|
 |
5f1c2b |
diff -up nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc.disable_pss nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
|
|
|
5f1c2b |
--- nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc.disable_pss 2017-02-17 11:45:24.866780893 +0100
|
|
|
5f1c2b |
+++ nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc 2017-02-17 11:47:16.774439092 +0100
|
|
|
5f1c2b |
@@ -58,7 +58,7 @@ TEST_P(TlsConnectGeneric, ConnectEcdheP3
|
|
|
5f1c2b |
server_->ConfigNamedGroups(groups);
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
|
|
|
5f1c2b |
// This causes a HelloRetryRequest in TLS 1.3. Earlier versions don't care.
|
|
|
5f1c2b |
@@ -71,7 +71,7 @@ TEST_P(TlsConnectGeneric, ConnectEcdheP3
|
|
|
5f1c2b |
server_->ConfigNamedGroups(groups);
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
EXPECT_EQ(version_ == SSL_LIBRARY_VERSION_TLS_1_3,
|
|
|
5f1c2b |
hrr_capture->buffer().len() != 0);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -101,7 +101,7 @@ TEST_P(TlsKeyExchangeTest, P384Priority)
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
|
|
|
5f1c2b |
std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
|
|
|
5f1c2b |
CheckKEXDetails(groups, shares);
|
|
|
5f1c2b |
@@ -118,7 +118,7 @@ TEST_P(TlsKeyExchangeTest, DuplicateGrou
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
|
|
|
5f1c2b |
std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
|
|
|
5f1c2b |
std::vector<SSLNamedGroup> expectedGroups = {ssl_grp_ec_secp384r1,
|
|
|
5f1c2b |
@@ -136,7 +136,7 @@ TEST_P(TlsKeyExchangeTest, P384PriorityD
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
|
|
|
5f1c2b |
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
|
|
|
5f1c2b |
std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
|
|
|
5f1c2b |
@@ -161,7 +161,7 @@ TEST_P(TlsConnectGenericPre13, P384Prior
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
|
|
|
5f1c2b |
TEST_P(TlsConnectGenericPre13, P384PriorityFromModelSocket) {
|
|
|
5f1c2b |
@@ -177,7 +177,7 @@ TEST_P(TlsConnectGenericPre13, P384Prior
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
|
|
|
5f1c2b |
class TlsKeyExchangeGroupCapture : public TlsHandshakeFilter {
|
|
|
5f1c2b |
@@ -265,7 +265,7 @@ TEST_P(TlsConnectStreamPre13, Configured
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
CheckConnected();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
// The renegotiation has to use the same preferences as the original session.
|
|
|
5f1c2b |
@@ -273,7 +273,7 @@ TEST_P(TlsConnectStreamPre13, Configured
|
|
|
5f1c2b |
client_->StartRenegotiate();
|
|
|
5f1c2b |
Handshake();
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
|
|
|
5f1c2b |
TEST_P(TlsConnectGenericPre13, GroupPreferenceServerPriority) {
|
|
|
5f1c2b |
@@ -293,7 +293,7 @@ TEST_P(TlsConnectGenericPre13, GroupPref
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
|
|
|
5f1c2b |
#ifndef NSS_DISABLE_TLS_1_3
|
|
|
5f1c2b |
@@ -312,7 +312,7 @@ TEST_P(TlsKeyExchangeTest13, Curve25519P
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp256r1};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -332,7 +332,7 @@ TEST_P(TlsKeyExchangeTest13, Curve25519P
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -354,7 +354,7 @@ TEST_P(TlsKeyExchangeTest13, EqualPriori
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -376,7 +376,7 @@ TEST_P(TlsKeyExchangeTest13, NotEqualPri
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -398,7 +398,7 @@ TEST_P(TlsKeyExchangeTest13,
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -420,7 +420,7 @@ TEST_P(TlsKeyExchangeTest13,
|
|
|
5f1c2b |
Connect();
|
|
|
5f1c2b |
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
|
|
|
5f1c2b |
}
|
|
|
5f1c2b |
@@ -482,7 +482,7 @@ TEST_P(TlsKeyExchangeTest13, MultipleCli
|
|
|
5f1c2b |
|
|
|
5f1c2b |
// The server would accept 25519 but its preferred group (P256) has to win.
|
|
|
5f1c2b |
CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
|
|
|
5f1c2b |
- ssl_sig_rsa_pss_sha256);
|
|
|
5f1c2b |
+ ssl_sig_rsa_pkcs1_sha256);
|
|
|
5f1c2b |
const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519,
|
|
|
5f1c2b |
ssl_grp_ec_secp256r1};
|
|
|
5f1c2b |
CheckKEXDetails(client_groups, shares);
|