param_build.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406
  1. /*
  2. * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <string.h>
  11. #include <openssl/err.h>
  12. #include <openssl/cryptoerr.h>
  13. #include <openssl/params.h>
  14. #include <openssl/types.h>
  15. #include <openssl/safestack.h>
  16. #include "internal/cryptlib.h"
  17. #include "openssl/param_build.h"
  18. /*
  19. * Special internal param type to indicate the end of an allocate OSSL_PARAM
  20. * array.
  21. */
  22. #define OSSL_PARAM_ALLOCATED_END 127
  23. typedef struct {
  24. const char *key;
  25. int type;
  26. int secure;
  27. size_t size;
  28. size_t alloc_blocks;
  29. const BIGNUM *bn;
  30. const void *string;
  31. union {
  32. /*
  33. * These fields are never directly addressed, but their sizes are
  34. * imporant so that all native types can be copied here without overrun.
  35. */
  36. ossl_intmax_t i;
  37. ossl_uintmax_t u;
  38. double d;
  39. } num;
  40. } OSSL_PARAM_BLD_DEF;
  41. DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  42. struct ossl_param_bld_st {
  43. size_t total_blocks;
  44. size_t secure_blocks;
  45. STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  46. };
  47. typedef union {
  48. OSSL_UNION_ALIGN;
  49. } OSSL_PARAM_BLD_BLOCK;
  50. #define ALIGN_SIZE sizeof(OSSL_PARAM_BLD_BLOCK)
  51. static size_t bytes_to_blocks(size_t bytes)
  52. {
  53. return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE;
  54. }
  55. static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  56. int size, size_t alloc, int type,
  57. int secure)
  58. {
  59. OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  60. if (pd == NULL) {
  61. CRYPTOerr(CRYPTO_F_PARAM_PUSH, ERR_R_MALLOC_FAILURE);
  62. return NULL;
  63. }
  64. pd->key = key;
  65. pd->type = type;
  66. pd->size = size;
  67. pd->alloc_blocks = bytes_to_blocks(size);
  68. if ((pd->secure = secure) != 0)
  69. bld->secure_blocks += pd->alloc_blocks;
  70. else
  71. bld->total_blocks += pd->alloc_blocks;
  72. if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  73. OPENSSL_free(pd);
  74. pd = NULL;
  75. }
  76. return pd;
  77. }
  78. static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  79. void *num, size_t size, int type)
  80. {
  81. OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  82. if (pd == NULL)
  83. return 0;
  84. if (size > sizeof(pd->num)) {
  85. CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES);
  86. return 0;
  87. }
  88. memcpy(&pd->num, num, size);
  89. return 1;
  90. }
  91. OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
  92. {
  93. OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
  94. if (r != NULL) {
  95. r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
  96. if (r->params == NULL) {
  97. OPENSSL_free(r);
  98. r = NULL;
  99. }
  100. }
  101. return r;
  102. }
  103. static void free_all_params(OSSL_PARAM_BLD *bld)
  104. {
  105. int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  106. for (i = 0; i < n; i++)
  107. OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
  108. }
  109. void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
  110. {
  111. if (bld == NULL)
  112. return;
  113. free_all_params(bld);
  114. sk_OSSL_PARAM_BLD_DEF_free(bld->params);
  115. OPENSSL_free(bld);
  116. }
  117. int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
  118. {
  119. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  120. }
  121. int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
  122. unsigned int num)
  123. {
  124. return param_push_num(bld, key, &num, sizeof(num),
  125. OSSL_PARAM_UNSIGNED_INTEGER);
  126. }
  127. int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
  128. long int num)
  129. {
  130. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  131. }
  132. int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
  133. unsigned long int num)
  134. {
  135. return param_push_num(bld, key, &num, sizeof(num),
  136. OSSL_PARAM_UNSIGNED_INTEGER);
  137. }
  138. int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
  139. int32_t num)
  140. {
  141. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  142. }
  143. int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
  144. uint32_t num)
  145. {
  146. return param_push_num(bld, key, &num, sizeof(num),
  147. OSSL_PARAM_UNSIGNED_INTEGER);
  148. }
  149. int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
  150. int64_t num)
  151. {
  152. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  153. }
  154. int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
  155. uint64_t num)
  156. {
  157. return param_push_num(bld, key, &num, sizeof(num),
  158. OSSL_PARAM_UNSIGNED_INTEGER);
  159. }
  160. int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
  161. size_t num)
  162. {
  163. return param_push_num(bld, key, &num, sizeof(num),
  164. OSSL_PARAM_UNSIGNED_INTEGER);
  165. }
  166. int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
  167. time_t num)
  168. {
  169. return param_push_num(bld, key, &num, sizeof(num),
  170. OSSL_PARAM_INTEGER);
  171. }
  172. int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
  173. double num)
  174. {
  175. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
  176. }
  177. int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
  178. const BIGNUM *bn)
  179. {
  180. return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn,
  181. bn == NULL ? 0 : BN_num_bytes(bn));
  182. }
  183. int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
  184. const BIGNUM *bn, size_t sz)
  185. {
  186. int n, secure = 0;
  187. OSSL_PARAM_BLD_DEF *pd;
  188. if (bn != NULL) {
  189. n = BN_num_bytes(bn);
  190. if (n < 0) {
  191. CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER);
  192. return 0;
  193. }
  194. if (sz < (size_t)n) {
  195. CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER);
  196. return 0;
  197. }
  198. if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
  199. secure = 1;
  200. }
  201. pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure);
  202. if (pd == NULL)
  203. return 0;
  204. pd->bn = bn;
  205. return 1;
  206. }
  207. int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
  208. const char *buf, size_t bsize)
  209. {
  210. OSSL_PARAM_BLD_DEF *pd;
  211. if (bsize == 0) {
  212. bsize = strlen(buf) + 1;
  213. } else if (bsize > INT_MAX) {
  214. CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING,
  215. CRYPTO_R_STRING_TOO_LONG);
  216. return 0;
  217. }
  218. pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0);
  219. if (pd == NULL)
  220. return 0;
  221. pd->string = buf;
  222. return 1;
  223. }
  224. int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
  225. char *buf, size_t bsize)
  226. {
  227. OSSL_PARAM_BLD_DEF *pd;
  228. if (bsize == 0) {
  229. bsize = strlen(buf) + 1;
  230. } else if (bsize > INT_MAX) {
  231. CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR,
  232. CRYPTO_R_STRING_TOO_LONG);
  233. return 0;
  234. }
  235. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
  236. if (pd == NULL)
  237. return 0;
  238. pd->string = buf;
  239. return 1;
  240. }
  241. int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
  242. const void *buf, size_t bsize)
  243. {
  244. OSSL_PARAM_BLD_DEF *pd;
  245. if (bsize > INT_MAX) {
  246. CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING,
  247. CRYPTO_R_STRING_TOO_LONG);
  248. return 0;
  249. }
  250. pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0);
  251. if (pd == NULL)
  252. return 0;
  253. pd->string = buf;
  254. return 1;
  255. }
  256. int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
  257. void *buf, size_t bsize)
  258. {
  259. OSSL_PARAM_BLD_DEF *pd;
  260. if (bsize > INT_MAX) {
  261. CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR,
  262. CRYPTO_R_STRING_TOO_LONG);
  263. return 0;
  264. }
  265. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
  266. if (pd == NULL)
  267. return 0;
  268. pd->string = buf;
  269. return 1;
  270. }
  271. static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
  272. OSSL_PARAM_BLD_BLOCK *blk,
  273. OSSL_PARAM_BLD_BLOCK *secure)
  274. {
  275. int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  276. OSSL_PARAM_BLD_DEF *pd;
  277. void *p;
  278. for (i = 0; i < num; i++) {
  279. pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
  280. param[i].key = pd->key;
  281. param[i].data_type = pd->type;
  282. param[i].data_size = pd->size;
  283. param[i].return_size = OSSL_PARAM_UNMODIFIED;
  284. if (pd->secure) {
  285. p = secure;
  286. secure += pd->alloc_blocks;
  287. } else {
  288. p = blk;
  289. blk += pd->alloc_blocks;
  290. }
  291. param[i].data = p;
  292. if (pd->bn != NULL) {
  293. /* BIGNUM */
  294. BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
  295. } else if (pd->type == OSSL_PARAM_OCTET_PTR
  296. || pd->type == OSSL_PARAM_UTF8_PTR) {
  297. /* PTR */
  298. *(const void **)p = pd->string;
  299. } else if (pd->type == OSSL_PARAM_OCTET_STRING
  300. || pd->type == OSSL_PARAM_UTF8_STRING) {
  301. if (pd->string != NULL)
  302. memcpy(p, pd->string, pd->size);
  303. else
  304. memset(p, 0, pd->size);
  305. } else {
  306. /* Number, but could also be a NULL BIGNUM */
  307. if (pd->size > sizeof(pd->num))
  308. memset(p, 0, pd->size);
  309. else if (pd->size > 0)
  310. memcpy(p, &pd->num, pd->size);
  311. }
  312. }
  313. param[i] = OSSL_PARAM_construct_end();
  314. return param + i;
  315. }
  316. OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
  317. {
  318. OSSL_PARAM_BLD_BLOCK *blk, *s = NULL;
  319. OSSL_PARAM *params, *last;
  320. const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  321. const size_t p_blks = bytes_to_blocks((1 + num) * sizeof(*params));
  322. const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks);
  323. const size_t ss = ALIGN_SIZE * bld->secure_blocks;
  324. if (ss > 0) {
  325. s = OPENSSL_secure_malloc(ss);
  326. if (s == NULL) {
  327. CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM,
  328. CRYPTO_R_SECURE_MALLOC_FAILURE);
  329. return NULL;
  330. }
  331. }
  332. params = OPENSSL_malloc(total);
  333. if (params == NULL) {
  334. CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE);
  335. OPENSSL_secure_free(s);
  336. return NULL;
  337. }
  338. blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params);
  339. last = param_bld_convert(bld, params, blk, s);
  340. last->data_size = ss;
  341. last->data = s;
  342. last->data_type = OSSL_PARAM_ALLOCATED_END;
  343. /* Reset builder for reuse */
  344. bld->total_blocks = 0;
  345. bld->secure_blocks = 0;
  346. free_all_params(bld);
  347. return params;
  348. }
  349. void OSSL_PARAM_BLD_free_params(OSSL_PARAM *params)
  350. {
  351. if (params != NULL) {
  352. OSSL_PARAM *p;
  353. for (p = params; p->key != NULL; p++)
  354. ;
  355. if (p->data_type == OSSL_PARAM_ALLOCATED_END)
  356. OPENSSL_secure_clear_free(p->data, p->data_size);
  357. OPENSSL_free(params);
  358. }
  359. }