Renumber TLS 1.3 signature algorithms.
The old numbers violate a MUST-level requirement in TLS 1.2 to not advertise anonymous (0x0700 ends in 0x00). The spec has been updated with new allocations which avoid these. BUG=webrtc:6342 Change-Id: Ia5663ada98fa1ebf0f8a7f50fe74a0e9206c4194 Reviewed-on: https://boringssl-review.googlesource.com/11131 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
88536c3cb1
commit
af56fbd62a
@ -908,9 +908,9 @@ OPENSSL_EXPORT int SSL_CTX_set_ocsp_response(SSL_CTX *ctx,
|
|||||||
#define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403
|
#define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403
|
||||||
#define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503
|
#define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503
|
||||||
#define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603
|
#define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603
|
||||||
#define SSL_SIGN_RSA_PSS_SHA256 0x0700
|
#define SSL_SIGN_RSA_PSS_SHA256 0x0804
|
||||||
#define SSL_SIGN_RSA_PSS_SHA384 0x0701
|
#define SSL_SIGN_RSA_PSS_SHA384 0x0805
|
||||||
#define SSL_SIGN_RSA_PSS_SHA512 0x0702
|
#define SSL_SIGN_RSA_PSS_SHA512 0x0806
|
||||||
|
|
||||||
/* SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to
|
/* SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to
|
||||||
* specify raw RSASSA-PKCS1-v1_5 with an MD5/SHA-1 concatenation, as used in TLS
|
* specify raw RSASSA-PKCS1-v1_5 with an MD5/SHA-1 concatenation, as used in TLS
|
||||||
|
@ -1780,8 +1780,8 @@ static bool TestClientHello() {
|
|||||||
0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
|
0xc0, 0x28, 0x00, 0x39, 0x00, 0x6b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f,
|
||||||
0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x3b,
|
0x00, 0x3c, 0x00, 0x35, 0x00, 0x3d, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x3b,
|
||||||
0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
|
0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00,
|
||||||
0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x07, 0x02, 0x06, 0x01, 0x06,
|
0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06,
|
||||||
0x03, 0x07, 0x01, 0x05, 0x01, 0x05, 0x03, 0x07, 0x00, 0x04, 0x01, 0x04,
|
0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
|
||||||
0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
|
0x03, 0x02, 0x01, 0x02, 0x03, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
|
||||||
0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
|
0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
|
||||||
};
|
};
|
||||||
|
@ -165,13 +165,13 @@ const (
|
|||||||
signatureECDSAWithP521AndSHA512 signatureAlgorithm = 0x0603
|
signatureECDSAWithP521AndSHA512 signatureAlgorithm = 0x0603
|
||||||
|
|
||||||
// RSASSA-PSS algorithms
|
// RSASSA-PSS algorithms
|
||||||
signatureRSAPSSWithSHA256 signatureAlgorithm = 0x0700
|
signatureRSAPSSWithSHA256 signatureAlgorithm = 0x0804
|
||||||
signatureRSAPSSWithSHA384 signatureAlgorithm = 0x0701
|
signatureRSAPSSWithSHA384 signatureAlgorithm = 0x0805
|
||||||
signatureRSAPSSWithSHA512 signatureAlgorithm = 0x0702
|
signatureRSAPSSWithSHA512 signatureAlgorithm = 0x0806
|
||||||
|
|
||||||
// EdDSA algorithms
|
// EdDSA algorithms
|
||||||
signatureEd25519 signatureAlgorithm = 0x0703
|
signatureEd25519 signatureAlgorithm = 0x0807
|
||||||
signatureEd448 signatureAlgorithm = 0x0704
|
signatureEd448 signatureAlgorithm = 0x0808
|
||||||
)
|
)
|
||||||
|
|
||||||
// supportedSignatureAlgorithms contains the default supported signature
|
// supportedSignatureAlgorithms contains the default supported signature
|
||||||
|
Loading…
Reference in New Issue
Block a user