diff options
author | Jack Lloyd <[email protected]> | 2017-07-31 10:43:46 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-07-31 10:43:46 -0400 |
commit | 45c603c8e5ec43cf4af36157777dd47e5d416f7f (patch) | |
tree | 6540a277262123d70ad40c4b38dd95f0170d75f9 | |
parent | 685c8c36efc4b1ef58ce8b41bb3a67edd8067144 (diff) | |
parent | 78b67a1f85cf0e7ec1fe2fcf3e7dceeb263360eb (diff) |
Merge GH #1131 Confirm OpenSSL supports curve at runtime before attempting to use it
-rw-r--r-- | src/lib/prov/openssl/openssl_ec.cpp | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/src/lib/prov/openssl/openssl_ec.cpp b/src/lib/prov/openssl/openssl_ec.cpp index 1d434e6f6..4e68258ef 100644 --- a/src/lib/prov/openssl/openssl_ec.cpp +++ b/src/lib/prov/openssl/openssl_ec.cpp @@ -62,6 +62,29 @@ secure_vector<uint8_t> PKCS8_for_openssl(const EC_PrivateKey& ec) .get_contents(); } +int OpenSSL_EC_curve_builtin(int nid) + { + // the NID macro is still defined even though the curve may not be + // supported, so we need to check the list of builtin curves at runtime + EC_builtin_curve builtin_curves[100]; + size_t num = 0; + + if (!(num = EC_get_builtin_curves(builtin_curves, sizeof(builtin_curves)))) + { + return -1; + } + + for(int i=0; i < num; ++i) + { + if(builtin_curves[i].nid == nid) + { + return nid; + } + } + + return -1; + } + int OpenSSL_EC_nid_for(const OID& oid) { if(oid.empty()) @@ -70,32 +93,32 @@ int OpenSSL_EC_nid_for(const OID& oid) const std::string name = OIDS::lookup(oid); if(name == "secp192r1") - return NID_X9_62_prime192v1; + return OpenSSL_EC_curve_builtin(NID_X9_62_prime192v1); if(name == "secp224r1") - return NID_secp224r1; + return OpenSSL_EC_curve_builtin(NID_secp224r1); if(name == "secp256r1") - return NID_X9_62_prime256v1; + return OpenSSL_EC_curve_builtin(NID_X9_62_prime256v1); if(name == "secp384r1") - return NID_secp384r1; + return OpenSSL_EC_curve_builtin(NID_secp384r1); if(name == "secp521r1") - return NID_secp521r1; + return OpenSSL_EC_curve_builtin(NID_secp521r1); // OpenSSL 1.0.2 added brainpool curves #if OPENSSL_VERSION_NUMBER >= 0x1000200fL if(name == "brainpool160r1") - return NID_brainpoolP160r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP160r1); if(name == "brainpool192r1") - return NID_brainpoolP192r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP192r1); if(name == "brainpool224r1") - return NID_brainpoolP224r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP224r1); if(name == "brainpool256r1") - return NID_brainpoolP256r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP256r1); if(name == "brainpool320r1") - return NID_brainpoolP320r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP320r1); if(name == "brainpool384r1") - return NID_brainpoolP384r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP384r1); if(name == "brainpool512r1") - return NID_brainpoolP512r1; + return OpenSSL_EC_curve_builtin(NID_brainpoolP512r1); #endif return -1; |