diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-04-07 11:27:18 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-04-12 16:55:29 +1000 |
commit | 884314cab786a980189206b2cab5f62878a97669 (patch) | |
tree | d9b618c36ea0ab2a5401cbf592f1c1282f6d6de5 /crypto/params_dup.c | |
parent | d36114d7cd363d505940326f5a2512d9661a67ea (diff) |
Add OSSL_PARAM_dup() and OSSL_PARAM_merge().
These functions are prerequisites for implementing EVP_PKEY_todata().
OSSL_PARAM_dup() is required to make a deep copy of the exported
params (since the provider export() uses a OSSL_PARAM_BLD which throws away the
data after the call), and then use OSSL_PARAM_merge() to add some additional params
that can be passed to the EVP_PKEY_todata().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14785)
Diffstat (limited to 'crypto/params_dup.c')
-rw-r--r-- | crypto/params_dup.c | 236 |
1 files changed, 236 insertions, 0 deletions
diff --git a/crypto/params_dup.c b/crypto/params_dup.c new file mode 100644 index 0000000000..e1b1405979 --- /dev/null +++ b/crypto/params_dup.c @@ -0,0 +1,236 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <openssl/params.h> +#include <openssl/param_build.h> +#include "internal/param_build_set.h" +#include "e_os.h" /* strcasecmp */ + +#define OSSL_PARAM_ALLOCATED_END 127 +#define OSSL_PARAM_MERGE_LIST_MAX 128 + +#define OSSL_PARAM_BUF_PUBLIC 0 +#define OSSL_PARAM_BUF_SECURE 1 +#define OSSL_PARAM_BUF_MAX (OSSL_PARAM_BUF_SECURE + 1) + +typedef struct { + OSSL_PARAM_ALIGNED_BLOCK *alloc; /* The allocated buffer */ + OSSL_PARAM_ALIGNED_BLOCK *cur; /* Current position in the allocated buf */ + size_t blocks; /* Number of aligned blocks */ + size_t alloc_sz; /* The size of the allocated buffer (in bytes) */ +} OSSL_PARAM_BUF; + +size_t ossl_param_bytes_to_blocks(size_t bytes) +{ + return (bytes + OSSL_PARAM_ALIGN_SIZE - 1) / OSSL_PARAM_ALIGN_SIZE; +} + +static int ossl_param_buf_alloc(OSSL_PARAM_BUF *out, size_t extra_blocks, + int is_secure) +{ + size_t sz = OSSL_PARAM_ALIGN_SIZE * (extra_blocks + out->blocks); + + out->alloc = is_secure ? OPENSSL_secure_zalloc(sz) : OPENSSL_zalloc(sz); + if (out->alloc == NULL) { + ERR_raise(ERR_LIB_CRYPTO, is_secure ? CRYPTO_R_SECURE_MALLOC_FAILURE + : ERR_R_MALLOC_FAILURE); + return 0; + } + out->alloc_sz = sz; + out->cur = out->alloc + extra_blocks; + return 1; +} + +void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer, + size_t secure_buffer_sz) +{ + last->key = NULL; + last->data_size = secure_buffer_sz; + last->data = secure_buffer; + last->data_type = OSSL_PARAM_ALLOCATED_END; +} + +static OSSL_PARAM *ossl_param_dup(const OSSL_PARAM *src, OSSL_PARAM *dst, + OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX], + int *param_count) +{ + const OSSL_PARAM *in; + int has_dst = (dst != NULL); + int is_secure; + size_t param_sz, blks; + + for (in = src; in->key != NULL; in++) { + is_secure = CRYPTO_secure_allocated(in->data); + if (has_dst) { + *dst = *in; + dst->data = buf[is_secure].cur; + } + + if (in->data_type == OSSL_PARAM_OCTET_PTR + || in->data_type == OSSL_PARAM_UTF8_PTR) { + param_sz = sizeof(in->data); + if (has_dst) + *((const void **)dst->data) = *(const void **)in->data; + } else { + param_sz = in->data_size; + if (has_dst) + memcpy(dst->data, in->data, param_sz); + } + if (in->data_type == OSSL_PARAM_UTF8_STRING) + param_sz++; /* NULL terminator */ + blks = ossl_param_bytes_to_blocks(param_sz); + + if (has_dst) { + dst++; + buf[is_secure].cur += blks; + } else { + buf[is_secure].blocks += blks; + } + if (param_count != NULL) + ++*param_count; + } + return dst; +} + +OSSL_PARAM *OSSL_PARAM_dup(const OSSL_PARAM *src) +{ + size_t param_blocks; + OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX]; + OSSL_PARAM *last, *dst; + int param_count = 1; /* Include terminator in the count */ + + if (src == NULL) + return NULL; + + memset(buf, 0, sizeof(buf)); + + /* First Pass: get the param_count and block sizes required */ + (void)ossl_param_dup(src, NULL, buf, ¶m_count); + + param_blocks = ossl_param_bytes_to_blocks(param_count * sizeof(*src)); + /* + * The allocated buffer consists of an array of OSSL_PARAM followed by + * aligned data bytes that the array elements will point to. + */ + if (!ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_PUBLIC], param_blocks, 0)) + return NULL; + + /* Allocate a secure memory buffer if required */ + if (buf[OSSL_PARAM_BUF_SECURE].blocks > 0 + && !ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_SECURE], 0, 1)) { + OPENSSL_free(buf[OSSL_PARAM_BUF_PUBLIC].alloc); + return NULL; + } + + dst = (OSSL_PARAM *)buf[OSSL_PARAM_BUF_PUBLIC].alloc; + last = ossl_param_dup(src, dst, buf, NULL); + /* Store the allocated secure memory buffer in the last param block */ + ossl_param_set_secure_block(last, buf[OSSL_PARAM_BUF_SECURE].alloc, + buf[OSSL_PARAM_BUF_SECURE].alloc_sz); + return dst; +} + +static int compare_params(const void *left, const void *right) +{ + const OSSL_PARAM *l = *(const OSSL_PARAM **)left; + const OSSL_PARAM *r = *(const OSSL_PARAM **)right; + + return strcasecmp(l->key, r->key); +} + +OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) +{ + const OSSL_PARAM *list1[OSSL_PARAM_MERGE_LIST_MAX]; + const OSSL_PARAM *list2[OSSL_PARAM_MERGE_LIST_MAX]; + const OSSL_PARAM *p = NULL; + const OSSL_PARAM **p1cur, **p2cur; + OSSL_PARAM *params, *dst; + size_t list1_sz = 0, list2_sz = 0; + int diff; + + if (p1 == NULL && p2 == NULL) + return NULL; + + /* Copy p1 to list1 */ + if (p1 != NULL) { + for (p = p1; p->key != NULL && list1_sz < OSSL_PARAM_MERGE_LIST_MAX; p++) + list1[list1_sz++] = p; + } + list1[list1_sz] = NULL; + + /* copy p2 to a list2 */ + if (p2 != NULL) { + for (p = p2; p->key != NULL && list2_sz < OSSL_PARAM_MERGE_LIST_MAX; p++) + list2[list2_sz++] = p; + } + list2[list2_sz] = NULL; + if (list1_sz == 0 && list2_sz == 0) + return NULL; + + /* Sort the 2 lists */ + qsort(list1, list1_sz, sizeof(OSSL_PARAM *), compare_params); + qsort(list2, list2_sz, sizeof(OSSL_PARAM *), compare_params); + + /* Allocate enough space to store the merged parameters */ + params = OPENSSL_zalloc((list1_sz + list2_sz + 1) * sizeof(*p1)); + if (params == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + return NULL; + } + dst = params; + p1cur = list1; + p2cur = list2; + while (1) { + /* If list1 is finished just tack list2 onto the end */ + if (*p1cur == NULL) { + do { + *dst++ = **p2cur; + p2cur++; + } while (*p2cur != NULL); + break; + } + /* If list2 is finished just tack list1 onto the end */ + if (*p2cur == NULL) { + do { + *dst++ = **p1cur; + p1cur++; + } while (*p1cur != NULL); + break; + } + /* consume the list element with the smaller key */ + diff = strcasecmp((*p1cur)->key, (*p2cur)->key); + if (diff == 0) { + /* If the keys are the same then throw away the list1 element */ + *dst++ = **p2cur; + p2cur++; + p1cur++; + } else if (diff > 0) { + *dst++ = **p2cur; + p2cur++; + } else { + *dst++ = **p1cur; + p1cur++; + } + } + return params; +} + +void OSSL_PARAM_free(OSSL_PARAM *params) +{ + if (params != NULL) { + OSSL_PARAM *p; + + for (p = params; p->key != NULL; p++) + ; + if (p->data_type == OSSL_PARAM_ALLOCATED_END) + OPENSSL_secure_clear_free(p->data, p->data_size); + OPENSSL_free(params); + } +} |