From 4020c0b33b25f829ca68976970d44227d115eb9e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 13 Feb 2017 15:40:21 +0000 Subject: [PATCH] add ssl_has_cert Add inline function ssl_has_cert which checks to see if a certificate and private key for a given index are not NULL. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2623) --- ssl/ssl_lib.c | 17 ++++------------- ssl/ssl_locl.h | 9 +++++++++ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 11c0a80d2d..c92875f2d9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2720,16 +2720,12 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) void ssl_set_masks(SSL *s) { -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST) - CERT_PKEY *cpk; -#endif CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok; - X509 *x = NULL; #endif if (c == NULL) return; @@ -2755,18 +2751,15 @@ void ssl_set_masks(SSL *s) #endif #ifndef OPENSSL_NO_GOST - cpk = &(c->pkeys[SSL_PKEY_GOST12_512]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST12; } - cpk = &(c->pkeys[SSL_PKEY_GOST12_256]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST12; } - cpk = &(c->pkeys[SSL_PKEY_GOST01]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST01)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } @@ -2795,9 +2788,7 @@ void ssl_set_masks(SSL *s) #ifndef OPENSSL_NO_EC if (have_ecc_cert) { uint32_t ex_kusage; - cpk = &c->pkeys[SSL_PKEY_ECC]; - x = cpk->x509; - ex_kusage = X509_get_key_usage(x); + ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index df6be646e1..23e6a67470 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1950,6 +1950,15 @@ struct openssl_ssl_test_functions { const char *ssl_protocol_to_string(int version); +/* Returns true if certificate and private key for 'idx' are present */ +static ossl_inline int ssl_has_cert(const SSL *s, int idx) +{ + if (idx < 0 || idx >= SSL_PKEY_NUM) + return 0; + return s->cert->pkeys[idx].x509 != NULL + && s->cert->pkeys[idx].privatekey != NULL; +} + # ifndef OPENSSL_UNIT_TEST void ssl_clear_cipher_ctx(SSL *s); -- 2.25.1