Check that the public key OID matches the sig alg

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5a465e39425088c0638d9d862886869df8046a99..df5cff79c98475ebe7b5c8ca98c477e225aeb35b 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -225,6 +225,8 @@ void ssl_cert_free(CERT *c)
 {
     int i;
 
+    if (c == NULL)
+        return;
     CRYPTO_DOWN_REF(&c->references, &i, c->lock);
     REF_PRINT_COUNT("CERT", c);
     if (i > 0)
@@ -993,22 +995,35 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
                              ctx->cert->sec_ex);
 }
 
-const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
 {
-    int nid = EVP_PKEY_id(pk);
     size_t i;
 
-    if (nid == NID_undef)
-        return NULL;
-
     for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
         if (ssl_cert_info[i].nid == nid) {
-            if (pidx != NULL)
-                *pidx = i;
-            return &ssl_cert_info[i];
+            *pidx = i;
+            return 1;
         }
     }
-    return NULL;
+
+    return 0;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+    int nid = EVP_PKEY_id(pk);
+    size_t tmpidx;
+
+    if (nid == NID_undef)
+        return NULL;
+
+    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
+        return NULL;
+
+    if (pidx != NULL)
+        *pidx = tmpidx;
+
+    return &ssl_cert_info[tmpidx];
 }
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)