diff options
| author | Gilad Arnold <garnold@google.com> | 2015-09-01 17:04:47 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-01 17:04:47 +0000 |
| commit | 9102b43b02ca43d585fbbdbbe6df03f6fbbf5b8e (patch) | |
| tree | 6a1994a0d714cfac3e8b6d2c2a2d386d043e8396 | |
| parent | 2aa3662a203c251f45d34cf581b05249b92f118d (diff) | |
| parent | 5f27bddadbe222956e963686151a993ab07c7f94 (diff) | |
| download | tlsdate-9102b43b02ca43d585fbbdbbe6df03f6fbbf5b8e.tar.gz | |
am 5f27bdda: Better handling of EVP_PKEY types.
* commit '5f27bddadbe222956e963686151a993ab07c7f94':
Better handling of EVP_PKEY types.
| -rw-r--r-- | src/tlsdate-helper.c | 79 |
1 files changed, 42 insertions, 37 deletions
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index d15e4f7..b319bf7 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -388,57 +388,62 @@ openssl_time_callback (const SSL* ssl, int where, int ret) } } -uint32_t -get_certificate_keybits (EVP_PKEY *public_key) +static const char * +key_type_to_str (int key_type) { - /* - In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() - */ - uint32_t key_bits; - switch (public_key->type) + switch (key_type) { case EVP_PKEY_RSA: - verb("V: key type: EVP_PKEY_RSA"); - key_bits = BN_num_bits(public_key->pkey.rsa->n); - break; + return "EVP_PKEY_RSA"; case EVP_PKEY_RSA2: - verb("V: key type: EVP_PKEY_RSA2"); - key_bits = BN_num_bits(public_key->pkey.rsa->n); - break; + return "EVP_PKEY_RSA2"; case EVP_PKEY_DSA: - verb("V: key type: EVP_PKEY_DSA"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA"; +#if defined(EVP_PKEY_DSA1) case EVP_PKEY_DSA1: - verb("V: key type: EVP_PKEY_DSA1"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA1"; +#endif /* EVP_PKEY_DSA1 */ +#if defined(EVP_PKEY_DSA2) case EVP_PKEY_DSA2: - verb("V: key type: EVP_PKEY_DSA2"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA2"; +#endif /* EVP_PKEY_DSA2 */ +#if defined(EVP_PKEY_DSA3) case EVP_PKEY_DSA3: - verb("V: key type: EVP_PKEY_DSA3"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA3"; +#endif /* EVP_PKEY_DSA3 */ +#if defined(EVP_PKEY_DSA4) case EVP_PKEY_DSA4: - verb("V: key type: EVP_PKEY_DSA4"); - key_bits = BN_num_bits(public_key->pkey.dsa->p); - break; + return "EVP_PKEY_DSA4"; +#endif /* EVP_PKEY_DSA4 */ case EVP_PKEY_DH: - verb("V: key type: EVP_PKEY_DH"); - key_bits = BN_num_bits(public_key->pkey.dh->pub_key); - break; + return "EVP_PKEY_DH"; case EVP_PKEY_EC: - verb("V: key type: EVP_PKEY_EC"); - key_bits = EVP_PKEY_bits(public_key); - break; + return "EVP_PKEY_EC"; // Should we also care about EVP_PKEY_HMAC and EVP_PKEY_CMAC? default: - key_bits = 0; - die ("unknown public key type"); - break; + return NULL; } + return NULL; +} + +uint32_t +get_certificate_keybits (EVP_PKEY *public_key) +{ + /* + In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() + */ + uint32_t key_bits; + const char *key_type_str; + + key_type_str = key_type_to_str(public_key->type); + if (key_type_str) + verb("V: key type: %s", key_type_str); + else + verb("V: key type: %d", public_key->type); + + key_bits = EVP_PKEY_bits(public_key); + if (0 == key_bits) + die ("unknown public key type"); verb ("V: keybits: %d", key_bits); return key_bits; } |