From 92dc275f95a5a87465a1ae3bac54bb2ead9732ca Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Thu, 14 May 2020 14:04:41 +0200
Subject: SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side
 keys

Fixes #11720

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11828)
---
 ssl/ssl_cert.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

(limited to 'ssl')

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 408404958e..e81542a89e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1068,19 +1068,20 @@ int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
 {
-    int nid = EVP_PKEY_id(pk);
-    size_t tmpidx;
-
-    if (nid == NID_undef)
-        return NULL;
+    size_t i;
 
-    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
-        return NULL;
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        const SSL_CERT_LOOKUP *tmp_lu = &ssl_cert_info[i];
 
-    if (pidx != NULL)
-        *pidx = tmpidx;
+        if (EVP_PKEY_is_a(pk, OBJ_nid2sn(tmp_lu->nid))
+            || EVP_PKEY_is_a(pk, OBJ_nid2ln(tmp_lu->nid))) {
+            if (pidx != NULL)
+                *pidx = i;
+            return tmp_lu;
+        }
+    }
 
-    return &ssl_cert_info[tmpidx];
+    return NULL;
 }
 
 const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
-- 
cgit v1.2.1