Forbid PKCS1 in TLS 1.3. BUG=84 Change-Id: Ie5eaefddd161488996033de28c0ebd1064bb793d Reviewed-on: https://boringssl-review.googlesource.com/10484 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>

commit: 54ed58e806823d580998c984685c439a2eca0d76 [log] [tgz]
author: Steven Valdez <svaldez@google.com> Thu Aug 18 14:03:49 2016 -0400
committer: David Benjamin <davidben@google.com> Thu Aug 18 20:51:01 2016 +0000
tree: dd24dfbb0fade400c7af0885af1bd86b7089d2bf
parent: 37646838e9bb62a0d9d506b117193611c4c46012 [diff] [blame]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 8221286..3e4ba2e 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -5484,6 +5484,10 @@
 			if ver.version == VersionTLS12 && hasComponent(alg.name, "PSS") {
 				shouldFail = true
 			}
+			// RSA-PKCS1 does not exist in TLS 1.3.
+			if ver.version == VersionTLS13 && hasComponent(alg.name, "PKCS1") {
+				shouldFail = true
+			}
 
 			var signError, verifyError string
 			if shouldFail {
commit	54ed58e806823d580998c984685c439a2eca0d76	[log] [tgz]
author	Steven Valdez <svaldez@google.com>	Thu Aug 18 14:03:49 2016 -0400
committer	David Benjamin <davidben@google.com>	Thu Aug 18 20:51:01 2016 +0000
tree	dd24dfbb0fade400c7af0885af1bd86b7089d2bf
parent	37646838e9bb62a0d9d506b117193611c4c46012 [diff] [blame]