Google Git
Sign in
boringssl / boringssl.git / d1d8078025cc654d60ee873c88740f8a987a77b7^! / . / ssl / t1_lib.c
commitd1d8078025cc654d60ee873c88740f8a987a77b7[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Jul 05 11:54:09 2015 -0400
committerAdam Langley <agl@google.com>Tue Jul 07 01:22:13 2015 +0000
tree41fa0b452fa1f1e6c70f152dedf53c8f34b9f08a
parent570364800c55d668b309d70a14cb2ee3d2f7892a [diff] [blame]
Fold away certificate slots mechanism.

This allows us to remove the confusing EVP_PKEY argument to the
SSL_PRIVATE_KEY_METHOD wrapper functions. It also simplifies some of the
book-keeping around the CERT structure, as well as the API for
configuring certificates themselves. The current one is a little odd as
some functions automatically route to the slot while others affect the
most recently touched slot. Others still (extra_certs) apply to all
slots, making them not terribly useful.

Consumers with complex needs should use cert_cb or the early callback
(select_certificate_cb) to configure whatever they like based on the
ClientHello.

BUG=486295

Change-Id: Ice29ffeb867fa4959898b70dfc50fc00137f01f3
Reviewed-on: https://boringssl-review.googlesource.com/5351
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e867e35..7daa864 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -2438,8 +2438,7 @@
                        sizeof(tls12_sig) / sizeof(tls12_lookup));
 }
 
-int tls12_get_sigandhash(SSL *ssl, uint8_t *p, const EVP_PKEY *pk,
-                         const EVP_MD *md) {
+int tls12_get_sigandhash(SSL *ssl, uint8_t *p, const EVP_MD *md) {
   int sig_id, md_id;
 
   if (!md) {
@@ -2452,7 +2451,7 @@
     return 0;
   }
 
-  sig_id = tls12_get_sigid(ssl_private_key_type(ssl, pk));
+  sig_id = tls12_get_sigid(ssl_private_key_type(ssl));
   if (sig_id == -1) {
     return 0;
   }
@@ -2602,17 +2601,17 @@
   return 1;
 }
 
-const EVP_MD *tls1_choose_signing_digest(SSL *s, EVP_PKEY *pkey) {
-  CERT *c = s->cert;
-  int type = ssl_private_key_type(s, pkey);
+const EVP_MD *tls1_choose_signing_digest(SSL *ssl) {
+  CERT *cert = ssl->cert;
+  int type = ssl_private_key_type(ssl);
   size_t i;
 
   /* Select the first shared digest supported by our key. */
-  for (i = 0; i < c->shared_sigalgslen; i++) {
-    const EVP_MD *md = tls12_get_hash(c->shared_sigalgs[i].rhash);
+  for (i = 0; i < cert->shared_sigalgslen; i++) {
+    const EVP_MD *md = tls12_get_hash(cert->shared_sigalgs[i].rhash);
     if (md == NULL ||
-        tls12_get_pkey_type(c->shared_sigalgs[i].rsign) != type ||
-        !ssl_private_key_supports_digest(s, pkey, md)) {
+        tls12_get_pkey_type(cert->shared_sigalgs[i].rsign) != type ||
+        !ssl_private_key_supports_digest(ssl, md)) {
       continue;
     }
     return md;