ssl3_cert_verify_hash should take the EVP_PKEY type. After the custom key method support, the EVP_PKEY parameter is somewhat confusing (to be resolved with the certificate slots removal) as it must always refer to a private key. ssl3_cert_verify_hash is sometimes used with the peer's public key. If custom keys were supported on the server, this would break. Fix this by passing a pkey_type parameter and letting the caller decide whether this uses SSL_PRIVATE_KEY_METHOD or not. Change-Id: I673b92579a84b4561f28026ec0b1c78a6bfee440 Reviewed-on: https://boringssl-review.googlesource.com/5341 Reviewed-by: Adam Langley <agl@google.com>

commit: 396a441421895fe724167b29f6daf307708673fb [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sun Jul 05 01:38:09 2015 -0400
committer: Adam Langley <agl@google.com> Tue Jul 07 01:10:35 2015 +0000
tree: f5d88ead770eb3cdcbd79acc0038a2b334d17601
parent: 67dc83851bad62397619e2ff107cf44f09505dbd [diff] [blame]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1550f19..40df103 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -2041,7 +2041,8 @@
       }
 
       /* Compute the digest. */
-      if (!ssl3_cert_verify_hash(s, digest, &digest_length, &md, pkey)) {
+      const int pkey_type = ssl_private_key_type(s, pkey);
+      if (!ssl3_cert_verify_hash(s, digest, &digest_length, &md, pkey_type)) {
         return -1;
       }
commit	396a441421895fe724167b29f6daf307708673fb	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sun Jul 05 01:38:09 2015 -0400
committer	Adam Langley <agl@google.com>	Tue Jul 07 01:10:35 2015 +0000
tree	f5d88ead770eb3cdcbd79acc0038a2b334d17601
parent	67dc83851bad62397619e2ff107cf44f09505dbd [diff] [blame]