From: Richard Levitte <levitte@openssl.org>
Date: Thu, 14 May 2020 12:04:41 +0000 (+0200)
Subject: SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys
X-Git-Tag: openssl-3.0.0-alpha3~107
X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopenssl.git;a=commitdiff_plain;h=92dc275f95a5a87465a1ae3bac54bb2ead9732ca

SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys

Fixes #11720

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11828)
---

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 408404958e..e81542a89e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1068,19 +1068,20 @@ int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
 {
-    int nid = EVP_PKEY_id(pk);
-    size_t tmpidx;
-
-    if (nid == NID_undef)
-        return NULL;
+    size_t i;
 
-    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
-        return NULL;
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
 
-    if (pidx != NULL)
-        *pidx = tmpidx;
+        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
+            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
+            if (pidx != NULL)
+                *pidx = i;
+            return tmp_lu;
+        }
+    }
 
-    return &ssl_cert_info[tmpidx];
+    return NULL;
 }
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)