param_build.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403
  1. /*
  2. * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <string.h>
  11. #include <openssl/err.h>
  12. #include <openssl/cryptoerr.h>
  13. #include <openssl/params.h>
  14. #include <openssl/types.h>
  15. #include <openssl/safestack.h>
  16. #include "internal/param_build_set.h"
  17. /*
  18. * Special internal param type to indicate the end of an allocate OSSL_PARAM
  19. * array.
  20. */
  21. typedef struct {
  22. const char *key;
  23. int type;
  24. int secure;
  25. size_t size;
  26. size_t alloc_blocks;
  27. const BIGNUM *bn;
  28. const void *string;
  29. union {
  30. /*
  31. * These fields are never directly addressed, but their sizes are
  32. * imporant so that all native types can be copied here without overrun.
  33. */
  34. ossl_intmax_t i;
  35. ossl_uintmax_t u;
  36. double d;
  37. } num;
  38. } OSSL_PARAM_BLD_DEF;
  39. DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  40. struct ossl_param_bld_st {
  41. size_t total_blocks;
  42. size_t secure_blocks;
  43. STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  44. };
  45. static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  46. int size, size_t alloc, int type,
  47. int secure)
  48. {
  49. OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  50. if (pd == NULL)
  51. return NULL;
  52. pd->key = key;
  53. pd->type = type;
  54. pd->size = size;
  55. pd->alloc_blocks = ossl_param_bytes_to_blocks(alloc);
  56. if ((pd->secure = secure) != 0)
  57. bld->secure_blocks += pd->alloc_blocks;
  58. else
  59. bld->total_blocks += pd->alloc_blocks;
  60. if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  61. OPENSSL_free(pd);
  62. pd = NULL;
  63. }
  64. return pd;
  65. }
  66. static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  67. void *num, size_t size, int type)
  68. {
  69. OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  70. if (pd == NULL) {
  71. ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
  72. return 0;
  73. }
  74. if (size > sizeof(pd->num)) {
  75. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
  76. return 0;
  77. }
  78. memcpy(&pd->num, num, size);
  79. return 1;
  80. }
  81. OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
  82. {
  83. OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
  84. if (r != NULL) {
  85. r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
  86. if (r->params == NULL) {
  87. OPENSSL_free(r);
  88. r = NULL;
  89. }
  90. }
  91. return r;
  92. }
  93. static void free_all_params(OSSL_PARAM_BLD *bld)
  94. {
  95. int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  96. for (i = 0; i < n; i++)
  97. OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
  98. }
  99. void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
  100. {
  101. if (bld == NULL)
  102. return;
  103. free_all_params(bld);
  104. sk_OSSL_PARAM_BLD_DEF_free(bld->params);
  105. OPENSSL_free(bld);
  106. }
  107. int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
  108. {
  109. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  110. }
  111. int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
  112. unsigned int num)
  113. {
  114. return param_push_num(bld, key, &num, sizeof(num),
  115. OSSL_PARAM_UNSIGNED_INTEGER);
  116. }
  117. int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
  118. long int num)
  119. {
  120. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  121. }
  122. int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
  123. unsigned long int num)
  124. {
  125. return param_push_num(bld, key, &num, sizeof(num),
  126. OSSL_PARAM_UNSIGNED_INTEGER);
  127. }
  128. int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
  129. int32_t num)
  130. {
  131. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  132. }
  133. int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
  134. uint32_t num)
  135. {
  136. return param_push_num(bld, key, &num, sizeof(num),
  137. OSSL_PARAM_UNSIGNED_INTEGER);
  138. }
  139. int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
  140. int64_t num)
  141. {
  142. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  143. }
  144. int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
  145. uint64_t num)
  146. {
  147. return param_push_num(bld, key, &num, sizeof(num),
  148. OSSL_PARAM_UNSIGNED_INTEGER);
  149. }
  150. int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
  151. size_t num)
  152. {
  153. return param_push_num(bld, key, &num, sizeof(num),
  154. OSSL_PARAM_UNSIGNED_INTEGER);
  155. }
  156. int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
  157. time_t num)
  158. {
  159. return param_push_num(bld, key, &num, sizeof(num),
  160. OSSL_PARAM_INTEGER);
  161. }
  162. int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
  163. double num)
  164. {
  165. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
  166. }
  167. static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
  168. const BIGNUM *bn, size_t sz, int type)
  169. {
  170. int n, secure = 0;
  171. OSSL_PARAM_BLD_DEF *pd;
  172. if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
  173. || type == OSSL_PARAM_INTEGER))
  174. return 0;
  175. if (bn != NULL) {
  176. if (type == OSSL_PARAM_UNSIGNED_INTEGER && BN_is_negative(bn)) {
  177. ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
  178. "Negative big numbers are unsupported for OSSL_PARAM_UNSIGNED_INTEGER");
  179. return 0;
  180. }
  181. n = BN_num_bytes(bn);
  182. if (n < 0) {
  183. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER);
  184. return 0;
  185. }
  186. if (sz < (size_t)n) {
  187. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
  188. return 0;
  189. }
  190. if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
  191. secure = 1;
  192. }
  193. pd = param_push(bld, key, sz, sz, type, secure);
  194. if (pd == NULL)
  195. return 0;
  196. pd->bn = bn;
  197. return 1;
  198. }
  199. int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
  200. const BIGNUM *bn)
  201. {
  202. if (BN_is_negative(bn))
  203. return push_BN(bld, key, bn, bn == NULL ? 0 : BN_num_bytes(bn) + 1,
  204. OSSL_PARAM_INTEGER);
  205. return push_BN(bld, key, bn, bn == NULL ? 0 : BN_num_bytes(bn),
  206. OSSL_PARAM_UNSIGNED_INTEGER);
  207. }
  208. int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
  209. const BIGNUM *bn, size_t sz)
  210. {
  211. if (BN_is_negative(bn))
  212. return push_BN(bld, key, bn, bn == NULL ? 0 : BN_num_bytes(bn),
  213. OSSL_PARAM_INTEGER);
  214. return push_BN(bld, key, bn, sz, OSSL_PARAM_UNSIGNED_INTEGER);
  215. }
  216. int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
  217. const char *buf, size_t bsize)
  218. {
  219. OSSL_PARAM_BLD_DEF *pd;
  220. int secure;
  221. if (bsize == 0) {
  222. bsize = strlen(buf);
  223. } else if (bsize > INT_MAX) {
  224. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  225. return 0;
  226. }
  227. secure = CRYPTO_secure_allocated(buf);
  228. pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure);
  229. if (pd == NULL)
  230. return 0;
  231. pd->string = buf;
  232. return 1;
  233. }
  234. int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
  235. char *buf, size_t bsize)
  236. {
  237. OSSL_PARAM_BLD_DEF *pd;
  238. if (bsize == 0) {
  239. bsize = strlen(buf);
  240. } else if (bsize > INT_MAX) {
  241. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  242. return 0;
  243. }
  244. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
  245. if (pd == NULL)
  246. return 0;
  247. pd->string = buf;
  248. return 1;
  249. }
  250. int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
  251. const void *buf, size_t bsize)
  252. {
  253. OSSL_PARAM_BLD_DEF *pd;
  254. int secure;
  255. if (bsize > INT_MAX) {
  256. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  257. return 0;
  258. }
  259. secure = CRYPTO_secure_allocated(buf);
  260. pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
  261. if (pd == NULL)
  262. return 0;
  263. pd->string = buf;
  264. return 1;
  265. }
  266. int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
  267. void *buf, size_t bsize)
  268. {
  269. OSSL_PARAM_BLD_DEF *pd;
  270. if (bsize > INT_MAX) {
  271. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  272. return 0;
  273. }
  274. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
  275. if (pd == NULL)
  276. return 0;
  277. pd->string = buf;
  278. return 1;
  279. }
  280. static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
  281. OSSL_PARAM_ALIGNED_BLOCK *blk,
  282. OSSL_PARAM_ALIGNED_BLOCK *secure)
  283. {
  284. int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  285. OSSL_PARAM_BLD_DEF *pd;
  286. void *p;
  287. for (i = 0; i < num; i++) {
  288. pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
  289. param[i].key = pd->key;
  290. param[i].data_type = pd->type;
  291. param[i].data_size = pd->size;
  292. param[i].return_size = OSSL_PARAM_UNMODIFIED;
  293. if (pd->secure) {
  294. p = secure;
  295. secure += pd->alloc_blocks;
  296. } else {
  297. p = blk;
  298. blk += pd->alloc_blocks;
  299. }
  300. param[i].data = p;
  301. if (pd->bn != NULL) {
  302. /* BIGNUM */
  303. if (pd->type == OSSL_PARAM_UNSIGNED_INTEGER)
  304. BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
  305. else
  306. BN_signed_bn2native(pd->bn, (unsigned char *)p, pd->size);
  307. } else if (pd->type == OSSL_PARAM_OCTET_PTR
  308. || pd->type == OSSL_PARAM_UTF8_PTR) {
  309. /* PTR */
  310. *(const void **)p = pd->string;
  311. } else if (pd->type == OSSL_PARAM_OCTET_STRING
  312. || pd->type == OSSL_PARAM_UTF8_STRING) {
  313. if (pd->string != NULL)
  314. memcpy(p, pd->string, pd->size);
  315. else
  316. memset(p, 0, pd->size);
  317. if (pd->type == OSSL_PARAM_UTF8_STRING)
  318. ((char *)p)[pd->size] = '\0';
  319. } else {
  320. /* Number, but could also be a NULL BIGNUM */
  321. if (pd->size > sizeof(pd->num))
  322. memset(p, 0, pd->size);
  323. else if (pd->size > 0)
  324. memcpy(p, &pd->num, pd->size);
  325. }
  326. }
  327. param[i] = OSSL_PARAM_construct_end();
  328. return param + i;
  329. }
  330. OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
  331. {
  332. OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
  333. OSSL_PARAM *params, *last;
  334. const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  335. const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
  336. const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
  337. const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
  338. if (ss > 0) {
  339. s = OPENSSL_secure_malloc(ss);
  340. if (s == NULL) {
  341. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE);
  342. return NULL;
  343. }
  344. }
  345. params = OPENSSL_malloc(total);
  346. if (params == NULL) {
  347. OPENSSL_secure_free(s);
  348. return NULL;
  349. }
  350. blk = p_blks + (OSSL_PARAM_ALIGNED_BLOCK *)(params);
  351. last = param_bld_convert(bld, params, blk, s);
  352. ossl_param_set_secure_block(last, s, ss);
  353. /* Reset builder for reuse */
  354. bld->total_blocks = 0;
  355. bld->secure_blocks = 0;
  356. free_all_params(bld);
  357. return params;
  358. }