mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

[dev.boringcrypto] all: merge master into dev.boringcrypto

Browse source 
Updated TestBoringServerSignatureAndHash to expect RSA-PSS to work with
TLS 1.2, and hence with FIPS mode.

Change-Id: I358271b2e4804733cf61dc132fa0c5f39c2bff19
This commit is contained in:
Filippo Valsorda 2019-11-20 16:19:41 -05:00
commit 0f829ed5f4
36 changed files with 1813 additions and 1356 deletions
Download patch file Download diff file Expand all files Collapse all files

8
boring_test.go
View file

@ -221,10 +221,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
serverConfig.BuildNameToCertificate()
// PKCS#1 v1.5 signature algorithms can't be used standalone in TLS
// 1.3, and the ECDSA ones bind to the curve used.
// RSA-PSS signatures are not supported in TLS 1.2. Issue 32425.
if sigType != signatureRSAPSS {
serverConfig.MaxVersion = VersionTLS12
}
serverConfig.MaxVersion = VersionTLS12
clientErr, serverErr := boringHandshake(t, testConfig, serverConfig)
if clientErr != nil {
@ -236,8 +233,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
fipstls.Force()
defer fipstls.Abandon()
clientErr, _ := boringHandshake(t, testConfig, serverConfig)
// RSA-PSS is only supported in TLS 1.3, prohibited by forcing fipstls. Issue 32425.
if isBoringSignatureScheme(sigHash) && sigType != signatureRSAPSS {
if isBoringSignatureScheme(sigHash) {
if clientErr != nil {
t.Fatalf("expected handshake with %#x to succeed; err=%v", sigHash, clientErr)
}