diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 5e9cde14..ab50a57e 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -75,10 +75,7 @@ static const VersionParam kAllVersions[] = { {TLS1_VERSION, VersionParam::is_tls, "TLS1"}, {TLS1_1_VERSION, VersionParam::is_tls, "TLS1_1"}, {TLS1_2_VERSION, VersionParam::is_tls, "TLS1_2"}, -// TLS 1.3 requires RSA-PSS, which is disabled for Android system builds. -#if !defined(BORINGSSL_ANDROID_SYSTEM) {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"}, -#endif {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"}, {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"}, }; @@ -1974,8 +1971,6 @@ TEST(SSLTest, ClientHello) { 0x01, 0x00, 0x00, 0x1f, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}}, - // This test assumes RSA-PSS, which is disabled for Android system builds. -#if !defined(BORINGSSL_ANDROID_SYSTEM) {TLS1_2_VERSION, {0x16, 0x03, 0x01, 0x00, 0x8e, 0x01, 0x00, 0x00, 0x8a, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1990,7 +1985,6 @@ TEST(SSLTest, ClientHello) { 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18}}, -#endif // TODO(davidben): Add a change detector for TLS 1.3 once the spec and our // implementation has settled enough that it won't change. }; diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 40b0dc00..31b51c9d 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -418,25 +418,15 @@ static const uint16_t kVerifySignatureAlgorithms[] = { // List our preferred algorithms first. SSL_SIGN_ED25519, SSL_SIGN_ECDSA_SECP256R1_SHA256, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA256, -#endif SSL_SIGN_RSA_PKCS1_SHA256, // Larger hashes are acceptable. SSL_SIGN_ECDSA_SECP384R1_SHA384, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA384, -#endif SSL_SIGN_RSA_PKCS1_SHA384, - // TODO(davidben): Remove this. -#if defined(BORINGSSL_ANDROID_SYSTEM) - SSL_SIGN_ECDSA_SECP521R1_SHA512, -#endif -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA512, -#endif SSL_SIGN_RSA_PKCS1_SHA512, // For now, SHA-1 is still accepted but least preferable. @@ -454,24 +444,18 @@ static const uint16_t kSignSignatureAlgorithms[] = { // List our preferred algorithms first. SSL_SIGN_ED25519, SSL_SIGN_ECDSA_SECP256R1_SHA256, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA256, -#endif SSL_SIGN_RSA_PKCS1_SHA256, // If needed, sign larger hashes. // // TODO(davidben): Determine which of these may be pruned. SSL_SIGN_ECDSA_SECP384R1_SHA384, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA384, -#endif SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_ECDSA_SECP521R1_SHA512, -#if !defined(BORINGSSL_ANDROID_SYSTEM) SSL_SIGN_RSA_PSS_SHA512, -#endif SSL_SIGN_RSA_PKCS1_SHA512, // If the peer supports nothing else, sign with SHA-1.