Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mono/boringssl.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Benjamin <davidben@google.com>2016-07-10 00:17:27 +0300
committerDavid Benjamin <davidben@google.com>2016-07-12 22:12:29 +0300
commit29bb140fea1cc097aa995c8ec43f2a819e7799b1 (patch)
tree2000ee2af8a9179808437c4a8b3549c77f8e4f5a
parent7a41d37b66c8450a949340657bc71c5efb126b8b (diff)
Move isSupportedSignatureAlgorithm calls to verifyMessage in Go.
Saves worrying about forgetting it. (And indeed I forgot it in the TLS 1.3 code.) Change-Id: Ibb55a83eddba675da64b7cf2c45eac6348c97784 Reviewed-on: https://boringssl-review.googlesource.com/8722 Reviewed-by: David Benjamin <davidben@google.com>
Diffstat
-rw-r--r--ssl/test/runner/handshake_server.go3
-rw-r--r--ssl/test/runner/key_agreement.go3
-rw-r--r--ssl/test/runner/sign.go4
3 files changed, 4 insertions, 6 deletions
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 86b103c2..eecb4fca 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -742,9 +742,6 @@ func (hs *serverHandshakeState) doFullHandshake() error {
var sigAlg signatureAlgorithm
if certVerify.hasSignatureAlgorithm {
sigAlg = certVerify.signatureAlgorithm
- if !isSupportedSignatureAlgorithm(sigAlg, config.verifySignatureAlgorithms()) {
- return errors.New("tls: unsupported signature algorithm for client certificate")
- }
c.peerSignatureAlgorithm = sigAlg
}
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index 722fc970..9b65fcb2 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -472,9 +472,6 @@ func (ka *signedKeyAgreement) verifyParameters(config *Config, clientHello *clie
}
sigAlg = signatureAlgorithm(sig[0])<<8 | signatureAlgorithm(sig[1])
sig = sig[2:]
- if !isSupportedSignatureAlgorithm(sigAlg, config.verifySignatureAlgorithms()) {
- return errors.New("tls: unsupported signature algorithm for ServerKeyExchange")
- }
// Stash the signature algorithm to be extracted by the handshake.
ka.peerSignatureAlgorithm = sigAlg
}
diff --git a/ssl/test/runner/sign.go b/ssl/test/runner/sign.go
index 6a53958f..265f8d0e 100644
--- a/ssl/test/runner/sign.go
+++ b/ssl/test/runner/sign.go
@@ -60,6 +60,10 @@ func signMessage(version uint16, key crypto.PrivateKey, config *Config, sigAlg s
}
func verifyMessage(version uint16, key crypto.PublicKey, config *Config, sigAlg signatureAlgorithm, msg, sig []byte) error {
+ if version >= VersionTLS12 && !isSupportedSignatureAlgorithm(sigAlg, config.verifySignatureAlgorithms()) {
+ return errors.New("tls: unsupported signature algorithm for ServerKeyExchange")
+ }
+
signer, err := getSigner(version, key, config, sigAlg)
if err != nil {
return err
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 17:38:43 +0300