Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Sat, 15 Mar 2025 11:12:22 +0000 (12:12 +0100)
committer	Gopher Robot <gobot@golang.org>
	Wed, 21 May 2025 21:18:04 +0000 (14:18 -0700)
commit	e90acc814de247f58330be1d8ba3b11c78c96077
tree	a56fd0ac07eab3c8e1155da0b1d182ab151aa589	tree
parent	33d3f603c19f46e6529483230465cd6f420ce23b	commit \| diff

crypto/tls: don't advertise TLS 1.2-only sigAlgs in TLS 1.3

If a ClientHello only supports TLS 1.3, or if a CertificateRequest is
sent after selecting TLS 1.3, we should not advertise TLS 1.2-only
signature_algorithms like PKCS#1 v1.5 or SHA-1.

However, since crypto/x509 still supports PKCS#1 v1.5, and a direct
CertPool match might not care about the signature in the certificate at
all, start sending a separate signature_algorithms_cert extension to
indicate support for PKCS#1 v1.5 and SHA-1 in certificates.

We were already correctly rejecting these algorithms if the peer
selected them in a TLS 1.3 connection.

Updates #72883

Change-Id: I6a6a4656ab60e1b7fb20fdedc32604dc156953ae
Reviewed-on: https://go-review.googlesource.com/c/go/+/658215
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>

src/crypto/tls/auth.go		diff \| blob \| history
src/crypto/tls/auth_test.go		diff \| blob \| history
src/crypto/tls/common.go		diff \| blob \| history
src/crypto/tls/defaults.go		diff \| blob \| history
src/crypto/tls/defaults_boring.go		diff \| blob \| history
src/crypto/tls/defaults_fips140.go		diff \| blob \| history
src/crypto/tls/fips140_test.go		diff \| blob \| history
src/crypto/tls/handshake_client.go		diff \| blob \| history
src/crypto/tls/handshake_client_tls13.go		diff \| blob \| history
src/crypto/tls/handshake_messages_test.go		diff \| blob \| history
src/crypto/tls/handshake_server.go		diff \| blob \| history
src/crypto/tls/handshake_server_tls13.go		diff \| blob \| history
src/crypto/tls/quic_test.go		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-ExportKeyingMaterial		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv10-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv11-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-AES128-GCM-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-AES128-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ALPN		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-Ed25519		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPKCS1v15		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-Ed25519		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-ExportKeyingMaterial		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-P256-ECDHE		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RSA-RC4		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-RenegotiationRejected		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-SCT		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv12-X25519-ECDHE		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-AES128-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-AES256-SHA384		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ALPN		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-CHACHA20-SHA256		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ClientCert-ECDSA-RSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ClientCert-Ed25519		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-RSAPSS		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ECDSA		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-Ed25519		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-ExportKeyingMaterial		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-HelloRetryRequest		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-KeyUpdate		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-P256-ECDHE		diff \| blob \| history
src/crypto/tls/testdata/Client-TLSv13-X25519-ECDHE		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndECDSAGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndEd25519Given		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven		diff \| blob \| history
src/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedNotGiven		diff \| blob \| history