REORG: ssl: move curves2nid and nid2nist to ssl_utils

curves2nid and nid2nist are generic functions that could be used outside the JWS scope, this patch put them at the right place so they can be reused.
2025-05-07 18:28:01 +00:00 · 2025-04-02 19:34:09 +02:00 · 2025-04-02 19:34:09 +02:00 · b351f06ff1
commit b351f06ff1
parent a8fab63604
3 changed files with 44 additions and 41 deletions
--- a/include/haproxy/ssl_utils.h
+++ b/include/haproxy/ssl_utils.h
@ -51,6 +51,8 @@ const char *x509_get_notafter(X509 *cert);
 time_t ASN1_to_time_t(ASN1_TIME *asn1_time);
 time_t x509_get_notafter_time_t(X509 *cert);
 #endif
+int curves2nid(const char *curve);
+const char *nid2nist(int nid);

 #endif /* _HAPROXY_SSL_UTILS_H */
 #endif /* USE_OPENSSL */
--- a/src/jws.c
+++ b/src/jws.c
@ -8,6 +8,7 @@
 #include <haproxy/chunk.h>
 #include <haproxy/init.h>
 #include <haproxy/openssl-compat.h>
+#include <haproxy/ssl_utils.h>

 #if defined(HAVE_JWS)

@ -38,47 +39,6 @@ out:
 	return ret;
 }

-/* https://datatracker.ietf.org/doc/html/rfc8422#appendix-A */
-/* SECG to NIST curves name */
-static struct curves { char *name; int nid; } curves_list [] =
-{
-	{ "secp256r1",  NID_X9_62_prime256v1 },
-	{ "prime256v1", NID_X9_62_prime256v1 },
-	{ "P-256",      NID_X9_62_prime256v1 },
-
-	{ "secp384r1",  NID_secp384r1 },
-	{ "P-384",      NID_secp384r1 },
-
-	{ "secp521r1",  NID_secp521r1 },
-	{ "P-521",      NID_secp521r1 },
-	{ NULL,         0 },
-};
-
-/* convert a curves name to a openssl NID */
-int curves2nid(const char *curve)
-{
-	struct curves *curves = curves_list;
-
-	while (curves->name) {
-		if (strcmp(curve, curves->name) == 0)
-			return curves->nid;
-		curves++;
-	}
-	return -1;
-}
-
-/* convert an OpenSSL NID to a NIST curves name */
-const char *nid2nist(int nid)
-{
-	switch (nid) {
-		case NID_X9_62_prime256v1: return "P-256";
-		case NID_secp384r1:        return "P-384";
-		case NID_secp521r1:        return "P-521";
-		default:                   return NULL;
-	}
-}
-
-
 /*
 * Convert a EC <pkey> to a public key JWK
 * Fill a buffer <dst> of <dsize> max size
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@ -783,3 +783,44 @@ error:
 	return ret;
 }
 #endif
+
+/* https://datatracker.ietf.org/doc/html/rfc8422#appendix-A */
+/* SECG to NIST curves name */
+static struct curves { char *name; int nid; } curves_list [] =
+{
+	{ "secp256r1",  NID_X9_62_prime256v1 },
+	{ "prime256v1", NID_X9_62_prime256v1 },
+	{ "P-256",      NID_X9_62_prime256v1 },
+
+	{ "secp384r1",  NID_secp384r1 },
+	{ "P-384",      NID_secp384r1 },
+
+	{ "secp521r1",  NID_secp521r1 },
+	{ "P-521",      NID_secp521r1 },
+	{ NULL,         0 },
+};
+
+/* convert a curves name to a openssl NID */
+int curves2nid(const char *curve)
+{
+	struct curves *curves = curves_list;
+
+	while (curves->name) {
+		if (strcmp(curve, curves->name) == 0)
+			return curves->nid;
+		curves++;
+	}
+	return -1;
+}
+
+/* convert an OpenSSL NID to a NIST curves name */
+const char *nid2nist(int nid)
+{
+	switch (nid) {
+		case NID_X9_62_prime256v1: return "P-256";
+		case NID_secp384r1:        return "P-384";
+		case NID_secp521r1:        return "P-521";
+		default:                   return NULL;
+	}
+}
+