SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 408404958efb3576599487c72ffb4171e621886e..e81542a89e5f63dfe577cb6eae6265d01fda1227 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1068,19 +1068,20 @@ int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
 {
-    int nid = EVP_PKEY_id(pk);
-    size_t tmpidx;
-
-    if (nid == NID_undef)
-        return NULL;
+    size_t i;
 
-    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
-        return NULL;
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
 
-    if (pidx != NULL)
-        *pidx = tmpidx;
+        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
+            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
+            if (pidx != NULL)
+                *pidx = i;
+            return tmp_lu;
+        }
+    }
 
-    return &ssl_cert_info[tmpidx];
+    return NULL;
 }
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)