crypto/tls: advertise support for SHA-512 signatures in 1.2

This is the equivalent change to 1c105980 but for SHA-512. SHA-512 certificates are already supported by default since b53bb2ca, but some servers will refuse connections if the algorithm is not advertised in the overloaded signatureAndHash extension (see 09b238f1). This required adding support for SHA-512 signatures on CertificateVerify and ServerKeyExchange messages, because of said overloading. Some testdata/Client-TLSv1{0,1} files changed because they send a 1.2 ClientHello even if the server picks a lower version. Closes #22422 Change-Id: I16282d03a3040260d203711ec21e6b20a0e1e105 Reviewed-on: https://go-review.googlesource.com/74950 Run-TryBot: Filippo Valsorda <hi@filippo.io> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-04 12:37:35 +03:00 · 2017-10-31 19:43:05 -04:00 · 2017-10-31 19:43:05 -04:00 · ca44103d11
commit ca44103d11
parent 90f8fc90bd
48 changed files with 1902 additions and 2108 deletions
--- a/testdata/Client-TLSv12-RSA-RC4
+++ b/testdata/Client-TLSv12-RSA-RC4
@ -1,20 +1,20 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 00 00 00 00 00  |................|
+00000000  16 03 01 00 95 01 00 00  91 03 03 00 00 00 00 00  |................|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2c cc a8  |.............,..|
 00000030  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
 00000040  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 38 00 05  |.............8..|
+00000050  c0 12 00 0a 00 05 c0 11  c0 07 01 00 00 3c 00 05  |.............<..|
 00000060  00 05 01 00 00 00 00 00  0a 00 0a 00 08 00 1d 00  |................|
-00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0e 00  |................|
-00000080  0c 04 01 04 03 05 01 05  03 02 01 02 03 ff 01 00  |................|
-00000090  01 00 00 12 00 00                                 |......|
+00000070  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 12 00  |................|
+00000080  10 04 01 04 03 05 01 05  03 06 01 06 03 02 01 02  |................|
+00000090  03 ff 01 00 01 00 00 12  00 00                    |..........|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 51 02 00 00  4d 03 03 ac bf 85 b8 5f  |....Q...M......_|
-00000010  56 44 a0 c5 3b 20 77 71  af de 34 bc 79 a0 a4 a7  |VD..; wq..4.y...|
-00000020  fa 2e cf b5 ee c5 a7 a2  5e 11 48 20 05 89 5e a6  |........^.H ..^.|
-00000030  cd ad 91 e4 be c3 c3 6c  6a 0e 1d ab 27 03 5e 0f  |.......lj...'.^.|
-00000040  05 9d ef b0 63 8d 2d b6  29 08 66 e3 00 05 00 00  |....c.-.).f.....|
+00000000  16 03 03 00 51 02 00 00  4d 03 03 90 26 c2 6e 52  |....Q...M...&.nR|
+00000010  59 b2 e8 f1 c5 fc 4d 59  13 76 43 4e a4 ab 0b 33  |Y.....MY.vCN...3|
+00000020  96 d0 4e 89 bd 1e bd 89  f6 2b d7 20 39 94 41 68  |..N......+. 9.Ah|
+00000030  81 74 78 60 e1 5f f7 7d  e3 9d 81 f1 62 bd 45 67  |.tx`._.}....b.Eg|
+00000040  51 50 bd 84 76 70 52 c3  ce 32 90 51 00 05 00 00  |QP..vpR..2.Q....|
 00000050  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
 00000060  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
 00000070  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
@ -64,15 +64,15 @@
 00000060  c5 70 0f 08 83 48 e9 48  ef 6e 50 8b 05 7e e5 84  |.p...H.H.nP..~..|
 00000070  25 fa 55 c7 ae 31 02 27  00 ef 3f 98 86 20 12 89  |%.U..1.'..?.. ..|
 00000080  91 59 28 b4 f7 d7 af d2  69 61 35 14 03 03 00 01  |.Y(.....ia5.....|
-00000090  01 16 03 03 00 24 e1 ef  77 60 cf 7a 44 79 74 59  |.....$..w`.zDytY|
-000000a0  ff 81 72 b9 b5 f5 97 af  60 59 78 f5 01 49 2d bb  |..r.....`Yx..I-.|
-000000b0  4a ec 98 1f f5 31 f4 00  a2 f3                    |J....1....|
+00000090  01 16 03 03 00 24 4b 7c  05 1b 5d ed 28 c0 ce db  |.....$K|..].(...|
+000000a0  c9 1d bb e8 a1 94 d7 30  ac aa 54 08 2a 82 a2 a0  |.......0..T.*...|
+000000b0  52 e7 cb 32 0f c2 f8 ad  f3 c9                    |R..2......|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 24 52 fd a3 51 aa  |..........$R..Q.|
-00000010  ee 9d 4d be 8c 08 32 f6  f7 4a a5 26 26 6c b2 5a  |..M...2..J.&&l.Z|
-00000020  49 7f 31 7d 44 b1 83 67  19 4a e3 07 7d 59 34     |I.1}D..g.J..}Y4|
+00000000  14 03 03 00 01 01 16 03  03 00 24 ad ef e3 a0 c4  |..........$.....|
+00000010  2c a0 ca 82 a6 f0 eb 8f  73 f3 48 11 0f 1f cc 6f  |,.......s.H....o|
+00000020  6f 63 fa d8 9d 47 6b b2  ab 3e fe bc 0e 44 ce     |oc...Gk..>...D.|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1a 61 73 4d  86 b2 a1 36 b2 3e b0 1d  |.....asM...6.>..|
-00000010  6a b9 8a 8b 00 e0 3a d9  7e 23 c7 83 72 97 28 15  |j.....:.~#..r.(.|
-00000020  03 03 00 16 4a 8a 04 00  0a b2 75 80 20 ad 76 2a  |....J.....u. .v*|
-00000030  88 16 56 e6 4a a5 c0 ea  c7 0c                    |..V.J.....|
+00000000  17 03 03 00 1a e7 90 92  8b a5 a6 4f 22 97 2f 23  |...........O"./#|
+00000010  f1 3c 54 65 2c 14 7e fd  1d 8f c7 76 97 e8 f8 15  |.<Te,.~....v....|
+00000020  03 03 00 16 c0 c9 cc 98  62 c6 ac 36 0f a5 2d a5  |........b..6..-.|
+00000030  73 9a 9c 0f 26 5a f6 89  3b c9                    |s...&Z..;.|