[dev.boringcrypto] all: merge master into dev.boringcrypto

Change-Id: I9246c8228d38559c40e69fa403fa946ac1b31dbe
2025-04-06 05:27:36 +03:00 · 2019-02-08 15:36:33 -05:00 · 2019-02-08 15:36:33 -05:00 · 96f0ccfb2d
commit 96f0ccfb2d
parent 7fdc251066 b5bf3890ae
41 changed files with 2727 additions and 1977 deletions
--- a/handshake_client.go
+++ b/handshake_client.go
@ -114,7 +114,13 @@ NextCipherSuite:
 	}

 	if hello.vers >= VersionTLS12 {
-		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
+		// The non-BoringCrypto behavior here is to use the full set of
+		// signature algorithms, even if TLS 1.3 is not being negotiated. It's
+		// debatable if this is correct or not, because on one hand it allows
+		// RSA-PSS as a client with TLS 1.2, but on the other hand we can't
+		// predict what the server will pick when we do advertise TLS 1.3, so we
+		// might end up with TLS 1.2 + RSA-PSS anyway. Anyway, it will go away soon.
+		hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms(VersionTLS13)
 	}
 	if testingOnlyForceClientHelloSignatureAlgorithms != nil {
 		hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
@ -939,7 +945,7 @@ func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate,
 	// Issuer is in AcceptableCAs.
 	for i, chain := range c.config.Certificates {
 		sigOK := false
-		for _, alg := range signatureSchemesForCertificate(&chain) {
+		for _, alg := range signatureSchemesForCertificate(c.vers, &chain) {
 			if isSupportedSignatureAlgorithm(alg, cri.SignatureSchemes) {
 				sigOK = true
 				break