Add a nid 2 algorithm name mapping capability

[thirdparty/openssl.git] / providers / fips / fipsprov.c

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 61729e58172c53a29472ebbbbac5b03b55471906..b0196f01d6aa7d16455788a52eabc6cd3410386f 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -15,8 +15,11 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+
 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
 #include <openssl/sha.h>
+#include <openssl/rand_drbg.h>
+
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
@@ -85,8 +88,10 @@ static int dummy_evp_call(void *provctx)
     int ret = 0;
     BN_CTX *bnctx = NULL;
     BIGNUM *a = NULL, *b = NULL;
+    unsigned char randbuf[128];
+    RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
 
-    if (ctx == NULL || sha256 == NULL)
+    if (ctx == NULL || sha256 == NULL || drbg == NULL)
         goto err;
 
     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
@@ -112,6 +117,9 @@ static int dummy_evp_call(void *provctx)
         || BN_cmp(a, b) != 0)
         goto err;
     
+    if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
+        goto err;
+
     ret = 1;
  err:
     BN_CTX_end(bnctx);
@@ -127,10 +135,9 @@ static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov)
     return fips_param_types;
 }
 
-static int fips_get_params(const OSSL_PROVIDER *prov,
-                            const OSSL_PARAM params[])
+static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
 {
-    const OSSL_PARAM *p;
+    OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
@@ -145,6 +152,60 @@ static int fips_get_params(const OSSL_PROVIDER *prov,
     return 1;
 }
 
+/* FIPS specific version of the function of the same name in provlib.c */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+    /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
+
+    switch (nid) {
+    /* Digests */
+    case NID_sha1:
+        return "SHA224";
+    case NID_sha224:
+        return "SHA224";
+    case NID_sha256:
+        return "SHA256";
+    case NID_sha384:
+        return "SHA384";
+    case NID_sha512:
+        return "SHA512";
+    case NID_sha512_224:
+        return "SHA512-224";
+    case NID_sha512_256:
+        return "SHA512-256";
+    case NID_sha3_224:
+        return "SHA3-224";
+    case NID_sha3_256:
+        return "SHA3-256";
+    case NID_sha3_384:
+        return "SHA3-384";
+    case NID_sha3_512:
+        return "SHA3-512";
+
+    /* Ciphers */
+    case NID_aes_256_ecb:
+        return "AES-256-ECB";
+    case NID_aes_192_ecb:
+        return "AES-192-ECB";
+    case NID_aes_128_ecb:
+        return "AES-128-ECB";
+    case NID_aes_256_cbc:
+        return "AES-256-CBC";
+    case NID_aes_192_cbc:
+        return "AES-192-CBC";
+    case NID_aes_128_cbc:
+        return "AES-128-CBC";
+    case NID_aes_256_ctr:
+        return "AES-256-CTR";
+    case NID_aes_192_ctr:
+        return "AES-192-CTR";
+    case NID_aes_128_ctr:
+        return "AES-128-CTR";
+    }
+
+    return NULL;
+}
+
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA1", "fips=yes", sha1_functions },
     { "SHA224", "fips=yes", sha224_functions },