Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert

between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)

diff --git a/CHANGES b/CHANGES
index 8b15b52c5a919d07b54a9868f4bfe80dd607a8aa..ad035ed9fcce53ac6f9fa55e6cec22499f971b1a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
 
+  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+     between NIDs and the more common NIST names such as "P-256". Enhance
+     ecparam utility and ECC method to recognise the NIST names for curves.
+     [Steve Henson]
+
   *) Enhance SSL/TLS certificate chain handling to support different
      chains for each certificate instead of one chain in the parent SSL_CTX.
      [Steve Henson]

diff --git a/apps/ecparam.c b/apps/ecparam.c
index 465480bedd01bf9d0607577ce3156bfdd61ef890..50eef797ccd36003e573d97433e269cd397517d4 100644 (file)
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -402,6 +402,9 @@ bad:
                        }
                else
                        nid = OBJ_sn2nid(curve_name);
+
+               if (nid == 0)
+                       nid = EC_curve_nist2nid(curve_name);
        
                if (nid == 0)
                        {

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 9d01325af33b9387d5432eb46de0a9b679649b1c..f7ac5aec6afd02c0baaf19702263e4db74ec8f68 100644 (file)
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -396,6 +396,8 @@ typedef struct {
  * are filled with the data of the first nitems internal groups */
 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
 
+const char *EC_curve_nid2nist(int nid);
+int EC_curve_nist2nid(const char *name);
 
 /********************************************************************/
 /*                    EC_POINT functions                            */

diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index c72fb2697ca2823a4aac36b027012bed6c457288..a9e3283ae554e2a0b2456a1f9319bd8118d7c63b 100644 (file)
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -69,6 +69,7 @@
  *
  */
 
+#include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
@@ -2098,3 +2099,51 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
 
        return curve_list_length;
        }
+
+/* Functions to translate between common NIST curve names and NIDs */
+
+typedef struct {
+       const char *name;       /* NIST Name of curve */
+       int     nid;            /* Curve NID */
+} EC_NIST_NAME;
+
+static EC_NIST_NAME nist_curves[] = {
+       {"B-163", NID_sect163r2},
+       {"B-233", NID_sect233r1},
+       {"B-283", NID_sect283r1},
+       {"B-409", NID_sect409r1},
+       {"B-571", NID_sect571r1},
+       {"K-163", NID_sect163k1},
+       {"K-233", NID_sect233k1},
+       {"K-283", NID_sect283k1},
+       {"K-409", NID_sect409k1},
+       {"K-571", NID_sect571k1},
+       {"P-192", NID_X9_62_prime192v1},
+       {"P-224", NID_secp224r1},
+       {"P-256", NID_X9_62_prime256v1},
+       {"P-384", NID_secp384r1},
+       {"P-521", NID_secp521r1}
+};
+
+const char *EC_curve_nid2nist(int nid)
+       {
+       size_t i;
+       for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++)
+               {
+               if (nist_curves[i].nid == nid)
+                       return nist_curves[i].name;
+               }
+       return NULL;
+       }
+
+int EC_curve_nist2nid(const char *name)
+       {
+       size_t i;
+       for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++)
+               {
+               if (!strcmp(nist_curves[i].name, name))
+                       return nist_curves[i].nid;
+               }
+       return NID_undef;
+       }
+

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index d1ed66c37e76e5683cb976fe961cea32b3da892d..de3466c4d6a14a9d2a3e40b0406f28adad48c604 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -252,7 +252,9 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
        if (!strcmp(type, "ec_paramgen_curve"))
                {
                int nid;
-               nid = OBJ_sn2nid(value);
+               nid = EC_curve_nist2nid(value);
+               if (nid == NID_undef)
+                       nid = OBJ_sn2nid(value);
                if (nid == NID_undef)
                        nid = OBJ_ln2nid(value);
                if (nid == NID_undef)

diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
index 06de8f3959d57d2bdebe85ea7ab2d5b3c3a414fe..39ce97862dbd44dfa93db5a687d7731ffe33b1fd 100644 (file)
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -177,6 +177,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
                {
                /* the curve parameter are given by an asn1 OID */
                int nid;
+               const char *nname;
 
                if (!BIO_indent(bp, off, 128))
                        goto err;
@@ -184,11 +185,18 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
                nid = EC_GROUP_get_curve_name(x);
                if (nid == 0)
                        goto err;
-
                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
                        goto err;
                if (BIO_printf(bp, "\n") <= 0)
                        goto err;
+               nname = EC_curve_nid2nist(nid);
+               if (nname)
+                       {
+                       if (!BIO_indent(bp, off, 128))
+                               goto err;
+                       if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
+                               goto err;
+                       }
                }
        else
                {