crypto/x509: require a NULL parameters for RSA public keys.

The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA public key must be NULL. BoringSSL enforces this so we have strong evidence that this is a widely compatible change. Embarrassingly enough, the major source of violations of this is us. Go used to get this correct in only one of two places. This was only fixed in 2013 (with 4874bc9b). That's why lots of test certificates are updated in this change. Fixes #16166. Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab Reviewed-on: https://go-review.googlesource.com/27312 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2025-04-03 20:17:36 +03:00 · 2016-08-17 15:55:15 -07:00 · 2016-08-17 15:55:15 -07:00 · 5ad0511ca2
commit 5ad0511ca2
parent 4b4493f2d9
60 changed files with 4478 additions and 4513 deletions
--- a/testdata/Server-TLSv12-ECDHE-ECDSA-AES
+++ b/testdata/Server-TLSv12-ECDHE-ECDSA-AES
@ -1,13 +1,13 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 83 01 00 00  7f 03 03 ec 8e d0 43 01  |..............C.|
-00000010  8e 81 3f d8 1f 7e 96 f1  de 4c 94 18 09 1d c5 8c  |..?..~...L......|
-00000020  3a 58 68 5b 3e 7d 46 66  fe 04 74 00 00 04 c0 0a  |:Xh[>}Ff..t.....|
-00000030  00 ff 02 01 00 00 51 00  0b 00 04 03 00 01 02 00  |......Q.........|
-00000040  0a 00 1c 00 1a 00 17 00  19 00 1c 00 1b 00 18 00  |................|
-00000050  1a 00 16 00 0e 00 0d 00  0b 00 0c 00 09 00 0a 00  |................|
-00000060  0d 00 20 00 1e 06 01 06  02 06 03 05 01 05 02 05  |.. .............|
-00000070  03 04 01 04 02 04 03 03  01 03 02 03 03 02 01 02  |................|
-00000080  02 02 03 00 0f 00 01 01                           |........|
+00000000  16 03 01 00 82 01 00 00  7e 03 03 b6 f5 2e 0d 04  |........~.......|
+00000010  bb a7 a7 6d 25 40 29 e0  81 fb ba 9f 7a 58 a9 8c  |...m%@).....zX..|
+00000020  15 3e b6 b4 9e 6e c0 76  ec dd 48 00 00 04 c0 0a  |.>...n.v..H.....|
+00000030  00 ff 01 00 00 51 00 0b  00 04 03 00 01 02 00 0a  |.....Q..........|
+00000040  00 1c 00 1a 00 17 00 19  00 1c 00 1b 00 18 00 1a  |................|
+00000050  00 16 00 0e 00 0d 00 0b  00 0c 00 09 00 0a 00 0d  |................|
+00000060  00 20 00 1e 06 01 06 02  06 03 05 01 05 02 05 03  |. ..............|
+00000070  04 01 04 02 04 03 03 01  03 02 03 03 02 01 02 02  |................|
+00000080  02 03 00 0f 00 01 01                              |.......|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@ -51,37 +51,37 @@
 00000270  b2 56 1c ce 97 28 5e f8  2b 2d 4f 9e f1 07 9f 6c  |.V...(^.+-O....l|
 00000280  4b 5b 83 56 e2 32 42 e9  58 b6 d7 49 a6 b5 68 1a  |K[.V.2B.X..I..h.|
 00000290  41 03 56 6b dc 5a 89 05  03 00 8b 30 81 88 02 42  |A.Vk.Z.....0...B|
-000002a0  01 08 89 99 1c 91 97 fb  e8 5b 69 5f f5 36 66 d6  |.........[i_.6f.|
-000002b0  dd 53 04 09 c8 7f c1 25  28 8c 28 57 55 3a 95 3f  |.S.....%(.(WU:.?|
-000002c0  ab 09 47 9a 27 74 83 84  44 cf 86 b7 5e 7f fe db  |..G.'t..D...^...|
-000002d0  05 33 3c 1a b7 f6 bc ff  0d 33 e4 ec 3c e2 1d e2  |.3<......3..<...|
-000002e0  6e ab 02 42 00 92 4e 45  a7 86 e4 bd 40 82 b7 04  |n..B..NE....@...|
-000002f0  12 fe 34 ab e3 c9 4a 05  1f 4e 58 79 67 58 94 53  |..4...J..NXygX.S|
-00000300  e8 1b ba 60 76 92 00 99  a7 5f 0a 98 cb e3 1e de  |...`v...._......|
-00000310  0c df 18 76 58 d5 e1 f1  ef a5 da 9a a3 62 77 50  |...vX........bwP|
-00000320  37 d0 22 d0 31 90 16 03  03 00 04 0e 00 00 00     |7.".1..........|
+000002a0  01 db a3 9f 95 55 ad 38  2b 4f 83 cf 06 47 ff 3b  |.....U.8+O...G.;|
+000002b0  6a 82 a6 06 ea 33 b4 11  87 45 1f 05 18 92 f2 4b  |j....3...E.....K|
+000002c0  63 0b 0a 3f 28 d1 c6 cb  72 49 fa 05 70 3e 4a a2  |c..?(...rI..p>J.|
+000002d0  08 ac 82 11 03 93 c8 e4  3b 6a d0 b7 9d 54 32 65  |........;j...T2e|
+000002e0  68 50 02 42 01 29 21 f0  09 de e7 68 f5 41 bd f7  |hP.B.)!....h.A..|
+000002f0  8c 84 fa 5c 36 78 9a 32  82 ab b4 2a ea d1 bd 22  |...\6x.2...*..."|
+00000300  5a df bf 7c 9c 80 ab ff  a1 0d 74 00 f1 72 ec f7  |Z..|......t..r..|
+00000310  29 c1 97 74 f2 d3 12 3f  1c a8 92 b5 db 7e 8e 32  |)..t...?.....~.2|
+00000320  46 0b 04 9f db a9 16 03  03 00 04 0e 00 00 00     |F..............|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 46 10 00 00  42 41 04 9e 94 25 4f 70  |....F...BA...%Op|
-00000010  a8 e0 87 3a 09 6c 58 4f  5e 76 d9 63 dc c3 d5 63  |...:.lXO^v.c...c|
-00000020  be f2 75 ff 23 23 79 6b  82 fe 56 f5 b9 7a 55 55  |..u.##yk..V..zUU|
-00000030  32 3b ee c5 f0 1f 7b e9  82 01 21 8d 06 03 48 95  |2;....{...!...H.|
-00000040  21 b8 fa 9d 18 2a 08 9c  71 a8 4d 14 03 03 00 01  |!....*..q.M.....|
-00000050  01 16 03 03 00 40 31 f0  7b 5f e8 94 a3 7f b0 12  |.....@1.{_......|
-00000060  a9 80 87 26 eb cf b6 87  61 e7 5b 9b 36 3d 11 bb  |...&....a.[.6=..|
-00000070  21 55 5c f7 e8 f3 b7 1e  f2 06 0d c5 a9 8d f8 48  |!U\............H|
-00000080  c2 2b 8f 83 be 17 4f ec  ff 8e 24 44 74 25 09 40  |.+....O...$Dt%.@|
-00000090  90 fd 70 4d fb bb                                 |..pM..|
+00000000  16 03 03 00 46 10 00 00  42 41 04 f9 72 2f 6f 2c  |....F...BA..r/o,|
+00000010  68 6e 03 f2 09 6c ad cc  94 72 f2 7f 40 86 e1 4d  |hn...l...r..@..M|
+00000020  6a 55 3d 22 fd 05 82 4a  15 83 47 08 73 bc 17 87  |jU="...J..G.s...|
+00000030  bf 85 b2 e1 eb a6 1b 0f  62 15 50 ef ab a1 3d 54  |........b.P...=T|
+00000040  10 36 ab ad 7a f7 df 05  d5 0d 5e 14 03 03 00 01  |.6..z.....^.....|
+00000050  01 16 03 03 00 40 8b 74  ea f4 d0 82 5e 0a be 38  |.....@.t....^..8|
+00000060  fa a0 e9 13 62 5e b4 b3  a0 f7 73 3b 92 8c 26 06  |....b^....s;..&.|
+00000070  0f 4b b5 88 24 01 70 78  9a 1c b0 03 db d6 29 c0  |.K..$.px......).|
+00000080  5a 06 f8 14 9c 7f 6e ba  74 31 8d b3 e0 cc a5 45  |Z.....n.t1.....E|
+00000090  6c 57 57 b5 67 3b                                 |lWW.g;|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 13 eb 4e 56 3d  |.............NV=|
-00000020  1b 10 2e e8 08 65 b9 53  9e 56 49 b7 e9 25 35 94  |.....e.S.VI..%5.|
-00000030  c7 df 7d f7 78 2e f3 8b  9c 2b 9d 42 90 91 5c 97  |..}.x....+.B..\.|
-00000040  22 20 ca 6d a2 83 b3 d8  b3 71 64 17 03 03 00 40  |" .m.....qd....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 d7 06 38 06 15  |.............8..|
+00000020  a7 2d 74 31 68 38 7b 8c  ad 40 2b 42 3f 22 9f 11  |.-t1h8{..@+B?"..|
+00000030  bf 10 8b b4 93 9b b7 04  f7 ab 55 78 91 2a f2 bf  |..........Ux.*..|
+00000040  1c 29 4d 83 0b 6b 07 40  30 00 33 17 03 03 00 40  |.)M..k.@0.3....@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  97 f1 c4 2e bf 6d 85 d5  3d 4b 4a 8b ee 53 08 5a  |.....m..=KJ..S.Z|
-00000070  db 8b 75 49 d9 cb db e3  86 90 ac 93 ce e7 9a 70  |..uI...........p|
-00000080  4c dc 4a f4 c9 f6 b5 fd  f0 3f 9f e9 f9 c3 b3 c6  |L.J......?......|
+00000060  f8 e2 39 82 00 ec 00 33  e5 77 00 82 c7 70 2d 4a  |..9....3.w...p-J|
+00000070  1a 43 b1 35 60 ef 80 ca  6a 38 ba 4f dc e8 b7 62  |.C.5`...j8.O...b|
+00000080  e6 a1 4a da de 65 31 0d  83 64 ba 2a 13 4d 04 46  |..J..e1..d.*.M.F|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 5e b1 b7  21 7d 89 65 66 17 d8 79  |.....^..!}.ef..y|
-000000b0  26 db ad 08 28 2c e7 7a  c4 ec 93 19 4f c8 bb 5c  |&...(,.z....O..\|
-000000c0  c2 9e 09 56 07                                    |...V.|
+000000a0  00 00 00 00 00 db 98 5d  f6 2d 69 d7 f3 ed 2b b1  |.......].-i...+.|
+000000b0  eb 04 66 ff cd 08 5d 29  bc 01 8d 66 9d b3 20 4a  |..f...])...f.. J|
+000000c0  11 2b f5 cc f5                                    |.+...|