diff options
author | Gilad Arnold <garnold@google.com> | 2015-08-26 15:50:34 -0700 |
---|---|---|
committer | Gilad Arnold <garnold@google.com> | 2015-08-29 21:46:54 -0700 |
commit | 5f27bddadbe222956e963686151a993ab07c7f94 (patch) | |
tree | 6a1994a0d714cfac3e8b6d2c2a2d386d043e8396 | |
parent | 6b31c0f559f7e7e9f3ccf29b4ffc4e7dbde420f3 (diff) | |
download | tlsdate-5f27bddadbe222956e963686151a993ab07c7f94.tar.gz |
Better handling of EVP_PKEY types.
1) EVP_PKEY_bits already returns the number of bits of keys of any type,
so no need for case-by-case handling.
2) Some EVP_PKEY constants are not defined in BoringSSL, so we only test
them if they're defined.
The conversion from key types values to strings was moved to a separate
function.
Bug: 22373707
Change-Id: I73c383367147afb316fa6e92e456f24078d48c32
-rw-r--r-- | src/tlsdate-helper.c | 79 |
1 files changed, 42 insertions, 37 deletions
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index d15e4f7..b319bf7 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -388,57 +388,62 @@ openssl_time_callback (const SSL* ssl, int where, int ret) } } -uint32_t -get_certificate_keybits (EVP_PKEY *public_key) +static const char * +key_type_to_str (int key_type) { - /* - In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() - */ - uint32_t key_bits; - switch (public_key->type) + switch (key_type) { case EVP_PKEY_RSA: - verb("V: key type: EVP_PKEY_RSA"); - key_bits = BN_num_bits(public_key->pkey.rsa->n); - break; + return "EVP_PKEY_RSA"; case EVP_PKEY_RSA2: - verb("V: key type: EVP_PKEY_RSA2"); - key_bits = BN_num_bits(public_key->pkey.rsa->n); - break; + return "EVP_PKEY_RSA2"; case EVP_PKEY_DSA: - verb("V: key type: EVP_PKEY_DSA"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA"; +#if defined(EVP_PKEY_DSA1) case EVP_PKEY_DSA1: - verb("V: key type: EVP_PKEY_DSA1"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA1"; +#endif /* EVP_PKEY_DSA1 */ +#if defined(EVP_PKEY_DSA2) case EVP_PKEY_DSA2: - verb("V: key type: EVP_PKEY_DSA2"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA2"; +#endif /* EVP_PKEY_DSA2 */ +#if defined(EVP_PKEY_DSA3) case EVP_PKEY_DSA3: - verb("V: key type: EVP_PKEY_DSA3"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA3"; +#endif /* EVP_PKEY_DSA3 */ +#if defined(EVP_PKEY_DSA4) case EVP_PKEY_DSA4: - verb("V: key type: EVP_PKEY_DSA4"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA4"; +#endif /* EVP_PKEY_DSA4 */ case EVP_PKEY_DH: - verb("V: key type: EVP_PKEY_DH"); - key_bits = BN_num_bits(public_key->pkey.dh->pub_key); - break; + return "EVP_PKEY_DH"; case EVP_PKEY_EC: - verb("V: key type: EVP_PKEY_EC"); - key_bits = EVP_PKEY_bits(public_key); - break; + return "EVP_PKEY_EC"; // Should we also care about EVP_PKEY_HMAC and EVP_PKEY_CMAC? default: - key_bits = 0; - die ("unknown public key type"); - break; + return NULL; } + return NULL; +} + +uint32_t +get_certificate_keybits (EVP_PKEY *public_key) +{ + /* + In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() + */ + uint32_t key_bits; + const char *key_type_str; + + key_type_str = key_type_to_str(public_key->type); + if (key_type_str) + verb("V: key type: %s", key_type_str); + else + verb("V: key type: %d", public_key->type); + + key_bits = EVP_PKEY_bits(public_key); + if (0 == key_bits) + die ("unknown public key type"); verb ("V: keybits: %d", key_bits); return key_bits; } |