Commit 4020c0b3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

add ssl_has_cert 



Add inline function ssl_has_cert which checks to see if a certificate and
private key for a given index are not NULL.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)
parent 7e12cdb5

ssl/ssl_lib.c

+4 −13
Original line number Diff line number Diff line
@@ -2720,16 +2720,12 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) 


void ssl_set_masks(SSL *s)

{

#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST)

    CERT_PKEY *cpk;

#endif

    CERT *c = s->cert;

    uint32_t *pvalid = s->s3->tmp.valid_flags;

    int rsa_enc, rsa_sign, dh_tmp, dsa_sign;

    unsigned long mask_k, mask_a;

#ifndef OPENSSL_NO_EC

    int have_ecc_cert, ecdsa_ok;

    X509 *x = NULL;

#endif

    if (c == NULL)

        return;
@@ -2755,18 +2751,15 @@ void ssl_set_masks(SSL *s) 
#endif



#ifndef OPENSSL_NO_GOST

    cpk = &(c->pkeys[SSL_PKEY_GOST12_512]);

    if (cpk->x509 != NULL && cpk->privatekey != NULL) {

    if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {

        mask_k |= SSL_kGOST;

        mask_a |= SSL_aGOST12;

    }

    cpk = &(c->pkeys[SSL_PKEY_GOST12_256]);

    if (cpk->x509 != NULL && cpk->privatekey != NULL) {

    if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {

        mask_k |= SSL_kGOST;

        mask_a |= SSL_aGOST12;

    }

    cpk = &(c->pkeys[SSL_PKEY_GOST01]);

    if (cpk->x509 != NULL && cpk->privatekey != NULL) {

    if (ssl_has_cert(s, SSL_PKEY_GOST01)) {

        mask_k |= SSL_kGOST;

        mask_a |= SSL_aGOST01;

    }
@@ -2795,9 +2788,7 @@ void ssl_set_masks(SSL *s) 
#ifndef OPENSSL_NO_EC

    if (have_ecc_cert) {

        uint32_t ex_kusage;

        cpk = &c->pkeys[SSL_PKEY_ECC];

        x = cpk->x509;

        ex_kusage = X509_get_key_usage(x);

        ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);

        ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;

        if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))

            ecdsa_ok = 0;

ssl/ssl_locl.h

+9 −0
Original line number Diff line number Diff line
@@ -1950,6 +1950,15 @@ struct openssl_ssl_test_functions { 


const char *ssl_protocol_to_string(int version);



/* Returns true if certificate and private key for 'idx' are present */

static ossl_inline int ssl_has_cert(const SSL *s, int idx)

{

    if (idx < 0 || idx >= SSL_PKEY_NUM)

        return 0;

    return s->cert->pkeys[idx].x509 != NULL

        && s->cert->pkeys[idx].privatekey != NULL;

}



# ifndef OPENSSL_UNIT_TEST



void ssl_clear_cipher_ctx(SSL *s);