Give SSL_PRIVATE_KEY_METHOD a message-based API.
This allows us to implement custom RSA-PSS-based keys, so the async TLS
1.3 tests can proceed. For now, both sign and sign_digest exist, so
downstreams only need to manage a small change atomically. We'll remove
sign_digest separately.
In doing so, fold all the *_complete hooks into a single complete hook
as no one who implemented two operations ever used different function
pointers for them.
While I'm here, I've bumped BORINGSSL_API_VERSION. I do not believe we
have any SSL_PRIVATE_KEY_METHOD versions who cannot update atomically,
but save a round-trip in case we do. It's free.
Change-Id: I7f031aabfb3343805deee429b9e244aed5d76aed
Reviewed-on: https://boringssl-review.googlesource.com/8786
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 09f8070..ee2de2b 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1727,8 +1727,7 @@
ssl3_free_handshake_buffer(ssl);
} else {
assert(ssl->state == SSL3_ST_CW_CERT_VRFY_B);
- sign_result =
- ssl_private_key_sign_complete(ssl, ptr, &sig_len, max_sig_len);
+ sign_result = ssl_private_key_complete(ssl, ptr, &sig_len, max_sig_len);
}
switch (sign_result) {