)]}'
{
  "commit": "e1d209d4432846d28c31d84f269f4edcb9a63509",
  "tree": "fe7138085a1fd0a65c68cc8d535f13fdd24919d5",
  "parents": [
    "9cac8a6b38c1cbd45c77aee108411d588da006fe"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Wed Apr 17 11:57:44 2024 -0400"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Mon Jun 17 22:07:27 2024 +0000"
  },
  "message": "Send a consistent alert when the peer sends a bad signature algorithm\n\nI noticed that runner tests had a very weird test expectation on the\nalerts sent around sigalg failures. I think this was an (unimportant)\nbug on our end.\n\nIf the peer picks a sigalg that we didn\u0027t advertise, we send\nillegal_parameter. However, it if picks an advertised sigalg that is\ninvalid in context (protocol version, public key), we end up catching it\nvery late in ssl_public_key_verify (by way of setup_ctx) and sending\ndecrypt_error.\n\nInstead, have tls12_check_peer_sigalg check this so we consistently send\nillegal_parameter. (Probably this should all fold into\nssl_public_key_verify with an alert out_param, but so it goes.)\n\nChange-Id: I09fb84e9c1ee39b2683fa0b67dd6135d31f51c97\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69367\nCommit-Queue: Bob Beck \u003cbbe@google.com\u003e\nAuto-Submit: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8b2de598f29d793de83d5786fa528ff40cda9507",
      "old_mode": 33188,
      "old_path": "ssl/extensions.cc",
      "new_id": "586edbd47f8e938f12ff6e0eab899c109d5977e0",
      "new_mode": 33188,
      "new_path": "ssl/extensions.cc"
    },
    {
      "type": "modify",
      "old_id": "b958dce23c8f76a75105159793d18c3791c0aa72",
      "old_mode": 33188,
      "old_path": "ssl/handshake_client.cc",
      "new_id": "f674515826f41c3c8145153f89ee187fc6e92b1e",
      "new_mode": 33188,
      "new_path": "ssl/handshake_client.cc"
    },
    {
      "type": "modify",
      "old_id": "1a25ea72d2a3beb59f8aabdd93726508be903aad",
      "old_mode": 33188,
      "old_path": "ssl/handshake_server.cc",
      "new_id": "afa0927f367f9b7c576e9185102e43349507d3e4",
      "new_mode": 33188,
      "new_path": "ssl/handshake_server.cc"
    },
    {
      "type": "modify",
      "old_id": "5744dfef4419b16c664e41226facc92a82d866a3",
      "old_mode": 33188,
      "old_path": "ssl/internal.h",
      "new_id": "7145d13b960685bece11cf0fcb21d81f8e12e743",
      "new_mode": 33188,
      "new_path": "ssl/internal.h"
    },
    {
      "type": "modify",
      "old_id": "39b7611622f0a332100067ea53bf7a33286062f5",
      "old_mode": 33188,
      "old_path": "ssl/test/runner/runner.go",
      "new_id": "2e1b40793d547a7418de28eefc69a0637c6fc573",
      "new_mode": 33188,
      "new_path": "ssl/test/runner/runner.go"
    },
    {
      "type": "modify",
      "old_id": "4a9b78e9ee813ebb411025afa077b7a88c9181fd",
      "old_mode": 33188,
      "old_path": "ssl/tls13_both.cc",
      "new_id": "f6d95478f6f574d2440f0167df10910a0297729b",
      "new_mode": 33188,
      "new_path": "ssl/tls13_both.cc"
    }
  ]
}