commit 887c300e2518b96a1321bb3027749f416d4844ab
author David Benjamin <davidben@google.com> Fri Jul 08 16:15:32 2016 -0700
committer David Benjamin <davidben@google.com> Tue Jul 12 18:25:05 2016 +0000
tree c4d123c473d0a2ac3e1477cd10fd8ffbea6dd238
parent a95e9f3010ab6dcc668d95e90b5b1b69399a53bc

Move the key type check from tls12_check_peer_sigalg to ssl_verify_*.

ssl_verify_* already ought to be checking this, so there's only a need
to check against the configured preferences.

Change-Id: I79bc771969c57f953278e622084641e6e20108e3
Reviewed-on: https://boringssl-review.googlesource.com/8698
Reviewed-by: David Benjamin <davidben@google.com>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index e451d15..65b05f8 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1223,10 +1223,10 @@
 size_t tls12_get_psigalgs(SSL *ssl, const uint16_t **psigs);
 
 /* tls12_check_peer_sigalg checks that |signature_algorithm| is consistent with
- * the |pkey| and |ssl|'s sent, supported signature algorithms and returns 1.
- * Otherwise it returns 0 and writes an alert into |*out_alert|. */
+ * |ssl|'s sent, supported signature algorithms and returns 1. Otherwise it
+ * returns 0 and writes an alert into |*out_alert|. */
 int tls12_check_peer_sigalg(SSL *ssl, int *out_alert,
-                            uint16_t signature_algorithm, EVP_PKEY *pkey);
+                            uint16_t signature_algorithm);
 void ssl_set_client_disabled(SSL *ssl);
 
 #endif /* OPENSSL_HEADER_SSL_INTERNAL_H */