diff options
| -rw-r--r-- | ssl/ssl_cert.c | 38 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 9 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 14 |
3 files changed, 61 insertions, 0 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index d7f6602d50..a87933d1f6 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -976,3 +976,41 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other, ctx->cert->sec_ex); } + +/* + * Certificate table information. NB: table entries must match SSL_PKEY indices + */ +static const SSL_CERT_LOOKUP ssl_cert_info [] = { + {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */ + {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */ + {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */ + {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */ + {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ + {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ + {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */ +}; + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) +{ + int nid = EVP_PKEY_id(pk); + size_t i; + + if (nid == NID_undef) + return NULL; + + for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { + if (ssl_cert_info[i].nid == nid) { + if (pidx != NULL) + *pidx = i; + return &ssl_cert_info[i]; + } + } + return NULL; +} + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) +{ + if (idx >= OSSL_NELEM(ssl_cert_info)) + return 0; + return &ssl_cert_info[idx]; +} diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 64bb264b52..3fd16207c5 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1996,3 +1996,12 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, return 1; } + +int ssl_cert_is_disabled(size_t idx) +{ + const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx); + + if (cl == NULL || (cl->amask & disabled_auth_mask) != 0) + return 1; + return 0; +} diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 168e5dda01..695cf45baa 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1345,6 +1345,15 @@ typedef struct sigalg_lookup_st { typedef struct cert_pkey_st CERT_PKEY; +/* + * Structure containing table entry of certificate info corresponding to + * CERT_PKEY entries + */ +typedef struct { + int nid; /* NID of pubic key algorithm */ + uint32_t amask; /* authmask corresponding to key type */ +} SSL_CERT_LOOKUP; + typedef struct ssl3_state_st { long flags; size_t read_mac_secret_size; @@ -2092,6 +2101,7 @@ __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, size_t *int_overhead, size_t *blocksize, size_t *ext_overhead); +__owur int ssl_cert_is_disabled(size_t idx); __owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, @@ -2114,6 +2124,10 @@ __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, + size_t *pidx); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); + int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); |