crypto/tls: re-enable RSA-PSS in TLS 1.2 again

TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG opt-out, and with the introduction of Certificate.SupportedSignatureAlgorithms (#28660) there is a programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and use that field to specify only PKCS#1 v1.5 SignatureSchemes). This effectively reverts 0b3a57b5374bba3fdf88258e2be4c8be65e6a5de, although following CL 205061 all of the signing-side logic is conveniently centralized in signatureSchemesForCertificate. Fixes #32425 Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/205063 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-11-03 21:28:47 -05:00 · 2019-11-03 21:28:47 -05:00 · 6bb85fe4e7
commit 6bb85fe4e7
parent 555e9b864b
28 changed files with 1264 additions and 1244 deletions
--- a/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
+++ b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 59 e6 a5 3d 5a  |....Y...U..Y..=Z|
-00000010  bf 25 a3 16 e7 e3 da cb  ac b7 11 09 0a 1a 8a c5  |.%..............|
-00000020  33 a2 a6 58 12 27 cd 52  15 28 c9 20 23 9a f5 d3  |3..X.'.R.(. #...|
-00000030  d4 df 49 1d 01 87 12 36  03 c6 36 17 39 d0 db 62  |..I....6..6.9..b|
-00000040  22 48 7e 57 20 ab a3 7c  b0 53 7e f1 c0 09 00 00  |"H~W ..|.S~.....|
+00000000  16 03 03 00 59 02 00 00  55 03 03 3c ba b1 d8 8d  |....Y...U..<....|
+00000010  f5 52 f4 a4 70 fc 12 54  20 85 eb 23 bc b8 0b e0  |.R..p..T ..#....|
+00000020  80 b6 ab 9b c5 34 84 57  bc ae 95 20 e3 51 8d 40  |.....4.W... .Q.@|
+00000030  93 cc 9f e4 fd 77 82 c8  12 54 6a 23 08 db ff e5  |.....w...Tj#....|
+00000040  87 8d 72 41 60 51 6a 11  5f 0a 9a d2 c0 09 00 00  |..rA`Qj._.......|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
 00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
@ -55,23 +55,23 @@
 00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
 00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
 00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 b6 0c 00  00 b2 03 00 1d 20 a7 6b  |*............ .k|
-00000280  75 97 e7 04 a7 19 99 af  c7 73 72 82 59 7d 16 46  |u........sr.Y}.F|
-00000290  de 80 c2 d3 36 c7 e8 42  89 ca 8d db 11 39 04 03  |....6..B.....9..|
-000002a0  00 8a 30 81 87 02 41 73  4f fe e2 00 9d bf 60 0a  |..0...AsO.....`.|
-000002b0  36 0b 97 8a fc 3e 8c 1d  ac ff a2 0b 7a dc 8d 2f  |6....>......z../|
-000002c0  d7 90 da 18 a0 14 8a 7c  51 4c a6 ae ec 13 ee 5e  |.......|QL.....^|
-000002d0  1a 60 aa 2f 5a d2 05 48  fb bb bb 3a 1a dc fa 21  |.`./Z..H...:...!|
-000002e0  df 7b 6d 83 23 d6 62 0f  02 42 01 7f 5a 36 6d f4  |.{m.#.b..B..Z6m.|
-000002f0  0d f5 d0 6f d9 71 52 f8  eb e3 ed 7c 40 fd 64 14  |...o.qR....|@.d.|
-00000300  c1 31 4d 4b 78 70 5d 9f  61 18 3b 87 01 10 94 e5  |.1MKxp].a.;.....|
-00000310  7b 83 34 2d cd 90 50 db  10 62 8d 36 40 45 20 c0  |{.4-..P..b.6@E .|
-00000320  db ce de 5e b3 63 de 60  db bb fe be 16 03 03 00  |...^.c.`........|
-00000330  3a 0d 00 00 36 03 01 02  40 00 2e 04 03 05 03 06  |:...6...@.......|
-00000340  03 08 07 08 08 08 09 08  0a 08 0b 08 04 08 05 08  |................|
-00000350  06 04 01 05 01 06 01 03  03 02 03 03 01 02 01 03  |................|
-00000360  02 02 02 04 02 05 02 06  02 00 00 16 03 03 00 04  |................|
-00000370  0e 00 00 00                                       |....|
+00000270  2a 16 03 03 00 b7 0c 00  00 b3 03 00 1d 20 86 f3  |*............ ..|
+00000280  1e c5 fb 1f 91 44 0e e5  e4 3e 0a cd 75 a2 fb 4c  |.....D...>..u..L|
+00000290  a2 b9 07 f7 33 ce cc cd  61 a5 8c ba 6a 35 04 03  |....3...a...j5..|
+000002a0  00 8b 30 81 88 02 42 01  f4 8d 4f 3e c8 73 b5 b4  |..0...B...O>.s..|
+000002b0  b5 2b ac 2a 27 68 56 a1  45 ce b6 1d c6 37 ce de  |.+.*'hV.E....7..|
+000002c0  bd 96 90 5e e2 1c c8 84  b2 84 57 25 81 d4 c3 7a  |...^......W%...z|
+000002d0  db b2 3d 24 2b 17 3a 4a  7e 92 1a bb 0c fb b6 05  |..=$+.:J~.......|
+000002e0  cd 0e 85 4c 3d 4b 24 2a  2a 02 42 00 f6 91 d6 82  |...L=K$**.B.....|
+000002f0  9e 81 98 5f 64 59 ce 16  85 fc 65 19 0c 50 ca ea  |..._dY....e..P..|
+00000300  8a ba 1e 61 a8 71 cf 2c  eb 94 24 ac 34 75 6e 5c  |...a.q.,..$.4un\|
+00000310  dc 92 ba b8 bd 42 75 ef  6d 67 5f 06 5c e3 6c c2  |.....Bu.mg_.\.l.|
+00000320  aa 5e 29 25 66 00 68 c8  5d 9c 6f bb e0 16 03 03  |.^)%f.h.].o.....|
+00000330  00 3a 0d 00 00 36 03 01  02 40 00 2e 04 03 05 03  |.:...6...@......|
+00000340  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
+00000350  08 06 04 01 05 01 06 01  03 03 02 03 03 01 02 01  |................|
+00000360  03 02 02 02 04 02 05 02  06 02 00 00 16 03 03 00  |................|
+00000370  04 0e 00 00 00                                    |.....|
 >>> Flow 3 (client to server)
 00000000  16 03 03 01 fd 0b 00 01  f9 00 01 f6 00 01 f3 30  |...............0|
 00000010  82 01 ef 30 82 01 58 a0  03 02 01 02 02 10 5c 19  |...0..X.......\.|
@ -108,31 +108,31 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 04 01 00  80 88 59 ec 09 a4 c9 5e  |..........Y....^|
-00000240  37 b4 e3 04 71 52 1a 5a  6d d6 9b f6 09 14 01 c2  |7...qR.Zm.......|
-00000250  3e 07 19 2f ec 15 d9 5b  12 6a 6e de 78 a3 ac 58  |>../...[.jn.x..X|
-00000260  40 44 f2 66 0a 12 a5 62  37 8b af 5a 3a 20 be f2  |@D.f...b7..Z: ..|
-00000270  6f 43 c8 00 69 21 c8 fd  b0 cf 00 74 c3 96 a0 8b  |oC..i!.....t....|
-00000280  6f ce c1 09 e6 90 1d 8e  53 40 b8 44 83 b9 46 9c  |o.......S@.D..F.|
-00000290  78 3b c1 0a 36 68 a5 04  e8 b5 ed 6d 7d 09 21 8c  |x;..6h.....m}.!.|
-000002a0  0e 00 0c 5e d0 2b 47 c9  f6 31 f6 8f 7b b6 2d 8d  |...^.+G..1..{.-.|
-000002b0  ec 4e c2 0d 08 c5 1b 26  b6 14 03 03 00 01 01 16  |.N.....&........|
+00000230  88 0f 00 00 84 08 04 00  80 53 85 ea dc a6 86 2d  |.........S.....-|
+00000240  e7 8c 0b 68 f9 57 7f f5  77 d8 fe 35 28 91 e7 2f  |...h.W..w..5(../|
+00000250  8a 2c 36 cf d7 8c 9f 3d  f2 e2 99 41 11 b2 3c a2  |.,6....=...A..<.|
+00000260  5e f3 68 1f b5 d4 f8 90  8a e2 5e 02 48 00 2b eb  |^.h.......^.H.+.|
+00000270  f0 e6 8c 28 af 11 80 82  ea 35 06 fd 0a 5f d7 1a  |...(.....5..._..|
+00000280  e9 63 29 08 8c aa 18 1e  7c 08 81 21 c8 aa 86 b1  |.c).....|..!....|
+00000290  cf 94 db f6 8d 15 dc cc  ae cf 41 2c 32 b1 3f 0c  |..........A,2.?.|
+000002a0  96 0e 5c ed 82 74 cc fc  35 f4 38 80 29 00 c1 3a  |..\..t..5.8.)..:|
+000002b0  70 d4 07 07 9c 49 9e 7b  91 14 03 03 00 01 01 16  |p....I.{........|
 000002c0  03 03 00 40 00 00 00 00  00 00 00 00 00 00 00 00  |...@............|
-000002d0  00 00 00 00 e7 64 7d 04  bb bf dd 2a ac fd 96 81  |.....d}....*....|
-000002e0  25 d8 3e 6c 1d 53 c7 79  31 4d 13 c3 71 d3 da c0  |%.>l.S.y1M..q...|
-000002f0  f8 74 11 bb 6b 9d 62 66  ed f0 97 ab 43 fe 12 cb  |.t..k.bf....C...|
-00000300  da 8d c2 4b                                       |...K|
+000002d0  00 00 00 00 f3 da dc d7  12 d6 f6 19 75 a8 02 68  |............u..h|
+000002e0  57 0e e1 90 75 d1 fc b8  32 a3 34 16 d6 8d 2a f5  |W...u...2.4...*.|
+000002f0  65 f2 a7 67 2c 2c a4 73  6a b6 f2 ad 2d 7f 8a ce  |e..g,,.sj...-...|
+00000300  a7 12 16 97                                       |....|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 40 35 ee 36 65 9a  |..........@5.6e.|
-00000010  e5 ac c7 30 18 b6 ff f9  fd fa 66 88 a7 73 be ba  |...0......f..s..|
-00000020  d5 89 59 26 cf 2d 8d 31  48 f0 fb 09 c1 66 ef eb  |..Y&.-.1H....f..|
-00000030  94 30 b7 47 71 a1 cb 03  34 37 14 f5 76 14 13 a9  |.0.Gq...47..v...|
-00000040  6f d7 4d 59 c1 63 f8 db  8b 74 36                 |o.MY.c...t6|
+00000000  14 03 03 00 01 01 16 03  03 00 40 dc 11 a1 a2 fb  |..........@.....|
+00000010  55 0c 9e e0 e2 55 1a ca  cd 5b df 1f 39 9e 08 51  |U....U...[..9..Q|
+00000020  bd 6b 72 40 93 f8 23 7a  32 9d 85 18 20 b7 39 b0  |.kr@..#z2... .9.|
+00000030  03 d3 10 6a 8e 66 6d e6  d5 38 03 c6 e5 b8 dc d7  |...j.fm..8......|
+00000040  3c 27 1d d2 a9 59 f9 18  7d 15 90                 |<'...Y..}..|
 >>> Flow 5 (client to server)
 00000000  17 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-00000010  00 00 00 00 00 19 16 39  bc a3 30 b5 1d ae e5 a9  |.......9..0.....|
-00000020  74 89 1e d1 77 86 8f 85  55 fa af cb 0a 94 45 f4  |t...w...U.....E.|
-00000030  a9 fa 21 c5 54 15 03 03  00 30 00 00 00 00 00 00  |..!.T....0......|
-00000040  00 00 00 00 00 00 00 00  00 00 40 17 27 41 8c ae  |..........@.'A..|
-00000050  74 59 34 f0 2e 72 34 4e  98 6e d8 da 17 07 b3 14  |tY4..r4N.n......|
-00000060  d8 c8 2c ad b6 3e 44 5a  3e d7                    |..,..>DZ>.|
+00000010  00 00 00 00 00 c2 92 ee  96 31 60 90 d5 ee a6 1c  |.........1`.....|
+00000020  ed 3c 03 40 8c e7 0c db  7f b0 11 dc 7e 58 e1 aa  |.<.@........~X..|
+00000030  4c d7 68 2a 91 15 03 03  00 30 00 00 00 00 00 00  |L.h*.....0......|
+00000040  00 00 00 00 00 00 00 00  00 00 b6 61 51 ac 66 a5  |...........aQ.f.|
+00000050  d1 ef d3 ee c8 d3 48 72  d5 e0 ef 7d ca 6a ec b2  |......Hr...}.j..|
+00000060  77 ff 2d a8 32 6d be 6e  a7 42                    |w.-.2m.n.B|