param_build.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407
  1. /*
  2. * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <string.h>
  11. #include <openssl/err.h>
  12. #include <openssl/cryptoerr.h>
  13. #include <openssl/params.h>
  14. #include <openssl/types.h>
  15. #include <openssl/safestack.h>
  16. #include "internal/param_build_set.h"
  17. /*
  18. * Special internal param type to indicate the end of an allocate OSSL_PARAM
  19. * array.
  20. */
  21. typedef struct {
  22. const char *key;
  23. int type;
  24. int secure;
  25. size_t size;
  26. size_t alloc_blocks;
  27. const BIGNUM *bn;
  28. const void *string;
  29. union {
  30. /*
  31. * These fields are never directly addressed, but their sizes are
  32. * important so that all native types can be copied here without overrun.
  33. */
  34. ossl_intmax_t i;
  35. ossl_uintmax_t u;
  36. double d;
  37. } num;
  38. } OSSL_PARAM_BLD_DEF;
  39. DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  40. struct ossl_param_bld_st {
  41. size_t total_blocks;
  42. size_t secure_blocks;
  43. STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  44. };
  45. static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  46. int size, size_t alloc, int type,
  47. int secure)
  48. {
  49. OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  50. if (pd == NULL)
  51. return NULL;
  52. pd->key = key;
  53. pd->type = type;
  54. pd->size = size;
  55. pd->alloc_blocks = ossl_param_bytes_to_blocks(alloc);
  56. if ((pd->secure = secure) != 0)
  57. bld->secure_blocks += pd->alloc_blocks;
  58. else
  59. bld->total_blocks += pd->alloc_blocks;
  60. if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  61. OPENSSL_free(pd);
  62. pd = NULL;
  63. }
  64. return pd;
  65. }
  66. static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  67. void *num, size_t size, int type)
  68. {
  69. OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  70. if (pd == NULL) {
  71. ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
  72. return 0;
  73. }
  74. if (size > sizeof(pd->num)) {
  75. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
  76. return 0;
  77. }
  78. memcpy(&pd->num, num, size);
  79. return 1;
  80. }
  81. OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
  82. {
  83. OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
  84. if (r != NULL) {
  85. r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
  86. if (r->params == NULL) {
  87. OPENSSL_free(r);
  88. r = NULL;
  89. }
  90. }
  91. return r;
  92. }
  93. static void free_all_params(OSSL_PARAM_BLD *bld)
  94. {
  95. int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  96. for (i = 0; i < n; i++)
  97. OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
  98. }
  99. void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
  100. {
  101. if (bld == NULL)
  102. return;
  103. free_all_params(bld);
  104. sk_OSSL_PARAM_BLD_DEF_free(bld->params);
  105. OPENSSL_free(bld);
  106. }
  107. int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
  108. {
  109. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  110. }
  111. int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
  112. unsigned int num)
  113. {
  114. return param_push_num(bld, key, &num, sizeof(num),
  115. OSSL_PARAM_UNSIGNED_INTEGER);
  116. }
  117. int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
  118. long int num)
  119. {
  120. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  121. }
  122. int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
  123. unsigned long int num)
  124. {
  125. return param_push_num(bld, key, &num, sizeof(num),
  126. OSSL_PARAM_UNSIGNED_INTEGER);
  127. }
  128. int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
  129. int32_t num)
  130. {
  131. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  132. }
  133. int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
  134. uint32_t num)
  135. {
  136. return param_push_num(bld, key, &num, sizeof(num),
  137. OSSL_PARAM_UNSIGNED_INTEGER);
  138. }
  139. int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
  140. int64_t num)
  141. {
  142. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  143. }
  144. int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
  145. uint64_t num)
  146. {
  147. return param_push_num(bld, key, &num, sizeof(num),
  148. OSSL_PARAM_UNSIGNED_INTEGER);
  149. }
  150. int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
  151. size_t num)
  152. {
  153. return param_push_num(bld, key, &num, sizeof(num),
  154. OSSL_PARAM_UNSIGNED_INTEGER);
  155. }
  156. int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
  157. time_t num)
  158. {
  159. return param_push_num(bld, key, &num, sizeof(num),
  160. OSSL_PARAM_INTEGER);
  161. }
  162. int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
  163. double num)
  164. {
  165. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
  166. }
  167. static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
  168. const BIGNUM *bn, size_t sz, int type)
  169. {
  170. int n, secure = 0;
  171. OSSL_PARAM_BLD_DEF *pd;
  172. if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
  173. || type == OSSL_PARAM_INTEGER))
  174. return 0;
  175. if (bn != NULL) {
  176. if (type == OSSL_PARAM_UNSIGNED_INTEGER && BN_is_negative(bn)) {
  177. ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
  178. "Negative big numbers are unsupported for OSSL_PARAM_UNSIGNED_INTEGER");
  179. return 0;
  180. }
  181. n = BN_num_bytes(bn);
  182. if (n < 0) {
  183. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER);
  184. return 0;
  185. }
  186. if (sz < (size_t)n) {
  187. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
  188. return 0;
  189. }
  190. if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
  191. secure = 1;
  192. /* The BIGNUM is zero, we must transfer at least one byte */
  193. if (sz == 0)
  194. sz++;
  195. }
  196. pd = param_push(bld, key, sz, sz, type, secure);
  197. if (pd == NULL)
  198. return 0;
  199. pd->bn = bn;
  200. return 1;
  201. }
  202. int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
  203. const BIGNUM *bn)
  204. {
  205. if (bn != NULL && BN_is_negative(bn))
  206. return push_BN(bld, key, bn, BN_num_bytes(bn) + 1,
  207. OSSL_PARAM_INTEGER);
  208. return push_BN(bld, key, bn, bn == NULL ? 0 : BN_num_bytes(bn),
  209. OSSL_PARAM_UNSIGNED_INTEGER);
  210. }
  211. int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
  212. const BIGNUM *bn, size_t sz)
  213. {
  214. if (bn != NULL && BN_is_negative(bn))
  215. return push_BN(bld, key, bn, BN_num_bytes(bn),
  216. OSSL_PARAM_INTEGER);
  217. return push_BN(bld, key, bn, sz, OSSL_PARAM_UNSIGNED_INTEGER);
  218. }
  219. int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
  220. const char *buf, size_t bsize)
  221. {
  222. OSSL_PARAM_BLD_DEF *pd;
  223. int secure;
  224. if (bsize == 0) {
  225. bsize = strlen(buf);
  226. } else if (bsize > INT_MAX) {
  227. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  228. return 0;
  229. }
  230. secure = CRYPTO_secure_allocated(buf);
  231. pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure);
  232. if (pd == NULL)
  233. return 0;
  234. pd->string = buf;
  235. return 1;
  236. }
  237. int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
  238. char *buf, size_t bsize)
  239. {
  240. OSSL_PARAM_BLD_DEF *pd;
  241. if (bsize == 0) {
  242. bsize = strlen(buf);
  243. } else if (bsize > INT_MAX) {
  244. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  245. return 0;
  246. }
  247. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
  248. if (pd == NULL)
  249. return 0;
  250. pd->string = buf;
  251. return 1;
  252. }
  253. int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
  254. const void *buf, size_t bsize)
  255. {
  256. OSSL_PARAM_BLD_DEF *pd;
  257. int secure;
  258. if (bsize > INT_MAX) {
  259. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  260. return 0;
  261. }
  262. secure = CRYPTO_secure_allocated(buf);
  263. pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
  264. if (pd == NULL)
  265. return 0;
  266. pd->string = buf;
  267. return 1;
  268. }
  269. int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
  270. void *buf, size_t bsize)
  271. {
  272. OSSL_PARAM_BLD_DEF *pd;
  273. if (bsize > INT_MAX) {
  274. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  275. return 0;
  276. }
  277. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
  278. if (pd == NULL)
  279. return 0;
  280. pd->string = buf;
  281. return 1;
  282. }
  283. static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
  284. OSSL_PARAM_ALIGNED_BLOCK *blk,
  285. OSSL_PARAM_ALIGNED_BLOCK *secure)
  286. {
  287. int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  288. OSSL_PARAM_BLD_DEF *pd;
  289. void *p;
  290. for (i = 0; i < num; i++) {
  291. pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
  292. param[i].key = pd->key;
  293. param[i].data_type = pd->type;
  294. param[i].data_size = pd->size;
  295. param[i].return_size = OSSL_PARAM_UNMODIFIED;
  296. if (pd->secure) {
  297. p = secure;
  298. secure += pd->alloc_blocks;
  299. } else {
  300. p = blk;
  301. blk += pd->alloc_blocks;
  302. }
  303. param[i].data = p;
  304. if (pd->bn != NULL) {
  305. /* BIGNUM */
  306. if (pd->type == OSSL_PARAM_UNSIGNED_INTEGER)
  307. BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
  308. else
  309. BN_signed_bn2native(pd->bn, (unsigned char *)p, pd->size);
  310. } else if (pd->type == OSSL_PARAM_OCTET_PTR
  311. || pd->type == OSSL_PARAM_UTF8_PTR) {
  312. /* PTR */
  313. *(const void **)p = pd->string;
  314. } else if (pd->type == OSSL_PARAM_OCTET_STRING
  315. || pd->type == OSSL_PARAM_UTF8_STRING) {
  316. if (pd->string != NULL)
  317. memcpy(p, pd->string, pd->size);
  318. else
  319. memset(p, 0, pd->size);
  320. if (pd->type == OSSL_PARAM_UTF8_STRING)
  321. ((char *)p)[pd->size] = '\0';
  322. } else {
  323. /* Number, but could also be a NULL BIGNUM */
  324. if (pd->size > sizeof(pd->num))
  325. memset(p, 0, pd->size);
  326. else if (pd->size > 0)
  327. memcpy(p, &pd->num, pd->size);
  328. }
  329. }
  330. param[i] = OSSL_PARAM_construct_end();
  331. return param + i;
  332. }
  333. OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
  334. {
  335. OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
  336. OSSL_PARAM *params, *last;
  337. const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  338. const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
  339. const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
  340. const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
  341. if (ss > 0) {
  342. s = OPENSSL_secure_malloc(ss);
  343. if (s == NULL) {
  344. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE);
  345. return NULL;
  346. }
  347. }
  348. params = OPENSSL_malloc(total);
  349. if (params == NULL) {
  350. OPENSSL_secure_free(s);
  351. return NULL;
  352. }
  353. blk = p_blks + (OSSL_PARAM_ALIGNED_BLOCK *)(params);
  354. last = param_bld_convert(bld, params, blk, s);
  355. ossl_param_set_secure_block(last, s, ss);
  356. /* Reset builder for reuse */
  357. bld->total_blocks = 0;
  358. bld->secure_blocks = 0;
  359. free_all_params(bld);
  360. return params;
  361. }