diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-06-28 17:56:45 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-07-13 12:38:42 +0100 |
| commit | b8858aec136d56950ea2fc4f2d906f81f1c085a6 (patch) | |
| tree | b759de34d60626d5c5da98e281e6b60d923d690f /ssl | |
| parent | e4fb8b471c3e00f35a7051c3ed69e1f6bd2a3b0e (diff) | |
Replace tls12_get_pkey_idx
The functiontls12_get_pkey_idx is only used to see if a certificate index is
enabled: call ssl_cert_is_disabled instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/t1_lib.c | 43 |
1 files changed, 3 insertions, 40 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 95b9b8b4d0..c478d2cd44 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1398,43 +1398,6 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, return ret; } -static int tls12_get_pkey_idx(int sig_nid) -{ - switch (sig_nid) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - return SSL_PKEY_RSA; - /* - * For now return RSA key for PSS. When we support PSS only keys - * this will need to be updated. - */ - case EVP_PKEY_RSA_PSS: - return SSL_PKEY_RSA; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - return SSL_PKEY_DSA_SIGN; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - return SSL_PKEY_ECC; - case EVP_PKEY_ED25519: - return SSL_PKEY_ED25519; -#endif -#ifndef OPENSSL_NO_GOST - case NID_id_GostR3410_2001: - return SSL_PKEY_GOST01; - - case NID_id_GostR3410_2012_256: - return SSL_PKEY_GOST12_256; - - case NID_id_GostR3410_2012_512: - return SSL_PKEY_GOST12_512; -#endif - } - return -1; -} - /* Check to see if a signature algorithm is allowed */ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) { @@ -1454,7 +1417,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) || lu->hash_idx == SSL_MD_SHA224_IDX)) return 0; /* See if public key algorithm allowed */ - if (tls12_get_pkey_idx(lu->sig) == -1) + if (ssl_cert_is_disabled(lu->sig_idx)) return 0; if (lu->hash == NID_undef) return 1; @@ -1678,8 +1641,8 @@ int tls1_process_sigalgs(SSL *s) if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) continue; /* If not disabled indicate we can explicitly sign */ - if (pvalid[idx] == 0 && tls12_get_pkey_idx(sigptr->sig) != -1) - pvalid[sigptr->sig_idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; + if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx)) + pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; } return 1; } |