/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
#include <openssl/params.h>
#include <openssl/types.h>
#include <openssl/safestack.h>
-#include "internal/cryptlib.h"
-#include "openssl/param_build.h"
+#include "internal/param_build_set.h"
/*
* Special internal param type to indicate the end of an allocate OSSL_PARAM
* array.
*/
-#define OSSL_PARAM_ALLOCATED_END 127
typedef struct {
const char *key;
union {
/*
* These fields are never directly addressed, but their sizes are
- * imporant so that all native types can be copied here without overrun.
+ * important so that all native types can be copied here without overrun.
*/
ossl_intmax_t i;
ossl_uintmax_t u;
STACK_OF(OSSL_PARAM_BLD_DEF) *params;
};
-typedef union {
- OSSL_UNION_ALIGN;
-} OSSL_PARAM_BLD_BLOCK;
-
-#define ALIGN_SIZE sizeof(OSSL_PARAM_BLD_BLOCK)
-
-static size_t bytes_to_blocks(size_t bytes)
-{
- return (bytes + ALIGN_SIZE - 1) / ALIGN_SIZE;
-}
-
static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key,
- int size, size_t alloc, int type,
+ size_t size, size_t alloc, int type,
int secure)
{
OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd));
- if (pd == NULL) {
- CRYPTOerr(CRYPTO_F_PARAM_PUSH, ERR_R_MALLOC_FAILURE);
+ if (pd == NULL)
return NULL;
- }
pd->key = key;
pd->type = type;
pd->size = size;
- pd->alloc_blocks = bytes_to_blocks(size);
+ pd->alloc_blocks = ossl_param_bytes_to_blocks(alloc);
if ((pd->secure = secure) != 0)
bld->secure_blocks += pd->alloc_blocks;
else
{
OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0);
- if (pd == NULL)
+ if (pd == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
+ }
if (size > sizeof(pd->num)) {
- CRYPTOerr(CRYPTO_F_PARAM_PUSH_NUM, CRYPTO_R_TOO_MANY_BYTES);
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
return 0;
}
memcpy(&pd->num, num, size);
void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
{
+ if (bld == NULL)
+ return;
free_all_params(bld);
sk_OSSL_PARAM_BLD_DEF_free(bld->params);
OPENSSL_free(bld);
OSSL_PARAM_UNSIGNED_INTEGER);
}
-int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
- double num)
+int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
+ time_t num)
{
- return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
+ return param_push_num(bld, key, &num, sizeof(num),
+ OSSL_PARAM_INTEGER);
}
-int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
- const BIGNUM *bn)
+int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
+ double num)
{
- return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn,
- bn == NULL ? 0 : BN_num_bytes(bn));
+ return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
}
-int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
- const BIGNUM *bn, size_t sz)
+static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
+ const BIGNUM *bn, size_t sz, int type)
{
int n, secure = 0;
OSSL_PARAM_BLD_DEF *pd;
+ if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
+ || type == OSSL_PARAM_INTEGER))
+ return 0;
+
if (bn != NULL) {
+ if (type == OSSL_PARAM_UNSIGNED_INTEGER && BN_is_negative(bn)) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
+ "Negative big numbers are unsupported for OSSL_PARAM_UNSIGNED_INTEGER");
+ return 0;
+ }
+
n = BN_num_bytes(bn);
if (n < 0) {
- CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER);
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER);
return 0;
}
if (sz < (size_t)n) {
- CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER);
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
return 0;
}
if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE)
secure = 1;
+
+ /* The BIGNUM is zero, we must transfer at least one byte */
+ if (sz == 0)
+ sz++;
}
- pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure);
+ pd = param_push(bld, key, sz, sz, type, secure);
if (pd == NULL)
return 0;
pd->bn = bn;
return 1;
}
+int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
+ const BIGNUM *bn)
+{
+ if (bn != NULL && BN_is_negative(bn))
+ return push_BN(bld, key, bn, BN_num_bytes(bn) + 1,
+ OSSL_PARAM_INTEGER);
+ return push_BN(bld, key, bn, bn == NULL ? 0 : BN_num_bytes(bn),
+ OSSL_PARAM_UNSIGNED_INTEGER);
+}
+
+int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
+ const BIGNUM *bn, size_t sz)
+{
+ if (bn != NULL && BN_is_negative(bn))
+ return push_BN(bld, key, bn, BN_num_bytes(bn),
+ OSSL_PARAM_INTEGER);
+ return push_BN(bld, key, bn, sz, OSSL_PARAM_UNSIGNED_INTEGER);
+}
+
int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
const char *buf, size_t bsize)
{
OSSL_PARAM_BLD_DEF *pd;
+ int secure;
- if (bsize == 0) {
- bsize = strlen(buf) + 1;
- } else if (bsize > INT_MAX) {
- CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_STRING,
- CRYPTO_R_STRING_TOO_LONG);
- return 0;
- }
- pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_UTF8_STRING, 0);
+ if (bsize == 0)
+ bsize = strlen(buf);
+ secure = CRYPTO_secure_allocated(buf);
+ pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure);
if (pd == NULL)
return 0;
pd->string = buf;
{
OSSL_PARAM_BLD_DEF *pd;
- if (bsize == 0) {
- bsize = strlen(buf) + 1;
- } else if (bsize > INT_MAX) {
- CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_UTF8_PTR,
- CRYPTO_R_STRING_TOO_LONG);
- return 0;
- }
+ if (bsize == 0)
+ bsize = strlen(buf);
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
if (pd == NULL)
return 0;
const void *buf, size_t bsize)
{
OSSL_PARAM_BLD_DEF *pd;
+ int secure;
- if (bsize > INT_MAX) {
- CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_STRING,
- CRYPTO_R_STRING_TOO_LONG);
- return 0;
- }
- pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0);
+ secure = CRYPTO_secure_allocated(buf);
+ pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
if (pd == NULL)
return 0;
pd->string = buf;
{
OSSL_PARAM_BLD_DEF *pd;
- if (bsize > INT_MAX) {
- CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_OCTET_PTR,
- CRYPTO_R_STRING_TOO_LONG);
- return 0;
- }
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
if (pd == NULL)
return 0;
}
static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param,
- OSSL_PARAM_BLD_BLOCK *blk,
- OSSL_PARAM_BLD_BLOCK *secure)
+ OSSL_PARAM_ALIGNED_BLOCK *blk,
+ OSSL_PARAM_ALIGNED_BLOCK *secure)
{
int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
OSSL_PARAM_BLD_DEF *pd;
param[i].data = p;
if (pd->bn != NULL) {
/* BIGNUM */
- BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
+ if (pd->type == OSSL_PARAM_UNSIGNED_INTEGER)
+ BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size);
+ else
+ BN_signed_bn2native(pd->bn, (unsigned char *)p, pd->size);
} else if (pd->type == OSSL_PARAM_OCTET_PTR
|| pd->type == OSSL_PARAM_UTF8_PTR) {
/* PTR */
memcpy(p, pd->string, pd->size);
else
memset(p, 0, pd->size);
+ if (pd->type == OSSL_PARAM_UTF8_STRING)
+ ((char *)p)[pd->size] = '\0';
} else {
/* Number, but could also be a NULL BIGNUM */
if (pd->size > sizeof(pd->num))
OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
{
- OSSL_PARAM_BLD_BLOCK *blk, *s = NULL;
+ OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
OSSL_PARAM *params, *last;
const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
- const size_t p_blks = bytes_to_blocks((1 + num) * sizeof(*params));
- const size_t total = ALIGN_SIZE * (p_blks + bld->total_blocks);
- const size_t ss = ALIGN_SIZE * bld->secure_blocks;
+ const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
+ const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
+ const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
if (ss > 0) {
s = OPENSSL_secure_malloc(ss);
if (s == NULL) {
- CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM,
- CRYPTO_R_SECURE_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE);
return NULL;
}
}
params = OPENSSL_malloc(total);
if (params == NULL) {
- CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_TO_PARAM, ERR_R_MALLOC_FAILURE);
OPENSSL_secure_free(s);
return NULL;
}
- blk = p_blks + (OSSL_PARAM_BLD_BLOCK *)(params);
+ blk = p_blks + (OSSL_PARAM_ALIGNED_BLOCK *)(params);
last = param_bld_convert(bld, params, blk, s);
- last->data_size = ss;
- last->data = s;
- last->data_type = OSSL_PARAM_ALLOCATED_END;
+ ossl_param_set_secure_block(last, s, ss);
/* Reset builder for reuse */
bld->total_blocks = 0;
free_all_params(bld);
return params;
}
-
-void OSSL_PARAM_BLD_free_params(OSSL_PARAM *params)
-{
- if (params != NULL) {
- OSSL_PARAM *p;
-
- for (p = params; p->key != NULL; p++)
- ;
- if (p->data_type == OSSL_PARAM_ALLOCATED_END)
- OPENSSL_secure_clear_free(p->data, p->data_size);
- OPENSSL_free(params);
- }
-}