crypto/param_build.c

   1 /*
   2  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
   4  *
   5  * Licensed under the Apache License 2.0 (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  */
  10
  11 #include <string.h>
  12 #include <openssl/err.h>
  13 #include <openssl/cryptoerr.h>
  14 #include <openssl/params.h>
  15 #include <openssl/types.h>
  16 #include <openssl/safestack.h>
  17 #include "internal/cryptlib.h"
  18 #include "openssl/param_build.h"
  19
  20 /*
  21  * Special internal param type to indicate the end of an allocate OSSL_PARAM
  22  * array.
  23  */
  24 #define OSSL_PARAM_ALLOCATED_END    127
  25
  26 typedef struct {
  27     const char *key;
  28     int type;
  29     int secure;
  30     size_t size;
  31     size_t alloc_blocks;
  32     const BIGNUM *bn;
  33     const void *string;
  34     union {
  35         /*
  36          * These fields are never directly addressed, but their sizes are
  37          * imporant so that all native types can be copied here without overrun.
  38          */
  39         ossl_intmax_t i;
  40         ossl_uintmax_t u;
  41         double d;
  42     } num;
  43 } OSSL_PARAM_BLD_DEF;
  44
  45 DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF)
  46
  47 struct ossl_param_bld_st {
  48     size_t total_blocks;
  49     size_t secure_blocks;
  50     STACK_OF(OSSL_PARAM_BLD_DEF) *params;
  51 };
  52
  53 typedef union {
  54     OSSL_UNION_ALIGN;
  55 } OSSL_PARAM_BLD_BLOCK;
  56
  57 #define ALIGN_SIZE  sizeof(OSSL_PARAM_BLD_BLOCK)
  58
  59 static size_t bytes_to_blocks(size_t bytes)
  60 {
  61     return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE;
  62 }
  63
  64 static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
  65                                       int size, size_t alloc, int type,
  66                                       int secure)
  67 {
  68     OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
  69
  70     if (pd == NULL) {
  71         CRYPTOerr(CRYPTO_F_PARAM_PUSH, ERR_R_MALLOC_FAILURE);
  72         return NULL;
  73     }
  74     pd->key = key;
  75     pd->type = type;
  76     pd->size = size;
  77     pd->alloc_blocks = bytes_to_blocks(size);
  78     if ((pd->secure = secure) != 0)
  79         bld->secure_blocks += pd->alloc_blocks;
  80     else
  81         bld->total_blocks += pd->alloc_blocks;
  82     if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) {
  83         OPENSSL_free(pd);
  84         pd = NULL;
  85     }
  86     return pd;
  87 }
  88
  89 static int param_push_num(OSSL_PARAM_BLD *bld, const char *key,
  90                           void *num, size_t size, int type)
  91 {
  92     OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
  93
  94     if (pd == NULL)
  95         return 0;
  96     if (size > sizeof(pd->num)) {
  97         CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES);
  98         return 0;
  99     }
 100     memcpy(&pd->num, num, size);
 101     return 1;
 102 }
 103
 104 OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void)
 105 {
 106     OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD));
 107
 108     if (r != NULL) {
 109         r->params = sk_OSSL_PARAM_BLD_DEF_new_null();
 110         if (r->params == NULL) {
 111             OPENSSL_free(r);
 112             r = NULL;
 113         }
 114     }
 115     return r;
 116 }
 117
 118 static void free_all_params(OSSL_PARAM_BLD *bld)
 119 {
 120     int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 121
 122     for (i = 0; i < n; i++)
 123         OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params));
 124 }
 125
 126 void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
 127 {
 128     if (bld == NULL)
 129         return;
 130     free_all_params(bld);
 131     sk_OSSL_PARAM_BLD_DEF_free(bld->params);
 132     OPENSSL_free(bld);
 133 }
 134
 135 int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
 136 {
 137     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 138 }
 139
 140 int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
 141                              unsigned int num)
 142 {
 143     return param_push_num(bld, key, &num, sizeof(num),
 144                           OSSL_PARAM_UNSIGNED_INTEGER);
 145 }
 146
 147 int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
 148                              long int num)
 149 {
 150     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 151 }
 152
 153 int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
 154                               unsigned long int num)
 155 {
 156     return param_push_num(bld, key, &num, sizeof(num),
 157                           OSSL_PARAM_UNSIGNED_INTEGER);
 158 }
 159
 160 int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
 161                               int32_t num)
 162 {
 163     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 164 }
 165
 166 int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
 167                                uint32_t num)
 168 {
 169     return param_push_num(bld, key, &num, sizeof(num),
 170                           OSSL_PARAM_UNSIGNED_INTEGER);
 171 }
 172
 173 int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
 174                               int64_t num)
 175 {
 176     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 177 }
 178
 179 int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
 180                                uint64_t num)
 181 {
 182     return param_push_num(bld, key, &num, sizeof(num),
 183                           OSSL_PARAM_UNSIGNED_INTEGER);
 184 }
 185
 186 int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
 187                                size_t num)
 188 {
 189     return param_push_num(bld, key, &num, sizeof(num),
 190                           OSSL_PARAM_UNSIGNED_INTEGER);
 191 }
 192
 193 int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
 194                                time_t num)
 195 {
 196     return param_push_num(bld, key, &num, sizeof(num),
 197                           OSSL_PARAM_INTEGER);
 198 }
 199
 200 int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
 201                                double num)
 202 {
 203     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
 204 }
 205
 206 int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
 207                            const BIGNUM *bn)
 208 {
 209     return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn,
 210                                       bn == NULL ? 0 : BN_num_bytes(bn));
 211 }
 212
 213 int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
 214                                const BIGNUM *bn, size_t sz)
 215 {
 216     int n, secure = 0;
 217     OSSL_PARAM_BLD_DEF *pd;
 218
 219     if (bn != NULL) {
 220         n = BN_num_bytes(bn);
 221         if (n < 0) {
 222             CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER);
 223             return 0;
 224         }
 225         if (sz < (size_t)n) {
 226             CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER);
 227             return 0;
 228         }
 229         if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
 230             secure = 1;
 231     }
 232     pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure);
 233     if (pd == NULL)
 234         return 0;
 235     pd->bn = bn;
 236     return 1;
 237 }
 238
 239 int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
 240                                     const char *buf, size_t bsize)
 241 {
 242     OSSL_PARAM_BLD_DEF *pd;
 243
 244     if (bsize == 0) {
 245         bsize = strlen(buf) + 1;
 246     } else if (bsize > INT_MAX) {
 247         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING,
 248                   CRYPTO_R_STRING_TOO_LONG);
 249         return 0;
 250     }
 251     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0);
 252     if (pd == NULL)
 253         return 0;
 254     pd->string = buf;
 255     return 1;
 256 }
 257
 258 int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
 259                                  char *buf, size_t bsize)
 260 {
 261     OSSL_PARAM_BLD_DEF *pd;
 262
 263     if (bsize == 0) {
 264         bsize = strlen(buf) + 1;
 265     } else if (bsize > INT_MAX) {
 266         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR,
 267                   CRYPTO_R_STRING_TOO_LONG);
 268         return 0;
 269     }
 270     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
 271     if (pd == NULL)
 272         return 0;
 273     pd->string = buf;
 274     return 1;
 275 }
 276
 277 int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
 278                                      const void *buf, size_t bsize)
 279 {
 280     OSSL_PARAM_BLD_DEF *pd;
 281
 282     if (bsize > INT_MAX) {
 283         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING,
 284                   CRYPTO_R_STRING_TOO_LONG);
 285         return 0;
 286     }
 287     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0);
 288     if (pd == NULL)
 289         return 0;
 290     pd->string = buf;
 291     return 1;
 292 }
 293
 294 int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
 295                                   void *buf, size_t bsize)
 296 {
 297     OSSL_PARAM_BLD_DEF *pd;
 298
 299     if (bsize > INT_MAX) {
 300         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR,
 301                   CRYPTO_R_STRING_TOO_LONG);
 302         return 0;
 303     }
 304     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
 305     if (pd == NULL)
 306         return 0;
 307     pd->string = buf;
 308     return 1;
 309 }
 310
 311 static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
 312                                      OSSL_PARAM_BLD_BLOCK *blk,
 313                                      OSSL_PARAM_BLD_BLOCK *secure)
 314 {
 315     int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 316     OSSL_PARAM_BLD_DEF *pd;
 317     void *p;
 318
 319     for (i = 0; i < num; i++) {
 320         pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i);
 321         param[i].key = pd->key;
 322         param[i].data_type = pd->type;
 323         param[i].data_size = pd->size;
 324         param[i].return_size = OSSL_PARAM_UNMODIFIED;
 325
 326         if (pd->secure) {
 327             p = secure;
 328             secure += pd->alloc_blocks;
 329         } else {
 330             p = blk;
 331             blk += pd->alloc_blocks;
 332         }
 333         param[i].data = p;
 334         if (pd->bn != NULL) {
 335             /* BIGNUM */
 336             BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
 337         } else if (pd->type == OSSL_PARAM_OCTET_PTR
 338                    || pd->type == OSSL_PARAM_UTF8_PTR) {
 339             /* PTR */
 340             *(const void **)p = pd->string;
 341         } else if (pd->type == OSSL_PARAM_OCTET_STRING
 342                    || pd->type == OSSL_PARAM_UTF8_STRING) {
 343             if (pd->string != NULL)
 344                 memcpy(p, pd->string, pd->size);
 345             else
 346                 memset(p, 0, pd->size);
 347         } else {
 348             /* Number, but could also be a NULL BIGNUM */
 349             if (pd->size > sizeof(pd->num))
 350                 memset(p, 0, pd->size);
 351             else if (pd->size > 0)
 352                 memcpy(p, &pd->num, pd->size);
 353         }
 354     }
 355     param[i] = OSSL_PARAM_construct_end();
 356     return param + i;
 357 }
 358
 359 OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
 360 {
 361     OSSL_PARAM_BLD_BLOCK *blk, *s = NULL;
 362     OSSL_PARAM *params, *last;
 363     const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
 364     const size_t p_blks = bytes_to_blocks((1 + num) * sizeof(*params));
 365     const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks);
 366     const size_t ss = ALIGN_SIZE * bld->secure_blocks;
 367
 368     if (ss > 0) {
 369         s = OPENSSL_secure_malloc(ss);
 370         if (s == NULL) {
 371             CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM,
 372                       CRYPTO_R_SECURE_MALLOC_FAILURE);
 373             return NULL;
 374         }
 375     }
 376     params = OPENSSL_malloc(total);
 377     if (params == NULL) {
 378         CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE);
 379         OPENSSL_secure_free(s);
 380         return NULL;
 381     }
 382     blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params);
 383     last = param_bld_convert(bld, params, blk, s);
 384     last->data_size = ss;
 385     last->data = s;
 386     last->data_type = OSSL_PARAM_ALLOCATED_END;
 387
 388     /* Reset builder for reuse */
 389     bld->total_blocks = 0;
 390     bld->secure_blocks = 0;
 391     free_all_params(bld);
 392     return params;
 393 }
 394
 395 void OSSL_PARAM_BLD_free_params(OSSL_PARAM *params)
 396 {
 397     if (params != NULL) {
 398         OSSL_PARAM *p;
 399
 400         for (p = params; p->key != NULL; p++)
 401             ;
 402         if (p->data_type == OSSL_PARAM_ALLOCATED_END)
 403             OPENSSL_secure_clear_free(p->data, p->data_size);
 404         OPENSSL_free(params);
 405     }
 406 }