diff --git a/CHANGES b/CHANGES index 8b15b52c5a..ad035ed9fc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] + *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert + between NIDs and the more common NIST names such as "P-256". Enhance + ecparam utility and ECC method to recognise the NIST names for curves. + [Steve Henson] + *) Enhance SSL/TLS certificate chain handling to support different chains for each certificate instead of one chain in the parent SSL_CTX. [Steve Henson] diff --git a/apps/ecparam.c b/apps/ecparam.c index 465480bedd..50eef797cc 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -402,6 +402,9 @@ bad: } else nid = OBJ_sn2nid(curve_name); + + if (nid == 0) + nid = EC_curve_nist2nid(curve_name); if (nid == 0) { diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 9d01325af3..f7ac5aec6a 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -396,6 +396,8 @@ typedef struct { * are filled with the data of the first nitems internal groups */ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); /********************************************************************/ /* EC_POINT functions */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index c72fb2697c..a9e3283ae5 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -69,6 +69,7 @@ * */ +#include #include "ec_lcl.h" #include #include @@ -2098,3 +2099,51 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) return curve_list_length; } + +/* Functions to translate between common NIST curve names and NIDs */ + +typedef struct { + const char *name; /* NIST Name of curve */ + int nid; /* Curve NID */ +} EC_NIST_NAME; + +static EC_NIST_NAME nist_curves[] = { + {"B-163", NID_sect163r2}, + {"B-233", NID_sect233r1}, + {"B-283", NID_sect283r1}, + {"B-409", NID_sect409r1}, + {"B-571", NID_sect571r1}, + {"K-163", NID_sect163k1}, + {"K-233", NID_sect233k1}, + {"K-283", NID_sect283k1}, + {"K-409", NID_sect409k1}, + {"K-571", NID_sect571k1}, + {"P-192", NID_X9_62_prime192v1}, + {"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, + {"P-521", NID_secp521r1} +}; + +const char *EC_curve_nid2nist(int nid) + { + size_t i; + for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++) + { + if (nist_curves[i].nid == nid) + return nist_curves[i].name; + } + return NULL; + } + +int EC_curve_nist2nid(const char *name) + { + size_t i; + for (i = 0; i < sizeof(nist_curves)/sizeof(EC_NIST_NAME); i++) + { + if (!strcmp(nist_curves[i].name, name)) + return nist_curves[i].nid; + } + return NID_undef; + } + diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index d1ed66c37e..de3466c4d6 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -252,7 +252,9 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, if (!strcmp(type, "ec_paramgen_curve")) { int nid; - nid = OBJ_sn2nid(value); + nid = EC_curve_nist2nid(value); + if (nid == NID_undef) + nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); if (nid == NID_undef) diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 06de8f3959..39ce97862d 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -177,6 +177,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) { /* the curve parameter are given by an asn1 OID */ int nid; + const char *nname; if (!BIO_indent(bp, off, 128)) goto err; @@ -184,11 +185,18 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) nid = EC_GROUP_get_curve_name(x); if (nid == 0) goto err; - if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) goto err; if (BIO_printf(bp, "\n") <= 0) goto err; + nname = EC_curve_nid2nist(nid); + if (nname) + { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0) + goto err; + } } else {