From 4cecf7a127fbe18316140963acf8787139f90f8d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 20 Jun 2019 11:48:50 +0100 Subject: [PATCH] Add a nid 2 algorithm name mapping capability Providers that link against libcrypto can just use OBJ_nid2sn() to look up the name of an algorithm given a NID. However that doesn't work for the FIPS provider because OBJ_nid2sn() is not available there (due to the reliance of the code on ASN.1 types). Therefore we provider a new function to do this mapping. For providers linking against libcrypto the new function just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the NIDs known there. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9035) --- .../man3/ossl_prov_util_nid_to_name.pod | 35 ++++++++++++ providers/common/build.info | 2 +- .../common/include/internal/providercommon.h | 4 ++ providers/common/provlib.c | 21 ++++++++ providers/fips/fipsprov.c | 54 +++++++++++++++++++ 5 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 doc/internal/man3/ossl_prov_util_nid_to_name.pod create mode 100644 providers/common/provlib.c diff --git a/doc/internal/man3/ossl_prov_util_nid_to_name.pod b/doc/internal/man3/ossl_prov_util_nid_to_name.pod new file mode 100644 index 0000000000..56a16d34e6 --- /dev/null +++ b/doc/internal/man3/ossl_prov_util_nid_to_name.pod @@ -0,0 +1,35 @@ +=pod + +=head1 NAME + +ossl_prov_util_nid_to_name +- provider utility functions + +=head1 SYNOPSIS + + #include "internal/providercommon.h" + + const char *ossl_prov_util_nid_to_name(int nid); + +=head1 DESCRIPTION + +The ossl_prov_util_nid_to_name() returns the name of an algorithm given a NID +in the B parameter. For the default and legacy providers it is equivalent +to calling OBJ_nid2sn(). The FIPS provider does not have the object database +code available to it (because that code relies on the ASN.1 code), so this +function is a static lookup of all known FIPS algorithm NIDs. + +=head1 RETURN VALUES + +Returns a pointer to the algorithm name, or NULL on error. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/providers/common/build.info b/providers/common/build.info index 1617467d51..500ef64b84 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,4 +1,4 @@ SUBDIRS=digests ciphers SOURCE[../../libcrypto]=\ - provider_err.c + provider_err.c provlib.c diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h index 663d9c6183..d54fafa971 100644 --- a/providers/common/include/internal/providercommon.h +++ b/providers/common/include/internal/providercommon.h @@ -7,4 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include + const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx); + +const char *ossl_prov_util_nid_to_name(int nid); diff --git a/providers/common/provlib.c b/providers/common/provlib.c new file mode 100644 index 0000000000..43da7cdaba --- /dev/null +++ b/providers/common/provlib.c @@ -0,0 +1,21 @@ +/* + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/providercommon.h" + +/* + * The FIPS provider has its own version of this in fipsprov.c because it does + * not have OBJ_nid2sn(); + */ +const char *ossl_prov_util_nid_to_name(int nid) +{ + return OBJ_nid2sn(nid); +} + diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index ff13acb46b..b0196f01d6 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -152,6 +152,60 @@ static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return 1; } +/* FIPS specific version of the function of the same name in provlib.c */ +const char *ossl_prov_util_nid_to_name(int nid) +{ + /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ + + switch (nid) { + /* Digests */ + case NID_sha1: + return "SHA224"; + case NID_sha224: + return "SHA224"; + case NID_sha256: + return "SHA256"; + case NID_sha384: + return "SHA384"; + case NID_sha512: + return "SHA512"; + case NID_sha512_224: + return "SHA512-224"; + case NID_sha512_256: + return "SHA512-256"; + case NID_sha3_224: + return "SHA3-224"; + case NID_sha3_256: + return "SHA3-256"; + case NID_sha3_384: + return "SHA3-384"; + case NID_sha3_512: + return "SHA3-512"; + + /* Ciphers */ + case NID_aes_256_ecb: + return "AES-256-ECB"; + case NID_aes_192_ecb: + return "AES-192-ECB"; + case NID_aes_128_ecb: + return "AES-128-ECB"; + case NID_aes_256_cbc: + return "AES-256-CBC"; + case NID_aes_192_cbc: + return "AES-192-CBC"; + case NID_aes_128_cbc: + return "AES-128-CBC"; + case NID_aes_256_ctr: + return "AES-256-CTR"; + case NID_aes_192_ctr: + return "AES-192-CTR"; + case NID_aes_128_ctr: + return "AES-128-CTR"; + } + + return NULL; +} + static const OSSL_ALGORITHM fips_digests[] = { { "SHA1", "fips=yes", sha1_functions }, { "SHA224", "fips=yes", sha224_functions }, -- 2.40.0