crypto/tls: advertise support for SHA-512 signatures in 1.2

This is the equivalent change to 1c105980 but for SHA-512. SHA-512 certificates are already supported by default since b53bb2ca, but some servers will refuse connections if the algorithm is not advertised in the overloaded signatureAndHash extension (see 09b238f1). This required adding support for SHA-512 signatures on CertificateVerify and ServerKeyExchange messages, because of said overloading. Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2 ClientHello even if the server picks a lower version. Closes #22422 Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105 Reviewed-on: https://go-review.googlesource.com/74950 Run-TryBot: Filippo Valsorda <hi@filippo.io> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2017-10-31 19:43:05 -04:00 · 2017-10-31 19:43:05 -04:00 · ca44103d11
commit ca44103d11
parent 90f8fc90bd
48 changed files with 1902 additions and 2108 deletions
--- a/testdata/Client-TLSv12-ALPN
+++ b/testdata/Client-TLSv12-ALPN
@ -1,21 +1,22 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 a9 01 00 00  a5 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 ad 01 00 00  a9 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
 00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
 00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 50 33 74  |.............P3t|
+00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 54 33 74  |.............T3t|
 00000060  00 00 00 05 00 05 01 00  00 00 00 00 0a 00 0a 00  |................|
 00000070  08 00 1d 00 17 00 18 00  19 00 0b 00 02 01 00 00  |................|
-00000080  0d 00 0e 00 0c 04 01 04  03 05 01 05 03 02 01 02  |................|
-00000090  03 ff 01 00 01 00 00 10  00 10 00 0e 06 70 72 6f  |.............pro|
-000000a0  74 6f 32 06 70 72 6f 74  6f 31 00 12 00 00        |to2.proto1....|
+00000080  0d 00 12 00 10 04 01 04  03 05 01 05 03 06 01 06  |................|
+00000090  03 02 01 02 03 ff 01 00  01 00 00 10 00 10 00 0e  |................|
+000000a0  06 70 72 6f 74 6f 32 06  70 72 6f 74 6f 31 00 12  |.proto2.proto1..|
+000000b0  00 00                                             |..|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 66 02 00 00  62 03 03 8d 70 c6 03 ad  |....f...b...p...|
-00000010  2f 20 b3 c2 ab e0 fc 80  74 c4 23 9e 82 65 61 a1  |/ ......t.#..ea.|
-00000020  26 97 14 a0 9b 9c d5 e0  92 43 ee 20 ec 84 cf 78  |&........C. ...x|
-00000030  44 16 7d f3 ad 94 a9 f8  c3 e0 c6 e1 b6 c5 e3 3d  |D.}............=|
-00000040  77 ea 76 1d 58 cc 94 3a  ad 1a 1a 6c cc a8 00 00  |w.v.X..:...l....|
+00000000  16 03 03 00 66 02 00 00  62 03 03 cb 8e 3f a0 07  |....f...b....?..|
+00000010  c3 0e b3 b2 07 39 e2 2d  b9 5f 03 31 05 b0 0d b6  |.....9.-._.1....|
+00000020  c7 c5 4d 39 2b 3f 1a d7  38 43 69 20 f5 35 e2 93  |..M9+?..8Ci .5..|
+00000030  75 c4 eb b3 eb a3 ad cd  9f e3 c6 dc b8 ea 20 7c  |u............. ||
+00000040  94 1b 9c 73 bd 2e af f1  4d 97 6d eb cc a8 00 00  |...s....M.m.....|
 00000050  1a ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 10  |................|
 00000060  00 09 00 07 06 70 72 6f  74 6f 31 16 03 03 02 59  |.....proto1....Y|
 00000070  0b 00 02 55 00 02 52 00  02 4f 30 82 02 4b 30 82  |...U..R..O0..K0.|
@ -56,31 +57,31 @@
 000002a0  1c f1 0f a1 d8 40 83 61  c9 4c 72 2b 9d ae db 46  |.....@.a.Lr+...F|
 000002b0  06 06 4d f4 c1 b3 3e c0  d1 bd 42 d4 db fe 3d 13  |..M...>...B...=.|
 000002c0  60 84 5c 21 d3 3b e9 fa  e7 16 03 03 00 ac 0c 00  |`.\!.;..........|
-000002d0  00 a8 03 00 1d 20 84 de  31 92 b6 a5 d8 a4 88 a2  |..... ..1.......|
-000002e0  54 67 e6 61 40 f2 5a 87  0f ce 15 b1 d6 af f3 5d  |Tg.a@.Z........]|
-000002f0  99 71 d6 04 f5 52 04 01  00 80 a8 1d 8b 8c e9 a3  |.q...R..........|
-00000300  af 2d 31 e4 0f f0 26 74  c2 e5 1b ae ac 47 9c 6e  |.-1...&t.....G.n|
-00000310  6c 5f 45 7d b1 b3 2a af  36 68 42 13 95 0d 33 1c  |l_E}..*.6hB...3.|
-00000320  8d 6c 72 48 4a 94 f0 fb  82 20 cc 76 21 7f 62 e7  |.lrHJ.... .v!.b.|
-00000330  23 a3 c8 4e 3a ce f1 5c  c3 60 73 26 59 4c 94 f3  |#..N:..\.`s&YL..|
-00000340  07 36 f6 a0 b3 60 03 d5  72 1e bf c8 d9 1d 61 01  |.6...`..r.....a.|
-00000350  9a 18 57 a3 b4 de 36 1f  e1 7d dc 69 c0 fb c0 71  |..W...6..}.i...q|
-00000360  45 1f 73 0d 50 69 d3 18  97 23 60 1c 5a 9a 93 b4  |E.s.Pi...#`.Z...|
-00000370  67 cc e5 80 3b 25 d0 6c  50 c8 16 03 03 00 04 0e  |g...;%.lP.......|
+000002d0  00 a8 03 00 1d 20 4c d6  65 c1 74 2c 78 ab 45 87  |..... L.e.t,x.E.|
+000002e0  bc 6e 9a cd 6c d4 2f 1e  ed 1b ed 68 e0 20 3b 13  |.n..l./....h. ;.|
+000002f0  7b b9 45 a1 38 78 04 01  00 80 31 26 2b b6 f8 fe  |{.E.8x....1&+...|
+00000300  bf 3c c6 8e ec 30 87 09  18 87 27 ec 9f 4f 93 74  |.<...0....'..O.t|
+00000310  6b 65 94 12 3e 4d 5e a8  f7 0f ec 9e 60 c5 d5 a0  |ke..>M^.....`...|
+00000320  c1 53 10 1d 8a 5b 82 2e  64 07 59 2e 0c b8 e3 90  |.S...[..d.Y.....|
+00000330  20 a5 0a 88 3e 7e d6 b9  85 58 78 f1 58 56 a6 d8  | ...>~...Xx.XV..|
+00000340  ee 60 52 59 d1 5b 16 58  de ce bc 09 79 99 65 e0  |.`RY.[.X....y.e.|
+00000350  6b 0b 4e 3d fb 80 35 6b  56 48 33 b3 17 4e 61 cf  |k.N=..5kVH3..Na.|
+00000360  88 78 41 14 c8 fa 41 32  f9 2b 87 27 40 d7 2b 51  |.xA...A2.+.'@.+Q|
+00000370  bd 16 54 cd f3 79 3a 7d  c9 f0 16 03 03 00 04 0e  |..T..y:}........|
 00000380  00 00 00                                          |...|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 5c c5 3e  7a 14 97 1b 55 88 25 08  |.... \.>z...U.%.|
-00000040  ad 86 48 ac f0 43 8c 17  5b 58 93 6c 7a 95 69 a8  |..H..C..[X.lz.i.|
-00000050  ad 0c b3 61 4d                                    |...aM|
+00000030  16 03 03 00 20 40 b0 f2  80 ce 38 b3 98 fd 34 ba  |.... @....8...4.|
+00000040  84 d3 f7 30 dc 9f 09 4b  0e 44 0b 79 b1 28 39 53  |...0...K.D.y.(9S|
+00000050  94 03 db c8 2b                                    |....+|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 dd 1b 80 da d9  |.......... .....|
-00000010  73 da 7d 15 9b 92 82 01  a7 8f fe 4a 75 97 8f f4  |s.}........Ju...|
-00000020  64 1b bf cf c3 40 78 f2  52 f5 7a                 |d....@x.R.z|
+00000000  14 03 03 00 01 01 16 03  03 00 20 6f 6c ec 1a 29  |.......... ol..)|
+00000010  d8 29 6c 10 67 12 4f 45  d3 64 85 e4 bc 28 5b 52  |.)l.g.OE.d...([R|
+00000020  d0 46 45 3c ac bc fa 51  c1 00 84                 |.FE<...Q...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 4e fa 7c  37 80 48 19 a6 03 25 7c  |.....N.|7.H...%||
-00000010  65 56 43 af 9a e8 e2 aa  e5 79 98 15 03 03 00 12  |eVC......y......|
-00000020  f9 b7 01 e8 2e 85 33 89  60 44 84 93 26 4c ec ac  |......3.`D..&L..|
-00000030  2e 6f                                             |.o|
+00000000  17 03 03 00 16 7d 3e 49  f0 a6 61 18 fc 10 f4 7f  |.....}>I..a.....|
+00000010  e2 df b7 58 7d ad 31 84  de 60 e0 15 03 03 00 12  |...X}.1..`......|
+00000020  08 cd 3f b6 58 d8 72 12  e0 f5 c6 8f f7 76 d5 29  |..?.X.r......v.)|
+00000030  4f b2                                             |O.|