Deprecate SSL_PRIVATE_KEY_METHOD type and max_signature_len.
Instead, extract it from the certificate, which is what everyone was
doing anyway. A follow-up change will take advantage of this cleanup to
deduplicate code between signing and verifying for which keys are good
for which signature algorithms.
BUG=188
Change-Id: Ic3f83a6477e8fa53e5e7233f4545f4d2c4b58d01
Reviewed-on: https://boringssl-review.googlesource.com/14565
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2acd422..e47937d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3313,17 +3313,17 @@
/* Before TLS 1.2, the signature algorithm isn't negotiated as part of the
* handshake. It is fixed at MD5-SHA1 for RSA and SHA1 for ECDSA. */
if (ssl3_protocol_version(ssl) < TLS1_2_VERSION) {
- int type = ssl_private_key_type(ssl);
- if (type == NID_rsaEncryption) {
- *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
- return 1;
+ switch (EVP_PKEY_id(hs->local_pubkey)) {
+ case EVP_PKEY_RSA:
+ *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
+ return 1;
+ case EVP_PKEY_EC:
+ *out = SSL_SIGN_ECDSA_SHA1;
+ return 1;
+ default:
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
+ return 0;
}
- if (ssl_is_ecdsa_key_type(type)) {
- *out = SSL_SIGN_ECDSA_SHA1;
- return 1;
- }
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
- return 0;
}
const uint16_t *sigalgs = cert->sigalgs;
@@ -3350,7 +3350,7 @@
/* SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be
* negotiated. */
if (sigalg == SSL_SIGN_RSA_PKCS1_MD5_SHA1 ||
- !ssl_private_key_supports_signature_algorithm(ssl, sigalgs[i])) {
+ !ssl_private_key_supports_signature_algorithm(hs, sigalgs[i])) {
continue;
}
