Google Git
Sign in
boringssl/boringssl.git/0aa25bd893934fa591a95ac51ab89b583e4d8c59^!/./ssl/internal.h
commit
0aa25bd893934fa591a95ac51ab89b583e4d8c59
[log]
author
David Benjamin <davidben@google.com>
Fri Jul 08 14:44:56 2016 -0700
committer
David Benjamin <davidben@google.com>
Tue Jul 12 16:30:10 2016 +0000
tree
b0a19f8a95e5cbabb196df16e394c073248eeb57
parent
7bf80e12d68f53fb2b814de1904e24fc805dca69 [diff] [blame]
Don't call tls12_get_hash in the server handshake.

Instead have ssl3_cert_verify_hash output the hash, since it already
knows it. Also add a missing EVP_PKEY_CTX_set_signature_md call on the
client half. (Although, the call isn't actually necessary.)

Also remove now unnecessary static assert. Since EVP_md5_sha1 is an
EVP_MD itself, EVP_MAX_MD_SIZE is required to fit it already.

Change-Id: Ief74fdbdf08e9f124679475bafba2f6f1d8fc687
Reviewed-on: https://boringssl-review.googlesource.com/8692
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/internal.h b/ssl/internal.h
index e15555e..5281504 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1035,10 +1035,10 @@
 
 /* ssl3_cert_verify_hash writes the SSL 3.0 CertificateVerify hash into the
  * bytes pointed to by |out| and writes the number of bytes to |*out_len|. |out|
- * must have room for EVP_MAX_MD_SIZE bytes. It returns one on success and zero
- * on failure. */
-int ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len,
-                          uint16_t signature_algorithm);
+ * must have room for |EVP_MAX_MD_SIZE| bytes. It sets |*out_md| to the hash
+ * function used. It returns one on success and zero on failure. */
+int ssl3_cert_verify_hash(SSL *ssl, const EVP_MD **out_md, uint8_t *out,
+                          size_t *out_len, uint16_t signature_algorithm);
 
 int ssl3_send_finished(SSL *ssl, int a, int b);
 int ssl3_supports_cipher(const SSL_CIPHER *cipher);