crypto/param_build.c

   1 /*
   2  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
   4  *
   5  * Licensed under the Apache License 2.0 (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  */
  10
  11 #include <string.h>
  12 #include <openssl/err.h>
  13 #include <openssl/cryptoerr.h>
  14 #include <openssl/params.h>
  15 #include <openssl/types.h>
  16 #include <openssl/safestack.h>
  17 #include "internal/cryptlib.h"
  18 #include "openssl/param_build.h"
  19
  20 /*
  21  * Special internal param type to indicate the end of an allocate OSSL_PARAM
  22  * array.
  23  */
  24 #define OSSL_PARAM_ALLOCATED_END    127
  25
  26 typedef struct {
  27     const char *key;
  28     int type;
  29     int secure;
  30     size_t size;
  31     size_t alloc_blocks;
  32     const BIGNUM *bn;
  33     const void *string;
  34     union {
  35         /*
  36          * These fields are never directly addressed, but their sizes are
  37          * imporant so that all native types can be copied here without overrun.
  38          */
  39         ossl_intmax_t i;
  40         ossl_uintmax_t u;
  41         double d;
  42     } num;
  43 } OSSL_PARAM_BLD_DEF;
  44
  45 DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  46
  47 struct ossl_param_bld_st {
  48     size_t total_blocks;
  49     size_t secure_blocks;
  50     STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  51 };
  52
  53 typedef union {
  54     OSSL_UNION_ALIGN;
  55 } OSSL_PARAM_BLD_BLOCK;
  56
  57 #define ALIGN_SIZE  sizeof(OSSL_PARAM_BLD_BLOCK)
  58
  59 static size_t bytes_to_blocks(size_t bytes)
  60 {
  61     return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE;
  62 }
  63
  64 static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  65                                       int size, size_t alloc, int type,
  66                                       int secure)
  67 {
  68     OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  69
  70     if (pd == NULL) {
  71         CRYPTOerr(CRYPTO_F_PARAM_PUSH, ERR_R_MALLOC_FAILURE);
  72         return NULL;
  73     }
  74     pd->key = key;
  75     pd->type = type;
  76     pd->size = size;
  77     pd->alloc_blocks = bytes_to_blocks(size);
  78     if ((pd->secure = secure) != 0)
  79         bld->secure_blocks += pd->alloc_blocks;
  80     else
  81         bld->total_blocks += pd->alloc_blocks;
  82     if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  83         OPENSSL_free(pd);
  84         pd = NULL;
  85     }
  86     return pd;
  87 }
  88
  89 static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  90                           void *num, size_t size, int type)
  91 {
  92     OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  93
  94     if (pd == NULL)
  95         return 0;
  96     if (size > sizeof(pd->num)) {
  97         CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES);
  98         return 0;
  99     }
 100     memcpy(&pd->num, num, size);
 101     return 1;
 102 }
 103
 104 OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
 105 {
 106     OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
 107
 108     if (r != NULL) {
 109         r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
 110         if (r->params == NULL) {
 111             OPENSSL_free(r);
 112             r = NULL;
 113         }
 114     }
 115     return r;
 116 }
 117
 118 static void free_all_params(OSSL_PARAM_BLD *bld)
 119 {
 120     int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 121
 122     for (i = 0; i < n; i++)
 123         OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
 124 }
 125
 126 void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
 127 {
 128     free_all_params(bld);
 129     sk_OSSL_PARAM_BLD_DEF_free(bld->params);
 130     OPENSSL_free(bld);
 131 }
 132
 133 int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
 134 {
 135     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 136 }
 137
 138 int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
 139                              unsigned int num)
 140 {
 141     return param_push_num(bld, key, &num, sizeof(num),
 142                           OSSL_PARAM_UNSIGNED_INTEGER);
 143 }
 144
 145 int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
 146                              long int num)
 147 {
 148     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 149 }
 150
 151 int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
 152                               unsigned long int num)
 153 {
 154     return param_push_num(bld, key, &num, sizeof(num),
 155                           OSSL_PARAM_UNSIGNED_INTEGER);
 156 }
 157
 158 int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
 159                               int32_t num)
 160 {
 161     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 162 }
 163
 164 int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
 165                                uint32_t num)
 166 {
 167     return param_push_num(bld, key, &num, sizeof(num),
 168                           OSSL_PARAM_UNSIGNED_INTEGER);
 169 }
 170
 171 int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
 172                               int64_t num)
 173 {
 174     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 175 }
 176
 177 int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
 178                                uint64_t num)
 179 {
 180     return param_push_num(bld, key, &num, sizeof(num),
 181                           OSSL_PARAM_UNSIGNED_INTEGER);
 182 }
 183
 184 int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
 185                                size_t num)
 186 {
 187     return param_push_num(bld, key, &num, sizeof(num),
 188                           OSSL_PARAM_UNSIGNED_INTEGER);
 189 }
 190
 191 int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
 192                                double num)
 193 {
 194     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
 195 }
 196
 197 int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
 198                            const BIGNUM *bn)
 199 {
 200     return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn,
 201                                       bn == NULL ? 0 : BN_num_bytes(bn));
 202 }
 203
 204 int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
 205                                const BIGNUM *bn, size_t sz)
 206 {
 207     int n, secure = 0;
 208     OSSL_PARAM_BLD_DEF *pd;
 209
 210     if (bn != NULL) {
 211         n = BN_num_bytes(bn);
 212         if (n < 0) {
 213             CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER);
 214             return 0;
 215         }
 216         if (sz < (size_t)n) {
 217             CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER);
 218             return 0;
 219         }
 220         if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
 221             secure = 1;
 222     }
 223     pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure);
 224     if (pd == NULL)
 225         return 0;
 226     pd->bn = bn;
 227     return 1;
 228 }
 229
 230 int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
 231                                     const char *buf, size_t bsize)
 232 {
 233     OSSL_PARAM_BLD_DEF *pd;
 234
 235     if (bsize == 0) {
 236         bsize = strlen(buf) + 1;
 237     } else if (bsize > INT_MAX) {
 238         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING,
 239                   CRYPTO_R_STRING_TOO_LONG);
 240         return 0;
 241     }
 242     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0);
 243     if (pd == NULL)
 244         return 0;
 245     pd->string = buf;
 246     return 1;
 247 }
 248
 249 int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
 250                                  char *buf, size_t bsize)
 251 {
 252     OSSL_PARAM_BLD_DEF *pd;
 253
 254     if (bsize == 0) {
 255         bsize = strlen(buf) + 1;
 256     } else if (bsize > INT_MAX) {
 257         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR,
 258                   CRYPTO_R_STRING_TOO_LONG);
 259         return 0;
 260     }
 261     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
 262     if (pd == NULL)
 263         return 0;
 264     pd->string = buf;
 265     return 1;
 266 }
 267
 268 int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
 269                                      const void *buf, size_t bsize)
 270 {
 271     OSSL_PARAM_BLD_DEF *pd;
 272
 273     if (bsize > INT_MAX) {
 274         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING,
 275                   CRYPTO_R_STRING_TOO_LONG);
 276         return 0;
 277     }
 278     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0);
 279     if (pd == NULL)
 280         return 0;
 281     pd->string = buf;
 282     return 1;
 283 }
 284
 285 int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
 286                                   void *buf, size_t bsize)
 287 {
 288     OSSL_PARAM_BLD_DEF *pd;
 289
 290     if (bsize > INT_MAX) {
 291         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR,
 292                   CRYPTO_R_STRING_TOO_LONG);
 293         return 0;
 294     }
 295     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
 296     if (pd == NULL)
 297         return 0;
 298     pd->string = buf;
 299     return 1;
 300 }
 301
 302 static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
 303                                      OSSL_PARAM_BLD_BLOCK *blk,
 304                                      OSSL_PARAM_BLD_BLOCK *secure)
 305 {
 306     int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 307     OSSL_PARAM_BLD_DEF *pd;
 308     void *p;
 309
 310     for (i = 0; i < num; i++) {
 311         pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
 312         param[i].key = pd->key;
 313         param[i].data_type = pd->type;
 314         param[i].data_size = pd->size;
 315         param[i].return_size = 0;
 316
 317         if (pd->secure) {
 318             p = secure;
 319             secure += pd->alloc_blocks;
 320         } else {
 321             p = blk;
 322             blk += pd->alloc_blocks;
 323         }
 324         param[i].data = p;
 325         if (pd->bn != NULL) {
 326             /* BIGNUM */
 327             BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
 328         } else if (pd->type == OSSL_PARAM_OCTET_PTR
 329                    || pd->type == OSSL_PARAM_UTF8_PTR) {
 330             /* PTR */
 331             *(const void **)p = pd->string;
 332         } else if (pd->type == OSSL_PARAM_OCTET_STRING
 333                    || pd->type == OSSL_PARAM_UTF8_STRING) {
 334             if (pd->string != NULL)
 335                 memcpy(p, pd->string, pd->size);
 336             else
 337                 memset(p, 0, pd->size);
 338         } else {
 339             /* Number, but could also be a NULL BIGNUM */
 340             if (pd->size > sizeof(pd->num))
 341                 memset(p, 0, pd->size);
 342             else if (pd->size > 0)
 343                 memcpy(p, &pd->num, pd->size);
 344         }
 345     }
 346     param[i] = OSSL_PARAM_construct_end();
 347     return param + i;
 348 }
 349
 350 OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
 351 {
 352     OSSL_PARAM_BLD_BLOCK *blk, *s = NULL;
 353     OSSL_PARAM *params, *last;
 354     const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 355     const size_t p_blks = bytes_to_blocks((1 + num) * sizeof(*params));
 356     const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks);
 357     const size_t ss = ALIGN_SIZE * bld->secure_blocks;
 358
 359     if (ss > 0) {
 360         s = OPENSSL_secure_malloc(ss);
 361         if (s == NULL) {
 362             CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM,
 363                       CRYPTO_R_SECURE_MALLOC_FAILURE);
 364             OPENSSL_free(bld);
 365             return NULL;
 366         }
 367     }
 368     params = OPENSSL_malloc(total);
 369     if (params == NULL) {
 370         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE);
 371         OPENSSL_free(bld);
 372         OPENSSL_secure_free(s);
 373         return NULL;
 374     }
 375     blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params);
 376     last = param_bld_convert(bld, params, blk, s);
 377     last->data_size = ss;
 378     last->data = s;
 379     last->data_type = OSSL_PARAM_ALLOCATED_END;
 380
 381     /* Reset builder for reuse */
 382     bld->total_blocks = 0;
 383     bld->secure_blocks = 0;
 384     free_all_params(bld);
 385     return params;
 386 }
 387
 388 void OSSL_PARAM_BLD_free_params(OSSL_PARAM *params)
 389 {
 390     if (params != NULL) {
 391         OSSL_PARAM *p;
 392
 393         for (p = params; p->key != NULL; p++)
 394             ;
 395         if (p->data_type == OSSL_PARAM_ALLOCATED_END)
 396             OPENSSL_secure_clear_free(p->data, p->data_size);
 397         OPENSSL_free(params);
 398     }
 399 }