]> git.saurik.com Git - apple/security.git/blob - AppleCSP/open_ssl/opensslUtils/opensslUtils.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-54.tar.gz
[apple/security.git] / AppleCSP / open_ssl / opensslUtils / opensslUtils.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * opensslUtils.h - Support for ssleay-derived crypto modules
21 */
22
23 #include <openssl/rand.h>
24 #include <openssl/crypto.h>
25 #include <openssl/err.h>
26 #include <openssl/sha.h>
27 #include <openssl/rsa.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/err.h>
31 #include <Security/debugging.h>
32 #include <Security/cssmerr.h>
33 #include "opensslUtils.h"
34 #include <AppleCSP/YarrowConnection.h>
35 #include <AppleCSP/AppleCSPUtils.h>
36 #include <Security/logging.h>
37
38 #define sslUtilsDebug(args...) debug("sslUtils", ## args)
39
40 openSslException::openSslException(
41 int irtn,
42 const char *op)
43 : mIrtn(irtn)
44 {
45 if(op) {
46 char buf[300];
47 ERR_error_string(irtn, buf);
48 sslUtilsDebug("%s: %s\n", op, buf);
49 }
50 }
51
52 /* these are replacements for the ones in ssleay */
53 #define DUMP_RAND_BYTES 0
54
55 static int randDex = 1;
56
57 int RAND_bytes(unsigned char *buf,int num)
58 {
59 try {
60 cspGetRandomBytes(buf, (unsigned)num);
61 }
62 catch(...) {
63 /* that can only mean Yarrow failure, which we really need to
64 * cut some slack for */
65 Security::Syslog::error("Apple CSP: yarrow failure");
66 for(int i=0; i<num; i++) {
67 buf[i] = (i*3) + randDex++;
68 }
69 }
70 return 1;
71 }
72
73 int RAND_pseudo_bytes(unsigned char *buf,int num)
74 {
75 return RAND_bytes(buf, num);
76 }
77
78 void RAND_add(const void *buf,int num,double entropy)
79 {
80 try {
81 cspAddEntropy(buf, (unsigned)num);
82 }
83 catch(...) {
84 }
85 }
86
87 /* replacement for mem_dbg.c */
88 int CRYPTO_mem_ctrl(int mode)
89 {
90 return 0;
91 }
92
93 /*
94 * Log error info. Returns the error code we pop off the error queue.
95 */
96 unsigned long logSslErrInfo(const char *op)
97 {
98 unsigned long e = ERR_get_error();
99 char outbuf[1024];
100 ERR_error_string(e, outbuf);
101 if(op) {
102 Security::Syslog::error("Apple CSP %s: %s", op, outbuf);
103 }
104 else {
105 Security::Syslog::error("Apple CSP %s", outbuf);
106 }
107 return e;
108 }
109
110 /*
111 * Replacement for same function in openssl's sha.c, which we don't link against.
112 * The only place this is used is in DSA_generate_parameters().
113 */
114 unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md)
115 {
116 if(md == NULL) {
117 sslUtilsDebug("SHA1 with NULL md");
118 CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
119 }
120 cspGenSha1Hash(d, n, md);
121 return md;
122 }
123
124 void throwRsaDsa(
125 const char *op)
126 {
127 unsigned long e = logSslErrInfo(op);
128 CSSM_RETURN cerr = CSSM_OK;
129
130 /* try to parse into something meaningful */
131 int reason = ERR_GET_REASON(e);
132 int lib = ERR_GET_LIB(e);
133
134 /* first try the global ones */
135 switch(reason) {
136 case ERR_R_MALLOC_FAILURE:
137 cerr = CSSMERR_CSP_MEMORY_ERROR; break;
138 case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED:
139 /* internal */ break;
140 case ERR_R_PASSED_NULL_PARAMETER:
141 cerr = CSSMERR_CSP_INVALID_POINTER; break;
142 case ERR_R_NESTED_ASN1_ERROR:
143 case ERR_R_BAD_ASN1_OBJECT_HEADER:
144 case ERR_R_BAD_GET_ASN1_OBJECT_CALL:
145 case ERR_R_EXPECTING_AN_ASN1_SEQUENCE:
146 case ERR_R_ASN1_LENGTH_MISMATCH:
147 case ERR_R_MISSING_ASN1_EOS:
148 /* ASN - shouldn't happen, right? */
149 cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
150 default:
151 break;
152 }
153 if(cerr != CSSM_OK) {
154 CssmError::throwMe(cerr);
155 }
156
157 /* now the lib-specific ones */
158 switch(lib) {
159 case ERR_R_BN_LIB:
160 /* all indicate serious internal error...right? */
161 cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
162 case ERR_R_RSA_LIB:
163 switch(reason) {
164 case RSA_R_ALGORITHM_MISMATCH:
165 cerr = CSSMERR_CSP_ALGID_MISMATCH; break;
166 case RSA_R_BAD_SIGNATURE:
167 cerr = CSSMERR_CSP_VERIFY_FAILED; break;
168 case RSA_R_DATA_TOO_LARGE:
169 case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
170 case RSA_R_DATA_TOO_SMALL:
171 case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:
172 case RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:
173 cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break;
174 case RSA_R_KEY_SIZE_TOO_SMALL:
175 cerr = CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH; break;
176 case RSA_R_PADDING_CHECK_FAILED:
177 cerr = CSSMERR_CSP_INVALID_DATA; break;
178 case RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:
179 cerr = CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED; break;
180 case RSA_R_UNKNOWN_ALGORITHM_TYPE:
181 cerr = CSSMERR_CSP_INVALID_ALGORITHM; break;
182 case RSA_R_WRONG_SIGNATURE_LENGTH:
183 cerr = CSSMERR_CSP_VERIFY_FAILED; break;
184 default:
185 cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
186 }
187 break;
188 case ERR_R_DSA_LIB:
189 switch(reason) {
190 case DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
191 cerr = CSSMERR_CSP_INPUT_LENGTH_ERROR; break;
192 default:
193 cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
194 }
195 break;
196 case ERR_R_DH_LIB:
197 /* actually none of the DH errors make sense at the CDSA level */
198 cerr = CSSMERR_CSP_INTERNAL_ERROR;
199 break;
200 default:
201 cerr = CSSMERR_CSP_INTERNAL_ERROR; break;
202 }
203 CssmError::throwMe(cerr);
204 }
205
206 /*
207 * given an openssl-style error, throw appropriate CssmError.
208 */
209 void throwOpensslErr(int irtn)
210 {
211 /* FIXME */
212 CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
213 }
214
mirror of Security