crypto/tls: disable RSA-PSS in TLS 1.2 again

Signing with RSA-PSS can uncover faulty crypto.Signer implementations, and it can fail for (broken) small keys. We'll have to take that breakage eventually, but it would be nice for it to be opt-out at first. TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS to TLS 1.2 until TLS 1.3 is on without opt-out. Note that since the Client Hello is sent before a protocol version is selected, we have to advertise RSA-PSS there to support TLS 1.3. That means that we still support RSA-PSS on the client in TLS 1.2 for verifying server certificates, which is fine, as all issues arise on the signing side. We have to be careful not to pick (or consider available) RSA-PSS on the client for client certificates, though. We'd expect tests to change only in TLS 1.2: * the server won't pick PSS to sign the key exchange (Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS); * the server won't advertise PSS in CertificateRequest (Server-TLSv12-ClientAuthRequested*, TestClientAuth); * and the client won't pick PSS for its CertificateVerify (Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS, Client-TLSv12-Renegotiate* because "R" requests a client cert). Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test. This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7. Testing was made more complex by the undocumented semantics of OpenSSL's -[client_]sigalgs (see openssl/openssl#9172). Updates #32425 Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349 Reviewed-on: https://go-review.googlesource.com/c/go/+/182339 Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-06-13 18:33:33 -04:00 · 2019-06-13 18:33:33 -04:00 · 9a45e56dc1
commit 9a45e56dc1
parent 8e5858c5e1
39 changed files with 1715 additions and 1700 deletions
--- a/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ b/testdata/Client-TLSv12-ClientCert-RSA-RSA
@ -16,11 +16,11 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 34 d6 64 e9 90  |....Y...U..4.d..|
-00000010  47 32 62 4a 36 f9 2f 2b  c9 04 24 8d 9d 71 e1 ec  |G2bJ6./+..$..q..|
-00000020  63 c3 14 73 e6 db 33 53  6e 79 3b 20 10 6c f9 58  |c..s..3Sny; .l.X|
-00000030  c2 2a c8 26 39 1c 33 75  f7 7b ab e0 82 ab e1 f1  |.*.&9.3u.{......|
-00000040  11 8b d3 58 18 39 11 4f  b8 08 12 6b c0 2f 00 00  |...X.9.O...k./..|
+00000000  16 03 03 00 59 02 00 00  55 03 03 43 a0 10 ae 54  |....Y...U..C...T|
+00000010  09 23 be 14 d7 1d b3 64  66 5e 39 4e 42 ed 58 3a  |.#.....df^9NB.X:|
+00000020  1b de 35 eb ee 9b 86 44  fe 2b a8 20 e7 f1 4a 47  |..5....D.+. ..JG|
+00000030  b1 6b f0 fb d7 ed 3c 33  4a 52 bc 9b 39 c0 16 d3  |.k....<3JR..9...|
+00000040  f4 0a 7c 38 7e b3 95 31  7a c7 c8 f4 c0 2f 00 00  |..|8~..1z..../..|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 59 0b 00 02 55 00  02 52 00 02 4f 30 82 02  |..Y...U..R..O0..|
 00000070  4b 30 82 01 b4 a0 03 02  01 02 02 09 00 e8 f0 9d  |K0..............|
@ -60,17 +60,17 @@
 00000290  77 8d 0c 1c f1 0f a1 d8  40 83 61 c9 4c 72 2b 9d  |w.......@.a.Lr+.|
 000002a0  ae db 46 06 06 4d f4 c1  b3 3e c0 d1 bd 42 d4 db  |..F..M...>...B..|
 000002b0  fe 3d 13 60 84 5c 21 d3  3b e9 fa e7 16 03 03 00  |.=.`.\!.;.......|
-000002c0  ac 0c 00 00 a8 03 00 1d  20 7e 32 3b e9 c4 9d 93  |........ ~2;....|
-000002d0  d9 b1 b3 fc 04 33 a6 1b  b9 e8 1a 24 79 5e 0d bc  |.....3.....$y^..|
-000002e0  e2 f9 ba cc 18 15 64 0a  69 08 04 00 80 73 c1 81  |......d.i....s..|
-000002f0  fe 44 26 be 95 56 d6 89  59 3d 5f 84 69 31 50 ed  |.D&..V..Y=_.i1P.|
-00000300  77 a2 67 4a 16 3c dc f2  28 14 4e 3a 90 15 b3 db  |w.gJ.<..(.N:....|
-00000310  f1 d8 e1 75 7d 61 a6 a0  33 28 72 62 3a 09 93 75  |...u}a..3(rb:..u|
-00000320  16 63 a2 8b 89 5d 83 e4  e4 d8 89 4b 82 b5 66 b6  |.c...].....K..f.|
-00000330  09 2f 30 3f 66 36 bb ae  a1 67 c9 de 40 8d c3 6a  |./0?f6...g..@..j|
-00000340  5c 96 74 c4 29 c1 3e 6d  a0 84 f8 8d d3 0d a5 70  |\.t.).>m.......p|
-00000350  fe 38 dc 01 f0 75 64 be  bf 38 ab 70 28 e2 06 b0  |.8...ud..8.p(...|
-00000360  ea 27 14 3f 0f 4e 4f fc  01 29 b0 40 64 16 03 03  |.'.?.NO..).@d...|
+000002c0  ac 0c 00 00 a8 03 00 1d  20 e7 c6 c3 84 0a b7 55  |........ ......U|
+000002d0  ff fb ae 43 10 da 03 0d  7d 91 77 90 cd 05 6a ab  |...C....}.w...j.|
+000002e0  08 35 5a 38 23 79 45 9f  54 08 04 00 80 d8 b8 a1  |.5Z8#yE.T.......|
+000002f0  67 15 39 93 cc d0 ac e7  55 85 3e 62 f3 a6 d8 35  |g.9.....U.>b...5|
+00000300  5e bb 60 4e 33 70 05 47  b8 9e 8c e6 85 65 09 e2  |^.`N3p.G.....e..|
+00000310  95 4f 8a d9 4b cb 60 62  3c ef 57 81 ed b4 20 cf  |.O..K.`b<.W... .|
+00000320  b1 71 d9 62 57 60 fa 07  89 12 a1 90 8f 8f 06 4a  |.q.bW`.........J|
+00000330  56 c3 81 e0 b6 11 9e ce  33 fe 0f 4e b2 84 cc 4b  |V.......3..N...K|
+00000340  dc d4 71 e4 43 04 61 11  a9 a6 8a 20 43 a7 0e b6  |..q.C.a.... C...|
+00000350  a8 97 43 1b e0 a9 b1 0f  e8 19 68 0a 5d 38 d9 69  |..C.......h.]8.i|
+00000360  22 65 16 aa 05 16 11 cd  66 4a 4f be 90 16 03 03  |"e......fJO.....|
 00000370  00 3a 0d 00 00 36 03 01  02 40 00 2e 04 03 05 03  |.:...6...@......|
 00000380  06 03 08 07 08 08 08 09  08 0a 08 0b 08 04 08 05  |................|
 00000390  08 06 04 01 05 01 06 01  03 03 02 03 03 01 02 01  |................|
@ -112,26 +112,26 @@
 00000200  e5 35 16 03 03 00 25 10  00 00 21 20 2f e5 7d a3  |.5....%...! /.}.|
 00000210  47 cd 62 43 15 28 da ac  5f bb 29 07 30 ff f6 84  |G.bC.(.._.).0...|
 00000220  af c4 cf c2 ed 90 99 5f  58 cb 3b 74 16 03 03 00  |......._X.;t....|
-00000230  88 0f 00 00 84 08 04 00  80 5f d8 fc 5f fb e6 09  |........._.._...|
-00000240  b6 2f ff 22 c5 4c bd 42  99 cb e7 ff 86 95 11 99  |./.".L.B........|
-00000250  8f 3e 4a b3 72 78 26 02  2f af 03 a2 39 e7 e2 29  |.>J.rx&./...9..)|
-00000260  ce 66 9a 72 1d bf fc 27  87 75 bf f1 ee 18 62 bd  |.f.r...'.u....b.|
-00000270  47 bc ee 39 fa 9c c2 c5  59 f6 f5 59 09 34 48 a9  |G..9....Y..Y.4H.|
-00000280  02 25 e9 66 a8 d5 a6 a6  e2 67 8e a9 53 c1 2e 66  |.%.f.....g..S..f|
-00000290  a8 64 3e 5e a7 63 c0 10  36 5e 77 47 23 8f 6f 14  |.d>^.c..6^wG#.o.|
-000002a0  59 08 36 e4 2a 47 4d ff  12 b4 be bb 76 8c 21 5e  |Y.6.*GM.....v.!^|
-000002b0  08 36 34 6d 9e 01 0c 7c  85 14 03 03 00 01 01 16  |.64m...|........|
-000002c0  03 03 00 28 00 00 00 00  00 00 00 00 e4 36 4e c9  |...(.........6N.|
-000002d0  5c ea e3 59 ae a1 45 74  17 b1 1e fe e4 a9 b8 da  |\..Y..Et........|
-000002e0  b5 ce 4a 24 39 93 d7 ac  8f fb 74 a0              |..J$9.....t.|
+00000230  88 0f 00 00 84 04 01 00  80 2e af 25 b4 ff 00 08  |...........%....|
+00000240  c8 dc 24 49 d5 9b d0 fe  b5 81 8d 4e 15 d4 63 bf  |..$I.......N..c.|
+00000250  8e 4c a4 7d 96 58 a2 4b  f4 25 a8 e3 39 fc df 2d  |.L.}.X.K.%..9..-|
+00000260  7c a0 20 61 86 35 8e 7e  ba a5 2c f3 07 ad 84 36  ||. a.5.~..,....6|
+00000270  df ef 66 e9 78 d8 5f b3  17 45 31 d4 4a 38 5c 6c  |..f.x._..E1.J8\l|
+00000280  03 73 3b 74 60 c9 00 d1  64 59 c9 a5 39 00 fc bf  |.s;t`...dY..9...|
+00000290  9c 3a 99 46 4b 71 90 64  8a 24 2e 37 cf 8a 42 c2  |.:.FKq.d.$.7..B.|
+000002a0  56 a6 94 97 60 c5 56 ba  de 71 78 6c f2 be ce 16  |V...`.V..qxl....|
+000002b0  47 ca 0d 95 3c cc b8 6f  b2 14 03 03 00 01 01 16  |G...<..o........|
+000002c0  03 03 00 28 00 00 00 00  00 00 00 00 8e 0e 3b 43  |...(..........;C|
+000002d0  63 52 24 16 91 bc 50 85  ef 34 ad b9 f0 45 e7 4c  |cR$...P..4...E.L|
+000002e0  9a 07 1d 46 53 2c 89 79  0f 27 dc 9d              |...FS,.y.'..|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 8c 03 68 37 28  |..........(..h7(|
-00000010  47 c5 6c d6 33 ef 18 7e  f0 5e 93 fe a5 8a 2e 2a  |G.l.3..~.^.....*|
-00000020  72 e3 20 4d 98 d5 c5 a1  e2 55 a4 81 2b 0b b1 75  |r. M.....U..+..u|
-00000030  6c 02 20                                          |l. |
+00000000  14 03 03 00 01 01 16 03  03 00 28 2f 40 03 cf 5a  |..........(/@..Z|
+00000010  76 6c 87 87 8d 99 4c e8  76 73 6a 62 1d a5 31 bc  |vl....L.vsjb..1.|
+00000020  2e 7e 23 8c 50 bf 07 b9  13 53 4a 59 a0 9b 74 b7  |.~#.P....SJY..t.|
+00000030  53 21 2d                                          |S!-|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 1c 99 25  |...............%|
-00000010  ba ae 73 88 34 3e 85 49  d3 b9 00 77 6e c4 fc 67  |..s.4>.I...wn..g|
-00000020  9d c8 e2 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
-00000030  34 5f 22 7e 6f ee e7 03  fd 9e 30 9d 0f 63 85 d7  |4_"~o.....0..c..|
-00000040  c5 b7                                             |..|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 83 69 b1  |..............i.|
+00000010  20 19 eb db d4 58 e7 f1  5a 95 b0 d3 9d 3b 74 ad  | ....X..Z....;t.|
+00000020  bc 94 c4 15 03 03 00 1a  00 00 00 00 00 00 00 02  |................|
+00000030  7d 89 89 25 40 be 0d fc  24 d0 ff 5a 0f 24 5d f2  |}..%@...$..Z.$].|
+00000040  a3 ab                                             |..|