gadgets.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_SSL_GADGETS_H
10#define SQUID_SSL_GADGETS_H
11
12#if USE_OPENSSL
13
14#include "base/HardFun.h"
15#include "compat/openssl.h"
16#include "security/forward.h"
17#include "ssl/crtd_message.h"
18
19#include <string>
20
21#if HAVE_OPENSSL_ASN1_H
22#include <openssl/asn1.h>
23#endif
24#if HAVE_OPENSSL_PEM_H
25#include <openssl/pem.h>
26#endif
27#if HAVE_OPENSSL_TXT_DB_H
28#include <openssl/txt_db.h>
29#endif
30#if HAVE_OPENSSL_X509V3_H
31#include <openssl/x509v3.h>
32#endif
33
34namespace Ssl
35{
42#if !defined(SQUID_SSL_SIGN_HASH_IF_NONE)
43#define SQUID_SSL_SIGN_HASH_IF_NONE "sha256"
44#endif
45
49sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free);
50typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> X509_STACK_Pointer;
51
52typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free>> BIGNUM_Pointer;
53
54typedef std::unique_ptr<BIO, HardFun<void, BIO*, &BIO_vfree>> BIO_Pointer;
55
56typedef std::unique_ptr<ASN1_INTEGER, HardFun<void, ASN1_INTEGER*, &ASN1_INTEGER_free>> ASN1_INT_Pointer;
57
58typedef std::unique_ptr<ASN1_OCTET_STRING, HardFun<void, ASN1_OCTET_STRING*, &ASN1_OCTET_STRING_free>> ASN1_OCTET_STRING_Pointer;
59
60typedef std::unique_ptr<TXT_DB, HardFun<void, TXT_DB*, &TXT_DB_free>> TXT_DB_Pointer;
61
62typedef std::unique_ptr<X509_NAME, HardFun<void, X509_NAME*, &X509_NAME_free>> X509_NAME_Pointer;
63
64using EVP_PKEY_CTX_Pointer = std::unique_ptr<EVP_PKEY_CTX, HardFun<void, EVP_PKEY_CTX*, &EVP_PKEY_CTX_free>>;
65
66typedef std::unique_ptr<X509_REQ, HardFun<void, X509_REQ*, &X509_REQ_free>> X509_REQ_Pointer;
67
68typedef std::unique_ptr<AUTHORITY_KEYID, HardFun<void, AUTHORITY_KEYID*, &AUTHORITY_KEYID_free>> AUTHORITY_KEYID_Pointer;
69
70sk_dtor_wrapper(sk_GENERAL_NAME, STACK_OF(GENERAL_NAME) *, GENERAL_NAME_free);
71typedef std::unique_ptr<STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper> GENERAL_NAME_STACK_Pointer;
72
73typedef std::unique_ptr<GENERAL_NAME, HardFun<void, GENERAL_NAME*, &GENERAL_NAME_free>> GENERAL_NAME_Pointer;
74
75typedef std::unique_ptr<X509_EXTENSION, HardFun<void, X509_EXTENSION*, &X509_EXTENSION_free>> X509_EXTENSION_Pointer;
76
77typedef std::unique_ptr<X509_STORE_CTX, HardFun<void, X509_STORE_CTX *, &X509_STORE_CTX_free>> X509_STORE_CTX_Pointer;
78
79// not using CtoCpp1() here because OpenSSL_free() takes void* rather than char*
80inline void OPENSSL_free_for_c_strings(char * const string) { OPENSSL_free(string); }
81using UniqueCString = std::unique_ptr<char, HardFun<void, char *, &OPENSSL_free_for_c_strings> >;
82
84void ForgetErrors();
85
90std::ostream &ReportAndForgetErrors(std::ostream &);
91
96bool writeCertAndPrivateKeyToMemory(Security::CertPointer const & cert, Security::PrivateKeyPointer const & pkey, std::string & bufferToWrite);
97
102bool appendCertToMemory(Security::CertPointer const & cert, std::string & bufferToWrite);
103
108bool readCertAndPrivateKeyFromMemory(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, char const * bufferToRead);
109
112BIO_Pointer ReadOnlyBioTiedTo(const char *);
113
118void ReadPrivateKeyFromFile(char const * keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
119
124bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename);
125
129
133
138bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);
139
145bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename);
146
152
157bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey);
158
160UniqueCString OneLineSummary(X509_NAME &);
161
167
173extern const char *CertSignAlgorithmStr[];
174
179inline const char *certSignAlgorithm(int sg)
180{
181 if (sg >=0 && sg < Ssl::algSignEnd)
182 return Ssl::CertSignAlgorithmStr[sg];
183
184 return nullptr;
185}
186
192{
193 for (int i = 0; i < algSignEnd && Ssl::CertSignAlgorithmStr[i] != nullptr; i++)
194 if (strcmp(Ssl::CertSignAlgorithmStr[i], sg) == 0)
195 return (CertSignAlgorithm)i;
196
197 return algSignEnd;
198}
199
205
210extern const char *CertAdaptAlgorithmStr[];
211
216inline const char *sslCertAdaptAlgoritm(int alg)
217{
218 if (alg >=0 && alg < Ssl::algSetEnd)
219 return Ssl::CertAdaptAlgorithmStr[alg];
220
221 return nullptr;
222}
223
229{
230public:
234 Security::PrivateKeyPointer signWithPkey;
238 std::string commonName;
240 const EVP_MD *signHash;
241private:
244};
245
248std::string & OnDiskCertificateDbKey(const CertificateProperties &);
249
257bool generateSslCertificate(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, CertificateProperties const &properties);
258
264bool sslDateIsInTheFuture(char const * date);
265
272bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties);
273
279const char *CommonHostName(X509 *x509);
280
286const char *getOrganization(X509 *x509);
287
290bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2);
291
294const ASN1_BIT_STRING *X509_get_signature(const Security::CertPointer &);
295
296} // namespace Ssl
297
298#endif // USE_OPENSSL
299#endif // SQUID_SSL_GADGETS_H
300
Security::PrivateKeyPointer signWithPkey
The key of the signing certificate.
Definition: gadgets.h:234
Security::CertPointer signWithX509
Certificate to sign the generated request.
Definition: gadgets.h:233
bool setCommonName
Replace the CN field of the mimicking subject with the given.
Definition: gadgets.h:237
CertificateProperties(CertificateProperties &)
bool setValidAfter
Do not mimic "Not Valid After" field.
Definition: gadgets.h:235
CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition: gadgets.h:239
CertificateProperties & operator=(CertificateProperties const &)
bool setValidBefore
Do not mimic "Not Valid Before" field.
Definition: gadgets.h:236
Security::CertPointer mimicCert
Certificate to mimic.
Definition: gadgets.h:232
const EVP_MD * signHash
The signing hash to use.
Definition: gadgets.h:240
std::string commonName
A CN to use for the generated certificate.
Definition: gadgets.h:238
const char * getOrganization(X509 *x509)
Definition: gadgets.cc:974
const char * CommonHostName(X509 *x509)
Definition: gadgets.cc:969
bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2)
Definition: gadgets.cc:980
void ReadPrivateKeyFromFile(char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:779
bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition: gadgets.cc:768
bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:790
bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
Definition: gadgets.cc:811
CertSignAlgorithm certSignAlgorithmId(const char *sg)
Definition: gadgets.h:191
const char * sslCertAdaptAlgoritm(int alg)
Definition: gadgets.h:216
bool appendCertToMemory(Security::CertPointer const &cert, std::string &bufferToWrite)
Definition: gadgets.cc:121
bool sslDateIsInTheFuture(char const *date)
Definition: gadgets.cc:826
bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename)
Definition: gadgets.cc:722
std::string & OnDiskCertificateDbKey(const CertificateProperties &)
Definition: gadgets.cc:267
bool generateSslCertificate(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
Definition: gadgets.cc:711
CertAdaptAlgorithm
Definition: gadgets.h:204
CertSignAlgorithm
Definition: gadgets.h:166
bool writeCertAndPrivateKeyToMemory(Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
Definition: gadgets.cc:97
bool readCertAndPrivateKeyFromMemory(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
Definition: gadgets.cc:145
bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties)
Definition: gadgets.cc:878
bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer &cert)
Definition: gadgets.cc:801
const char * CertAdaptAlgorithmStr[]
Definition: gadgets.cc:237
const char * certSignAlgorithm(int sg)
Definition: gadgets.h:179
const char * CertSignAlgorithmStr[]
Definition: gadgets.cc:230
@ algSetValidAfter
Definition: gadgets.h:204
@ algSetCommonName
Definition: gadgets.h:204
@ algSetEnd
Definition: gadgets.h:204
@ algSetValidBefore
Definition: gadgets.h:204
@ algSignEnd
Definition: gadgets.h:166
@ algSignTrusted
Definition: gadgets.h:166
@ algSignUntrusted
Definition: gadgets.h:166
@ algSignSelf
Definition: gadgets.h:166
Definition: Xaction.cc:40
std::unique_ptr< EVP_PKEY_CTX, HardFun< void, EVP_PKEY_CTX *, &EVP_PKEY_CTX_free > > EVP_PKEY_CTX_Pointer
Definition: gadgets.h:64
std::unique_ptr< GENERAL_NAME, HardFun< void, GENERAL_NAME *, &GENERAL_NAME_free > > GENERAL_NAME_Pointer
Definition: gadgets.h:73
std::unique_ptr< BIO, HardFun< void, BIO *, &BIO_vfree > > BIO_Pointer
Definition: gadgets.h:54
std::unique_ptr< BIGNUM, HardFun< void, BIGNUM *, &BN_free > > BIGNUM_Pointer
Definition: gadgets.h:52
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
Definition: gadgets.h:60
std::unique_ptr< X509_STORE_CTX, HardFun< void, X509_STORE_CTX *, &X509_STORE_CTX_free > > X509_STORE_CTX_Pointer
Definition: gadgets.h:77
void OPENSSL_free_for_c_strings(char *const string)
Definition: gadgets.h:80
std::unique_ptr< ASN1_OCTET_STRING, HardFun< void, ASN1_OCTET_STRING *, &ASN1_OCTET_STRING_free > > ASN1_OCTET_STRING_Pointer
Definition: gadgets.h:58
std::ostream & ReportAndForgetErrors(std::ostream &)
Definition: gadgets.cc:34
Security::CertPointer ReadOptionalCertificate(const BIO_Pointer &)
Definition: gadgets.cc:733
const ASN1_BIT_STRING * X509_get_signature(const Security::CertPointer &)
Definition: gadgets.cc:1005
UniqueCString OneLineSummary(X509_NAME &)
a RAII wrapper for the memory-allocating flavor of X509_NAME_oneline()
Definition: gadgets.cc:821
Security::CertPointer ReadCertificate(const BIO_Pointer &)
Definition: gadgets.cc:758
std::unique_ptr< X509_REQ, HardFun< void, X509_REQ *, &X509_REQ_free > > X509_REQ_Pointer
Definition: gadgets.h:66
std::unique_ptr< STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper > GENERAL_NAME_STACK_Pointer
Definition: gadgets.h:71
BIO_Pointer ReadOnlyBioTiedTo(const char *)
Definition: gadgets.cc:170
std::unique_ptr< X509_NAME, HardFun< void, X509_NAME *, &X509_NAME_free > > X509_NAME_Pointer
Definition: gadgets.h:62
sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free)
std::unique_ptr< ASN1_INTEGER, HardFun< void, ASN1_INTEGER *, &ASN1_INTEGER_free > > ASN1_INT_Pointer
Definition: gadgets.h:56
std::unique_ptr< X509_EXTENSION, HardFun< void, X509_EXTENSION *, &X509_EXTENSION_free > > X509_EXTENSION_Pointer
Definition: gadgets.h:75
std::unique_ptr< char, HardFun< void, char *, &OPENSSL_free_for_c_strings > > UniqueCString
Definition: gadgets.h:81
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
Definition: gadgets.h:50
void ForgetErrors()
Clear any errors accumulated by OpenSSL in its global storage.
Definition: gadgets.cc:17
std::unique_ptr< AUTHORITY_KEYID, HardFun< void, AUTHORITY_KEYID *, &AUTHORITY_KEYID_free > > AUTHORITY_KEYID_Pointer
Definition: gadgets.h:68
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
Definition: openssl.h:237

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors