commit a497cf25162e100ad46bd08222b6e7584b2d5bee
author Dr. Stephen Henson <steve@openssl.org> Tue Feb 14 00:35:26 2017 +0000
committer Dr. Stephen Henson <steve@openssl.org> Wed Feb 15 02:23:54 2017 +0000
tree e1df2be6f03dc1a28e73220d1be5c0a464159aa7
parent f695571e10a3e63930424940acc8dafd13c6c35c

Use CERT_PKEY pointer instead of index

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2623)

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0ae41cd..31c3b04 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2201,11 +2201,9 @@
         else
             dh_secbits = 80;
     } else {
-        CERT_PKEY *cpk;
-        if (s->s3->tmp.cert_idx == -1)
+        if (s->s3->tmp.cert == NULL)
             return NULL;
-        cpk = &s->cert->pkeys[s->s3->tmp.cert_idx];
-        dh_secbits = EVP_PKEY_security_bits(cpk->privatekey);
+        dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
     }
 
     if (dh_secbits >= 128) {
@@ -2369,7 +2367,7 @@
         idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
         /* If no certificate for ciphersuite return */
         if (idx == -1) {
-            s->s3->tmp.cert_idx = -1;
+            s->s3->tmp.cert = NULL;
             s->s3->tmp.sigalg = NULL;
             return 1;
         }
@@ -2445,7 +2443,7 @@
             }
         }
     }
-    s->s3->tmp.cert_idx = idx;
+    s->s3->tmp.cert = &s->cert->pkeys[idx];
     s->s3->tmp.sigalg = lu;
     return 1;
 }