From 92dc275f95a5a87465a1ae3bac54bb2ead9732ca Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 14 May 2020 14:04:41 +0200 Subject: [PATCH] SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys Fixes #11720 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11828) --- ssl/ssl_cert.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 408404958e..e81542a89e 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1068,19 +1068,20 @@ int ssl_cert_lookup_by_nid(int nid, size_t *pidx) const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) { - int nid = EVP_PKEY_id(pk); - size_t tmpidx; - - if (nid == NID_undef) - return NULL; + size_t i; - if (!ssl_cert_lookup_by_nid(nid, &tmpidx)) - return NULL; + for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { + const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i]; - if (pidx != NULL) - *pidx = tmpidx; + if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid)) + || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) { + if (pidx != NULL) + *pidx = i; + return tmp_lu; + } + } - return &ssl_cert_info[tmpidx]; + return NULL; } const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) -- 2.25.1