Add certificate properties table.
Add certificate table giving properties of each certificate index:
specifically the NID associated with the index and the the auth mask
value for any cipher the certificate can be used with.
This will be used to generalise certificate handling instead of hard coding
algorithm specific cases.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index d7f6602..a87933d 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -976,3 +976,41 @@
return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
ctx->cert->sec_ex);
}
+
+/*
+ * Certificate table information. NB: table entries must match SSL_PKEY indices
+ */
+static const SSL_CERT_LOOKUP ssl_cert_info [] = {
+ {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */
+ {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */
+ {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */
+ {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
+ {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
+ {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
+ {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */
+};
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+ int nid = EVP_PKEY_id(pk);
+ size_t i;
+
+ if (nid == NID_undef)
+ return NULL;
+
+ for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+ if (ssl_cert_info[i].nid == nid) {
+ if (pidx != NULL)
+ *pidx = i;
+ return &ssl_cert_info[i];
+ }
+ }
+ return NULL;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
+{
+ if (idx >= OSSL_NELEM(ssl_cert_info))
+ return 0;
+ return &ssl_cert_info[idx];
+}
