/src/openssl/crypto/params_dup.c

Source
/*
 * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/params.h>
#include <openssl/param_build.h>
#include "internal/mem_alloc_utils.h"
#include "internal/param_build_set.h"

#define OSSL_PARAM_ALLOCATED_END    127
#define OSSL_PARAM_MERGE_LIST_MAX   128

#define OSSL_PARAM_BUF_PUBLIC 0
#define OSSL_PARAM_BUF_SECURE 1
#define OSSL_PARAM_BUF_MAX    (OSSL_PARAM_BUF_SECURE + 1)

typedef struct {
    OSSL_PARAM_ALIGNED_BLOCK *alloc; /* The allocated buffer */
    OSSL_PARAM_ALIGNED_BLOCK *cur;   /* Current position in the allocated buf */
    size_t blocks;    /* Number of aligned blocks */
    size_t alloc_sz;  /* The size of the allocated buffer (in bytes) */
} OSSL_PARAM_BUF;

size_t ossl_param_bytes_to_blocks(size_t bytes)
{
    return (bytes + OSSL_PARAM_ALIGN_SIZE - 1) / OSSL_PARAM_ALIGN_SIZE;
}

static int ossl_param_buf_alloc(OSSL_PARAM_BUF *out, size_t extra_blocks,
                                int is_secure)
{
    size_t num_blocks, sz = 0;

    if (ossl_unlikely(!ossl_size_add(extra_blocks, out->blocks, &num_blocks,
                                     OPENSSL_FILE, OPENSSL_LINE)
                      || !ossl_size_mul(num_blocks, OSSL_PARAM_ALIGN_SIZE, &sz,
                                        OPENSSL_FILE, OPENSSL_LINE)))
        return 0;

    out->alloc = is_secure ? OPENSSL_secure_zalloc(sz) : OPENSSL_zalloc(sz);
    if (out->alloc == NULL)
        return 0;
    out->alloc_sz = sz;
    out->cur = out->alloc + extra_blocks;
    return 1;
}

void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer,
                                 size_t secure_buffer_sz)
{
    last->key = NULL;
    last->data_size = secure_buffer_sz;
    last->data = secure_buffer;
    last->data_type = OSSL_PARAM_ALLOCATED_END;
}

static OSSL_PARAM *ossl_param_dup(const OSSL_PARAM *src, OSSL_PARAM *dst,
                                  OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX],
                                  int *param_count)
{
    const OSSL_PARAM *in;
    int has_dst = (dst != NULL);
    int is_secure;
    size_t param_sz, blks;

    for (in = src; in->key != NULL; in++) {
        is_secure = CRYPTO_secure_allocated(in->data);
        if (has_dst) {
            *dst = *in;
            dst->data = buf[is_secure].cur;
        }

        if (in->data_type == OSSL_PARAM_OCTET_PTR
            || in->data_type == OSSL_PARAM_UTF8_PTR) {
            param_sz = sizeof(in->data);
            if (has_dst)
                *((const void **)dst->data) = *(const void **)in->data;
        } else {
            param_sz = in->data_size;
            if (has_dst)
                memcpy(dst->data, in->data, param_sz);
        }
        if (in->data_type == OSSL_PARAM_UTF8_STRING)
            param_sz++; /* NULL terminator */
        blks = ossl_param_bytes_to_blocks(param_sz);

        if (has_dst) {
            dst++;
            buf[is_secure].cur += blks;
        } else {
            buf[is_secure].blocks += blks;
        }
        if (param_count != NULL)
            ++*param_count;
    }
    return dst;
}

OSSL_PARAM *OSSL_PARAM_dup(const OSSL_PARAM *src)
{
    size_t param_blocks;
    OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX];
    OSSL_PARAM *last, *dst;
    int param_count = 1; /* Include terminator in the count */

    if (src == NULL) {
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
        return NULL;
    }

    memset(buf, 0, sizeof(buf));

    /* First Pass: get the param_count and block sizes required */
    (void)ossl_param_dup(src, NULL, buf, &param_count);

    param_blocks = ossl_param_bytes_to_blocks(param_count * sizeof(*src));
    /*
     * The allocated buffer consists of an array of OSSL_PARAM followed by
     * aligned data bytes that the array elements will point to.
     */
    if (!ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_PUBLIC], param_blocks, 0))
        return NULL;

    /* Allocate a secure memory buffer if required */
    if (buf[OSSL_PARAM_BUF_SECURE].blocks > 0
        && !ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_SECURE], 0, 1)) {
        OPENSSL_free(buf[OSSL_PARAM_BUF_PUBLIC].alloc);
        return NULL;
    }

    dst = (OSSL_PARAM *)buf[OSSL_PARAM_BUF_PUBLIC].alloc;
    last = ossl_param_dup(src, dst, buf, NULL);
    /* Store the allocated secure memory buffer in the last param block */
    ossl_param_set_secure_block(last, buf[OSSL_PARAM_BUF_SECURE].alloc,
                                buf[OSSL_PARAM_BUF_SECURE].alloc_sz);
    last->return_size = buf[OSSL_PARAM_BUF_PUBLIC].alloc_sz;
    return dst;
}

static int compare_params(const void *left, const void *right)
{
    const OSSL_PARAM *l = *(const OSSL_PARAM **)left;
    const OSSL_PARAM *r = *(const OSSL_PARAM **)right;

    return OPENSSL_strcasecmp(l->key, r->key);
}

OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
{
    const OSSL_PARAM *list1[OSSL_PARAM_MERGE_LIST_MAX + 1];
    const OSSL_PARAM *list2[OSSL_PARAM_MERGE_LIST_MAX + 1];
    const OSSL_PARAM *p = NULL;
    const OSSL_PARAM **p1cur, **p2cur;
    OSSL_PARAM *params, *dst;
    size_t  list1_sz = 0, list2_sz = 0;
    int diff;

    if (p1 == NULL && p2 == NULL) {
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
        return NULL;
    }

    /* Copy p1 to list1 */
    if (p1 != NULL) {
        for (p = p1; p->key != NULL && list1_sz < OSSL_PARAM_MERGE_LIST_MAX; p++)
            list1[list1_sz++] = p;
    }
    list1[list1_sz] = NULL;

    /* copy p2 to a list2 */
    if (p2 != NULL) {
        for (p = p2; p->key != NULL && list2_sz < OSSL_PARAM_MERGE_LIST_MAX; p++)
            list2[list2_sz++] = p;
    }
    list2[list2_sz] = NULL;
    if (list1_sz == 0 && list2_sz == 0) {
        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_NO_PARAMS_TO_MERGE);
        return NULL;
    }

    /* Sort the 2 lists */
    qsort(list1, list1_sz, sizeof(OSSL_PARAM *), compare_params);
    qsort(list2, list2_sz, sizeof(OSSL_PARAM *), compare_params);

   /* Allocate enough space to store the merged parameters */
    params = OPENSSL_calloc(list1_sz + list2_sz + 1, sizeof(*p1));
    if (params == NULL)
        return NULL;
    dst = params;
    p1cur = list1;
    p2cur = list2;
    while (1) {
        /* If list1 is finished just tack list2 onto the end */
        if (*p1cur == NULL) {
            while (*p2cur != NULL) {
                *dst++ = **p2cur;
                p2cur++;
            }
            break;
        }
        /* If list2 is finished just tack list1 onto the end */
        if (*p2cur == NULL) {
            while (*p1cur != NULL) {
                *dst++ = **p1cur;
                p1cur++;
            }
            break;
        }
        /* consume the list element with the smaller key */
        diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key);
        if (diff == 0) {
            /* If the keys are the same then throw away the list1 element */
            *dst++ = **p2cur;
            p2cur++;
            p1cur++;
        } else if (diff > 0) {
            *dst++ = **p2cur;
            p2cur++;
        } else {
            *dst++ = **p1cur;
            p1cur++;
        }
    }
    return params;
}

void OSSL_PARAM_free(OSSL_PARAM *params)
{
    if (params != NULL) {
        OSSL_PARAM *p;

        for (p = params; p->key != NULL; p++)
            ;
        if (p->data_type == OSSL_PARAM_ALLOCATED_END)
            OPENSSL_secure_clear_free(p->data, p->data_size);
        OPENSSL_free(params);
    }
}

void OSSL_PARAM_clear_free(OSSL_PARAM *params)
{
    if (params != NULL) {
        OSSL_PARAM *p;

        for (p = params; p->key != NULL; p++)
            ;
        if (p->data_type == OSSL_PARAM_ALLOCATED_END)
            OPENSSL_secure_clear_free(p->data, p->data_size);
        if (p->return_size > 0 && p->return_size != OSSL_PARAM_UNMODIFIED)
            OPENSSL_cleanse(params, p->return_size);
        OPENSSL_free(params);
    }
}

Coverage Report

Created: 2025-10-28 06:56

Line	Count	Source
1		/*
2		* Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <string.h>
11		#include <openssl/params.h>
12		#include <openssl/param_build.h>
13		#include "internal/mem_alloc_utils.h"
14		#include "internal/param_build_set.h"
15
16	0	#define OSSL_PARAM_ALLOCATED_END 127
17	0	#define OSSL_PARAM_MERGE_LIST_MAX 128
18
19	0	#define OSSL_PARAM_BUF_PUBLIC 0
20	0	#define OSSL_PARAM_BUF_SECURE 1
21		#define OSSL_PARAM_BUF_MAX (OSSL_PARAM_BUF_SECURE + 1)
22
23		typedef struct {
24		OSSL_PARAM_ALIGNED_BLOCK alloc; / The allocated buffer */
25		OSSL_PARAM_ALIGNED_BLOCK cur; / Current position in the allocated buf */
26		size_t blocks; /* Number of aligned blocks */
27		size_t alloc_sz; /* The size of the allocated buffer (in bytes) */
28		} OSSL_PARAM_BUF;
29
30		size_t ossl_param_bytes_to_blocks(size_t bytes)
31	0	{
32	0	return (bytes + OSSL_PARAM_ALIGN_SIZE - 1) / OSSL_PARAM_ALIGN_SIZE;
33	0	}
34
35		static int ossl_param_buf_alloc(OSSL_PARAM_BUF *out, size_t extra_blocks,
36		int is_secure)
37	0	{
38	0	size_t num_blocks, sz = 0;
39
40	0	if (ossl_unlikely(!ossl_size_add(extra_blocks, out->blocks, &num_blocks,
41	0	OPENSSL_FILE, OPENSSL_LINE)
42	0	\|\| !ossl_size_mul(num_blocks, OSSL_PARAM_ALIGN_SIZE, &sz,
43	0	OPENSSL_FILE, OPENSSL_LINE)))
44	0	return 0;
45
46	0	out->alloc = is_secure ? OPENSSL_secure_zalloc(sz) : OPENSSL_zalloc(sz);
47	0	if (out->alloc == NULL)
48	0	return 0;
49	0	out->alloc_sz = sz;
50	0	out->cur = out->alloc + extra_blocks;
51	0	return 1;
52	0	}
53
54		void ossl_param_set_secure_block(OSSL_PARAM last, void secure_buffer,
55		size_t secure_buffer_sz)
56	0	{
57	0	last->key = NULL;
58	0	last->data_size = secure_buffer_sz;
59	0	last->data = secure_buffer;
60	0	last->data_type = OSSL_PARAM_ALLOCATED_END;
61	0	}
62
63		static OSSL_PARAM ossl_param_dup(const OSSL_PARAM src, OSSL_PARAM *dst,
64		OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX],
65		int *param_count)
66	0	{
67	0	const OSSL_PARAM *in;
68	0	int has_dst = (dst != NULL);
69	0	int is_secure;
70	0	size_t param_sz, blks;
71
72	0	for (in = src; in->key != NULL; in++) {
73	0	is_secure = CRYPTO_secure_allocated(in->data);
74	0	if (has_dst) {
75	0	dst = in;
76	0	dst->data = buf[is_secure].cur;
77	0	}
78
79	0	if (in->data_type == OSSL_PARAM_OCTET_PTR
80	0	\|\| in->data_type == OSSL_PARAM_UTF8_PTR) {
81	0	param_sz = sizeof(in->data);
82	0	if (has_dst)
83	0	((const void )dst->data) = (const void **)in->data;
84	0	} else {
85	0	param_sz = in->data_size;
86	0	if (has_dst)
87	0	memcpy(dst->data, in->data, param_sz);
88	0	}
89	0	if (in->data_type == OSSL_PARAM_UTF8_STRING)
90	0	param_sz++; /* NULL terminator */
91	0	blks = ossl_param_bytes_to_blocks(param_sz);
92
93	0	if (has_dst) {
94	0	dst++;
95	0	buf[is_secure].cur += blks;
96	0	} else {
97	0	buf[is_secure].blocks += blks;
98	0	}
99	0	if (param_count != NULL)
100	0	++*param_count;
101	0	}
102	0	return dst;
103	0	}
104
105		OSSL_PARAM OSSL_PARAM_dup(const OSSL_PARAM src)
106	0	{
107	0	size_t param_blocks;
108	0	OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX];
109	0	OSSL_PARAM last, dst;
110	0	int param_count = 1; /* Include terminator in the count */
111
112	0	if (src == NULL) {
113	0	ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
114	0	return NULL;
115	0	}
116
117	0	memset(buf, 0, sizeof(buf));
118
119		/* First Pass: get the param_count and block sizes required */
120	0	(void)ossl_param_dup(src, NULL, buf, &param_count);
121
122	0	param_blocks = ossl_param_bytes_to_blocks(param_count * sizeof(*src));
123		/*
124		* The allocated buffer consists of an array of OSSL_PARAM followed by
125		* aligned data bytes that the array elements will point to.
126		*/
127	0	if (!ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_PUBLIC], param_blocks, 0))
128	0	return NULL;
129
130		/* Allocate a secure memory buffer if required */
131	0	if (buf[OSSL_PARAM_BUF_SECURE].blocks > 0
132	0	&& !ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_SECURE], 0, 1)) {
133	0	OPENSSL_free(buf[OSSL_PARAM_BUF_PUBLIC].alloc);
134	0	return NULL;
135	0	}
136
137	0	dst = (OSSL_PARAM *)buf[OSSL_PARAM_BUF_PUBLIC].alloc;
138	0	last = ossl_param_dup(src, dst, buf, NULL);
139		/* Store the allocated secure memory buffer in the last param block */
140	0	ossl_param_set_secure_block(last, buf[OSSL_PARAM_BUF_SECURE].alloc,
141	0	buf[OSSL_PARAM_BUF_SECURE].alloc_sz);
142	0	last->return_size = buf[OSSL_PARAM_BUF_PUBLIC].alloc_sz;
143	0	return dst;
144	0	}
145
146		static int compare_params(const void left, const void right)
147	0	{
148	0	const OSSL_PARAM l = (const OSSL_PARAM **)left;
149	0	const OSSL_PARAM r = (const OSSL_PARAM **)right;
150
151	0	return OPENSSL_strcasecmp(l->key, r->key);
152	0	}
153
154		OSSL_PARAM OSSL_PARAM_merge(const OSSL_PARAM p1, const OSSL_PARAM *p2)
155	0	{
156	0	const OSSL_PARAM *list1[OSSL_PARAM_MERGE_LIST_MAX + 1];
157	0	const OSSL_PARAM *list2[OSSL_PARAM_MERGE_LIST_MAX + 1];
158	0	const OSSL_PARAM *p = NULL;
159	0	const OSSL_PARAM p1cur, p2cur;
160	0	OSSL_PARAM params, dst;
161	0	size_t list1_sz = 0, list2_sz = 0;
162	0	int diff;
163
164	0	if (p1 == NULL && p2 == NULL) {
165	0	ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
166	0	return NULL;
167	0	}
168
169		/* Copy p1 to list1 */
170	0	if (p1 != NULL) {
171	0	for (p = p1; p->key != NULL && list1_sz < OSSL_PARAM_MERGE_LIST_MAX; p++)
172	0	list1[list1_sz++] = p;
173	0	}
174	0	list1[list1_sz] = NULL;
175
176		/* copy p2 to a list2 */
177	0	if (p2 != NULL) {
178	0	for (p = p2; p->key != NULL && list2_sz < OSSL_PARAM_MERGE_LIST_MAX; p++)
179	0	list2[list2_sz++] = p;
180	0	}
181	0	list2[list2_sz] = NULL;
182	0	if (list1_sz == 0 && list2_sz == 0) {
183	0	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_NO_PARAMS_TO_MERGE);
184	0	return NULL;
185	0	}
186
187		/* Sort the 2 lists */
188	0	qsort(list1, list1_sz, sizeof(OSSL_PARAM *), compare_params);
189	0	qsort(list2, list2_sz, sizeof(OSSL_PARAM *), compare_params);
190
191		/* Allocate enough space to store the merged parameters */
192	0	params = OPENSSL_calloc(list1_sz + list2_sz + 1, sizeof(*p1));
193	0	if (params == NULL)
194	0	return NULL;
195	0	dst = params;
196	0	p1cur = list1;
197	0	p2cur = list2;
198	0	while (1) {
199		/* If list1 is finished just tack list2 onto the end */
200	0	if (*p1cur == NULL) {
201	0	while (*p2cur != NULL) {
202	0	dst++ = *p2cur;
203	0	p2cur++;
204	0	}
205	0	break;
206	0	}
207		/* If list2 is finished just tack list1 onto the end */
208	0	if (*p2cur == NULL) {
209	0	while (*p1cur != NULL) {
210	0	dst++ = *p1cur;
211	0	p1cur++;
212	0	}
213	0	break;
214	0	}
215		/* consume the list element with the smaller key */
216	0	diff = OPENSSL_strcasecmp((p1cur)->key, (p2cur)->key);
217	0	if (diff == 0) {
218		/* If the keys are the same then throw away the list1 element */
219	0	dst++ = *p2cur;
220	0	p2cur++;
221	0	p1cur++;
222	0	} else if (diff > 0) {
223	0	dst++ = *p2cur;
224	0	p2cur++;
225	0	} else {
226	0	dst++ = *p1cur;
227	0	p1cur++;
228	0	}
229	0	}
230	0	return params;
231	0	}
232
233		void OSSL_PARAM_free(OSSL_PARAM *params)
234	0	{
235	0	if (params != NULL) {
236	0	OSSL_PARAM *p;
237
238	0	for (p = params; p->key != NULL; p++)
239	0	;
240	0	if (p->data_type == OSSL_PARAM_ALLOCATED_END)
241	0	OPENSSL_secure_clear_free(p->data, p->data_size);
242	0	OPENSSL_free(params);
243	0	}
244	0	}
245
246		void OSSL_PARAM_clear_free(OSSL_PARAM *params)
247	0	{
248	0	if (params != NULL) {
249	0	OSSL_PARAM *p;
250
251	0	for (p = params; p->key != NULL; p++)
252	0	;
253	0	if (p->data_type == OSSL_PARAM_ALLOCATED_END)
254	0	OPENSSL_secure_clear_free(p->data, p->data_size);
255	0	if (p->return_size > 0 && p->return_size != OSSL_PARAM_UNMODIFIED)
256	0	OPENSSL_cleanse(params, p->return_size);
257	0	OPENSSL_free(params);
258	0	}
259	0	}