first cut at sigalg loading

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
author: Michael Baentsch <57787676+baentsch@users.noreply.github.com> 2022-09-26 17:32:05 +0200
committer: Pauli <pauli@openssl.org> 2023-02-24 11:02:48 +1100
commit: ee58915cfd9d0ad67f52d43cc1a2ce549049d248 (patch)
tree: e892900c53900bd693498bdc9ff2152ae14bcbe6 /ssl/ssl_ciph.c
parent: 1817dcaf556df559a32eed14d0947ff961be7b4f (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 0ea998d383..a2b12a8811 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -2155,6 +2155,16 @@ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
     return ssl_cipher_table_auth[i].nid;
 }
 
+int ssl_get_md_idx(int md_nid) {
+    int i;
+
+    for(i = 0; i < SSL_MD_NUM_IDX; i++) {
+        if (md_nid == ssl_cipher_table_mac[i].nid)
+            return i;
+    }
+    return -1;
+}
+
 const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
 {
     int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
@@ -2223,8 +2233,13 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
 
 int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx)
 {
-    const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+    SSL_CERT_LOOKUP *cl;
+
+    /* A provider-loaded key type is always enabled */
+    if (idx >= SSL_PKEY_NUM)
+        return 0;
 
+    cl = ssl_cert_lookup_by_idx(idx, ctx);
     if (cl == NULL || (cl->amask & ctx->disabled_auth_mask) != 0)
         return 1;
     return 0;
author	Michael Baentsch <57787676+baentsch@users.noreply.github.com>	2022-09-26 17:32:05 +0200
committer	Pauli <pauli@openssl.org>	2023-02-24 11:02:48 +1100
commit	ee58915cfd9d0ad67f52d43cc1a2ce549049d248 (patch)
tree	e892900c53900bd693498bdc9ff2152ae14bcbe6 /ssl/ssl_ciph.c
parent	1817dcaf556df559a32eed14d0947ff961be7b4f (diff)