commit ea9a0d5313f4244f2765e02d762788c1cb9be72a
author David Benjamin <davidben@google.com> Fri Jul 08 15:52:59 2016 -0700
committer David Benjamin <davidben@google.com> Tue Jul 12 16:32:31 2016 +0000
tree d5100ecccf1f97805c7755ae95dcc057725fb2b9
parent d246b817515b52b77ccc4876f25ddf4f41e67477

Refine SHA-1 default in signature algorithm negotiation.

Rather than blindly select SHA-1 if we can't find a matching one, act as
if the peer advertised rsa_pkcs1_sha1 and ecdsa_sha1. This means that we
will fail the handshake if no common algorithm may be found.

This is done in preparation for removing the SHA-1 default in TLS 1.3.

Change-Id: I3584947909d3d6988b940f9404044cace265b20d
Reviewed-on: https://boringssl-review.googlesource.com/8695
Reviewed-by: David Benjamin <davidben@google.com>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 03a1320..e451d15 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1215,9 +1215,10 @@
 uint32_t ssl_get_algorithm_prf(const SSL *ssl);
 int tls1_parse_peer_sigalgs(SSL *ssl, const CBS *sigalgs);
 
-/* tls1_choose_signature_algorithm returns a signature algorithm for use with
- * |ssl|'s private key based on the peer's preferences the digests supported. */
-uint16_t tls1_choose_signature_algorithm(SSL *ssl);
+/* tls1_choose_signature_algorithm sets |*out| to a signature algorithm for use
+ * with |ssl|'s private key based on the peer's preferences and the digests
+ * supported. It returns one on success and zero on error. */
+int tls1_choose_signature_algorithm(SSL *ssl, uint16_t *out);
 
 size_t tls12_get_psigalgs(SSL *ssl, const uint16_t **psigs);