Add a nid 2 algorithm name mapping capability

Providers that link against libcrypto can just use OBJ_nid2sn() to look up the name of an algorithm given a NID. However that doesn't work for the FIPS provider because OBJ_nid2sn() is not available there (due to the reliance of the code on ASN.1 types). Therefore we provider a new function to do this mapping. For providers linking against libcrypto the new function just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the NIDs known there. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-20 11:48:50 +01:00 · 2019-06-20 11:48:50 +01:00 · 4cecf7a127
parent 45c54042d0
commit 4cecf7a127
5 changed files with 115 additions and 1 deletions
--- a/doc/internal/man3/ossl_prov_util_nid_to_name.pod
+++ b/doc/internal/man3/ossl_prov_util_nid_to_name.pod
@ -0,0 +1,35 @@
+=pod
+
+=head1 NAME
+
+ossl_prov_util_nid_to_name
+- provider utility functions
+
+=head1 SYNOPSIS
+
+ #include "internal/providercommon.h"
+
+ const char *ossl_prov_util_nid_to_name(int nid);
+
+=head1 DESCRIPTION
+
+The ossl_prov_util_nid_to_name() returns the name of an algorithm given a NID
+in the B<nid> parameter. For the default and legacy providers it is equivalent
+to calling OBJ_nid2sn(). The FIPS provider does not have the object database
+code available to it (because that code relies on the ASN.1 code), so this
+function is a static lookup of all known FIPS algorithm NIDs.
+
+=head1 RETURN VALUES
+
+Returns a pointer to the algorithm name, or NULL on error.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
--- a/providers/common/build.info
+++ b/providers/common/build.info
@ -1,4 +1,4 @@
 SUBDIRS=digests ciphers

 SOURCE[../../libcrypto]=\
-        provider_err.c
+        provider_err.c provlib.c
--- a/providers/common/include/internal/providercommon.h
+++ b/providers/common/include/internal/providercommon.h
@ -7,4 +7,8 @@
 * https://www.openssl.org/source/license.html
 */

+#include <openssl/provider.h>
+
 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx);
+
+const char *ossl_prov_util_nid_to_name(int nid);
--- a/providers/common/provlib.c
+++ b/providers/common/provlib.c
@ -0,0 +1,21 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+#include "internal/providercommon.h"
+
+/*
+ * The FIPS provider has its own version of this in fipsprov.c because it does
+ * not have OBJ_nid2sn();
+ */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+   return OBJ_nid2sn(nid); 
+}
+
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@ -152,6 +152,60 @@ static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
    return 1;
 }

+/* FIPS specific version of the function of the same name in provlib.c */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+    /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
+
+    switch (nid) {
+    /* Digests */
+    case NID_sha1:
+        return "SHA224";
+    case NID_sha224:
+        return "SHA224";
+    case NID_sha256:
+        return "SHA256";
+    case NID_sha384:
+        return "SHA384";
+    case NID_sha512:
+        return "SHA512";
+    case NID_sha512_224:
+        return "SHA512-224";
+    case NID_sha512_256:
+        return "SHA512-256";
+    case NID_sha3_224:
+        return "SHA3-224";
+    case NID_sha3_256:
+        return "SHA3-256";
+    case NID_sha3_384:
+        return "SHA3-384";
+    case NID_sha3_512:
+        return "SHA3-512";
+
+    /* Ciphers */
+    case NID_aes_256_ecb:
+        return "AES-256-ECB";
+    case NID_aes_192_ecb:
+        return "AES-192-ECB";
+    case NID_aes_128_ecb:
+        return "AES-128-ECB";
+    case NID_aes_256_cbc:
+        return "AES-256-CBC";
+    case NID_aes_192_cbc:
+        return "AES-192-CBC";
+    case NID_aes_128_cbc:
+        return "AES-128-CBC";
+    case NID_aes_256_ctr:
+        return "AES-256-CTR";
+    case NID_aes_192_ctr:
+        return "AES-192-CTR";
+    case NID_aes_128_ctr:
+        return "AES-128-CTR";
+    }
+
+    return NULL;
+}
+
 static const OSSL_ALGORITHM fips_digests[] = {
    { "SHA1", "fips=yes", sha1_functions },
    { "SHA224", "fips=yes", sha224_functions },