[dev.boringcrypto] all: merge master into dev.boringcrypto

Change-Id: I0f610a900fcd5575ca12b34bc74fa63c2146b10b
2025-12-08 06:10:04 +00:00 · 2019-05-22 14:04:16 -04:00 · 2019-05-22 14:04:16 -04:00 · e48f228c9b
commit e48f228c9b
parent 42e353245c f35338582d
2657 changed files with 399109 additions and 114405 deletions
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@ -8,6 +8,7 @@ import (
 	"bytes"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/subtle"
 	"crypto/x509"
@ -584,7 +585,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 		if certVerify.hasSignatureAlgorithm {
 			certVerify.signatureAlgorithm = signatureAlgorithm
 		}
-		digest, err := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
+		signed, err := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err
@ -593,7 +594,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 		if sigType == signatureRSAPSS {
 			signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: hashFunc}
 		}
-		certVerify.signature, err = key.Sign(c.config.rand(), digest, signOpts)
+		certVerify.signature, err = key.Sign(c.config.rand(), signed, signOpts)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err
@ -831,11 +832,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 			DNSName:       c.config.ServerName,
 			Intermediates: x509.NewCertPool(),
 		}
-
-		for i, cert := range certs {
-			if i == 0 {
-				continue
-			}
+		for _, cert := range certs[1:] {
 			opts.Intermediates.AddCert(cert)
 		}
 		var err error
@ -854,7 +851,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 	}

 	switch certs[0].PublicKey.(type) {
-	case *rsa.PublicKey, *ecdsa.PublicKey:
+	case *rsa.PublicKey, *ecdsa.PublicKey, ed25519.PublicKey:
 		break
 	default:
 		c.sendAlert(alertUnsupportedCertificate)
@ -877,13 +874,13 @@ var (
 // certificateRequestInfoFromMsg generates a CertificateRequestInfo from a TLS
 // <= 1.2 CertificateRequest, making an effort to fill in missing information.
 func certificateRequestInfoFromMsg(certReq *certificateRequestMsg) *CertificateRequestInfo {
-	var rsaAvail, ecdsaAvail bool
+	var rsaAvail, ecAvail bool
 	for _, certType := range certReq.certificateTypes {
 		switch certType {
 		case certTypeRSASign:
 			rsaAvail = true
 		case certTypeECDSASign:
-			ecdsaAvail = true
+			ecAvail = true
 		}
 	}

@ -897,11 +894,11 @@ func certificateRequestInfoFromMsg(certReq *certificateRequestMsg) *CertificateR
 		// case we use a plausible list based on the acceptable
 		// certificate types.
 		switch {
-		case rsaAvail && ecdsaAvail:
+		case rsaAvail && ecAvail:
 			cri.SignatureSchemes = tls11SignatureSchemes
 		case rsaAvail:
 			cri.SignatureSchemes = tls11SignatureSchemesRSA
-		case ecdsaAvail:
+		case ecAvail:
 			cri.SignatureSchemes = tls11SignatureSchemesECDSA
 		}
 		return cri
@ -914,8 +911,8 @@ func certificateRequestInfoFromMsg(certReq *certificateRequestMsg) *CertificateR
 	cri.SignatureSchemes = make([]SignatureScheme, 0, len(certReq.supportedSignatureAlgorithms))
 	for _, sigScheme := range certReq.supportedSignatureAlgorithms {
 		switch signatureFromSignatureScheme(sigScheme) {
-		case signatureECDSA:
-			if ecdsaAvail {
+		case signatureECDSA, signatureEd25519:
+			if ecAvail {
 				cri.SignatureSchemes = append(cri.SignatureSchemes, sigScheme)
 			}
 		case signatureRSAPSS, signaturePKCS1v15: