From: William Lallemand Date: Wed, 2 Apr 2025 17:34:09 +0000 (+0200) Subject: REORG: ssl: move curves2nid and nid2nist to ssl_utils X-Git-Tag: v3.2-dev10~46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b351f06ff119cfcbc157ccb61d2ee344becf6d6f;p=thirdparty%2Fhaproxy.git REORG: ssl: move curves2nid and nid2nist to ssl_utils curves2nid and nid2nist are generic functions that could be used outside the JWS scope, this patch put them at the right place so they can be reused. --- diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h index a4add735f..5493ba7ae 100644 --- a/include/haproxy/ssl_utils.h +++ b/include/haproxy/ssl_utils.h @@ -51,6 +51,8 @@ const char *x509_get_notafter(X509 *cert); time_t ASN1_to_time_t(ASN1_TIME *asn1_time); time_t x509_get_notafter_time_t(X509 *cert); #endif +int curves2nid(const char *curve); +const char *nid2nist(int nid); #endif /* _HAPROXY_SSL_UTILS_H */ #endif /* USE_OPENSSL */ diff --git a/src/jws.c b/src/jws.c index feb03d718..a7461c0b7 100644 --- a/src/jws.c +++ b/src/jws.c @@ -8,6 +8,7 @@ #include #include #include +#include #if defined(HAVE_JWS) @@ -38,47 +39,6 @@ out: return ret; } -/* https://datatracker.ietf.org/doc/html/rfc8422#appendix-A */ -/* SECG to NIST curves name */ -static struct curves { char *name; int nid; } curves_list [] = -{ - { "secp256r1", NID_X9_62_prime256v1 }, - { "prime256v1", NID_X9_62_prime256v1 }, - { "P-256", NID_X9_62_prime256v1 }, - - { "secp384r1", NID_secp384r1 }, - { "P-384", NID_secp384r1 }, - - { "secp521r1", NID_secp521r1 }, - { "P-521", NID_secp521r1 }, - { NULL, 0 }, -}; - -/* convert a curves name to a openssl NID */ -int curves2nid(const char *curve) -{ - struct curves *curves = curves_list; - - while (curves->name) { - if (strcmp(curve, curves->name) == 0) - return curves->nid; - curves++; - } - return -1; -} - -/* convert an OpenSSL NID to a NIST curves name */ -const char *nid2nist(int nid) -{ - switch (nid) { - case NID_X9_62_prime256v1: return "P-256"; - case NID_secp384r1: return "P-384"; - case NID_secp521r1: return "P-521"; - default: return NULL; - } -} - - /* * Convert a EC to a public key JWK * Fill a buffer of max size diff --git a/src/ssl_utils.c b/src/ssl_utils.c index 7bcb2f81f..7219c2a66 100644 --- a/src/ssl_utils.c +++ b/src/ssl_utils.c @@ -783,3 +783,44 @@ error: return ret; } #endif + +/* https://datatracker.ietf.org/doc/html/rfc8422#appendix-A */ +/* SECG to NIST curves name */ +static struct curves { char *name; int nid; } curves_list [] = +{ + { "secp256r1", NID_X9_62_prime256v1 }, + { "prime256v1", NID_X9_62_prime256v1 }, + { "P-256", NID_X9_62_prime256v1 }, + + { "secp384r1", NID_secp384r1 }, + { "P-384", NID_secp384r1 }, + + { "secp521r1", NID_secp521r1 }, + { "P-521", NID_secp521r1 }, + { NULL, 0 }, +}; + +/* convert a curves name to a openssl NID */ +int curves2nid(const char *curve) +{ + struct curves *curves = curves_list; + + while (curves->name) { + if (strcmp(curve, curves->name) == 0) + return curves->nid; + curves++; + } + return -1; +} + +/* convert an OpenSSL NID to a NIST curves name */ +const char *nid2nist(int nid) +{ + switch (nid) { + case NID_X9_62_prime256v1: return "P-256"; + case NID_secp384r1: return "P-384"; + case NID_secp521r1: return "P-521"; + default: return NULL; + } +} +