commit a232a7159c4e45c2ce8a1311188b6df250d1805f
author David Benjamin <davidben@google.com> Thu Mar 30 15:51:53 2017 -0500
committer Adam Langley <agl@google.com> Wed Apr 05 22:43:20 2017 +0000
tree 0a401d3823a70301064499f7a1f5fcdea04ebc18
parent bf833c346d532558a4c1c98940fa42e4e80a0a02

Deprecate SSL_PRIVATE_KEY_METHOD type and max_signature_len.

Instead, extract it from the certificate, which is what everyone was
doing anyway. A follow-up change will take advantage of this cleanup to
deduplicate code between signing and verifying for which keys are good
for which signature algorithms.

BUG=188

Change-Id: Ic3f83a6477e8fa53e5e7233f4545f4d2c4b58d01
Reviewed-on: https://boringssl-review.googlesource.com/14565
Reviewed-by: Adam Langley <agl@google.com>

ssl/handshake_server.c

diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index cc1897f..f8c9705 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -695,11 +695,11 @@
   uint32_t mask_a = 0;
 
   if (ssl_has_certificate(ssl)) {
-    int type = ssl_private_key_type(ssl);
-    if (type == NID_rsaEncryption) {
+    int type = EVP_PKEY_id(hs->local_pubkey);
+    if (type == EVP_PKEY_RSA) {
       mask_k |= SSL_kRSA;
       mask_a |= SSL_aRSA;
-    } else if (ssl_is_ecdsa_key_type(type)) {
+    } else if (type == EVP_PKEY_EC) {
       mask_a |= SSL_aECDSA;
     }
   }
@@ -879,7 +879,7 @@
     }
   }
 
-  if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(ssl)) {
+  if (!ssl_on_certificate_selected(hs)) {
     return -1;
   }
 
@@ -1241,7 +1241,7 @@
     }
 
     /* Add space for the signature. */
-    const size_t max_sig_len = ssl_private_key_max_signature_len(ssl);
+    const size_t max_sig_len = EVP_PKEY_size(hs->local_pubkey);
     uint8_t *ptr;
     if (!CBB_add_u16_length_prefixed(&body, &child) ||
         !CBB_reserve(&child, &ptr, max_sig_len)) {
@@ -1573,7 +1573,7 @@
    * |premaster_secret_len|. */
   if (alg_k & SSL_kRSA) {
     /* Allocate a buffer large enough for an RSA decryption. */
-    const size_t rsa_size = ssl_private_key_max_signature_len(ssl);
+    const size_t rsa_size = EVP_PKEY_size(hs->local_pubkey);
     decrypt_buf = OPENSSL_malloc(rsa_size);
     if (decrypt_buf == NULL) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
@@ -1584,7 +1584,7 @@
     size_t decrypt_len;
     if (hs->state == SSL3_ST_SR_KEY_EXCH_A) {
       if (!ssl_has_private_key(ssl) ||
-          ssl_private_key_type(ssl) != NID_rsaEncryption) {
+          EVP_PKEY_id(hs->local_pubkey) != EVP_PKEY_RSA) {
         al = SSL_AD_HANDSHAKE_FAILURE;
         OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_RSA_CERTIFICATE);
         goto f_err;