summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c24
1 files changed, 8 insertions, 16 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 1c4ab636a1..fa1d209c8c 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.213 2020/05/10 14:17:47 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.214 2020/05/19 16:35:20 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1968,7 +1968,7 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
1968void 1968void
1969ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 1969ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1970{ 1970{
1971 int rsa_enc, rsa_sign, dh_tmp; 1971 int rsa, dh_tmp;
1972 int have_ecc_cert; 1972 int have_ecc_cert;
1973 unsigned long mask_k, mask_a; 1973 unsigned long mask_k, mask_a;
1974 X509 *x = NULL; 1974 X509 *x = NULL;
@@ -1980,10 +1980,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1980 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || 1980 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
1981 c->dh_tmp_auto != 0); 1981 c->dh_tmp_auto != 0);
1982 1982
1983 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 1983 cpk = &(c->pkeys[SSL_PKEY_RSA]);
1984 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); 1984 rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
1985 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1986 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
1987 cpk = &(c->pkeys[SSL_PKEY_ECC]); 1985 cpk = &(c->pkeys[SSL_PKEY_ECC]);
1988 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); 1986 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
1989 1987
@@ -1996,13 +1994,13 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1996 mask_a |= SSL_aGOST01; 1994 mask_a |= SSL_aGOST01;
1997 } 1995 }
1998 1996
1999 if (rsa_enc) 1997 if (rsa)
2000 mask_k |= SSL_kRSA; 1998 mask_k |= SSL_kRSA;
2001 1999
2002 if (dh_tmp) 2000 if (dh_tmp)
2003 mask_k |= SSL_kDHE; 2001 mask_k |= SSL_kDHE;
2004 2002
2005 if (rsa_enc || rsa_sign) 2003 if (rsa)
2006 mask_a |= SSL_aRSA; 2004 mask_a |= SSL_aRSA;
2007 2005
2008 mask_a |= SSL_aNULL; 2006 mask_a |= SSL_aNULL;
@@ -2085,10 +2083,7 @@ ssl_get_server_send_pkey(const SSL *s)
2085 if (alg_a & SSL_aECDSA) { 2083 if (alg_a & SSL_aECDSA) {
2086 i = SSL_PKEY_ECC; 2084 i = SSL_PKEY_ECC;
2087 } else if (alg_a & SSL_aRSA) { 2085 } else if (alg_a & SSL_aRSA) {
2088 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) 2086 i = SSL_PKEY_RSA;
2089 i = SSL_PKEY_RSA_SIGN;
2090 else
2091 i = SSL_PKEY_RSA_ENC;
2092 } else if (alg_a & SSL_aGOST01) { 2087 } else if (alg_a & SSL_aGOST01) {
2093 i = SSL_PKEY_GOST01; 2088 i = SSL_PKEY_GOST01;
2094 } else { /* if (alg_a & SSL_aNULL) */ 2089 } else { /* if (alg_a & SSL_aNULL) */
@@ -2113,10 +2108,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
2113 c = s->cert; 2108 c = s->cert;
2114 2109
2115 if (alg_a & SSL_aRSA) { 2110 if (alg_a & SSL_aRSA) {
2116 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2111 idx = SSL_PKEY_RSA;
2117 idx = SSL_PKEY_RSA_SIGN;
2118 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2119 idx = SSL_PKEY_RSA_ENC;
2120 } else if ((alg_a & SSL_aECDSA) && 2112 } else if ((alg_a & SSL_aECDSA) &&
2121 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2113 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2122 idx = SSL_PKEY_ECC; 2114 idx = SSL_PKEY_ECC;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 16:40:34 +0000