src/crypto/tls/testdata · 5a97747c40aa23118b7b721d88038a584a5c3bc3 · go / golang

crypto/tls: return correct hash function when using client certificates in handshake · ebe3d693

Joël Stemmer authored Mar 06, 2015

Commit f1d669ae added support for
AES_256_GCM_SHA384 cipher suites as specified in RFC5289. However, it
did not take the arbitrary hash function into account in the TLS client
handshake when using client certificates.

The hashForClientCertificate method always returned SHA256 as its
hashing function, even if it actually used a different one to calculate
its digest. Setting up the connection would eventually fail with the
error "tls: failed to sign handshake with client certificate:
crypto/rsa: input must be hashed message".

Included is an additional test for this specific situation that uses the
SHA384 hash.

Fixes #9808

Change-Id: Iccbf4ab225633471ef897907c208ad31f92855a3
Reviewed-on: https://go-review.googlesource.com/7040Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>

ebe3d693

Name	Last commit	Last update
..
Client-TLSv10-ClientCert-ECDSA-ECDSA		Loading commit data...
Client-TLSv10-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv10-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv10-ClientCert-RSA-RSA		Loading commit data...
Client-TLSv10-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv10-ECDHE-RSA-AES		Loading commit data...
Client-TLSv10-RSA-RC4		Loading commit data...
Client-TLSv11-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv11-ECDHE-RSA-AES		Loading commit data...
Client-TLSv11-RSA-RC4		Loading commit data...
Client-TLSv12-ALPN		Loading commit data...
Client-TLSv12-ALPN-NoMatch		Loading commit data...
Client-TLSv12-ClientCert-ECDSA-ECDSA		Loading commit data...
Client-TLSv12-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-RSA		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES-GCM		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ECDHE-RSA-AES		Loading commit data...
Client-TLSv12-RSA-RC4		Loading commit data...
Server-SSLv3-RSA-3DES		Loading commit data...
Server-SSLv3-RSA-AES		Loading commit data...
Server-SSLv3-RSA-RC4		Loading commit data...
Server-TLSv10-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv10-RSA-3DES		Loading commit data...
Server-TLSv10-RSA-AES		Loading commit data...
Server-TLSv10-RSA-RC4		Loading commit data...
Server-TLSv11-FallbackSCSV		Loading commit data...
Server-TLSv11-RSA-RC4		Loading commit data...
Server-TLSv12-ALPN		Loading commit data...
Server-TLSv12-ALPN-NoMatch		Loading commit data...
Server-TLSv12-CipherSuiteCertPreferenceECDSA		Loading commit data...
Server-TLSv12-CipherSuiteCertPreferenceRSA		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndECDSAGiven		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndGiven		Loading commit data...
Server-TLSv12-ClientAuthRequestedNotGiven		Loading commit data...
Server-TLSv12-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv12-IssueTicket		Loading commit data...
Server-TLSv12-IssueTicketPreDisable		Loading commit data...
Server-TLSv12-RSA-3DES		Loading commit data...
Server-TLSv12-RSA-AES		Loading commit data...
Server-TLSv12-RSA-AES-GCM		Loading commit data...
Server-TLSv12-RSA-AES256-GCM-SHA384		Loading commit data...
Server-TLSv12-RSA-RC4		Loading commit data...
Server-TLSv12-Resume		Loading commit data...
Server-TLSv12-ResumeDisabled		Loading commit data...
Server-TLSv12-SNI		Loading commit data...