Port ssl3_{get,send}_server_key_exchange to EVP_Digest{Verify,Sign}*.

Minor change, but they're the users of the old API left within BoringSSL. Change-Id: Ic24e0d006c97fa5265abc3373d3f98aa8d2f8b1e Reviewed-on: https://boringssl-review.googlesource.com/2100 Reviewed-by: Adam Langley <agl@google.com>
10 年前 · fd617a5030
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1550,11 +1550,11 @@ int ssl3_get_server_key_exchange(SSL *s)
 			}
 		else
 			{
 			EVP_VerifyInit_ex(&md_ctx, md, NULL);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx, CBS_data(&parameter), CBS_len(&parameter));
 			if (EVP_VerifyFinal(&md_ctx, CBS_data(&signature), CBS_len(&signature), pkey) <= 0)
 			if (!EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) ||
 				!EVP_DigestVerifyUpdate(&md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE) ||
 				!EVP_DigestVerifyUpdate(&md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE) ||
 				!EVP_DigestVerifyUpdate(&md_ctx, CBS_data(&parameter), CBS_len(&parameter)) ||
 				!EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature), CBS_len(&signature)))
 				{
 				/* bad signature */
 				al=SSL_AD_DECRYPT_ERROR;
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1609,6 +1609,8 @@ int ssl3_send_server_key_exchange(SSL *s)
 			else
 			if (md)
 				{
 				size_t sig_len = EVP_PKEY_size(pkey);

 				/* send signature algorithm */
 				if (SSL_USE_SIGALGS(s))
 					{
@@ -1621,24 +1623,19 @@ int ssl3_send_server_key_exchange(SSL *s)
 						}
 					p+=2;
 					}
 #ifdef SSL_DEBUG
 				fprintf(stderr, "Using hash %s\n",
 							EVP_MD_name(md));
 #endif
 				EVP_SignInit_ex(&md_ctx, md, NULL);
 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,d,n);
 				if (!EVP_SignFinal(&md_ctx,&(p[2]),
 					(unsigned int *)&i,pkey))
 				if (!EVP_DigestSignInit(&md_ctx, NULL, md, NULL, pkey) ||
 					!EVP_DigestSignUpdate(&md_ctx, s->s3->client_random, SSL3_RANDOM_SIZE) ||
 					!EVP_DigestSignUpdate(&md_ctx, s->s3->server_random, SSL3_RANDOM_SIZE) ||
 					!EVP_DigestSignUpdate(&md_ctx, d, n) ||
 					!EVP_DigestSignFinal(&md_ctx, &p[2], &sig_len))
 					{
 					OPENSSL_PUT_ERROR(SSL, ssl3_send_server_key_exchange, ERR_LIB_EVP);
 					goto err;
 					}
 				s2n(i,p);
 				n+=i+2;
 				s2n(sig_len, p);
 				n += sig_len + 2;
 				if (SSL_USE_SIGALGS(s))
 					n+= 2;
 					n += 2;
 				}
 			else
 				{