REORG: ssl: move curves2nid and nid2nist to ssl_utils

curves2nid and nid2nist are generic functions that could be used outside
the JWS scope, this patch put them at the right place so they can be
reused.

diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h
index a4add735f1c93b8dca5e615bfbf8b0412d12f324..5493ba7aec3a680fe7292c8f01e0bb0d09abbb22 100644 (file)
--- a/include/haproxy/ssl_utils.h
+++ b/include/haproxy/ssl_utils.h
@@ -51,6 +51,8 @@ const char *x509_get_notafter(X509 *cert);
 time_t ASN1_to_time_t(ASN1_TIME *asn1_time);
 time_t x509_get_notafter_time_t(X509 *cert);
 #endif
+int curves2nid(const char *curve);
+const char *nid2nist(int nid);
 
 #endif /* _HAPROXY_SSL_UTILS_H */
 #endif /* USE_OPENSSL */

diff --git a/src/jws.c b/src/jws.c
index feb03d7184a1a56dbdee6d7f451a2cd21a454771..a7461c0b70b91026e229ead463608846eb0d9499 100644 (file)
--- a/src/jws.c
+++ b/src/jws.c
@@ -8,6 +8,7 @@
 #include <haproxy/chunk.h>
 #include <haproxy/init.h>
 #include <haproxy/openssl-compat.h>
+#include <haproxy/ssl_utils.h>
 
 #if defined(HAVE_JWS)
 
@@ -38,47 +39,6 @@ out:
        return ret;
 }
 
-/* https://datatracker.ietf.org/doc/html/rfc8422#appendix-A */
-/* SECG to NIST curves name */
-static struct curves { char *name; int nid; } curves_list [] =
-{
-       { "secp256r1",  NID_X9_62_prime256v1 },
-       { "prime256v1", NID_X9_62_prime256v1 },
-       { "P-256",      NID_X9_62_prime256v1 },
-
-       { "secp384r1",  NID_secp384r1 },
-       { "P-384",      NID_secp384r1 },
-
-       { "secp521r1",  NID_secp521r1 },
-       { "P-521",      NID_secp521r1 },
-       { NULL,         0 },
-};
-
-/* convert a curves name to a openssl NID */
-int curves2nid(const char *curve)
-{
-       struct curves *curves = curves_list;
-
-       while (curves->name) {
-               if (strcmp(curve, curves->name) == 0)
-                       return curves->nid;
-               curves++;
-       }
-       return -1;
-}
-
-/* convert an OpenSSL NID to a NIST curves name */
-const char *nid2nist(int nid)
-{
-       switch (nid) {
-               case NID_X9_62_prime256v1: return "P-256";
-               case NID_secp384r1:        return "P-384";
-               case NID_secp521r1:        return "P-521";
-               default:                   return NULL;
-       }
-}
-
-
 /*
  * Convert a EC <pkey> to a public key JWK
  * Fill a buffer <dst> of <dsize> max size

diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 7bcb2f81f0adfb1b6637a298c217d0eac6474afc..7219c2a6612a8b4b8d0302e3e69fcbb92a2d1914 100644 (file)
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -783,3 +783,44 @@ error:
        return ret;
 }
 #endif
+
+/* https://datatracker.ietf.org/doc/html/rfc8422#appendix-A */
+/* SECG to NIST curves name */
+static struct curves { char *name; int nid; } curves_list [] =
+{
+       { "secp256r1",  NID_X9_62_prime256v1 },
+       { "prime256v1", NID_X9_62_prime256v1 },
+       { "P-256",      NID_X9_62_prime256v1 },
+
+       { "secp384r1",  NID_secp384r1 },
+       { "P-384",      NID_secp384r1 },
+
+       { "secp521r1",  NID_secp521r1 },
+       { "P-521",      NID_secp521r1 },
+       { NULL,         0 },
+};
+
+/* convert a curves name to a openssl NID */
+int curves2nid(const char *curve)
+{
+       struct curves *curves = curves_list;
+
+       while (curves->name) {
+               if (strcmp(curve, curves->name) == 0)
+                       return curves->nid;
+               curves++;
+       }
+       return -1;
+}
+
+/* convert an OpenSSL NID to a NIST curves name */
+const char *nid2nist(int nid)
+{
+       switch (nid) {
+               case NID_X9_62_prime256v1: return "P-256";
+               case NID_secp384r1:        return "P-384";
+               case NID_secp521r1:        return "P-521";
+               default:                   return NULL;
+       }
+}
+