crypto/param_build.c

   1 /*
   2  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
   4  *
   5  * Licensed under the Apache License 2.0 (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  */
  10
  11 #include <string.h>
  12 #include <openssl/err.h>
  13 #include <openssl/cryptoerr.h>
  14 #include <openssl/params.h>
  15 #include <openssl/types.h>
  16 #include <openssl/safestack.h>
  17 #include "internal/cryptlib.h"
  18 #include "openssl/param_build.h"
  19
  20 /*
  21  * Special internal param type to indicate the end of an allocate OSSL_PARAM
  22  * array.
  23  */
  24 #define OSSL_PARAM_ALLOCATED_END    127
  25
  26 typedef struct {
  27     const char *key;
  28     int type;
  29     int secure;
  30     size_t size;
  31     size_t alloc_blocks;
  32     const BIGNUM *bn;
  33     const void *string;
  34     union {
  35         /*
  36          * These fields are never directly addressed, but their sizes are
  37          * imporant so that all native types can be copied here without overrun.
  38          */
  39         ossl_intmax_t i;
  40         ossl_uintmax_t u;
  41         double d;
  42     } num;
  43 } OSSL_PARAM_BLD_DEF;
  44
  45 DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  46
  47 struct ossl_param_bld_st {
  48     size_t total_blocks;
  49     size_t secure_blocks;
  50     STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  51 };
  52
  53 typedef union {
  54     OSSL_UNION_ALIGN;
  55 } OSSL_PARAM_BLD_BLOCK;
  56
  57 #define ALIGN_SIZE  sizeof(OSSL_PARAM_BLD_BLOCK)
  58
  59 static size_t bytes_to_blocks(size_t bytes)
  60 {
  61     return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE;
  62 }
  63
  64 static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  65                                       int size, size_t alloc, int type,
  66                                       int secure)
  67 {
  68     OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  69
  70     if (pd == NULL) {
  71         CRYPTOerr(CRYPTO_F_PARAM_PUSH, ERR_R_MALLOC_FAILURE);
  72         return NULL;
  73     }
  74     pd->key = key;
  75     pd->type = type;
  76     pd->size = size;
  77     pd->alloc_blocks = bytes_to_blocks(size);
  78     if ((pd->secure = secure) != 0)
  79         bld->secure_blocks += pd->alloc_blocks;
  80     else
  81         bld->total_blocks += pd->alloc_blocks;
  82     if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  83         OPENSSL_free(pd);
  84         pd = NULL;
  85     }
  86     return pd;
  87 }
  88
  89 static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  90                           void *num, size_t size, int type)
  91 {
  92     OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  93
  94     if (pd == NULL)
  95         return 0;
  96     if (size > sizeof(pd->num)) {
  97         CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES);
  98         return 0;
  99     }
 100     memcpy(&pd->num, num, size);
 101     return 1;
 102 }
 103
 104 OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
 105 {
 106     OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
 107
 108     if (r != NULL) {
 109         r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
 110         if (r->params == NULL) {
 111             OPENSSL_free(r);
 112             r = NULL;
 113         }
 114     }
 115     return r;
 116 }
 117
 118 static void free_all_params(OSSL_PARAM_BLD *bld)
 119 {
 120     int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 121
 122     for (i = 0; i < n; i++)
 123         OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
 124 }
 125
 126 void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
 127 {
 128     if (bld == NULL)
 129         return;
 130     free_all_params(bld);
 131     sk_OSSL_PARAM_BLD_DEF_free(bld->params);
 132     OPENSSL_free(bld);
 133 }
 134
 135 int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
 136 {
 137     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 138 }
 139
 140 int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
 141                              unsigned int num)
 142 {
 143     return param_push_num(bld, key, &num, sizeof(num),
 144                           OSSL_PARAM_UNSIGNED_INTEGER);
 145 }
 146
 147 int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
 148                              long int num)
 149 {
 150     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 151 }
 152
 153 int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
 154                               unsigned long int num)
 155 {
 156     return param_push_num(bld, key, &num, sizeof(num),
 157                           OSSL_PARAM_UNSIGNED_INTEGER);
 158 }
 159
 160 int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
 161                               int32_t num)
 162 {
 163     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 164 }
 165
 166 int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
 167                                uint32_t num)
 168 {
 169     return param_push_num(bld, key, &num, sizeof(num),
 170                           OSSL_PARAM_UNSIGNED_INTEGER);
 171 }
 172
 173 int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
 174                               int64_t num)
 175 {
 176     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 177 }
 178
 179 int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
 180                                uint64_t num)
 181 {
 182     return param_push_num(bld, key, &num, sizeof(num),
 183                           OSSL_PARAM_UNSIGNED_INTEGER);
 184 }
 185
 186 int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
 187                                size_t num)
 188 {
 189     return param_push_num(bld, key, &num, sizeof(num),
 190                           OSSL_PARAM_UNSIGNED_INTEGER);
 191 }
 192
 193 int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
 194                                double num)
 195 {
 196     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
 197 }
 198
 199 int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
 200                            const BIGNUM *bn)
 201 {
 202     return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn,
 203                                       bn == NULL ? 0 : BN_num_bytes(bn));
 204 }
 205
 206 int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
 207                                const BIGNUM *bn, size_t sz)
 208 {
 209     int n, secure = 0;
 210     OSSL_PARAM_BLD_DEF *pd;
 211
 212     if (bn != NULL) {
 213         n = BN_num_bytes(bn);
 214         if (n < 0) {
 215             CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER);
 216             return 0;
 217         }
 218         if (sz < (size_t)n) {
 219             CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER);
 220             return 0;
 221         }
 222         if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
 223             secure = 1;
 224     }
 225     pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure);
 226     if (pd == NULL)
 227         return 0;
 228     pd->bn = bn;
 229     return 1;
 230 }
 231
 232 int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
 233                                     const char *buf, size_t bsize)
 234 {
 235     OSSL_PARAM_BLD_DEF *pd;
 236
 237     if (bsize == 0) {
 238         bsize = strlen(buf) + 1;
 239     } else if (bsize > INT_MAX) {
 240         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING,
 241                   CRYPTO_R_STRING_TOO_LONG);
 242         return 0;
 243     }
 244     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0);
 245     if (pd == NULL)
 246         return 0;
 247     pd->string = buf;
 248     return 1;
 249 }
 250
 251 int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
 252                                  char *buf, size_t bsize)
 253 {
 254     OSSL_PARAM_BLD_DEF *pd;
 255
 256     if (bsize == 0) {
 257         bsize = strlen(buf) + 1;
 258     } else if (bsize > INT_MAX) {
 259         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR,
 260                   CRYPTO_R_STRING_TOO_LONG);
 261         return 0;
 262     }
 263     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
 264     if (pd == NULL)
 265         return 0;
 266     pd->string = buf;
 267     return 1;
 268 }
 269
 270 int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
 271                                      const void *buf, size_t bsize)
 272 {
 273     OSSL_PARAM_BLD_DEF *pd;
 274
 275     if (bsize > INT_MAX) {
 276         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING,
 277                   CRYPTO_R_STRING_TOO_LONG);
 278         return 0;
 279     }
 280     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0);
 281     if (pd == NULL)
 282         return 0;
 283     pd->string = buf;
 284     return 1;
 285 }
 286
 287 int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
 288                                   void *buf, size_t bsize)
 289 {
 290     OSSL_PARAM_BLD_DEF *pd;
 291
 292     if (bsize > INT_MAX) {
 293         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR,
 294                   CRYPTO_R_STRING_TOO_LONG);
 295         return 0;
 296     }
 297     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
 298     if (pd == NULL)
 299         return 0;
 300     pd->string = buf;
 301     return 1;
 302 }
 303
 304 static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
 305                                      OSSL_PARAM_BLD_BLOCK *blk,
 306                                      OSSL_PARAM_BLD_BLOCK *secure)
 307 {
 308     int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 309     OSSL_PARAM_BLD_DEF *pd;
 310     void *p;
 311
 312     for (i = 0; i < num; i++) {
 313         pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
 314         param[i].key = pd->key;
 315         param[i].data_type = pd->type;
 316         param[i].data_size = pd->size;
 317         param[i].return_size = OSSL_PARAM_UNMODIFIED;
 318
 319         if (pd->secure) {
 320             p = secure;
 321             secure += pd->alloc_blocks;
 322         } else {
 323             p = blk;
 324             blk += pd->alloc_blocks;
 325         }
 326         param[i].data = p;
 327         if (pd->bn != NULL) {
 328             /* BIGNUM */
 329             BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
 330         } else if (pd->type == OSSL_PARAM_OCTET_PTR
 331                    || pd->type == OSSL_PARAM_UTF8_PTR) {
 332             /* PTR */
 333             *(const void **)p = pd->string;
 334         } else if (pd->type == OSSL_PARAM_OCTET_STRING
 335                    || pd->type == OSSL_PARAM_UTF8_STRING) {
 336             if (pd->string != NULL)
 337                 memcpy(p, pd->string, pd->size);
 338             else
 339                 memset(p, 0, pd->size);
 340         } else {
 341             /* Number, but could also be a NULL BIGNUM */
 342             if (pd->size > sizeof(pd->num))
 343                 memset(p, 0, pd->size);
 344             else if (pd->size > 0)
 345                 memcpy(p, &pd->num, pd->size);
 346         }
 347     }
 348     param[i] = OSSL_PARAM_construct_end();
 349     return param + i;
 350 }
 351
 352 OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
 353 {
 354     OSSL_PARAM_BLD_BLOCK *blk, *s = NULL;
 355     OSSL_PARAM *params, *last;
 356     const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 357     const size_t p_blks = bytes_to_blocks((1 + num) * sizeof(*params));
 358     const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks);
 359     const size_t ss = ALIGN_SIZE * bld->secure_blocks;
 360
 361     if (ss > 0) {
 362         s = OPENSSL_secure_malloc(ss);
 363         if (s == NULL) {
 364             CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM,
 365                       CRYPTO_R_SECURE_MALLOC_FAILURE);
 366             return NULL;
 367         }
 368     }
 369     params = OPENSSL_malloc(total);
 370     if (params == NULL) {
 371         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE);
 372         OPENSSL_secure_free(s);
 373         return NULL;
 374     }
 375     blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params);
 376     last = param_bld_convert(bld, params, blk, s);
 377     last->data_size = ss;
 378     last->data = s;
 379     last->data_type = OSSL_PARAM_ALLOCATED_END;
 380
 381     /* Reset builder for reuse */
 382     bld->total_blocks = 0;
 383     bld->secure_blocks = 0;
 384     free_all_params(bld);
 385     return params;
 386 }
 387
 388 void OSSL_PARAM_BLD_free_params(OSSL_PARAM *params)
 389 {
 390     if (params != NULL) {
 391         OSSL_PARAM *p;
 392
 393         for (p = params; p->key != NULL; p++)
 394             ;
 395         if (p->data_type == OSSL_PARAM_ALLOCATED_END)
 396             OPENSSL_secure_clear_free(p->data, p->data_size);
 397         OPENSSL_free(params);
 398     }
 399 }