/* returns the KX algorithms that are supported by a * certificate. (Eg a certificate with RSA params, supports * GNUTLS_KX_RSA algorithm). * This function also uses the KeyUsage field of the certificate * extensions in order to disable unneded algorithms. */ int _gnutls_selected_cert_supported_kx (gnutls_session_t session, gnutls_kx_algorithm_t ** alg, int *alg_size) { gnutls_kx_algorithm_t kx; gnutls_pk_algorithm_t pk; gnutls_kx_algorithm_t kxlist[MAX_ALGOS]; gnutls_cert *cert; int i; if (session->internals.selected_cert_list_length == 0) { *alg_size = 0; *alg = NULL; return 0; } cert = &session->internals.selected_cert_list[0]; i = 0; for (kx = 0; kx < MAX_ALGOS; kx++) { pk = _gnutls_map_pk_get_pk (kx); if (pk == cert->subject_pk_algorithm) { /* then check key usage */ if (_gnutls_check_key_usage (cert, kx) == 0) { kxlist[i] = kx; i++; } } } if (i == 0) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } *alg = gnutls_calloc (1, sizeof (gnutls_kx_algorithm_t) * i); if (*alg == NULL) return GNUTLS_E_MEMORY_ERROR; *alg_size = i; memcpy (*alg, kxlist, i * sizeof (gnutls_kx_algorithm_t)); return 0; }
/* returns the KX algorithms that are supported by a * certificate. (Eg a certificate with RSA params, supports * GNUTLS_KX_RSA algorithm). * This function also uses the KeyUsage field of the certificate * extensions in order to disable unneded algorithms. */ int _gnutls_selected_cert_supported_kx (gnutls_session_t session, gnutls_kx_algorithm_t * alg, int *alg_size) { gnutls_kx_algorithm_t kx; gnutls_pk_algorithm_t pk, cert_pk; gnutls_pcert_st *cert; int i; if (session->internals.selected_cert_list_length == 0) { *alg_size = 0; return 0; } cert = &session->internals.selected_cert_list[0]; cert_pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL); i = 0; for (kx = 0; kx < MAX_ALGOS; kx++) { pk = _gnutls_map_pk_get_pk (kx); if (pk == cert_pk) { /* then check key usage */ if (_gnutls_check_key_usage (cert, kx) == 0) { alg[i] = kx; i++; if (i > *alg_size) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } } } if (i == 0) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } *alg_size = i; return 0; }