diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-02-13 15:40:21 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-15 02:23:54 +0000 |
commit | 4020c0b33b25f829ca68976970d44227d115eb9e (patch) | |
tree | d8a100d98157c6e906e0ea216322a35f884a6c68 /ssl | |
parent | 7e12cdb52e3f4beff050caeecf3634870bb9a7c4 (diff) | |
download | openssl-4020c0b33b25f829ca68976970d44227d115eb9e.tar.gz |
add ssl_has_cert
Add inline function ssl_has_cert which checks to see if a certificate and
private key for a given index are not NULL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 17 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 9 |
2 files changed, 13 insertions, 13 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 11c0a80d2d..c92875f2d9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2720,16 +2720,12 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) void ssl_set_masks(SSL *s) { -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST) - CERT_PKEY *cpk; -#endif CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok; - X509 *x = NULL; #endif if (c == NULL) return; @@ -2755,18 +2751,15 @@ void ssl_set_masks(SSL *s) #endif #ifndef OPENSSL_NO_GOST - cpk = &(c->pkeys[SSL_PKEY_GOST12_512]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST12; } - cpk = &(c->pkeys[SSL_PKEY_GOST12_256]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST12; } - cpk = &(c->pkeys[SSL_PKEY_GOST01]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST01)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } @@ -2795,9 +2788,7 @@ void ssl_set_masks(SSL *s) #ifndef OPENSSL_NO_EC if (have_ecc_cert) { uint32_t ex_kusage; - cpk = &c->pkeys[SSL_PKEY_ECC]; - x = cpk->x509; - ex_kusage = X509_get_key_usage(x); + ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index df6be646e1..23e6a67470 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1950,6 +1950,15 @@ struct openssl_ssl_test_functions { const char *ssl_protocol_to_string(int version); +/* Returns true if certificate and private key for 'idx' are present */ +static ossl_inline int ssl_has_cert(const SSL *s, int idx) +{ + if (idx < 0 || idx >= SSL_PKEY_NUM) + return 0; + return s->cert->pkeys[idx].x509 != NULL + && s->cert->pkeys[idx].privatekey != NULL; +} + # ifndef OPENSSL_UNIT_TEST void ssl_clear_cipher_ctx(SSL *s); |