openssl: Add helper to map ECDH groups to curve NIDs

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index de0d94a3e5bfcbeed18f28115970691ecbc480ae..d591b0517189c2b2873f5b426abe31effc297611 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -328,49 +328,52 @@ METHOD(diffie_hellman_t, destroy, void,
 }
 
 /*
- * Described in header.
+ * Described in header
  */
-openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
+int openssl_ecdh_group_to_nid(diffie_hellman_group_t group)
 {
-       private_openssl_ec_diffie_hellman_t *this;
-       EC_KEY *key = NULL;
-
        switch (group)
        {
                case ECP_192_BIT:
-                       key = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1);
-                       break;
+                       return NID_X9_62_prime192v1;
                case ECP_224_BIT:
-                       key = EC_KEY_new_by_curve_name(NID_secp224r1);
-                       break;
+                       return NID_secp224r1;
                case ECP_256_BIT:
-                       key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-                       break;
+                       return NID_X9_62_prime256v1;
                case ECP_384_BIT:
-                       key = EC_KEY_new_by_curve_name(NID_secp384r1);
-                       break;
+                       return NID_secp384r1;
                case ECP_521_BIT:
-                       key = EC_KEY_new_by_curve_name(NID_secp521r1);
-                       break;
+                       return NID_secp521r1;
 /* added with 1.0.2 */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
                case ECP_224_BP:
-                       key = EC_KEY_new_by_curve_name(NID_brainpoolP224r1);
-                       break;
+                       return NID_brainpoolP224r1;
                case ECP_256_BP:
-                       key = EC_KEY_new_by_curve_name(NID_brainpoolP256r1);
-                       break;
+                       return NID_brainpoolP256r1;
                case ECP_384_BP:
-                       key = EC_KEY_new_by_curve_name(NID_brainpoolP384r1);
-                       break;
+                       return NID_brainpoolP384r1;
                case ECP_512_BP:
-                       key = EC_KEY_new_by_curve_name(NID_brainpoolP512r1);
-                       break;
+                       return NID_brainpoolP512r1;
 #endif
                default:
-                       break;
+                       return 0;
        }
+}
 
+/*
+ * Described in header
+ */
+openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
+{
+       private_openssl_ec_diffie_hellman_t *this;
+       EC_KEY *key = NULL;
+       int curve;
+
+       curve = openssl_ecdh_group_to_nid(group);
+       if (curve)
+       {
+               key = EC_KEY_new_by_curve_name(curve);
+       }
        if (!key)
        {
                return NULL;
@@ -408,4 +411,5 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro
        }
        return &this->public;
 }
+
 #endif /* OPENSSL_NO_EC */

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
index 2f58c976d77073f0f0b7267fcda8ee70599298f4..12563c6daedc356cd3b47798e0466961ad5d26dc 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
@@ -44,5 +44,12 @@ struct openssl_ec_diffie_hellman_t {
  */
 openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group);
 
-#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/
+/**
+ * Map ECDH groups to OpenSSL NIDs for the ECC curve.
+ *
+ * @param group         ECDH group
+ * @return              NID for the curve
+ */
+int openssl_ecdh_group_to_nid(diffie_hellman_group_t group);
 
+#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/