Remove ourSigAlgs parameter to selectSignatureAlgorithm. Now that the odd client/server split (a remnant from the original crypto/tls code not handling signing-hash/PRF mismatches) is gone, it can just be pulled from the config. Change-Id: Idb46c026d6529a2afc2b43d4afedc0aa950614db Reviewed-on: https://boringssl-review.googlesource.com/8723 Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go index e45779c..d820001 100644 --- a/ssl/test/runner/handshake_client.go +++ b/ssl/test/runner/handshake_client.go
@@ -768,7 +768,7 @@ privKey := c.config.Certificates[0].PrivateKey if certVerify.hasSignatureAlgorithm { - certVerify.signatureAlgorithm, err = selectSignatureAlgorithm(c.vers, privKey, c.config, certReq.signatureAlgorithms, c.config.signSignatureAlgorithms()) + certVerify.signatureAlgorithm, err = selectSignatureAlgorithm(c.vers, privKey, c.config, certReq.signatureAlgorithms) if err != nil { c.sendAlert(alertInternalError) return err @@ -1254,7 +1254,7 @@ // Ensure the private key supports one of the advertised // signature algorithms. if certReq.hasSignatureAlgorithm { - if _, err := selectSignatureAlgorithm(c.vers, chain.PrivateKey, c.config, certReq.signatureAlgorithms, c.config.signSignatureAlgorithms()); err != nil { + if _, err := selectSignatureAlgorithm(c.vers, chain.PrivateKey, c.config, certReq.signatureAlgorithms); err != nil { continue } }
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go index 9b65fcb..9a6ba41 100644 --- a/ssl/test/runner/key_agreement.go +++ b/ssl/test/runner/key_agreement.go
@@ -64,7 +64,7 @@ var sigAlg signatureAlgorithm if ka.version >= VersionTLS12 { - sigAlg, err = selectSignatureAlgorithm(ka.version, cert.PrivateKey, config, clientHello.signatureAlgorithms, config.signSignatureAlgorithms()) + sigAlg, err = selectSignatureAlgorithm(ka.version, cert.PrivateKey, config, clientHello.signatureAlgorithms) if err != nil { return nil, err } @@ -404,7 +404,7 @@ var sigAlg signatureAlgorithm var err error if ka.version >= VersionTLS12 { - sigAlg, err = selectSignatureAlgorithm(ka.version, cert.PrivateKey, config, clientHello.signatureAlgorithms, config.signSignatureAlgorithms()) + sigAlg, err = selectSignatureAlgorithm(ka.version, cert.PrivateKey, config, clientHello.signatureAlgorithms) if err != nil { return nil, err }
diff --git a/ssl/test/runner/sign.go b/ssl/test/runner/sign.go index 265f8d0..1d95c6a 100644 --- a/ssl/test/runner/sign.go +++ b/ssl/test/runner/sign.go
@@ -25,7 +25,7 @@ verifyMessage(key crypto.PublicKey, msg, sig []byte) error } -func selectSignatureAlgorithm(version uint16, key crypto.PrivateKey, config *Config, peerSigAlgs, ourSigAlgs []signatureAlgorithm) (signatureAlgorithm, error) { +func selectSignatureAlgorithm(version uint16, key crypto.PrivateKey, config *Config, peerSigAlgs []signatureAlgorithm) (signatureAlgorithm, error) { // If the client didn't specify any signature_algorithms extension then // we can assume that it supports SHA1. See // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 @@ -33,7 +33,7 @@ peerSigAlgs = []signatureAlgorithm{signatureRSAPKCS1WithSHA1, signatureECDSAWithSHA1} } - for _, sigAlg := range ourSigAlgs { + for _, sigAlg := range config.signSignatureAlgorithms() { if !isSupportedSignatureAlgorithm(sigAlg, peerSigAlgs) { continue }