[dev.boringcrypto] all: merge master (nearly Go 1.10 beta 1) into dev.boringcrypto

This is a git merge of master into dev.boringcrypto. The branch was previously based on release-branch.go1.9, so there are a handful of spurious conflicts that would also arise if trying to merge master into release-branch.go1.9 (which we never do). Those have all been resolved by taking the original file from master, discarding any Go 1.9-specific edits. all.bash passes on darwin/amd64, which is to say without actually using BoringCrypto. Go 1.10-related fixes to BoringCrypto itself will be in a followup CL. This CL is just the merge. Change-Id: I4c97711fec0fb86761913dcde28d25c001246c35
2025-04-03 20:17:36 +03:00 · 2017-12-06 00:35:28 -05:00 · 2017-12-06 00:35:28 -05:00 · 666ff04084
commit 666ff04084
parent 3e9ad1b113 3fe5088752
60 changed files with 2371 additions and 2359 deletions
--- a/boring.go
+++ b/boring.go
@ -106,16 +106,16 @@ func isBoringCertificate(c *x509.Certificate) bool {
 // supportedSignatureAlgorithms returns the supported signature algorithms.
 // It knows that the FIPS-allowed ones are all at the beginning of
 // defaultSupportedSignatureAlgorithms.
-func supportedSignatureAlgorithms() []signatureAndHash {
+func supportedSignatureAlgorithms() []SignatureScheme {
 	all := defaultSupportedSignatureAlgorithms
 	if !needFIPS() {
 		return all
 	}
 	i := 0
-	for i < len(all) && all[i].hash != hashSHA1 {
+	for i < len(all) && all[i] != PKCS1WithSHA1 {
 		i++
 	}
 	return all[:i]
 }

-var testingOnlyForceClientHelloSignatureAndHashes []signatureAndHash
+var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme