Fix Go TLS 1.3 sigalg handling.
The TLS 1.3 CertificateRequest code advertised the signing set, not the
verify set. It also wasn't saving the peer's signature algorithm.
Change-Id: I62247d5703e30d8463c92f3d597dbeb403b355ae
Reviewed-on: https://boringssl-review.googlesource.com/8774
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index b402a34..025f58c 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -567,6 +567,7 @@
return unexpectedMessageError(certVerifyMsg, msg)
}
+ c.peerSignatureAlgorithm = certVerifyMsg.signatureAlgorithm
input := hs.finishedHash.certificateVerifyInput(serverCertificateVerifyContextTLS13)
err = verifyMessage(c.vers, leaf.PublicKey, c.config, certVerifyMsg.signatureAlgorithm, input, certVerifyMsg.signature)
if err != nil {
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 4660726..c9081ac 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -411,7 +411,7 @@
hasRequestContext: true,
}
if !config.Bugs.NoSignatureAlgorithms {
- certReq.signatureAlgorithms = config.signSignatureAlgorithms()
+ certReq.signatureAlgorithms = config.verifySignatureAlgorithms()
}
// An empty list of certificateAuthorities signals to
@@ -519,6 +519,7 @@
return unexpectedMessageError(certVerify, msg)
}
+ c.peerSignatureAlgorithm = certVerify.signatureAlgorithm
input := hs.finishedHash.certificateVerifyInput(clientCertificateVerifyContextTLS13)
if err := verifyMessage(c.vers, pub, config, certVerify.signatureAlgorithm, input, certVerify.signature); err != nil {
c.sendAlert(alertBadCertificate)