1*d9f75844SAndroid Build Coastguard Worker /* 2*d9f75844SAndroid Build Coastguard Worker * Copyright 2018 The WebRTC Project Authors. All rights reserved. 3*d9f75844SAndroid Build Coastguard Worker * 4*d9f75844SAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license 5*d9f75844SAndroid Build Coastguard Worker * that can be found in the LICENSE file in the root of the source 6*d9f75844SAndroid Build Coastguard Worker * tree. An additional intellectual property rights grant can be found 7*d9f75844SAndroid Build Coastguard Worker * in the file PATENTS. All contributing project authors may 8*d9f75844SAndroid Build Coastguard Worker * be found in the AUTHORS file in the root of the source tree. 9*d9f75844SAndroid Build Coastguard Worker */ 10*d9f75844SAndroid Build Coastguard Worker 11*d9f75844SAndroid Build Coastguard Worker #ifndef RTC_BASE_OPENSSL_UTILITY_H_ 12*d9f75844SAndroid Build Coastguard Worker #define RTC_BASE_OPENSSL_UTILITY_H_ 13*d9f75844SAndroid Build Coastguard Worker 14*d9f75844SAndroid Build Coastguard Worker #include <openssl/ossl_typ.h> 15*d9f75844SAndroid Build Coastguard Worker 16*d9f75844SAndroid Build Coastguard Worker #include <string> 17*d9f75844SAndroid Build Coastguard Worker 18*d9f75844SAndroid Build Coastguard Worker #include "absl/strings/string_view.h" 19*d9f75844SAndroid Build Coastguard Worker 20*d9f75844SAndroid Build Coastguard Worker namespace rtc { 21*d9f75844SAndroid Build Coastguard Worker // The openssl namespace holds static helper methods. All methods related 22*d9f75844SAndroid Build Coastguard Worker // to OpenSSL that are commonly used and don't require global state should be 23*d9f75844SAndroid Build Coastguard Worker // placed here. 24*d9f75844SAndroid Build Coastguard Worker namespace openssl { 25*d9f75844SAndroid Build Coastguard Worker 26*d9f75844SAndroid Build Coastguard Worker #ifdef OPENSSL_IS_BORINGSSL 27*d9f75844SAndroid Build Coastguard Worker // Does minimal parsing of a certificate (only verifying the presence of major 28*d9f75844SAndroid Build Coastguard Worker // fields), primarily for the purpose of extracting the relevant out 29*d9f75844SAndroid Build Coastguard Worker // parameters. Any that the caller is uninterested in can be null. 30*d9f75844SAndroid Build Coastguard Worker bool ParseCertificate(CRYPTO_BUFFER* cert_buffer, 31*d9f75844SAndroid Build Coastguard Worker CBS* signature_algorithm_oid, 32*d9f75844SAndroid Build Coastguard Worker int64_t* expiration_time); 33*d9f75844SAndroid Build Coastguard Worker #endif 34*d9f75844SAndroid Build Coastguard Worker 35*d9f75844SAndroid Build Coastguard Worker // Verifies that the hostname provided matches that in the peer certificate 36*d9f75844SAndroid Build Coastguard Worker // attached to this SSL state. 37*d9f75844SAndroid Build Coastguard Worker // TODO(crbug.com/webrtc/11710): When OS certificate verification is available, 38*d9f75844SAndroid Build Coastguard Worker // skip compiling this as it adds a dependency on OpenSSL X509 objects, which we 39*d9f75844SAndroid Build Coastguard Worker // are trying to avoid in favor of CRYPTO_BUFFERs (see crbug.com/webrtc/11410). 40*d9f75844SAndroid Build Coastguard Worker bool VerifyPeerCertMatchesHost(SSL* ssl, absl::string_view host); 41*d9f75844SAndroid Build Coastguard Worker 42*d9f75844SAndroid Build Coastguard Worker // Logs all the errors in the OpenSSL errror queue from the current thread. A 43*d9f75844SAndroid Build Coastguard Worker // prefix can be provided for context. 44*d9f75844SAndroid Build Coastguard Worker void LogSSLErrors(absl::string_view prefix); 45*d9f75844SAndroid Build Coastguard Worker 46*d9f75844SAndroid Build Coastguard Worker #ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS 47*d9f75844SAndroid Build Coastguard Worker // Attempt to add the certificates from the loader into the SSL_CTX. False is 48*d9f75844SAndroid Build Coastguard Worker // returned only if there are no certificates returned from the loader or none 49*d9f75844SAndroid Build Coastguard Worker // of them can be added to the TrustStore for the provided context. 50*d9f75844SAndroid Build Coastguard Worker bool LoadBuiltinSSLRootCertificates(SSL_CTX* ssl_ctx); 51*d9f75844SAndroid Build Coastguard Worker #endif // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS 52*d9f75844SAndroid Build Coastguard Worker 53*d9f75844SAndroid Build Coastguard Worker #ifdef OPENSSL_IS_BORINGSSL 54*d9f75844SAndroid Build Coastguard Worker CRYPTO_BUFFER_POOL* GetBufferPool(); 55*d9f75844SAndroid Build Coastguard Worker #endif 56*d9f75844SAndroid Build Coastguard Worker 57*d9f75844SAndroid Build Coastguard Worker } // namespace openssl 58*d9f75844SAndroid Build Coastguard Worker } // namespace rtc 59*d9f75844SAndroid Build Coastguard Worker 60*d9f75844SAndroid Build Coastguard Worker #endif // RTC_BASE_OPENSSL_UTILITY_H_ 61