Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / tlsdate / refs/heads/stabilize-13421.96.B / . / src / tlsdate-helper.h
blob: d68c3bedc9798469572cfeba943d4271b84ba859 [file] [log] [blame]
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]1/* Copyright (c) 2012, Jacob Appelbaum
2 * Copyright (c) 2012, The Tor Project, Inc. */
3/* See LICENSE for licensing information */
4
5/**
6 * \file tlsdate-helper.h
7 * \brief The secondary header for our clock helper.
8 **/
9
10#ifndef TLSDATEHELPER_H
11#define TLSDATEHELPER_H
12
13#include <stdarg.h>
14#include <stdint.h>
15#include <stdio.h>
Jacob Appelbaumad12a3a2012-08-05 17:47:17 -0700[diff] [blame]16#include <string.h>
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]17#include <unistd.h>
Jacob Appelbaum12e15c92013-01-07 11:17:32 -0800[diff] [blame]18#include <sys/stat.h>
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]19#include <sys/time.h>
20#include <sys/types.h>
21#include <sys/wait.h>
22#include <sys/mman.h>
23#include <time.h>
24#include <pwd.h>
25#include <grp.h>
26#include <arpa/inet.h>
Jacob Appelbaum5cc5ede2012-11-02 00:10:18 +0000[diff] [blame]27#include <ctype.h>
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]28
29#include <openssl/bio.h>
30#include <openssl/ssl.h>
31#include <openssl/err.h>
32#include <openssl/evp.h>
33#include <openssl/x509.h>
34#include <openssl/conf.h>
35#include <openssl/x509v3.h>
36
37/** Name of user that we feel safe to run SSL handshake with. */
38#ifndef UNPRIV_USER
39#define UNPRIV_USER "nobody"
40#endif
41#ifndef UNPRIV_GROUP
42#define UNPRIV_GROUP "nogroup"
43#endif
44
45// We should never accept a time before we were compiled
46// We measure in seconds since the epoch - eg: echo `date '+%s'`
47// We set this manually to ensure others can reproduce a build;
48// automation of this will make every build different!
49#ifndef RECENT_COMPILE_DATE
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]50#define RECENT_COMPILE_DATE 1342323666L
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]51#endif
52
53#ifndef MAX_REASONABLE_TIME
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]54#define MAX_REASONABLE_TIME 1999991337L
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]55#endif
56
57#ifndef MIN_PUB_KEY_LEN
58#define MIN_PUB_KEY_LEN (uint32_t) 1023
59#endif
60
61#ifndef MIN_ECC_PUB_KEY_LEN
62#define MIN_ECC_PUB_KEY_LEN (uint32_t) 160
63#endif
64
65#ifndef MAX_ECC_PUB_KEY_LEN
66#define MAX_ECC_PUB_KEY_LEN (uint32_t) 521
67#endif
68// After the duration of the TLS handshake exceeds this threshold
69// (in msec), a warning is printed.
70#define TLS_RTT_THRESHOLD 2000
71
Jacob Appelbaum6bb4b812012-07-30 02:27:37 -0700[diff] [blame]72// RFC 5280 says...
73// ub-common-name-length INTEGER ::= 64
74#define MAX_CN_NAME_LENGTH 64
75
Jacob Appelbaum53a10582012-07-31 00:31:55 -0700[diff] [blame]76// RFC 1034 and posix say...
Brian Aker95d9fd52012-10-15 22:44:03 -0400[diff] [blame]77#define TLSDATE_HOST_NAME_MAX 255
Jacob Appelbaum53a10582012-07-31 00:31:55 -0700[diff] [blame]78
Jacob Appelbaumad12a3a2012-08-05 17:47:17 -0700[diff] [blame]79// To support our RFC 2595 wildcard verification
80#define RFC2595_MIN_LABEL_COUNT 3
81
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]82uint32_t get_certificate_keybits (EVP_PKEY *public_key);
83uint32_t check_cn (SSL *ssl, const char *hostname);
84uint32_t check_san (SSL *ssl, const char *hostname);
85long openssl_check_against_host_and_verify (SSL *ssl);
86uint32_t check_name (SSL *ssl, const char *hostname);
87uint32_t verify_signature (SSL *ssl, const char *hostname);
88void check_key_length (SSL *ssl);
89void inspect_key (SSL *ssl, const char *hostname);
90static void run_ssl (uint32_t *time_map, int time_is_an_illusion);
Jacob Appelbaumad12a3a2012-08-05 17:47:17 -0700[diff] [blame]91uint32_t dns_label_count (char *label, char *delim);
92uint32_t check_wildcard_match_rfc2595 (const char *orig_hostname,
93 const char *orig_cert_wild_card);
Jacob Appelbaum8355d732012-07-30 01:29:05 -0700[diff] [blame]94
95#endif