在 CMake 中通过 header/define 检查 OpenSSL 是否支持某些曲线
Check whether OpenSSL supports certain curve via header/define in CMake
我需要通过 CMake 检查 OpenSSL 是否支持某些椭圆曲线。
虽然可以通过 openssl/evp.h 中函数的存在来检查密码和哈希的可用性,例如 check_cxx_symbol_exists("EVP_md4", openssl/evp.h, _openssl_has_md4),但我看不到对曲线执行相同操作的方法。
我是不是遗漏了什么,或者没有比检查 openssl ecparam list_curves 的输出更好的方法了?
更新:由于我的代码不需要 openssl 可执行文件,因此非常希望避免依赖它来构建。
更新 2:感谢 David 的回答以以下模块结束:https://github.com/rnpgp/cmake-modules/blob/master/FindOpenSSLFeatures.cmake
此代码(主要取自 openssl)列出了可用的 EC:
#include <stdio.h>
#include <openssl/ec.h>
#include <openssl/objects.h>
int
main ()
{
int ret = 1;
EC_builtin_curve *curves = NULL;
size_t n, crv_len = EC_get_builtin_curves (NULL, 0);
curves = OPENSSL_malloc((int)sizeof(*curves) * crv_len);
if (curves == NULL)
goto end;
if (!EC_get_builtin_curves (curves, crv_len))
goto memfree;
for (n = 0; n < crv_len; n++)
{
const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn (curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
printf ("%s\t%s\n", sname, comment);
}
ret = 0;
memfree:
OPENSSL_free (curves);
end:
return ret;
}
我笔记本电脑上的输出:
$ gcc -Wall -L /usr/lib64 -lcrypto -lssl eclist.c -o eclist
$ ./eclist
secp224r1 NIST/SECG curve over a 224 bit prime field
secp256k1 SECG curve over a 256 bit prime field
secp384r1 NIST/SECG curve over a 384 bit prime field
secp521r1 NIST/SECG curve over a 521 bit prime field
prime256v1 X9.62/SECG curve over a 256 bit prime field
openssl 二进制文件给了我相同的输出:
$ openssl ecparam -list_curves
secp224r1 : NIST/SECG curve over a 224 bit prime field
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
当然,以这种方式打印值可能不是很有用,但代码可以作为测试 CMake 的基础。
我需要通过 CMake 检查 OpenSSL 是否支持某些椭圆曲线。
虽然可以通过 openssl/evp.h 中函数的存在来检查密码和哈希的可用性,例如 check_cxx_symbol_exists("EVP_md4", openssl/evp.h, _openssl_has_md4),但我看不到对曲线执行相同操作的方法。
我是不是遗漏了什么,或者没有比检查 openssl ecparam list_curves 的输出更好的方法了?
更新:由于我的代码不需要 openssl 可执行文件,因此非常希望避免依赖它来构建。
更新 2:感谢 David 的回答以以下模块结束:https://github.com/rnpgp/cmake-modules/blob/master/FindOpenSSLFeatures.cmake
此代码(主要取自 openssl)列出了可用的 EC:
#include <stdio.h>
#include <openssl/ec.h>
#include <openssl/objects.h>
int
main ()
{
int ret = 1;
EC_builtin_curve *curves = NULL;
size_t n, crv_len = EC_get_builtin_curves (NULL, 0);
curves = OPENSSL_malloc((int)sizeof(*curves) * crv_len);
if (curves == NULL)
goto end;
if (!EC_get_builtin_curves (curves, crv_len))
goto memfree;
for (n = 0; n < crv_len; n++)
{
const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn (curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
printf ("%s\t%s\n", sname, comment);
}
ret = 0;
memfree:
OPENSSL_free (curves);
end:
return ret;
}
我笔记本电脑上的输出:
$ gcc -Wall -L /usr/lib64 -lcrypto -lssl eclist.c -o eclist
$ ./eclist
secp224r1 NIST/SECG curve over a 224 bit prime field
secp256k1 SECG curve over a 256 bit prime field
secp384r1 NIST/SECG curve over a 384 bit prime field
secp521r1 NIST/SECG curve over a 521 bit prime field
prime256v1 X9.62/SECG curve over a 256 bit prime field
openssl 二进制文件给了我相同的输出:
$ openssl ecparam -list_curves
secp224r1 : NIST/SECG curve over a 224 bit prime field
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
当然,以这种方式打印值可能不是很有用,但代码可以作为测试 CMake 的基础。