aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-07-31 10:43:46 -0400
committerJack Lloyd <[email protected]>2017-07-31 10:43:46 -0400
commit45c603c8e5ec43cf4af36157777dd47e5d416f7f (patch)
tree6540a277262123d70ad40c4b38dd95f0170d75f9
parent685c8c36efc4b1ef58ce8b41bb3a67edd8067144 (diff)
parent78b67a1f85cf0e7ec1fe2fcf3e7dceeb263360eb (diff)
Merge GH #1131 Confirm OpenSSL supports curve at runtime before attempting to use it
-rw-r--r--src/lib/prov/openssl/openssl_ec.cpp47
1 files changed, 35 insertions, 12 deletions
diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp
index 1d434e6f6..4e68258ef 100644
--- a/src/lib/prov/openssl/openssl_ec.cpp
+++ b/src/lib/prov/openssl/openssl_ec.cpp
@@ -62,6 +62,29 @@ secure_vector<uint8_t> PKCS8_for_openssl(const EC_PrivateKey& ec)
.get_contents();
}
+int OpenSSL_EC_curve_builtin(int nid)
+ {
+ // the NID macro is still defined even though the curve may not be
+ // supported, so we need to check the list of builtin curves at runtime
+ EC_builtin_curve builtin_curves[100];
+ size_t num = 0;
+
+ if (!(num = EC_get_builtin_curves(builtin_curves, sizeof(builtin_curves))))
+ {
+ return -1;
+ }
+
+ for(int i=0; i < num; ++i)
+ {
+ if(builtin_curves[i].nid == nid)
+ {
+ return nid;
+ }
+ }
+
+ return -1;
+ }
+
int OpenSSL_EC_nid_for(const OID& oid)
{
if(oid.empty())
@@ -70,32 +93,32 @@ int OpenSSL_EC_nid_for(const OID& oid)
const std::string name = OIDS::lookup(oid);
if(name == "secp192r1")
- return NID_X9_62_prime192v1;
+ return OpenSSL_EC_curve_builtin(NID_X9_62_prime192v1);
if(name == "secp224r1")
- return NID_secp224r1;
+ return OpenSSL_EC_curve_builtin(NID_secp224r1);
if(name == "secp256r1")
- return NID_X9_62_prime256v1;
+ return OpenSSL_EC_curve_builtin(NID_X9_62_prime256v1);
if(name == "secp384r1")
- return NID_secp384r1;
+ return OpenSSL_EC_curve_builtin(NID_secp384r1);
if(name == "secp521r1")
- return NID_secp521r1;
+ return OpenSSL_EC_curve_builtin(NID_secp521r1);
// OpenSSL 1.0.2 added brainpool curves
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
if(name == "brainpool160r1")
- return NID_brainpoolP160r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP160r1);
if(name == "brainpool192r1")
- return NID_brainpoolP192r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP192r1);
if(name == "brainpool224r1")
- return NID_brainpoolP224r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP224r1);
if(name == "brainpool256r1")
- return NID_brainpoolP256r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP256r1);
if(name == "brainpool320r1")
- return NID_brainpoolP320r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP320r1);
if(name == "brainpool384r1")
- return NID_brainpoolP384r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP384r1);
if(name == "brainpool512r1")
- return NID_brainpoolP512r1;
+ return OpenSSL_EC_curve_builtin(NID_brainpoolP512r1);
#endif
return -1;