Deprecate SSL_PRIVATE_KEY_METHOD type and max_signature_len. Instead, extract it from the certificate, which is what everyone was doing anyway. A follow-up change will take advantage of this cleanup to deduplicate code between signing and verifying for which keys are good for which signature algorithms. BUG=188 Change-Id: Ic3f83a6477e8fa53e5e7233f4545f4d2c4b58d01 Reviewed-on: https://boringssl-review.googlesource.com/14565 Reviewed-by: Adam Langley <agl@google.com>

commit: a232a7159c4e45c2ce8a1311188b6df250d1805f [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Mar 30 15:51:53 2017 -0500
committer: Adam Langley <agl@google.com> Wed Apr 05 22:43:20 2017 +0000
tree: 0a401d3823a70301064499f7a1f5fcdea04ebc18
parent: bf833c346d532558a4c1c98940fa42e4e80a0a02 [diff] [blame]
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 7eddd35..3b053c7 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c

@@ -1527,7 +1527,7 @@
     }
   }
 
-  if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(ssl) ||
+  if (!ssl_on_certificate_selected(hs) ||
       !ssl3_output_cert_chain(ssl)) {
     return -1;
   }
@@ -1739,7 +1739,7 @@
   }
 
   /* Set aside space for the signature. */
-  const size_t max_sig_len = ssl_private_key_max_signature_len(ssl);
+  const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey);
   uint8_t *ptr;
   if (!CBB_add_u16_length_prefixed(&body, &child) ||
       !CBB_reserve(&child, &ptr, max_sig_len)) {
commit	a232a7159c4e45c2ce8a1311188b6df250d1805f	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Mar 30 15:51:53 2017 -0500
committer	Adam Langley <agl@google.com>	Wed Apr 05 22:43:20 2017 +0000
tree	0a401d3823a70301064499f7a1f5fcdea04ebc18
parent	bf833c346d532558a4c1c98940fa42e4e80a0a02 [diff] [blame]