param_build.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. #include <string.h>
  11. #include <openssl/err.h>
  12. #include <openssl/cryptoerr.h>
  13. #include <openssl/params.h>
  14. #include <openssl/types.h>
  15. #include <openssl/safestack.h>
  16. #include "internal/param_build_set.h"
  17. /*
  18. * Special internal param type to indicate the end of an allocate OSSL_PARAM
  19. * array.
  20. */
  21. typedef struct {
  22. const char *key;
  23. int type;
  24. int secure;
  25. size_t size;
  26. size_t alloc_blocks;
  27. const BIGNUM *bn;
  28. const void *string;
  29. union {
  30. /*
  31. * These fields are never directly addressed, but their sizes are
  32. * imporant so that all native types can be copied here without overrun.
  33. */
  34. ossl_intmax_t i;
  35. ossl_uintmax_t u;
  36. double d;
  37. } num;
  38. } OSSL_PARAM_BLD_DEF;
  39. DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  40. struct ossl_param_bld_st {
  41. size_t total_blocks;
  42. size_t secure_blocks;
  43. STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  44. };
  45. static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  46. int size, size_t alloc, int type,
  47. int secure)
  48. {
  49. OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  50. if (pd == NULL) {
  51. ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
  52. return NULL;
  53. }
  54. pd->key = key;
  55. pd->type = type;
  56. pd->size = size;
  57. pd->alloc_blocks = ossl_param_bytes_to_blocks(alloc);
  58. if ((pd->secure = secure) != 0)
  59. bld->secure_blocks += pd->alloc_blocks;
  60. else
  61. bld->total_blocks += pd->alloc_blocks;
  62. if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  63. OPENSSL_free(pd);
  64. pd = NULL;
  65. }
  66. return pd;
  67. }
  68. static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  69. void *num, size_t size, int type)
  70. {
  71. OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  72. if (pd == NULL)
  73. return 0;
  74. if (size > sizeof(pd->num)) {
  75. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
  76. return 0;
  77. }
  78. memcpy(&pd->num, num, size);
  79. return 1;
  80. }
  81. OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
  82. {
  83. OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
  84. if (r != NULL) {
  85. r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
  86. if (r->params == NULL) {
  87. OPENSSL_free(r);
  88. r = NULL;
  89. }
  90. }
  91. return r;
  92. }
  93. static void free_all_params(OSSL_PARAM_BLD *bld)
  94. {
  95. int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  96. for (i = 0; i < n; i++)
  97. OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
  98. }
  99. void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
  100. {
  101. if (bld == NULL)
  102. return;
  103. free_all_params(bld);
  104. sk_OSSL_PARAM_BLD_DEF_free(bld->params);
  105. OPENSSL_free(bld);
  106. }
  107. int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
  108. {
  109. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  110. }
  111. int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
  112. unsigned int num)
  113. {
  114. return param_push_num(bld, key, &num, sizeof(num),
  115. OSSL_PARAM_UNSIGNED_INTEGER);
  116. }
  117. int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
  118. long int num)
  119. {
  120. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  121. }
  122. int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
  123. unsigned long int num)
  124. {
  125. return param_push_num(bld, key, &num, sizeof(num),
  126. OSSL_PARAM_UNSIGNED_INTEGER);
  127. }
  128. int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
  129. int32_t num)
  130. {
  131. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  132. }
  133. int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
  134. uint32_t num)
  135. {
  136. return param_push_num(bld, key, &num, sizeof(num),
  137. OSSL_PARAM_UNSIGNED_INTEGER);
  138. }
  139. int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
  140. int64_t num)
  141. {
  142. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
  143. }
  144. int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
  145. uint64_t num)
  146. {
  147. return param_push_num(bld, key, &num, sizeof(num),
  148. OSSL_PARAM_UNSIGNED_INTEGER);
  149. }
  150. int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
  151. size_t num)
  152. {
  153. return param_push_num(bld, key, &num, sizeof(num),
  154. OSSL_PARAM_UNSIGNED_INTEGER);
  155. }
  156. int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
  157. time_t num)
  158. {
  159. return param_push_num(bld, key, &num, sizeof(num),
  160. OSSL_PARAM_INTEGER);
  161. }
  162. int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
  163. double num)
  164. {
  165. return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
  166. }
  167. int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
  168. const BIGNUM *bn)
  169. {
  170. return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn,
  171. bn == NULL ? 0 : BN_num_bytes(bn));
  172. }
  173. int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
  174. const BIGNUM *bn, size_t sz)
  175. {
  176. int n, secure = 0;
  177. OSSL_PARAM_BLD_DEF *pd;
  178. if (bn != NULL) {
  179. n = BN_num_bytes(bn);
  180. if (n < 0) {
  181. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER);
  182. return 0;
  183. }
  184. if (sz < (size_t)n) {
  185. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
  186. return 0;
  187. }
  188. if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
  189. secure = 1;
  190. }
  191. pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure);
  192. if (pd == NULL)
  193. return 0;
  194. pd->bn = bn;
  195. return 1;
  196. }
  197. int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
  198. const char *buf, size_t bsize)
  199. {
  200. OSSL_PARAM_BLD_DEF *pd;
  201. int secure;
  202. if (bsize == 0) {
  203. bsize = strlen(buf);
  204. } else if (bsize > INT_MAX) {
  205. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  206. return 0;
  207. }
  208. secure = CRYPTO_secure_allocated(buf);
  209. pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure);
  210. if (pd == NULL)
  211. return 0;
  212. pd->string = buf;
  213. return 1;
  214. }
  215. int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
  216. char *buf, size_t bsize)
  217. {
  218. OSSL_PARAM_BLD_DEF *pd;
  219. if (bsize == 0) {
  220. bsize = strlen(buf);
  221. } else if (bsize > INT_MAX) {
  222. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  223. return 0;
  224. }
  225. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
  226. if (pd == NULL)
  227. return 0;
  228. pd->string = buf;
  229. return 1;
  230. }
  231. int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
  232. const void *buf, size_t bsize)
  233. {
  234. OSSL_PARAM_BLD_DEF *pd;
  235. int secure;
  236. if (bsize > INT_MAX) {
  237. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  238. return 0;
  239. }
  240. secure = CRYPTO_secure_allocated(buf);
  241. pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
  242. if (pd == NULL)
  243. return 0;
  244. pd->string = buf;
  245. return 1;
  246. }
  247. int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
  248. void *buf, size_t bsize)
  249. {
  250. OSSL_PARAM_BLD_DEF *pd;
  251. if (bsize > INT_MAX) {
  252. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
  253. return 0;
  254. }
  255. pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
  256. if (pd == NULL)
  257. return 0;
  258. pd->string = buf;
  259. return 1;
  260. }
  261. static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
  262. OSSL_PARAM_ALIGNED_BLOCK *blk,
  263. OSSL_PARAM_ALIGNED_BLOCK *secure)
  264. {
  265. int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  266. OSSL_PARAM_BLD_DEF *pd;
  267. void *p;
  268. for (i = 0; i < num; i++) {
  269. pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
  270. param[i].key = pd->key;
  271. param[i].data_type = pd->type;
  272. param[i].data_size = pd->size;
  273. param[i].return_size = OSSL_PARAM_UNMODIFIED;
  274. if (pd->secure) {
  275. p = secure;
  276. secure += pd->alloc_blocks;
  277. } else {
  278. p = blk;
  279. blk += pd->alloc_blocks;
  280. }
  281. param[i].data = p;
  282. if (pd->bn != NULL) {
  283. /* BIGNUM */
  284. BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
  285. } else if (pd->type == OSSL_PARAM_OCTET_PTR
  286. || pd->type == OSSL_PARAM_UTF8_PTR) {
  287. /* PTR */
  288. *(const void **)p = pd->string;
  289. } else if (pd->type == OSSL_PARAM_OCTET_STRING
  290. || pd->type == OSSL_PARAM_UTF8_STRING) {
  291. if (pd->string != NULL)
  292. memcpy(p, pd->string, pd->size);
  293. else
  294. memset(p, 0, pd->size);
  295. if (pd->type == OSSL_PARAM_UTF8_STRING)
  296. ((char *)p)[pd->size] = '\0';
  297. } else {
  298. /* Number, but could also be a NULL BIGNUM */
  299. if (pd->size > sizeof(pd->num))
  300. memset(p, 0, pd->size);
  301. else if (pd->size > 0)
  302. memcpy(p, &pd->num, pd->size);
  303. }
  304. }
  305. param[i] = OSSL_PARAM_construct_end();
  306. return param + i;
  307. }
  308. OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
  309. {
  310. OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
  311. OSSL_PARAM *params, *last;
  312. const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
  313. const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
  314. const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
  315. const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
  316. if (ss > 0) {
  317. s = OPENSSL_secure_malloc(ss);
  318. if (s == NULL) {
  319. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE);
  320. return NULL;
  321. }
  322. }
  323. params = OPENSSL_malloc(total);
  324. if (params == NULL) {
  325. ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
  326. OPENSSL_secure_free(s);
  327. return NULL;
  328. }
  329. blk = p_blks + (OSSL_PARAM_ALIGNED_BLOCK *)(params);
  330. last = param_bld_convert(bld, params, blk, s);
  331. ossl_param_set_secure_block(last, s, ss);
  332. /* Reset builder for reuse */
  333. bld->total_blocks = 0;
  334. bld->secure_blocks = 0;
  335. free_all_params(bld);
  336. return params;
  337. }