Refine SHA-1 default in signature algorithm negotiation. Rather than blindly select SHA-1 if we can't find a matching one, act as if the peer advertised rsa_pkcs1_sha1 and ecdsa_sha1. This means that we will fail the handshake if no common algorithm may be found. This is done in preparation for removing the SHA-1 default in TLS 1.3. Change-Id: I3584947909d3d6988b940f9404044cace265b20d Reviewed-on: https://boringssl-review.googlesource.com/8695 Reviewed-by: David Benjamin <davidben@google.com>

commit: ea9a0d5313f4244f2765e02d762788c1cb9be72a [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Jul 08 15:52:59 2016 -0700
committer: David Benjamin <davidben@google.com> Tue Jul 12 16:32:31 2016 +0000
tree: d5100ecccf1f97805c7755ae95dcc057725fb2b9
parent: d246b817515b52b77ccc4876f25ddf4f41e67477 [diff] [blame]
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index a80ae8c..4333ca0 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c

@@ -1792,7 +1792,10 @@
     goto err;
   }
 
-  uint16_t signature_algorithm = tls1_choose_signature_algorithm(ssl);
+  uint16_t signature_algorithm;
+  if (!tls1_choose_signature_algorithm(ssl, &signature_algorithm)) {
+    goto err;
+  }
   if (ssl3_protocol_version(ssl) >= TLS1_2_VERSION) {
     /* Write out the digest type in TLS 1.2. */
     if (!CBB_add_u16(&body, signature_algorithm)) {
commit	ea9a0d5313f4244f2765e02d762788c1cb9be72a	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Jul 08 15:52:59 2016 -0700
committer	David Benjamin <davidben@google.com>	Tue Jul 12 16:32:31 2016 +0000
tree	d5100ecccf1f97805c7755ae95dcc057725fb2b9
parent	d246b817515b52b77ccc4876f25ddf4f41e67477 [diff] [blame]