/src/openssl30/crypto/param_build.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
4 | | * |
5 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6 | | * this file except in compliance with the License. You can obtain a copy |
7 | | * in the file LICENSE in the source distribution or at |
8 | | * https://www.openssl.org/source/license.html |
9 | | */ |
10 | | |
11 | | #include <string.h> |
12 | | #include <openssl/err.h> |
13 | | #include <openssl/cryptoerr.h> |
14 | | #include <openssl/params.h> |
15 | | #include <openssl/types.h> |
16 | | #include <openssl/safestack.h> |
17 | | #include "internal/param_build_set.h" |
18 | | |
19 | | /* |
20 | | * Special internal param type to indicate the end of an allocate OSSL_PARAM |
21 | | * array. |
22 | | */ |
23 | | |
24 | | typedef struct { |
25 | | const char *key; |
26 | | int type; |
27 | | int secure; |
28 | | size_t size; |
29 | | size_t alloc_blocks; |
30 | | const BIGNUM *bn; |
31 | | const void *string; |
32 | | union { |
33 | | /* |
34 | | * These fields are never directly addressed, but their sizes are |
35 | | * imporant so that all native types can be copied here without overrun. |
36 | | */ |
37 | | ossl_intmax_t i; |
38 | | ossl_uintmax_t u; |
39 | | double d; |
40 | | } num; |
41 | | } OSSL_PARAM_BLD_DEF; |
42 | | |
43 | | DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF) |
44 | | |
45 | | struct ossl_param_bld_st { |
46 | | size_t total_blocks; |
47 | | size_t secure_blocks; |
48 | | STACK_OF(OSSL_PARAM_BLD_DEF) *params; |
49 | | }; |
50 | | |
51 | | static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key, |
52 | | int size, size_t alloc, int type, |
53 | | int secure) |
54 | 1.11M | { |
55 | 1.11M | OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd)); |
56 | | |
57 | 1.11M | if (pd == NULL) { |
58 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); |
59 | 0 | return NULL; |
60 | 0 | } |
61 | 1.11M | pd->key = key; |
62 | 1.11M | pd->type = type; |
63 | 1.11M | pd->size = size; |
64 | 1.11M | pd->alloc_blocks = ossl_param_bytes_to_blocks(alloc); |
65 | 1.11M | if ((pd->secure = secure) != 0) |
66 | 228k | bld->secure_blocks += pd->alloc_blocks; |
67 | 882k | else |
68 | 882k | bld->total_blocks += pd->alloc_blocks; |
69 | 1.11M | if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) { |
70 | 0 | OPENSSL_free(pd); |
71 | 0 | pd = NULL; |
72 | 0 | } |
73 | 1.11M | return pd; |
74 | 1.11M | } |
75 | | |
76 | | static int param_push_num(OSSL_PARAM_BLD *bld, const char *key, |
77 | | void *num, size_t size, int type) |
78 | 254k | { |
79 | 254k | OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0); |
80 | | |
81 | 254k | if (pd == NULL) |
82 | 0 | return 0; |
83 | 254k | if (size > sizeof(pd->num)) { |
84 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); |
85 | 0 | return 0; |
86 | 0 | } |
87 | 254k | memcpy(&pd->num, num, size); |
88 | 254k | return 1; |
89 | 254k | } |
90 | | |
91 | | OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void) |
92 | 178k | { |
93 | 178k | OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD)); |
94 | | |
95 | 178k | if (r != NULL) { |
96 | 178k | r->params = sk_OSSL_PARAM_BLD_DEF_new_null(); |
97 | 178k | if (r->params == NULL) { |
98 | 0 | OPENSSL_free(r); |
99 | 0 | r = NULL; |
100 | 0 | } |
101 | 178k | } |
102 | 178k | return r; |
103 | 178k | } |
104 | | |
105 | | static void free_all_params(OSSL_PARAM_BLD *bld) |
106 | 356k | { |
107 | 356k | int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params); |
108 | | |
109 | 1.46M | for (i = 0; i < n; i++) |
110 | 1.11M | OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params)); |
111 | 356k | } |
112 | | |
113 | | void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld) |
114 | 178k | { |
115 | 178k | if (bld == NULL) |
116 | 0 | return; |
117 | 178k | free_all_params(bld); |
118 | 178k | sk_OSSL_PARAM_BLD_DEF_free(bld->params); |
119 | 178k | OPENSSL_free(bld); |
120 | 178k | } |
121 | | |
122 | | int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) |
123 | 254k | { |
124 | 254k | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); |
125 | 254k | } |
126 | | |
127 | | int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, |
128 | | unsigned int num) |
129 | 0 | { |
130 | 0 | return param_push_num(bld, key, &num, sizeof(num), |
131 | 0 | OSSL_PARAM_UNSIGNED_INTEGER); |
132 | 0 | } |
133 | | |
134 | | int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, |
135 | | long int num) |
136 | 0 | { |
137 | 0 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); |
138 | 0 | } |
139 | | |
140 | | int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, |
141 | | unsigned long int num) |
142 | 0 | { |
143 | 0 | return param_push_num(bld, key, &num, sizeof(num), |
144 | 0 | OSSL_PARAM_UNSIGNED_INTEGER); |
145 | 0 | } |
146 | | |
147 | | int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, |
148 | | int32_t num) |
149 | 0 | { |
150 | 0 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); |
151 | 0 | } |
152 | | |
153 | | int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, |
154 | | uint32_t num) |
155 | 0 | { |
156 | 0 | return param_push_num(bld, key, &num, sizeof(num), |
157 | 0 | OSSL_PARAM_UNSIGNED_INTEGER); |
158 | 0 | } |
159 | | |
160 | | int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, |
161 | | int64_t num) |
162 | 0 | { |
163 | 0 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); |
164 | 0 | } |
165 | | |
166 | | int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, |
167 | | uint64_t num) |
168 | 0 | { |
169 | 0 | return param_push_num(bld, key, &num, sizeof(num), |
170 | 0 | OSSL_PARAM_UNSIGNED_INTEGER); |
171 | 0 | } |
172 | | |
173 | | int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, |
174 | | size_t num) |
175 | 0 | { |
176 | 0 | return param_push_num(bld, key, &num, sizeof(num), |
177 | 0 | OSSL_PARAM_UNSIGNED_INTEGER); |
178 | 0 | } |
179 | | |
180 | | int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, |
181 | | time_t num) |
182 | 0 | { |
183 | 0 | return param_push_num(bld, key, &num, sizeof(num), |
184 | 0 | OSSL_PARAM_INTEGER); |
185 | 0 | } |
186 | | |
187 | | int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, |
188 | | double num) |
189 | 0 | { |
190 | 0 | return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); |
191 | 0 | } |
192 | | |
193 | | int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, |
194 | | const BIGNUM *bn) |
195 | 189k | { |
196 | 189k | return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, |
197 | 189k | bn == NULL ? 0 : BN_num_bytes(bn)); |
198 | 189k | } |
199 | | |
200 | | int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, |
201 | | const BIGNUM *bn, size_t sz) |
202 | 209k | { |
203 | 209k | int n, secure = 0; |
204 | 209k | OSSL_PARAM_BLD_DEF *pd; |
205 | | |
206 | 209k | if (bn != NULL) { |
207 | 209k | if (BN_is_negative(bn)) { |
208 | 0 | ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, |
209 | 0 | "Negative big numbers are unsupported for OSSL_PARAM"); |
210 | 0 | return 0; |
211 | 0 | } |
212 | | |
213 | 209k | n = BN_num_bytes(bn); |
214 | 209k | if (n < 0) { |
215 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER); |
216 | 0 | return 0; |
217 | 0 | } |
218 | 209k | if (sz < (size_t)n) { |
219 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); |
220 | 0 | return 0; |
221 | 0 | } |
222 | 209k | if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE) |
223 | 90.7k | secure = 1; |
224 | | |
225 | | /* The BIGNUM is zero, we must transfer at least one byte */ |
226 | 209k | if (sz == 0) |
227 | 782 | sz++; |
228 | 209k | } |
229 | 209k | pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure); |
230 | 209k | if (pd == NULL) |
231 | 0 | return 0; |
232 | 209k | pd->bn = bn; |
233 | 209k | return 1; |
234 | 209k | } |
235 | | |
236 | | int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, |
237 | | const char *buf, size_t bsize) |
238 | 126k | { |
239 | 126k | OSSL_PARAM_BLD_DEF *pd; |
240 | 126k | int secure; |
241 | | |
242 | 126k | if (bsize == 0) |
243 | 126k | bsize = strlen(buf); |
244 | 126k | if (bsize > INT_MAX) { |
245 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); |
246 | 0 | return 0; |
247 | 0 | } |
248 | 126k | secure = CRYPTO_secure_allocated(buf); |
249 | 126k | pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure); |
250 | 126k | if (pd == NULL) |
251 | 0 | return 0; |
252 | 126k | pd->string = buf; |
253 | 126k | return 1; |
254 | 126k | } |
255 | | |
256 | | int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, |
257 | | char *buf, size_t bsize) |
258 | 0 | { |
259 | 0 | OSSL_PARAM_BLD_DEF *pd; |
260 | |
|
261 | 0 | if (bsize == 0) |
262 | 0 | bsize = strlen(buf); |
263 | 0 | if (bsize > INT_MAX) { |
264 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); |
265 | 0 | return 0; |
266 | 0 | } |
267 | 0 | pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0); |
268 | 0 | if (pd == NULL) |
269 | 0 | return 0; |
270 | 0 | pd->string = buf; |
271 | 0 | return 1; |
272 | 0 | } |
273 | | |
274 | | int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, |
275 | | const void *buf, size_t bsize) |
276 | 30.9k | { |
277 | 30.9k | OSSL_PARAM_BLD_DEF *pd; |
278 | 30.9k | int secure; |
279 | | |
280 | 30.9k | if (bsize > INT_MAX) { |
281 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); |
282 | 0 | return 0; |
283 | 0 | } |
284 | 30.9k | secure = CRYPTO_secure_allocated(buf); |
285 | 30.9k | pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure); |
286 | 30.9k | if (pd == NULL) |
287 | 0 | return 0; |
288 | 30.9k | pd->string = buf; |
289 | 30.9k | return 1; |
290 | 30.9k | } |
291 | | |
292 | | int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, |
293 | | void *buf, size_t bsize) |
294 | 0 | { |
295 | 0 | OSSL_PARAM_BLD_DEF *pd; |
296 | |
|
297 | 0 | if (bsize > INT_MAX) { |
298 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); |
299 | 0 | return 0; |
300 | 0 | } |
301 | 0 | pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0); |
302 | 0 | if (pd == NULL) |
303 | 0 | return 0; |
304 | 0 | pd->string = buf; |
305 | 0 | return 1; |
306 | 0 | } |
307 | | |
308 | | static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, |
309 | | OSSL_PARAM_ALIGNED_BLOCK *blk, |
310 | | OSSL_PARAM_ALIGNED_BLOCK *secure) |
311 | 55.1k | { |
312 | 55.1k | int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); |
313 | 55.1k | OSSL_PARAM_BLD_DEF *pd; |
314 | 55.1k | void *p; |
315 | | |
316 | 468k | for (i = 0; i < num; i++) { |
317 | 413k | pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i); |
318 | 413k | param[i].key = pd->key; |
319 | 413k | param[i].data_type = pd->type; |
320 | 413k | param[i].data_size = pd->size; |
321 | 413k | param[i].return_size = OSSL_PARAM_UNMODIFIED; |
322 | | |
323 | 413k | if (pd->secure) { |
324 | 90.7k | p = secure; |
325 | 90.7k | secure += pd->alloc_blocks; |
326 | 322k | } else { |
327 | 322k | p = blk; |
328 | 322k | blk += pd->alloc_blocks; |
329 | 322k | } |
330 | 413k | param[i].data = p; |
331 | 413k | if (pd->bn != NULL) { |
332 | | /* BIGNUM */ |
333 | 209k | BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size); |
334 | 209k | } else if (pd->type == OSSL_PARAM_OCTET_PTR |
335 | 203k | || pd->type == OSSL_PARAM_UTF8_PTR) { |
336 | | /* PTR */ |
337 | 0 | *(const void **)p = pd->string; |
338 | 203k | } else if (pd->type == OSSL_PARAM_OCTET_STRING |
339 | 203k | || pd->type == OSSL_PARAM_UTF8_STRING) { |
340 | 102k | if (pd->string != NULL) |
341 | 102k | memcpy(p, pd->string, pd->size); |
342 | 0 | else |
343 | 0 | memset(p, 0, pd->size); |
344 | 102k | if (pd->type == OSSL_PARAM_UTF8_STRING) |
345 | 82.8k | ((char *)p)[pd->size] = '\0'; |
346 | 102k | } else { |
347 | | /* Number, but could also be a NULL BIGNUM */ |
348 | 100k | if (pd->size > sizeof(pd->num)) |
349 | 0 | memset(p, 0, pd->size); |
350 | 100k | else if (pd->size > 0) |
351 | 100k | memcpy(p, &pd->num, pd->size); |
352 | 100k | } |
353 | 413k | } |
354 | 55.1k | param[i] = OSSL_PARAM_construct_end(); |
355 | 55.1k | return param + i; |
356 | 55.1k | } |
357 | | |
358 | | OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld) |
359 | 178k | { |
360 | 178k | OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL; |
361 | 178k | OSSL_PARAM *params, *last; |
362 | 178k | const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); |
363 | 178k | const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); |
364 | 178k | const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); |
365 | 178k | const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; |
366 | | |
367 | 178k | if (ss > 0) { |
368 | 101k | s = OPENSSL_secure_malloc(ss); |
369 | 101k | if (s == NULL) { |
370 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE); |
371 | 0 | return NULL; |
372 | 0 | } |
373 | 101k | } |
374 | 178k | params = OPENSSL_malloc(total); |
375 | 178k | if (params == NULL) { |
376 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); |
377 | 0 | OPENSSL_secure_free(s); |
378 | 0 | return NULL; |
379 | 0 | } |
380 | 178k | blk = p_blks + (OSSL_PARAM_ALIGNED_BLOCK *)(params); |
381 | 178k | last = param_bld_convert(bld, params, blk, s); |
382 | 178k | ossl_param_set_secure_block(last, s, ss); |
383 | | |
384 | | /* Reset builder for reuse */ |
385 | 178k | bld->total_blocks = 0; |
386 | 178k | bld->secure_blocks = 0; |
387 | 178k | free_all_params(bld); |
388 | 178k | return params; |
389 | 178k | } |