Add a nid 2 algorithm name mapping capability

Providers that link against libcrypto can just use OBJ_nid2sn() to look
up the name of an algorithm given a NID. However that doesn't work for the
FIPS provider because OBJ_nid2sn() is not available there (due to the
reliance of the code on ASN.1 types). Therefore we provider a new function
to do this mapping. For providers linking against libcrypto the new function
just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the
NIDs known there.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)

diff --git a/doc/internal/man3/ossl_prov_util_nid_to_name.pod b/doc/internal/man3/ossl_prov_util_nid_to_name.pod
new file mode 100644 (file)
index 0000000..56a16d3
--- /dev/null
+++ b/doc/internal/man3/ossl_prov_util_nid_to_name.pod
@@ -0,0 +1,35 @@
+=pod
+
+=head1 NAME
+
+ossl_prov_util_nid_to_name
+- provider utility functions
+
+=head1 SYNOPSIS
+
+ #include "internal/providercommon.h"
+
+ const char *ossl_prov_util_nid_to_name(int nid);
+
+=head1 DESCRIPTION
+
+The ossl_prov_util_nid_to_name() returns the name of an algorithm given a NID
+in the B<nid> parameter. For the default and legacy providers it is equivalent
+to calling OBJ_nid2sn(). The FIPS provider does not have the object database
+code available to it (because that code relies on the ASN.1 code), so this
+function is a static lookup of all known FIPS algorithm NIDs.
+
+=head1 RETURN VALUES
+
+Returns a pointer to the algorithm name, or NULL on error.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

diff --git a/providers/common/build.info b/providers/common/build.info
index 1617467d5130b3c10f8b1c64863545c91f21a7dd..500ef64b84b377f7092fd798fc5d33a1cb26684f 100644 (file)
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -1,4 +1,4 @@
 SUBDIRS=digests ciphers
 
 SOURCE[../../libcrypto]=\
-        provider_err.c
+        provider_err.c provlib.c

diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h
index 663d9c6183ca94b3ed5316cfc1cdae89d7f4df6f..d54fafa971e6039a204aed0f14ef3cf224f251cb 100644 (file)
--- a/providers/common/include/internal/providercommon.h
+++ b/providers/common/include/internal/providercommon.h
@@ -7,4 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/provider.h>
+
 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx);
+
+const char *ossl_prov_util_nid_to_name(int nid);

diff --git a/providers/common/provlib.c b/providers/common/provlib.c
new file mode 100644 (file)
index 0000000..43da7cd
--- /dev/null
+++ b/providers/common/provlib.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+#include "internal/providercommon.h"
+
+/*
+ * The FIPS provider has its own version of this in fipsprov.c because it does
+ * not have OBJ_nid2sn();
+ */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+   return OBJ_nid2sn(nid); 
+}
+

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index ff13acb46b6bb2ddaa57f50a34a9fa60c2993cf3..b0196f01d6aa7d16455788a52eabc6cd3410386f 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -152,6 +152,60 @@ static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
     return 1;
 }
 
+/* FIPS specific version of the function of the same name in provlib.c */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+    /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
+
+    switch (nid) {
+    /* Digests */
+    case NID_sha1:
+        return "SHA224";
+    case NID_sha224:
+        return "SHA224";
+    case NID_sha256:
+        return "SHA256";
+    case NID_sha384:
+        return "SHA384";
+    case NID_sha512:
+        return "SHA512";
+    case NID_sha512_224:
+        return "SHA512-224";
+    case NID_sha512_256:
+        return "SHA512-256";
+    case NID_sha3_224:
+        return "SHA3-224";
+    case NID_sha3_256:
+        return "SHA3-256";
+    case NID_sha3_384:
+        return "SHA3-384";
+    case NID_sha3_512:
+        return "SHA3-512";
+
+    /* Ciphers */
+    case NID_aes_256_ecb:
+        return "AES-256-ECB";
+    case NID_aes_192_ecb:
+        return "AES-192-ECB";
+    case NID_aes_128_ecb:
+        return "AES-128-ECB";
+    case NID_aes_256_cbc:
+        return "AES-256-CBC";
+    case NID_aes_192_cbc:
+        return "AES-192-CBC";
+    case NID_aes_128_cbc:
+        return "AES-128-CBC";
+    case NID_aes_256_ctr:
+        return "AES-256-CTR";
+    case NID_aes_192_ctr:
+        return "AES-192-CTR";
+    case NID_aes_128_ctr:
+        return "AES-128-CTR";
+    }
+
+    return NULL;
+}
+
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA1", "fips=yes", sha1_functions },
     { "SHA224", "fips=yes", sha224_functions },