From: Tobias Brunner Date: Tue, 16 Nov 2021 13:33:09 +0000 (+0100) Subject: openssl: Add helper to map ECDH groups to curve NIDs X-Git-Tag: 5.9.5dr3~3^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03520a0d54b3aefa5914dba349cc03432bc39d32;p=thirdparty%2Fstrongswan.git openssl: Add helper to map ECDH groups to curve NIDs --- diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index de0d94a3e5..d591b05171 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -328,49 +328,52 @@ METHOD(diffie_hellman_t, destroy, void, } /* - * Described in header. + * Described in header */ -openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group) +int openssl_ecdh_group_to_nid(diffie_hellman_group_t group) { - private_openssl_ec_diffie_hellman_t *this; - EC_KEY *key = NULL; - switch (group) { case ECP_192_BIT: - key = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1); - break; + return NID_X9_62_prime192v1; case ECP_224_BIT: - key = EC_KEY_new_by_curve_name(NID_secp224r1); - break; + return NID_secp224r1; case ECP_256_BIT: - key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - break; + return NID_X9_62_prime256v1; case ECP_384_BIT: - key = EC_KEY_new_by_curve_name(NID_secp384r1); - break; + return NID_secp384r1; case ECP_521_BIT: - key = EC_KEY_new_by_curve_name(NID_secp521r1); - break; + return NID_secp521r1; /* added with 1.0.2 */ #if OPENSSL_VERSION_NUMBER >= 0x10002000L case ECP_224_BP: - key = EC_KEY_new_by_curve_name(NID_brainpoolP224r1); - break; + return NID_brainpoolP224r1; case ECP_256_BP: - key = EC_KEY_new_by_curve_name(NID_brainpoolP256r1); - break; + return NID_brainpoolP256r1; case ECP_384_BP: - key = EC_KEY_new_by_curve_name(NID_brainpoolP384r1); - break; + return NID_brainpoolP384r1; case ECP_512_BP: - key = EC_KEY_new_by_curve_name(NID_brainpoolP512r1); - break; + return NID_brainpoolP512r1; #endif default: - break; + return 0; } +} +/* + * Described in header + */ +openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group) +{ + private_openssl_ec_diffie_hellman_t *this; + EC_KEY *key = NULL; + int curve; + + curve = openssl_ecdh_group_to_nid(group); + if (curve) + { + key = EC_KEY_new_by_curve_name(curve); + } if (!key) { return NULL; @@ -408,4 +411,5 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro } return &this->public; } + #endif /* OPENSSL_NO_EC */ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h index 2f58c976d7..12563c6dae 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h @@ -44,5 +44,12 @@ struct openssl_ec_diffie_hellman_t { */ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group); -#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/ +/** + * Map ECDH groups to OpenSSL NIDs for the ECC curve. + * + * @param group ECDH group + * @return NID for the curve + */ +int openssl_ecdh_group_to_nid(diffie_hellman_group_t group); +#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/