]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. | |
4 | * | |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | #include <string.h> | |
12 | #include <openssl/err.h> | |
13 | #include <openssl/cryptoerr.h> | |
14 | #include <openssl/params.h> | |
15 | #include <openssl/types.h> | |
16 | #include <openssl/safestack.h> | |
17 | #include "internal/cryptlib.h" | |
18 | #include "openssl/param_build.h" | |
19 | ||
20 | /* | |
21 | * Special internal param type to indicate the end of an allocate OSSL_PARAM | |
22 | * array. | |
23 | */ | |
24 | #define OSSL_PARAM_ALLOCATED_END 127 | |
25 | ||
26 | typedef struct { | |
27 | const char *key; | |
28 | int type; | |
29 | int secure; | |
30 | size_t size; | |
31 | size_t alloc_blocks; | |
32 | const BIGNUM *bn; | |
33 | const void *string; | |
34 | union { | |
35 | /* | |
36 | * These fields are never directly addressed, but their sizes are | |
37 | * imporant so that all native types can be copied here without overrun. | |
38 | */ | |
39 | ossl_intmax_t i; | |
40 | ossl_uintmax_t u; | |
41 | double d; | |
42 | } num; | |
43 | } OSSL_PARAM_BLD_DEF; | |
44 | ||
45 | DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF) | |
46 | ||
47 | struct ossl_param_bld_st { | |
48 | size_t total_blocks; | |
49 | size_t secure_blocks; | |
50 | STACK_OF(OSSL_PARAM_BLD_DEF) *params; | |
51 | }; | |
52 | ||
53 | typedef union { | |
54 | OSSL_UNION_ALIGN; | |
55 | } OSSL_PARAM_BLD_BLOCK; | |
56 | ||
57 | #define ALIGN_SIZE sizeof(OSSL_PARAM_BLD_BLOCK) | |
58 | ||
59 | static size_t bytes_to_blocks(size_t bytes) | |
60 | { | |
61 | return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE; | |
62 | } | |
63 | ||
64 | static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key, | |
65 | int size, size_t alloc, int type, | |
66 | int secure) | |
67 | { | |
68 | OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd)); | |
69 | ||
70 | if (pd == NULL) { | |
71 | CRYPTOerr(CRYPTO_F_PARAM_PUSH, ERR_R_MALLOC_FAILURE); | |
72 | return NULL; | |
73 | } | |
74 | pd->key = key; | |
75 | pd->type = type; | |
76 | pd->size = size; | |
77 | pd->alloc_blocks = bytes_to_blocks(size); | |
78 | if ((pd->secure = secure) != 0) | |
79 | bld->secure_blocks += pd->alloc_blocks; | |
80 | else | |
81 | bld->total_blocks += pd->alloc_blocks; | |
82 | if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) { | |
83 | OPENSSL_free(pd); | |
84 | pd = NULL; | |
85 | } | |
86 | return pd; | |
87 | } | |
88 | ||
89 | static int param_push_num(OSSL_PARAM_BLD *bld, const char *key, | |
90 | void *num, size_t size, int type) | |
91 | { | |
92 | OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0); | |
93 | ||
94 | if (pd == NULL) | |
95 | return 0; | |
96 | if (size > sizeof(pd->num)) { | |
97 | CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES); | |
98 | return 0; | |
99 | } | |
100 | memcpy(&pd->num, num, size); | |
101 | return 1; | |
102 | } | |
103 | ||
104 | OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void) | |
105 | { | |
106 | OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD)); | |
107 | ||
108 | if (r != NULL) { | |
109 | r->params = sk_OSSL_PARAM_BLD_DEF_new_null(); | |
110 | if (r->params == NULL) { | |
111 | OPENSSL_free(r); | |
112 | r = NULL; | |
113 | } | |
114 | } | |
115 | return r; | |
116 | } | |
117 | ||
118 | static void free_all_params(OSSL_PARAM_BLD *bld) | |
119 | { | |
120 | int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params); | |
121 | ||
122 | for (i = 0; i < n; i++) | |
123 | OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params)); | |
124 | } | |
125 | ||
126 | void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld) | |
127 | { | |
128 | free_all_params(bld); | |
129 | sk_OSSL_PARAM_BLD_DEF_free(bld->params); | |
130 | OPENSSL_free(bld); | |
131 | } | |
132 | ||
133 | int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) | |
134 | { | |
135 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); | |
136 | } | |
137 | ||
138 | int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, | |
139 | unsigned int num) | |
140 | { | |
141 | return param_push_num(bld, key, &num, sizeof(num), | |
142 | OSSL_PARAM_UNSIGNED_INTEGER); | |
143 | } | |
144 | ||
145 | int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, | |
146 | long int num) | |
147 | { | |
148 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); | |
149 | } | |
150 | ||
151 | int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, | |
152 | unsigned long int num) | |
153 | { | |
154 | return param_push_num(bld, key, &num, sizeof(num), | |
155 | OSSL_PARAM_UNSIGNED_INTEGER); | |
156 | } | |
157 | ||
158 | int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, | |
159 | int32_t num) | |
160 | { | |
161 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); | |
162 | } | |
163 | ||
164 | int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, | |
165 | uint32_t num) | |
166 | { | |
167 | return param_push_num(bld, key, &num, sizeof(num), | |
168 | OSSL_PARAM_UNSIGNED_INTEGER); | |
169 | } | |
170 | ||
171 | int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, | |
172 | int64_t num) | |
173 | { | |
174 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); | |
175 | } | |
176 | ||
177 | int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, | |
178 | uint64_t num) | |
179 | { | |
180 | return param_push_num(bld, key, &num, sizeof(num), | |
181 | OSSL_PARAM_UNSIGNED_INTEGER); | |
182 | } | |
183 | ||
184 | int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, | |
185 | size_t num) | |
186 | { | |
187 | return param_push_num(bld, key, &num, sizeof(num), | |
188 | OSSL_PARAM_UNSIGNED_INTEGER); | |
189 | } | |
190 | ||
191 | int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, | |
192 | double num) | |
193 | { | |
194 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); | |
195 | } | |
196 | ||
197 | int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, | |
198 | const BIGNUM *bn) | |
199 | { | |
200 | return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, | |
201 | bn == NULL ? 0 : BN_num_bytes(bn)); | |
202 | } | |
203 | ||
204 | int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, | |
205 | const BIGNUM *bn, size_t sz) | |
206 | { | |
207 | int n, secure = 0; | |
208 | OSSL_PARAM_BLD_DEF *pd; | |
209 | ||
210 | if (bn != NULL) { | |
211 | n = BN_num_bytes(bn); | |
212 | if (n < 0) { | |
213 | CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER); | |
214 | return 0; | |
215 | } | |
216 | if (sz < (size_t)n) { | |
217 | CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER); | |
218 | return 0; | |
219 | } | |
220 | if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE) | |
221 | secure = 1; | |
222 | } | |
223 | pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure); | |
224 | if (pd == NULL) | |
225 | return 0; | |
226 | pd->bn = bn; | |
227 | return 1; | |
228 | } | |
229 | ||
230 | int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, | |
231 | const char *buf, size_t bsize) | |
232 | { | |
233 | OSSL_PARAM_BLD_DEF *pd; | |
234 | ||
235 | if (bsize == 0) { | |
236 | bsize = strlen(buf) + 1; | |
237 | } else if (bsize > INT_MAX) { | |
238 | CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING, | |
239 | CRYPTO_R_STRING_TOO_LONG); | |
240 | return 0; | |
241 | } | |
242 | pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0); | |
243 | if (pd == NULL) | |
244 | return 0; | |
245 | pd->string = buf; | |
246 | return 1; | |
247 | } | |
248 | ||
249 | int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, | |
250 | char *buf, size_t bsize) | |
251 | { | |
252 | OSSL_PARAM_BLD_DEF *pd; | |
253 | ||
254 | if (bsize == 0) { | |
255 | bsize = strlen(buf) + 1; | |
256 | } else if (bsize > INT_MAX) { | |
257 | CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR, | |
258 | CRYPTO_R_STRING_TOO_LONG); | |
259 | return 0; | |
260 | } | |
261 | pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0); | |
262 | if (pd == NULL) | |
263 | return 0; | |
264 | pd->string = buf; | |
265 | return 1; | |
266 | } | |
267 | ||
268 | int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, | |
269 | const void *buf, size_t bsize) | |
270 | { | |
271 | OSSL_PARAM_BLD_DEF *pd; | |
272 | ||
273 | if (bsize > INT_MAX) { | |
274 | CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING, | |
275 | CRYPTO_R_STRING_TOO_LONG); | |
276 | return 0; | |
277 | } | |
278 | pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0); | |
279 | if (pd == NULL) | |
280 | return 0; | |
281 | pd->string = buf; | |
282 | return 1; | |
283 | } | |
284 | ||
285 | int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, | |
286 | void *buf, size_t bsize) | |
287 | { | |
288 | OSSL_PARAM_BLD_DEF *pd; | |
289 | ||
290 | if (bsize > INT_MAX) { | |
291 | CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR, | |
292 | CRYPTO_R_STRING_TOO_LONG); | |
293 | return 0; | |
294 | } | |
295 | pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0); | |
296 | if (pd == NULL) | |
297 | return 0; | |
298 | pd->string = buf; | |
299 | return 1; | |
300 | } | |
301 | ||
302 | static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, | |
303 | OSSL_PARAM_BLD_BLOCK *blk, | |
304 | OSSL_PARAM_BLD_BLOCK *secure) | |
305 | { | |
306 | int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); | |
307 | OSSL_PARAM_BLD_DEF *pd; | |
308 | void *p; | |
309 | ||
310 | for (i = 0; i < num; i++) { | |
311 | pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i); | |
312 | param[i].key = pd->key; | |
313 | param[i].data_type = pd->type; | |
314 | param[i].data_size = pd->size; | |
315 | param[i].return_size = OSSL_PARAM_UNMODIFIED; | |
316 | ||
317 | if (pd->secure) { | |
318 | p = secure; | |
319 | secure += pd->alloc_blocks; | |
320 | } else { | |
321 | p = blk; | |
322 | blk += pd->alloc_blocks; | |
323 | } | |
324 | param[i].data = p; | |
325 | if (pd->bn != NULL) { | |
326 | /* BIGNUM */ | |
327 | BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size); | |
328 | } else if (pd->type == OSSL_PARAM_OCTET_PTR | |
329 | || pd->type == OSSL_PARAM_UTF8_PTR) { | |
330 | /* PTR */ | |
331 | *(const void **)p = pd->string; | |
332 | } else if (pd->type == OSSL_PARAM_OCTET_STRING | |
333 | || pd->type == OSSL_PARAM_UTF8_STRING) { | |
334 | if (pd->string != NULL) | |
335 | memcpy(p, pd->string, pd->size); | |
336 | else | |
337 | memset(p, 0, pd->size); | |
338 | } else { | |
339 | /* Number, but could also be a NULL BIGNUM */ | |
340 | if (pd->size > sizeof(pd->num)) | |
341 | memset(p, 0, pd->size); | |
342 | else if (pd->size > 0) | |
343 | memcpy(p, &pd->num, pd->size); | |
344 | } | |
345 | } | |
346 | param[i] = OSSL_PARAM_construct_end(); | |
347 | return param + i; | |
348 | } | |
349 | ||
350 | OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld) | |
351 | { | |
352 | OSSL_PARAM_BLD_BLOCK *blk, *s = NULL; | |
353 | OSSL_PARAM *params, *last; | |
354 | const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); | |
355 | const size_t p_blks = bytes_to_blocks((1 + num) * sizeof(*params)); | |
356 | const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks); | |
357 | const size_t ss = ALIGN_SIZE * bld->secure_blocks; | |
358 | ||
359 | if (ss > 0) { | |
360 | s = OPENSSL_secure_malloc(ss); | |
361 | if (s == NULL) { | |
362 | CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, | |
363 | CRYPTO_R_SECURE_MALLOC_FAILURE); | |
364 | return NULL; | |
365 | } | |
366 | } | |
367 | params = OPENSSL_malloc(total); | |
368 | if (params == NULL) { | |
369 | CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE); | |
370 | OPENSSL_secure_free(s); | |
371 | return NULL; | |
372 | } | |
373 | blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params); | |
374 | last = param_bld_convert(bld, params, blk, s); | |
375 | last->data_size = ss; | |
376 | last->data = s; | |
377 | last->data_type = OSSL_PARAM_ALLOCATED_END; | |
378 | ||
379 | /* Reset builder for reuse */ | |
380 | bld->total_blocks = 0; | |
381 | bld->secure_blocks = 0; | |
382 | free_all_params(bld); | |
383 | return params; | |
384 | } | |
385 | ||
386 | void OSSL_PARAM_BLD_free_params(OSSL_PARAM *params) | |
387 | { | |
388 | if (params != NULL) { | |
389 | OSSL_PARAM *p; | |
390 | ||
391 | for (p = params; p->key != NULL; p++) | |
392 | ; | |
393 | if (p->data_type == OSSL_PARAM_ALLOCATED_END) | |
394 | OPENSSL_secure_clear_free(p->data, p->data_size); | |
395 | OPENSSL_free(params); | |
396 | } | |
397 | } |