commit 52fd27f9784c9648af55b507d03d0d9e3a368855
author Dr. Stephen Henson <steve@openssl.org> Thu Jun 29 15:20:09 2017 +0100
committer Dr. Stephen Henson <steve@openssl.org> Thu Jul 13 12:38:42 2017 +0100
tree ce9b7d2d6c208f6b2046716b233921f3fd38f8b0
parent 7f6b466b2cca843dd9d12fd547489100327beb3e

Use certificate tables instead of ssl_cert_type

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 101a15d..53ef723 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -875,9 +875,12 @@
 /* Set peer sigalg based key type */
 int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
 {
-    int idx = ssl_cert_type(NULL, pkey);
+    size_t idx;
+    const SIGALG_LOOKUP *lu;
 
-    const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, idx);
+    if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
+        return 0;
+    lu = tls1_get_legacy_sigalg(s, idx);
     if (lu == NULL)
         return 0;
     s->s3->tmp.peer_sigalg = lu;
@@ -1923,11 +1926,14 @@
         if (!x || !pk)
             goto end;
     } else {
+        size_t certidx;
+
         if (!x || !pk)
             return 0;
-        idx = ssl_cert_type(x, pk);
-        if (idx == -1)
+
+        if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL)
             return 0;
+        idx = certidx;
         pvalid = s->s3->tmp.valid_flags + idx;
 
         if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)