2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 #include "internal/common.h" /* for HAS_PREFIX */
12 #include <openssl/ebcdic.h>
13 #include <openssl/err.h>
14 #include <openssl/params.h>
17 * When processing text to params, we're trying to be smart with numbers.
18 * Instead of handling each specific separate integer type, we use a bignum
19 * and ensure that it isn't larger than the expected size, and we then make
20 * sure it is the expected size... if there is one given.
21 * (if the size can be arbitrary, then we give whatever we have)
24 static int prepare_from_text(const OSSL_PARAM
*paramdefs
, const char *key
,
25 const char *value
, size_t value_n
,
26 /* Output parameters */
27 const OSSL_PARAM
**paramdef
, int *ishex
,
28 size_t *buf_n
, BIGNUM
**tmpbn
, int *found
)
35 * ishex is used to translate legacy style string controls in hex format
36 * to octet string parameters.
38 *ishex
= CHECK_AND_SKIP_PREFIX(key
, "hex");
40 p
= *paramdef
= OSSL_PARAM_locate_const(paramdefs
, key
);
46 switch (p
->data_type
) {
47 case OSSL_PARAM_INTEGER
:
48 case OSSL_PARAM_UNSIGNED_INTEGER
:
50 r
= BN_hex2bn(tmpbn
, value
);
52 r
= BN_asc2bn(tmpbn
, value
);
54 if (r
== 0 || *tmpbn
== NULL
)
57 if (p
->data_type
== OSSL_PARAM_UNSIGNED_INTEGER
58 && BN_is_negative(*tmpbn
)) {
59 ERR_raise(ERR_LIB_CRYPTO
, CRYPTO_R_INVALID_NEGATIVE_VALUE
);
64 * 2's complement negate, part 1
66 * BN_bn2nativepad puts the absolute value of the number in the
67 * buffer, i.e. if it's negative, we need to deal with it. We do
68 * it by subtracting 1 here and inverting the bytes in
69 * construct_from_text() below.
70 * To subtract 1 from an absolute value of a negative number we
71 * actually have to add 1: -3 - 1 = -4, |-3| = 3 + 1 = 4.
73 if (p
->data_type
== OSSL_PARAM_INTEGER
&& BN_is_negative(*tmpbn
)
74 && !BN_add_word(*tmpbn
, 1)) {
78 buf_bits
= (size_t)BN_num_bits(*tmpbn
);
81 * Compensate for cases where the most significant bit in
82 * the resulting OSSL_PARAM buffer will be set after the
83 * BN_bn2nativepad() call, as the implied sign may not be
84 * correct after the second part of the 2's complement
85 * negation has been performed.
86 * We fix these cases by extending the buffer by one byte
87 * (8 bits), which will give some padding. The second part
88 * of the 2's complement negation will do the rest.
90 if (p
->data_type
== OSSL_PARAM_INTEGER
&& buf_bits
% 8 == 0)
93 *buf_n
= (buf_bits
+ 7) / 8;
96 * A zero data size means "arbitrary size", so only do the
97 * range checking if a size is specified.
99 if (p
->data_size
> 0) {
100 if (buf_bits
> p
->data_size
* 8) {
101 ERR_raise(ERR_LIB_CRYPTO
, CRYPTO_R_TOO_SMALL_BUFFER
);
102 /* Since this is a different error, we don't break */
105 /* Change actual size to become the desired size. */
106 *buf_n
= p
->data_size
;
109 case OSSL_PARAM_UTF8_STRING
:
111 ERR_raise(ERR_LIB_CRYPTO
, ERR_R_PASSED_INVALID_ARGUMENT
);
114 *buf_n
= strlen(value
) + 1;
116 case OSSL_PARAM_OCTET_STRING
:
118 *buf_n
= strlen(value
) >> 1;
128 static int construct_from_text(OSSL_PARAM
*to
, const OSSL_PARAM
*paramdef
,
129 const char *value
, size_t value_n
, int ishex
,
130 void *buf
, size_t buf_n
, BIGNUM
*tmpbn
)
136 switch (paramdef
->data_type
) {
137 case OSSL_PARAM_INTEGER
:
138 case OSSL_PARAM_UNSIGNED_INTEGER
:
141 if ((new_value = OPENSSL_malloc(new_value_n)) == NULL) {
147 BN_bn2nativepad(tmpbn
, buf
, buf_n
);
150 * 2's complement negation, part two.
152 * Because we did the first part on the BIGNUM itself, we can just
153 * invert all the bytes here and be done with it.
155 if (paramdef
->data_type
== OSSL_PARAM_INTEGER
156 && BN_is_negative(tmpbn
)) {
160 for (cp
= buf
; i
-- > 0; cp
++)
164 case OSSL_PARAM_UTF8_STRING
:
165 #ifdef CHARSET_EBCDIC
166 ebcdic2ascii(buf
, value
, buf_n
);
168 strncpy(buf
, value
, buf_n
);
170 /* Don't count the terminating NUL byte as data */
173 case OSSL_PARAM_OCTET_STRING
:
177 if (!OPENSSL_hexstr2buf_ex(buf
, buf_n
, &l
, value
, ':'))
180 memcpy(buf
, value
, buf_n
);
188 to
->data_size
= buf_n
;
189 to
->return_size
= OSSL_PARAM_UNMODIFIED
;
194 int OSSL_PARAM_allocate_from_text(OSSL_PARAM
*to
,
195 const OSSL_PARAM
*paramdefs
,
196 const char *key
, const char *value
,
197 size_t value_n
, int *found
)
199 const OSSL_PARAM
*paramdef
= NULL
;
203 BIGNUM
*tmpbn
= NULL
;
206 if (to
== NULL
|| paramdefs
== NULL
)
209 if (!prepare_from_text(paramdefs
, key
, value
, value_n
,
210 ¶mdef
, &ishex
, &buf_n
, &tmpbn
, found
))
213 if ((buf
= OPENSSL_zalloc(buf_n
> 0 ? buf_n
: 1)) == NULL
) {
214 ERR_raise(ERR_LIB_CRYPTO
, ERR_R_MALLOC_FAILURE
);
218 ok
= construct_from_text(to
, paramdef
, value
, value_n
, ishex
,