add ssl_has_cert
Add inline function ssl_has_cert which checks to see if a certificate and private key for a given index are not NULL. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2623)
This commit is contained in:
Dr. Stephen Henson
parent
7e12cdb52e
commit
4020c0b33b
2 changed files with 13 additions and 13 deletions
|
|
@ -2720,16 +2720,12 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
|
|||
|
||||
void ssl_set_masks(SSL *s)
|
||||
{
|
||||
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST)
|
||||
CERT_PKEY *cpk;
|
||||
#endif
|
||||
CERT *c = s->cert;
|
||||
uint32_t *pvalid = s->s3->tmp.valid_flags;
|
||||
int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
|
||||
unsigned long mask_k, mask_a;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
int have_ecc_cert, ecdsa_ok;
|
||||
X509 *x = NULL;
|
||||
#endif
|
||||
if (c == NULL)
|
||||
return;
|
||||
|
|
@ -2755,18 +2751,15 @@ void ssl_set_masks(SSL *s)
|
|||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_GOST
|
||||
cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);
|
||||
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
|
||||
if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
|
||||
mask_k |= SSL_kGOST;
|
||||
mask_a |= SSL_aGOST12;
|
||||
}
|
||||
cpk = &(c->pkeys[SSL_PKEY_GOST12_256]);
|
||||
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
|
||||
if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
|
||||
mask_k |= SSL_kGOST;
|
||||
mask_a |= SSL_aGOST12;
|
||||
}
|
||||
cpk = &(c->pkeys[SSL_PKEY_GOST01]);
|
||||
if (cpk->x509 != NULL && cpk->privatekey != NULL) {
|
||||
if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
|
||||
mask_k |= SSL_kGOST;
|
||||
mask_a |= SSL_aGOST01;
|
||||
}
|
||||
|
|
@ -2795,9 +2788,7 @@ void ssl_set_masks(SSL *s)
|
|||
#ifndef OPENSSL_NO_EC
|
||||
if (have_ecc_cert) {
|
||||
uint32_t ex_kusage;
|
||||
cpk = &c->pkeys[SSL_PKEY_ECC];
|
||||
x = cpk->x509;
|
||||
ex_kusage = X509_get_key_usage(x);
|
||||
ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
|
||||
ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
|
||||
if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
|
||||
ecdsa_ok = 0;
|
||||
|
|
|
|||
|
|
@ -1950,6 +1950,15 @@ struct openssl_ssl_test_functions {
|
|||
|
||||
const char *ssl_protocol_to_string(int version);
|
||||
|
||||
/* Returns true if certificate and private key for 'idx' are present */
|
||||
static ossl_inline int ssl_has_cert(const SSL *s, int idx)
|
||||
{
|
||||
if (idx < 0 || idx >= SSL_PKEY_NUM)
|
||||
return 0;
|
||||
return s->cert->pkeys[idx].x509 != NULL
|
||||
&& s->cert->pkeys[idx].privatekey != NULL;
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_UNIT_TEST
|
||||
|
||||
void ssl_clear_cipher_ctx(SSL *s);
|
||||
|
|
|
|||
Loading…
Reference in a new issue