78 02 ed bd f4 97 b6 f1 d4 16 ab 22 |1...x.........."|
-000002d0 34 3f 83 72 11 1b 47 b6 e4 03 50 56 1d 9c 21 a2 |4?.r..G...PV..!.|
-000002e0 cf 4a 16 9c 12 86 03 fd f0 5c 9a 2f db fb 02 42 |.J.......\./...B|
-000002f0 01 ae cd 98 fc 91 06 11 d1 99 0c 67 5f dd 1d 2b |...........g_..+|
-00000300 7c a6 b0 af b0 e1 2d 81 32 2e 47 f1 48 f7 9a f3 ||.....-.2.G.H...|
-00000310 9c a2 eb 6a ea b8 02 91 d9 60 9e ab ed 51 af db |...j.....`...Q..|
-00000320 05 3e 36 a9 df 57 ff b5 6b aa e7 8e 24 64 ef 84 |.>6..W..k...$d..|
-00000330 b7 58 14 03 03 00 01 01 16 03 03 00 40 8d cd c6 |.X..........@...|
-00000340 3c 90 dc 8b 6b 94 09 a8 80 1e 8c 4f 70 d6 c2 90 |<...k......Op...|
-00000350 16 35 92 7a ce be a9 c8 17 fc 6b 48 da a5 af bf |.5.z......kH....|
-00000360 9a a5 e0 0f 77 aa b8 5f b5 5d 95 7f a7 b5 a1 4a |....w.._.].....J|
-00000370 8f 90 95 27 df 17 cc 98 34 32 6c 5a 60 |...'....42lZ`|
+00000210 03 03 00 86 10 00 00 82 00 80 6c 1d a3 55 fb a0 |..........l..U..|
+00000220 be 6f 49 64 67 b8 da 1c 27 91 f4 5d d9 9d 7e f0 |.oIdg...'..]..~.|
+00000230 53 86 15 96 93 b2 0d 11 1a cf 3c 76 5e 76 24 ac |S.........<v^v$.|
+00000240 f5 de c0 a3 d7 be db aa 86 f4 ec f4 39 a5 96 b8 |............9...|
+00000250 6a 88 cf b0 cd 02 b4 56 2d 5a 35 4e 15 95 21 94 |j......V-Z5N..!.|
+00000260 ac 2e 90 57 94 b9 a2 31 fe a9 3e 77 4a f2 5f fe |...W...1..>wJ._.|
+00000270 5f 51 0d 12 61 19 f6 fe 7d f7 b7 06 0d b1 de 09 |_Q..a...}.......|
+00000280 45 17 4b 2a 15 97 ce 96 c5 f5 27 95 fb e8 c5 67 |E.K*......'....g|
+00000290 5e cb 8c 98 c7 c5 68 41 36 99 16 03 03 00 91 0f |^.....hA6.......|
+000002a0 00 00 8d 04 03 00 89 30 81 86 02 41 48 35 40 6e |.......0...AH5@n|
+000002b0 03 2a 43 fe f8 a9 c5 f9 c7 05 f8 db 13 5e ee bb |.*C..........^..|
+000002c0 a8 59 5b fc b4 5d 0a ec 32 18 d5 a0 01 d5 81 a5 |.Y[..]..2.......|
+000002d0 f3 8e 4f 91 54 c7 8f a1 c1 77 4c 94 5c e4 68 c2 |..O.T....wL.\.h.|
+000002e0 0b 22 e2 70 0c 32 e2 9d 6e 47 e4 0d f7 02 41 2d |.".p.2..nG....A-|
+000002f0 0e bb 28 47 90 23 68 f2 fd 9e 7d 13 f0 ad 40 ed |..(G.#h...}...@.|
+00000300 cb 32 e5 9d 5e a7 e1 12 d7 de 10 bc 93 df cb 03 |.2..^...........|
+00000310 4e 16 5a cf 8f 25 1e 39 ff 7c 9f 59 55 f0 df b4 |N.Z..%.9.|.YU...|
+00000320 ce 43 6d 15 8f e3 ef 76 5d 0d a9 31 a9 24 c6 58 |.Cm....v]..1.$.X|
+00000330 14 03 03 00 01 01 16 03 03 00 40 71 ca 10 08 a9 |..........@q....|
+00000340 1a f1 78 9d 6f 2d 76 1c b0 2a f8 26 d2 f6 89 db |..x.o-v..*.&....|
+00000350 25 50 63 cc bf 12 cb fb 39 93 91 7f 7f f7 e4 fe |%Pc.....9.......|
+00000360 fc 28 d0 01 3b e9 f9 1b 6a 77 db 16 14 71 3d 35 |.(..;...jw...q=5|
+00000370 67 de b8 1d e3 4a 02 bc cf 0a a6 |g....J.....|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 f0 c3 7c f0 20 |.............|. |
-00000020 3f 75 d0 c4 b5 2d 76 82 22 9e 8c 8c 6a 83 95 84 |?u...-v."...j...|
-00000030 22 54 20 d6 62 d8 75 69 32 90 e9 d4 07 fa 6a 01 |"T .b.ui2.....j.|
-00000040 15 b8 bc 88 8d 40 ef 18 48 80 25 17 03 03 00 40 |.....@..H.%....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 0d f1 0c 52 89 |..............R.|
+00000020 61 e6 21 95 8d 6f 5d e9 07 42 23 5f 1c 74 44 57 |a.!..o]..B#_.tDW|
+00000030 38 a3 98 77 f2 62 99 71 d6 fe 03 a3 82 01 7a da |8..w.b.q......z.|
+00000040 a5 fd 12 62 2b d2 1d e4 e2 51 25 17 03 03 00 40 |...b+....Q%....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 03 32 97 2d 46 23 92 df 55 de 53 b0 91 63 09 c2 |.2.-F#..U.S..c..|
-00000070 21 23 c9 23 fa e6 f2 a3 e0 3e 90 a4 82 d8 6a 36 |!#.#.....>....j6|
-00000080 65 af ee 69 a6 86 41 c8 7e 14 d4 bb 93 7d be 53 |e..i..A.~....}.S|
+00000060 81 82 cc a9 4e 6f 78 41 28 b3 e6 c3 44 62 48 0b |....NoxA(...DbH.|
+00000070 b3 70 f9 f8 7a fc c5 be 36 45 58 41 6f 77 69 40 |.p..z...6EXAowi@|
+00000080 5b 6e fc 69 84 21 eb bc 95 36 e6 48 05 02 37 f5 |[n.i.!...6.H..7.|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 b2 2f 21 57 e0 e7 2a 16 8e bb 22 |....../!W..*..."|
-000000b0 7d 1e e1 34 d5 58 90 94 a7 e7 33 f8 df 9f 60 d9 |}..4.X....3...`.|
-000000c0 81 6a 44 0c d3 |.jD..|
+000000a0 00 00 00 00 00 d3 2f 45 d3 65 3b 64 67 43 ef aa |....../E.e;dgC..|
+000000b0 a7 bb 98 a0 99 70 7f 56 c6 13 b2 1b 62 35 62 ea |.....p.V....b5b.|
+000000c0 51 75 94 be 32 |Qu..2|
generated by cgit v1.3-5-g9baa (git 2.53.0) at 2026-04-17 11:28:07 +0000