xref: /aosp_15_r20/external/cronet/net/ssl/openssl_ssl_util.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2014 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SSL_OPENSSL_SSL_UTIL_H_
6 #define NET_SSL_OPENSSL_SSL_UTIL_H_
7 
8 #include <stdint.h>
9 
10 #include "net/base/net_export.h"
11 #include "net/cert/x509_certificate.h"
12 #include "net/log/net_log_event_type.h"
13 #include "third_party/boringssl/src/include/openssl/base.h"
14 
15 namespace crypto {
16 class OpenSSLErrStackTracer;
17 }
18 
19 namespace base {
20 class Location;
21 }
22 
23 namespace net {
24 
25 class NetLogWithSource;
26 
27 // Puts a net error, |err|, on the error stack in OpenSSL. The file and line are
28 // extracted from |posted_from|. The function code of the error is left as 0.
29 void OpenSSLPutNetError(const base::Location& posted_from, int err);
30 
31 // Utility to construct the appropriate set & clear masks for use the OpenSSL
32 // options and mode configuration functions. (SSL_set_options etc)
33 struct SslSetClearMask {
34   SslSetClearMask();
35   void ConfigureFlag(long flag, bool state);
36 
37   long set_mask = 0;
38   long clear_mask = 0;
39 };
40 
41 // Converts an OpenSSL error code into a net error code, walking the OpenSSL
42 // error stack if needed.
43 //
44 // Note that |tracer| is not currently used in the implementation, but is passed
45 // in anyway as this ensures the caller will clear any residual codes left on
46 // the error stack.
47 NET_EXPORT_PRIVATE int MapOpenSSLError(
48     int err,
49     const crypto::OpenSSLErrStackTracer& tracer);
50 
51 // Helper struct to store information about an OpenSSL error stack entry.
52 struct OpenSSLErrorInfo {
53   OpenSSLErrorInfo() = default;
54 
55   uint32_t error_code = 0;
56   const char* file = nullptr;
57   int line = 0;
58 };
59 
60 // Converts an OpenSSL error code into a net error code, walking the OpenSSL
61 // error stack if needed. If a value on the stack is used, the error code and
62 // associated information are returned in |*out_error_info|. Otherwise its
63 // fields are set to 0 and NULL. This function will never return OK, so
64 // SSL_ERROR_ZERO_RETURN must be handled externally.
65 //
66 // Note that |tracer| is not currently used in the implementation, but is passed
67 // in anyway as this ensures the caller will clear any residual codes left on
68 // the error stack.
69 int MapOpenSSLErrorWithDetails(int err,
70                                const crypto::OpenSSLErrStackTracer& tracer,
71                                OpenSSLErrorInfo* out_error_info);
72 
73 // Logs an OpenSSL error to the NetLog.
74 void NetLogOpenSSLError(const NetLogWithSource& net_log,
75                         NetLogEventType type,
76                         int net_error,
77                         int ssl_error,
78                         const OpenSSLErrorInfo& error_info);
79 
80 // Returns the net SSL version number (see ssl_connection_status_flags.h) for
81 // this SSL connection.
82 int GetNetSSLVersion(SSL* ssl);
83 
84 // Configures |ssl| to send the specified certificate and either |pkey| or
85 // |custom_key|. This is a wrapper over |SSL_set_chain_and_key|.
86 bool SetSSLChainAndKey(SSL* ssl,
87                        X509Certificate* cert,
88                        EVP_PKEY* pkey,
89                        const SSL_PRIVATE_KEY_METHOD* custom_key);
90 
91 }  // namespace net
92 
93 #endif  // NET_SSL_OPENSSL_SSL_UTIL_H_
94