1*6777b538SAndroid Build Coastguard Worker // Copyright 2014 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_SSL_OPENSSL_SSL_UTIL_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_SSL_OPENSSL_SSL_UTIL_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <stdint.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 11*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate.h" 12*6777b538SAndroid Build Coastguard Worker #include "net/log/net_log_event_type.h" 13*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/base.h" 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker namespace crypto { 16*6777b538SAndroid Build Coastguard Worker class OpenSSLErrStackTracer; 17*6777b538SAndroid Build Coastguard Worker } 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker namespace base { 20*6777b538SAndroid Build Coastguard Worker class Location; 21*6777b538SAndroid Build Coastguard Worker } 22*6777b538SAndroid Build Coastguard Worker 23*6777b538SAndroid Build Coastguard Worker namespace net { 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker class NetLogWithSource; 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker // Puts a net error, |err|, on the error stack in OpenSSL. The file and line are 28*6777b538SAndroid Build Coastguard Worker // extracted from |posted_from|. The function code of the error is left as 0. 29*6777b538SAndroid Build Coastguard Worker void OpenSSLPutNetError(const base::Location& posted_from, int err); 30*6777b538SAndroid Build Coastguard Worker 31*6777b538SAndroid Build Coastguard Worker // Utility to construct the appropriate set & clear masks for use the OpenSSL 32*6777b538SAndroid Build Coastguard Worker // options and mode configuration functions. (SSL_set_options etc) 33*6777b538SAndroid Build Coastguard Worker struct SslSetClearMask { 34*6777b538SAndroid Build Coastguard Worker SslSetClearMask(); 35*6777b538SAndroid Build Coastguard Worker void ConfigureFlag(long flag, bool state); 36*6777b538SAndroid Build Coastguard Worker 37*6777b538SAndroid Build Coastguard Worker long set_mask = 0; 38*6777b538SAndroid Build Coastguard Worker long clear_mask = 0; 39*6777b538SAndroid Build Coastguard Worker }; 40*6777b538SAndroid Build Coastguard Worker 41*6777b538SAndroid Build Coastguard Worker // Converts an OpenSSL error code into a net error code, walking the OpenSSL 42*6777b538SAndroid Build Coastguard Worker // error stack if needed. 43*6777b538SAndroid Build Coastguard Worker // 44*6777b538SAndroid Build Coastguard Worker // Note that |tracer| is not currently used in the implementation, but is passed 45*6777b538SAndroid Build Coastguard Worker // in anyway as this ensures the caller will clear any residual codes left on 46*6777b538SAndroid Build Coastguard Worker // the error stack. 47*6777b538SAndroid Build Coastguard Worker NET_EXPORT_PRIVATE int MapOpenSSLError( 48*6777b538SAndroid Build Coastguard Worker int err, 49*6777b538SAndroid Build Coastguard Worker const crypto::OpenSSLErrStackTracer& tracer); 50*6777b538SAndroid Build Coastguard Worker 51*6777b538SAndroid Build Coastguard Worker // Helper struct to store information about an OpenSSL error stack entry. 52*6777b538SAndroid Build Coastguard Worker struct OpenSSLErrorInfo { 53*6777b538SAndroid Build Coastguard Worker OpenSSLErrorInfo() = default; 54*6777b538SAndroid Build Coastguard Worker 55*6777b538SAndroid Build Coastguard Worker uint32_t error_code = 0; 56*6777b538SAndroid Build Coastguard Worker const char* file = nullptr; 57*6777b538SAndroid Build Coastguard Worker int line = 0; 58*6777b538SAndroid Build Coastguard Worker }; 59*6777b538SAndroid Build Coastguard Worker 60*6777b538SAndroid Build Coastguard Worker // Converts an OpenSSL error code into a net error code, walking the OpenSSL 61*6777b538SAndroid Build Coastguard Worker // error stack if needed. If a value on the stack is used, the error code and 62*6777b538SAndroid Build Coastguard Worker // associated information are returned in |*out_error_info|. Otherwise its 63*6777b538SAndroid Build Coastguard Worker // fields are set to 0 and NULL. This function will never return OK, so 64*6777b538SAndroid Build Coastguard Worker // SSL_ERROR_ZERO_RETURN must be handled externally. 65*6777b538SAndroid Build Coastguard Worker // 66*6777b538SAndroid Build Coastguard Worker // Note that |tracer| is not currently used in the implementation, but is passed 67*6777b538SAndroid Build Coastguard Worker // in anyway as this ensures the caller will clear any residual codes left on 68*6777b538SAndroid Build Coastguard Worker // the error stack. 69*6777b538SAndroid Build Coastguard Worker int MapOpenSSLErrorWithDetails(int err, 70*6777b538SAndroid Build Coastguard Worker const crypto::OpenSSLErrStackTracer& tracer, 71*6777b538SAndroid Build Coastguard Worker OpenSSLErrorInfo* out_error_info); 72*6777b538SAndroid Build Coastguard Worker 73*6777b538SAndroid Build Coastguard Worker // Logs an OpenSSL error to the NetLog. 74*6777b538SAndroid Build Coastguard Worker void NetLogOpenSSLError(const NetLogWithSource& net_log, 75*6777b538SAndroid Build Coastguard Worker NetLogEventType type, 76*6777b538SAndroid Build Coastguard Worker int net_error, 77*6777b538SAndroid Build Coastguard Worker int ssl_error, 78*6777b538SAndroid Build Coastguard Worker const OpenSSLErrorInfo& error_info); 79*6777b538SAndroid Build Coastguard Worker 80*6777b538SAndroid Build Coastguard Worker // Returns the net SSL version number (see ssl_connection_status_flags.h) for 81*6777b538SAndroid Build Coastguard Worker // this SSL connection. 82*6777b538SAndroid Build Coastguard Worker int GetNetSSLVersion(SSL* ssl); 83*6777b538SAndroid Build Coastguard Worker 84*6777b538SAndroid Build Coastguard Worker // Configures |ssl| to send the specified certificate and either |pkey| or 85*6777b538SAndroid Build Coastguard Worker // |custom_key|. This is a wrapper over |SSL_set_chain_and_key|. 86*6777b538SAndroid Build Coastguard Worker bool SetSSLChainAndKey(SSL* ssl, 87*6777b538SAndroid Build Coastguard Worker X509Certificate* cert, 88*6777b538SAndroid Build Coastguard Worker EVP_PKEY* pkey, 89*6777b538SAndroid Build Coastguard Worker const SSL_PRIVATE_KEY_METHOD* custom_key); 90*6777b538SAndroid Build Coastguard Worker 91*6777b538SAndroid Build Coastguard Worker } // namespace net 92*6777b538SAndroid Build Coastguard Worker 93*6777b538SAndroid Build Coastguard Worker #endif // NET_SSL_OPENSSL_SSL_UTIL_H_ 94