diff options
| author | steve <steve> | 2012-02-21 14:41:12 +0000 |
|---|---|---|
| committer | steve <steve> | 2012-02-21 14:41:12 +0000 |
| commit | 5a64ffab6d1c11a883e2d846ca2aa82e2daa0ac5 (patch) | |
| tree | d000dba50a268b479da059e820c9d24f08a81ad3 | |
| parent | e6ecec7a22f9f8dda71071ccd48b5a5901ae74d4 (diff) | |
| download | openssl-5a64ffab6d1c11a883e2d846ca2aa82e2daa0ac5.tar.gz | |
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | apps/ecparam.c | 3 | ||||
| -rw-r--r-- | crypto/ec/ec.h | 2 | ||||
| -rw-r--r-- | crypto/ec/ec_curve.c | 49 | ||||
| -rw-r--r-- | crypto/ec/ec_pmeth.c | 4 | ||||
| -rw-r--r-- | crypto/ec/eck_prn.c | 10 |
6 files changed, 71 insertions, 2 deletions
@@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert + between NIDs and the more common NIST names such as "P-256". Enhance + ecparam utility and ECC method to recognise the NIST names for curves. + [Steve Henson] + *) Enhance SSL/TLS certificate chain handling to support different chains for each certificate instead of one chain in the parent SSL_CTX. [Steve Henson] diff --git a/apps/ecparam.c b/apps/ecparam.c index 465480bed..50eef797c 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -402,6 +402,9 @@ bad: } else nid = OBJ_sn2nid(curve_name); + + if (nid == 0) + nid = EC_curve_nist2nid(curve_name); if (nid == 0) { diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 5dd87fba1..41f99e395 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -398,6 +398,8 @@ typedef struct { * are filled with the data of the first nitems internal groups */ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); /********************************************************************/ /* EC_POINT functions */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 31a425cc4..2ee2f4904 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -71,6 +71,7 @@ #define OPENSSL_FIPSAPI +#include <string.h> #include "ec_lcl.h" #include <openssl/err.h> #include <openssl/obj_mac.h> @@ -2160,3 +2161,51 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) return curve_list_length; } + +/* Functions to translate between common NIST curve names and NIDs */ + +typedef struct { + const char *name; /* NIST Name of curve */ + int nid; /* Curve NID */ +} EC_NIST_NAME; + +static EC_NIST_NAME nist_curves[] = { + {"B-163", NID_sect163r2}, + {"B-233", NID_sect233r1}, + {"B-283", NID_sect283r1}, + {"B-409", NID_sect409r1}, + {"B-571", NID_sect571r1}, + {"K-163", NID_sect163k1}, + {"K-233", NID_sect233k1}, + {"K-283", NID_sect283k1}, + {"K-409", NID_sect409k1}, + {"K-571", NID_sect571k1}, + {"P-192", NID_X9_62_prime192v1}, + {"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, + {"P-521", NID_secp521r1} +}; + +const char *EC_curve_nid2nist(int nid) + { + size_t i; + for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++) + { + if (nist_curves[i].nid == nid) + return nist_curves[i].name; + } + return NULL; + } + +int EC_curve_nist2nid(const char *name) + { + size_t i; + for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++) + { + if (!strcmp(nist_curves[i].name, name)) + return nist_curves[i].nid; + } + return NID_undef; + } + diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 66ee397d8..b85f772be 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -252,7 +252,9 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, if (!strcmp(type, "ec_paramgen_curve")) { int nid; - nid = OBJ_sn2nid(value); + nid = EC_curve_nist2nid(value); + if (nid == NID_undef) + nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); if (nid == NID_undef) diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 06de8f395..39ce97862 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -177,6 +177,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) { /* the curve parameter are given by an asn1 OID */ int nid; + const char *nname; if (!BIO_indent(bp, off, 128)) goto err; @@ -184,11 +185,18 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) nid = EC_GROUP_get_curve_name(x); if (nid == 0) goto err; - if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) goto err; if (BIO_printf(bp, "\n") <= 0) goto err; + nname = EC_curve_nid2nist(nid); + if (nname) + { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0) + goto err; + } } else { |