crypto/x509: require a NULL parameters for RSA public keys.

The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA public key must be NULL. BoringSSL enforces this so we have strong evidence that this is a widely compatible change. Embarrassingly enough, the major source of violations of this is us. Go used to get this correct in only one of two places. This was only fixed in 2013 (with 4874bc9b). That's why lots of test certificates are updated in this change. Fixes #16166. Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab Reviewed-on: https://go-review.googlesource.com/27312 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2025-04-03 20:17:36 +03:00 · 2016-08-17 15:55:15 -07:00 · 2016-08-17 15:55:15 -07:00 · 5ad0511ca2
commit 5ad0511ca2
parent 4b4493f2d9
60 changed files with 4478 additions and 4513 deletions
--- a/testdata/Server-TLSv11-FallbackSCSV
+++ b/testdata/Server-TLSv11-FallbackSCSV
@ -1,17 +1,16 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 cf 01 00 00  cb 03 02 ee 33 c1 3f a6  |............3.?.|
-00000010  62 ba a6 4f c7 32 25 0f  15 66 f7 35 a2 cf c0 cd  |b..O.2%..f.5....|
-00000020  48 93 77 1c 04 1f fb 65  41 37 ca 00 00 70 c0 14  |H.w....eA7...p..|
+00000000  16 03 01 00 c4 01 00 00  c0 03 02 55 d6 5d c6 70  |...........U.].p|
+00000010  be c8 b5 f1 98 c5 64 9f  5a 0f 99 77 96 39 5e fb  |......d.Z..w.9^.|
+00000020  95 6f 56 db ee 8f bd 00  bd ec 50 00 00 66 c0 14  |.oV.......P..f..|
 00000030  c0 0a 00 39 00 38 00 37  00 36 00 88 00 87 00 86  |...9.8.7.6......|
 00000040  00 85 c0 0f c0 05 00 35  00 84 c0 13 c0 09 00 33  |.......5.......3|
 00000050  00 32 00 31 00 30 00 9a  00 99 00 98 00 97 00 45  |.2.1.0.........E|
 00000060  00 44 00 43 00 42 c0 0e  c0 04 00 2f 00 96 00 41  |.D.C.B...../...A|
 00000070  00 07 c0 11 c0 07 c0 0c  c0 02 00 05 00 04 c0 12  |................|
 00000080  c0 08 00 16 00 13 00 10  00 0d c0 0d c0 03 00 0a  |................|
-00000090  00 15 00 12 00 0f 00 0c  00 09 00 ff 56 00 02 01  |............V...|
-000000a0  00 00 31 00 0b 00 04 03  00 01 02 00 0a 00 1c 00  |..1.............|
-000000b0  1a 00 17 00 19 00 1c 00  1b 00 18 00 1a 00 16 00  |................|
-000000c0  0e 00 0d 00 0b 00 0c 00  09 00 0a 00 23 00 00 00  |............#...|
-000000d0  0f 00 01 01                                       |....|
+00000090  00 ff 56 00 01 00 00 31  00 0b 00 04 03 00 01 02  |..V....1........|
+000000a0  00 0a 00 1c 00 1a 00 17  00 19 00 1c 00 1b 00 18  |................|
+000000b0  00 1a 00 16 00 0e 00 0d  00 0b 00 0c 00 09 00 0a  |................|
+000000c0  00 23 00 00 00 0f 00 01  01                       |.#.......|
 >>> Flow 2 (server to client)
 00000000  15 03 02 00 02 02 56                              |......V|