From c04cd72827a8a1eccaf75062403c301dd16892be Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 Jun 2017 17:45:10 +0100 Subject: Add certificate properties table. Add certificate table giving properties of each certificate index: specifically the NID associated with the index and the the auth mask value for any cipher the certificate can be used with. This will be used to generalise certificate handling instead of hard coding algorithm specific cases. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3858) --- ssl/ssl_cert.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'ssl/ssl_cert.c') diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index d7f6602d50..a87933d1f6 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -976,3 +976,41 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other, ctx->cert->sec_ex); } + +/* + * Certificate table information. NB: table entries must match SSL_PKEY indices + */ +static const SSL_CERT_LOOKUP ssl_cert_info [] = { + {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */ + {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */ + {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */ + {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */ + {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ + {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ + {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */ +}; + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) +{ + int nid = EVP_PKEY_id(pk); + size_t i; + + if (nid == NID_undef) + return NULL; + + for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { + if (ssl_cert_info[i].nid == nid) { + if (pidx != NULL) + *pidx = i; + return &ssl_cert_info[i]; + } + } + return NULL; +} + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) +{ + if (idx >= OSSL_NELEM(ssl_cert_info)) + return 0; + return &ssl_cert_info[idx]; +} -- cgit v1.2.3