From 64095ce9d7c0613b0b45fe8015b4514116afdec0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 21 Feb 2012 14:41:13 +0000 Subject: [PATCH] Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves. --- CHANGES | 5 +++++ apps/ecparam.c | 3 +++ crypto/ec/ec.h | 2 ++ crypto/ec/ec_curve.c | 49 ++++++++++++++++++++++++++++++++++++++++++++ crypto/ec/ec_pmeth.c | 4 +++- crypto/ec/eck_prn.c | 10 ++++++++- 6 files changed, 71 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 77f9e0dfa7..5dbdfc5006 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert + between NIDs and the more common NIST names such as "P-256". Enhance + ecparam utility and ECC method to recognise the NIST names for curves. + [Steve Henson] + *) Enhance SSL/TLS certificate chain handling to support different chains for each certificate instead of one chain in the parent SSL_CTX. [Steve Henson] diff --git a/apps/ecparam.c b/apps/ecparam.c index 465480bedd..50eef797cc 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -402,6 +402,9 @@ bad: } else nid = OBJ_sn2nid(curve_name); + + if (nid == 0) + nid = EC_curve_nist2nid(curve_name); if (nid == 0) { diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 5dd87fba1c..41f99e395a 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -398,6 +398,8 @@ typedef struct { * are filled with the data of the first nitems internal groups */ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); /********************************************************************/ /* EC_POINT functions */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 31a425cc4a..2ee2f4904f 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -71,6 +71,7 @@ #define OPENSSL_FIPSAPI +#include #include "ec_lcl.h" #include #include @@ -2160,3 +2161,51 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) return curve_list_length; } + +/* Functions to translate between common NIST curve names and NIDs */ + +typedef struct { + const char *name; /* NIST Name of curve */ + int nid; /* Curve NID */ +} EC_NIST_NAME; + +static EC_NIST_NAME nist_curves[] = { + {"B-163", NID_sect163r2}, + {"B-233", NID_sect233r1}, + {"B-283", NID_sect283r1}, + {"B-409", NID_sect409r1}, + {"B-571", NID_sect571r1}, + {"K-163", NID_sect163k1}, + {"K-233", NID_sect233k1}, + {"K-283", NID_sect283k1}, + {"K-409", NID_sect409k1}, + {"K-571", NID_sect571k1}, + {"P-192", NID_X9_62_prime192v1}, + {"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, + {"P-521", NID_secp521r1} +}; + +const char *EC_curve_nid2nist(int nid) + { + size_t i; + for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++) + { + if (nist_curves[i].nid == nid) + return nist_curves[i].name; + } + return NULL; + } + +int EC_curve_nist2nid(const char *name) + { + size_t i; + for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++) + { + if (!strcmp(nist_curves[i].name, name)) + return nist_curves[i].nid; + } + return NID_undef; + } + diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 66ee397d86..b85f772be3 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -252,7 +252,9 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, if (!strcmp(type, "ec_paramgen_curve")) { int nid; - nid = OBJ_sn2nid(value); + nid = EC_curve_nist2nid(value); + if (nid == NID_undef) + nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); if (nid == NID_undef) diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 06de8f3959..39ce97862d 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -177,6 +177,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) { /* the curve parameter are given by an asn1 OID */ int nid; + const char *nname; if (!BIO_indent(bp, off, 128)) goto err; @@ -184,11 +185,18 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) nid = EC_GROUP_get_curve_name(x); if (nid == 0) goto err; - if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) goto err; if (BIO_printf(bp, "\n") <= 0) goto err; + nname = EC_curve_nid2nist(nid); + if (nname) + { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0) + goto err; + } } else { -- 2.40.0