crypto/tls: disable RSA-PSS in TLS 1.2 again

Signing with RSA-PSS can uncover faulty crypto.Signer implementations, and it can fail for (broken) small keys. We'll have to take that breakage eventually, but it would be nice for it to be opt-out at first. TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS to TLS 1.2 until TLS 1.3 is on without opt-out. Note that since the Client Hello is sent before a protocol version is selected, we have to advertise RSA-PSS there to support TLS 1.3. That means that we still support RSA-PSS on the client in TLS 1.2 for verifying server certificates, which is fine, as all issues arise on the signing side. We have to be careful not to pick (or consider available) RSA-PSS on the client for client certificates, though. We'd expect tests to change only in TLS 1.2: * the server won't pick PSS to sign the key exchange (Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS); * the server won't advertise PSS in CertificateRequest (Server-TLSv12-ClientAuthRequested*, TestClientAuth); * and the client won't pick PSS for its CertificateVerify (Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS, Client-TLSv12-Renegotiate* because "R" requests a client cert). Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test. This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7. Testing was made more complex by the undocumented semantics of OpenSSL's -[client_]sigalgs (see openssl/openssl#9172). Updates #32425 Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349 Reviewed-on: https://go-review.googlesource.com/c/go/+/182339 Reviewed-by: Adam Langley <agl@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2019-06-13 18:33:33 -0400
committer: Filippo Valsorda <filippo@golang.org> 2019-06-19 19:59:14 +0000
commit: 0b3a57b5374bba3fdf88258e2be4c8be65e6a5de (patch)
tree: 60f2c993a944c3c0f7f82a5c265ac8d5d956b375 /src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
parent: 0ab1cc33ef35147b0e1248f2a9d669ae193d6b3e (diff)
download: go-0b3a57b5374bba3fdf88258e2be4c8be65e6a5de.tar.xz
1 files changed, 25 insertions, 25 deletions
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
index 01f961208f..9f48c75bab 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
@@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 97 01 00 00  93 03 03 d3 6a 87 ad b2  |............j...|
-00000010  a0 59 86 0e 34 86 c1 b3  c9 64 17 92 aa 87 04 05  |.Y..4....d......|
-00000020  32 d4 2e aa a1 48 94 87  82 a7 ab 00 00 04 c0 2f  |2....H........./|
+00000000  16 03 01 00 97 01 00 00  93 03 03 6d 19 64 2c f0  |...........m.d,.|
+00000010  95 79 38 26 9b e3 db b3  97 ce f8 9c 46 62 08 15  |.y8&........Fb..|
+00000020  a0 f0 7f 20 38 52 bb 27  f8 3b 60 00 00 04 c0 2f  |... 8R.'.;`..../|
 00000030  00 ff 01 00 00 66 00 00  00 0e 00 0c 00 00 09 31  |.....f.........1|
 00000040  32 37 2e 30 2e 30 2e 31  00 0b 00 04 03 00 01 02  |27.0.0.1........|
 00000050  00 0a 00 0c 00 0a 00 1d  00 17 00 1e 00 19 00 18  |................|
@@ -54,28 +54,28 @@
 00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
 000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
 000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 08 04 00 80 65 2f 82  18 27 04 84 db 3d c6 5e  |t....e/..'...=.^|
-000002d0  6b 33 f9 87 59 e1 06 0c  ce a7 3a f9 bd e7 54 47  |k3..Y.....:...TG|
-000002e0  03 58 f7 0b a3 16 6a 47  4b 61 b6 d9 0d 04 c8 95  |.X....jGKa......|
-000002f0  f5 d5 e5 0f 1b d2 26 3b  c5 67 c0 87 dd a5 da a8  |......&;.g......|
-00000300  e1 7e 52 a1 6a 0d 10 e8  dd 2e 09 39 21 3e a2 0f  |.~R.j......9!>..|
-00000310  a2 00 e4 a1 a6 df a8 3f  5d 1b d7 22 f8 b8 b5 32  |.......?].."...2|
-00000320  31 3a 36 16 9e 6c ab f1  d5 25 ae 3c 4a 11 c8 ae  |1:6..l...%.<J...|
-00000330  de e1 e6 b5 84 0b 3e 9d  63 75 6f b6 ba e9 fa 0a  |......>.cuo.....|
-00000340  11 40 c9 7f ca 16 03 03  00 04 0e 00 00 00        |.@............|
+000002c0  74 04 01 00 80 99 cc 0d  3d 25 73 2d 21 00 0d 42  |t.......=%s-!..B|
+000002d0  d1 6f 9e ba f4 04 58 30  5f a0 33 e9 b0 3a 69 6d  |.o....X0_.3..:im|
+000002e0  e2 a1 f2 74 f7 09 e7 ef  fb cd 56 22 93 1c 56 8e  |...t......V"..V.|
+000002f0  8f 87 4b 1d 54 f6 34 fd  e6 e0 2f 85 88 9a ab c9  |..K.T.4.../.....|
+00000300  b5 38 cd f3 44 20 7a 68  fd bf 10 ea 14 7e ae 21  |.8..D zh.....~.!|
+00000310  12 ad eb 91 2f 99 44 fb  cf 9e fe 21 19 9f d1 a0  |..../.D....!....|
+00000320  37 19 9e 48 92 0e 80 b7  51 95 45 ee 75 86 f9 52  |7..H....Q.E.u..R|
+00000330  5a f8 67 65 56 af 4d f8  ca 92 8f b7 2a f5 be c1  |Z.geV.M.....*...|
+00000340  04 e0 03 e1 b6 16 03 03  00 04 0e 00 00 00        |..............|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 d1 f3 61 78 d1 34  |....%...! ..ax.4|
-00000010  36 b4 9f 5e e5 24 1e 48  02 be f0 13 c2 3d b0 ce  |6..^.$.H.....=..|
-00000020  fb 96 39 6b 96 76 aa 87  18 41 14 03 03 00 01 01  |..9k.v...A......|
-00000030  16 03 03 00 28 27 e1 50  92 20 e1 2c 98 b6 15 8f  |....('.P. .,....|
-00000040  dd bd 26 98 04 12 5d cb  29 66 ab 2d 37 f3 8e eb  |..&...].)f.-7...|
-00000050  3e 14 3b cf 4d 99 c4 2e  ea 7c 04 a5 45           |>.;.M....|..E|
+00000000  16 03 03 00 25 10 00 00  21 20 20 74 90 bd 53 18  |....%...!  t..S.|
+00000010  33 c6 a5 bf 51 71 f7 d7  c3 0c 7f 89 ad b3 73 7b  |3...Qq........s{|
+00000020  48 2f c1 ef 85 32 03 73  28 3b 14 03 03 00 01 01  |H/...2.s(;......|
+00000030  16 03 03 00 28 94 4f 85  68 15 57 b4 8f f4 21 a7  |....(.O.h.W...!.|
+00000040  e5 be 84 7d 3a e0 29 bd  99 20 24 d0 6b 9c 72 3a  |...}:.).. $.k.r:|
+00000050  fc f9 5d 1c 7e cb dd 7a  3b 7c 53 e6 3a           |..].~..z;|S.:|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-00000010  00 00 00 88 39 9d c1 8d  8c bb c4 79 ba a5 2a bd  |....9......y..*.|
-00000020  34 62 bf 66 85 b5 cd 2e  f7 1e 6e b4 96 1c f6 b3  |4b.f......n.....|
-00000030  13 ba c9 17 03 03 00 25  00 00 00 00 00 00 00 01  |.......%........|
-00000040  c3 ca b5 57 11 26 ec 18  be 00 6c 8b 79 a5 ed f7  |...W.&....l.y...|
-00000050  7d ae 42 ff a2 8b fb 68  d0 08 0f 2e d1 15 03 03  |}.B....h........|
-00000060  00 1a 00 00 00 00 00 00  00 02 58 ad 11 d2 74 5c  |..........X...t\|
-00000070  17 f2 60 e5 d9 fa 0e 47  5a 48 31 f7              |..`....GZH1.|
+00000010  00 00 00 e3 4f 34 0e 47  ae f2 62 e3 aa 62 f3 37  |....O4.G..b..b.7|
+00000020  cf 78 ba 1d 8a 3c d8 29  0c 3c 9d 0c fa ff fd 9b  |.x...<.).<......|
+00000030  65 1b 3f 17 03 03 00 25  00 00 00 00 00 00 00 01  |e.?....%........|
+00000040  fd e1 49 0e 0d 9f a1 51  9e 19 5c 80 a5 15 dc 05  |..I....Q..\.....|
+00000050  ca f0 46 b3 da 03 5a 32  da 4e 2e 3d 33 15 03 03  |..F...Z2.N.=3...|
+00000060  00 1a 00 00 00 00 00 00  00 02 51 78 d9 14 6e a8  |..........Qx..n.|
+00000070  f4 62 60 6d db e0 d5 8c  c5 17 ac aa              |.b`m........|
author	Filippo Valsorda <filippo@golang.org>	2019-06-13 18:33:33 -0400
committer	Filippo Valsorda <filippo@golang.org>	2019-06-19 19:59:14 +0000
commit	0b3a57b5374bba3fdf88258e2be4c8be65e6a5de (patch)
tree	60f2c993a944c3c0f7f82a5c265ac8d5d956b375 /src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
parent	0ab1cc33ef35147b0e1248f2a9d669ae193d6b3e (diff)
download	go-0b3a57b5374bba3fdf88258e2be4c8be65e6a5de.tar.xz