Home | History | Annotate | Download | only in crypto
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_OPENSSL_UTIL_H_
      6 #define CRYPTO_OPENSSL_UTIL_H_
      7 
      8 #include <stddef.h>
      9 
     10 #include "base/location.h"
     11 #include "base/macros.h"
     12 #include "crypto/crypto_export.h"
     13 
     14 namespace crypto {
     15 
     16 // Provides a buffer of at least MIN_SIZE bytes, for use when calling OpenSSL's
     17 // SHA256, HMAC, etc functions, adapting the buffer sizing rules to meet those
     18 // of the our base wrapper APIs.
     19 // This allows the library to write directly to the caller's buffer if it is of
     20 // sufficient size, but if not it will write to temporary |min_sized_buffer_|
     21 // of required size and then its content is automatically copied out on
     22 // destruction, with truncation as appropriate.
     23 template<int MIN_SIZE>
     24 class ScopedOpenSSLSafeSizeBuffer {
     25  public:
     26   ScopedOpenSSLSafeSizeBuffer(unsigned char* output, size_t output_len)
     27       : output_(output),
     28         output_len_(output_len) {
     29   }
     30 
     31   ~ScopedOpenSSLSafeSizeBuffer() {
     32     if (output_len_ < MIN_SIZE) {
     33       // Copy the temporary buffer out, truncating as needed.
     34       memcpy(output_, min_sized_buffer_, output_len_);
     35     }
     36     // else... any writing already happened directly into |output_|.
     37   }
     38 
     39   unsigned char* safe_buffer() {
     40     return output_len_ < MIN_SIZE ? min_sized_buffer_ : output_;
     41   }
     42 
     43  private:
     44   // Pointer to the caller's data area and its associated size, where data
     45   // written via safe_buffer() will [eventually] end up.
     46   unsigned char* output_;
     47   size_t output_len_;
     48 
     49   // Temporary buffer writen into in the case where the caller's
     50   // buffer is not of sufficient size.
     51   unsigned char min_sized_buffer_[MIN_SIZE];
     52 
     53   DISALLOW_COPY_AND_ASSIGN(ScopedOpenSSLSafeSizeBuffer);
     54 };
     55 
     56 // Initialize OpenSSL if it isn't already initialized. This must be called
     57 // before any other OpenSSL functions though it is safe and cheap to call this
     58 // multiple times.
     59 // This function is thread-safe, and OpenSSL will only ever be initialized once.
     60 // OpenSSL will be properly shut down on program exit.
     61 void CRYPTO_EXPORT EnsureOpenSSLInit();
     62 
     63 // Drains the OpenSSL ERR_get_error stack. On a debug build the error codes
     64 // are send to VLOG(1), on a release build they are disregarded. In most
     65 // cases you should pass FROM_HERE as the |location|.
     66 void CRYPTO_EXPORT ClearOpenSSLERRStack(
     67     const tracked_objects::Location& location);
     68 
     69 // Place an instance of this class on the call stack to automatically clear
     70 // the OpenSSL error stack on function exit.
     71 class OpenSSLErrStackTracer {
     72  public:
     73   // Pass FROM_HERE as |location|, to help track the source of OpenSSL error
     74   // messages. Note any diagnostic emitted will be tagged with the location of
     75   // the constructor call as it's not possible to trace a destructor's callsite.
     76   explicit OpenSSLErrStackTracer(const tracked_objects::Location& location)
     77       : location_(location) {
     78     EnsureOpenSSLInit();
     79   }
     80   ~OpenSSLErrStackTracer() {
     81     ClearOpenSSLERRStack(location_);
     82   }
     83 
     84  private:
     85   const tracked_objects::Location location_;
     86 
     87   DISALLOW_IMPLICIT_CONSTRUCTORS(OpenSSLErrStackTracer);
     88 };
     89 
     90 }  // namespace crypto
     91 
     92 #endif  // CRYPTO_OPENSSL_UTIL_H_
     93