Cypherpunks repositories - gostls13.git/commit

]> Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Mon, 4 Nov 2019 02:28:47 +0000 (21:28 -0500)
committer	Filippo Valsorda <filippo@golang.org>
	Tue, 12 Nov 2019 01:09:15 +0000 (01:09 +0000)
commit	52a5bf4d33d55bac37b07e5ff0c33b104e1fe5f8
tree	6a72a78e4bcba87bb7a4c41ea5e9c2fe67a36473	tree
parent	5b17b6575036e1e4f4c6a2cf75e34f7ada806624	commit \| diff

crypto/tls: re-enable RSA-PSS in TLS 1.2 again

TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG
opt-out, and with the introduction of
Certificate.SupportedSignatureAlgorithms (#28660) there is a
programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and
use that field to specify only PKCS#1 v1.5 SignatureSchemes).

This effectively reverts 0b3a57b5374bba3fdf88258e2be4c8be65e6a5de,
although following CL 205061 all of the signing-side logic is
conveniently centralized in signatureSchemesForCertificate.

Fixes #32425

Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7
Reviewed-on: https://go-review.googlesource.com/c/go/+/205063
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

28 files changed:

src/crypto/tls/auth.go		diff \| blob \| history
src/crypto/tls/auth_test.go		diff \| blob \| history
src/crypto/tls/common.go		diff \| blob \| history
src/crypto/tls/handshake_client_test.go		diff \| blob \| history
src/crypto/tls/handshake_server.go		diff \| blob \| history
src/crypto/tls/handshake_server_test.go		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ALPN		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-P256		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv12-X25519		diff \| blob \| history
src/crypto/tls/tls_test.go		diff \| blob \| history

Go GOST TLS 1.3

RSS Atom