ssl_2gadgets_8h_source.html

/*

 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors

 *

 * Squid software is distributed under GPLv2+ license and includes

 * contributions from numerous individuals and organizations.

 * Please see the COPYING and CONTRIBUTORS files for details.

 */


#ifndef SQUID_SRC_SSL_GADGETS_H

#define SQUID_SRC_SSL_GADGETS_H


#if USE_OPENSSL


#include "anyp/forward.h"

#include "base/HardFun.h"

#include "compat/openssl.h"

#include "sbuf/forward.h"

#include "security/forward.h"

#include "ssl/crtd_message.h"


#include <optional>

#include <string>


#if HAVE_OPENSSL_ASN1_H

#include <openssl/asn1.h>

#endif

#if HAVE_OPENSSL_PEM_H

#include <openssl/pem.h>

#endif

#if HAVE_OPENSSL_TXT_DB_H

#include <openssl/txt_db.h>

#endif

#if HAVE_OPENSSL_X509V3_H

#include <openssl/x509v3.h>

#endif


namespace Ssl

{

#if !defined(SQUID_SSL_SIGN_HASH_IF_NONE)

#define SQUID_SSL_SIGN_HASH_IF_NONE "sha256"

#endif


sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free);

typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> X509_STACK_Pointer;


typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free>> BIGNUM_Pointer;


typedef std::unique_ptr<BIO, HardFun<void, BIO*, &BIO_vfree>> BIO_Pointer;


typedef std::unique_ptr<ASN1_INTEGER, HardFun<void, ASN1_INTEGER*, &ASN1_INTEGER_free>> ASN1_INT_Pointer;


typedef std::unique_ptr<ASN1_OCTET_STRING, HardFun<void, ASN1_OCTET_STRING*, &ASN1_OCTET_STRING_free>> ASN1_OCTET_STRING_Pointer;


typedef std::unique_ptr<TXT_DB, HardFun<void, TXT_DB*, &TXT_DB_free>> TXT_DB_Pointer;


typedef std::unique_ptr<X509_NAME, HardFun<void, X509_NAME*, &X509_NAME_free>> X509_NAME_Pointer;


using EVP_PKEY_CTX_Pointer = std::unique_ptr<EVP_PKEY_CTX, HardFun<void, EVP_PKEY_CTX*, &EVP_PKEY_CTX_free>>;


typedef std::unique_ptr<X509_REQ, HardFun<void, X509_REQ*, &X509_REQ_free>> X509_REQ_Pointer;


typedef std::unique_ptr<AUTHORITY_KEYID, HardFun<void, AUTHORITY_KEYID*, &AUTHORITY_KEYID_free>> AUTHORITY_KEYID_Pointer;


sk_dtor_wrapper(sk_GENERAL_NAME, STACK_OF(GENERAL_NAME) *, GENERAL_NAME_free);

typedef std::unique_ptr<STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper> GENERAL_NAME_STACK_Pointer;


typedef std::unique_ptr<GENERAL_NAME, HardFun<void, GENERAL_NAME*, &GENERAL_NAME_free>> GENERAL_NAME_Pointer;


typedef std::unique_ptr<X509_EXTENSION, HardFun<void, X509_EXTENSION*, &X509_EXTENSION_free>> X509_EXTENSION_Pointer;


typedef std::unique_ptr<X509_STORE_CTX, HardFun<void, X509_STORE_CTX *, &X509_STORE_CTX_free>> X509_STORE_CTX_Pointer;


// not using CtoCpp1() here because OpenSSL_free() takes void* rather than char*

inline void OPENSSL_free_for_c_strings(char * const string) { OPENSSL_free(string); }

using UniqueCString = std::unique_ptr<char, HardFun<void, char *, &OPENSSL_free_for_c_strings> >;


void ForgetErrors();


std::ostream &ReportAndForgetErrors(std::ostream &);


bool writeCertAndPrivateKeyToMemory(Security::CertPointer const & cert, Security::PrivateKeyPointer const & pkey, std::string & bufferToWrite);


bool appendCertToMemory(Security::CertPointer const & cert, std::string & bufferToWrite);


bool readCertAndPrivateKeyFromMemory(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, char const * bufferToRead);


BIO_Pointer ReadOnlyBioTiedTo(const char *);


void ReadPrivateKeyFromFile(char const * keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);


bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename);


Security::CertPointer ReadCertificate(const BIO_Pointer &);


Security::CertPointer ReadOptionalCertificate(const BIO_Pointer &);


bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback);


bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename);


bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer & cert);


bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey);


UniqueCString OneLineSummary(X509_NAME &);


enum CertSignAlgorithm {algSignTrusted = 0, algSignUntrusted, algSignSelf, algSignEnd};


extern const char *CertSignAlgorithmStr[];


inline const char *certSignAlgorithm(int sg)

{

    if (sg >=0 && sg < Ssl::algSignEnd)

        return Ssl::CertSignAlgorithmStr[sg];


    return nullptr;

}


inline CertSignAlgorithm certSignAlgorithmId(const char *sg)

{

    for (int i = 0; i < algSignEnd && Ssl::CertSignAlgorithmStr[i] != nullptr; i++)

        if (strcmp(Ssl::CertSignAlgorithmStr[i], sg) == 0)

            return (CertSignAlgorithm)i;


    return algSignEnd;

}


enum CertAdaptAlgorithm {algSetValidAfter = 0, algSetValidBefore, algSetCommonName, algSetEnd};


extern const char *CertAdaptAlgorithmStr[];


inline const char *sslCertAdaptAlgoritm(int alg)

{

    if (alg >=0 && alg < Ssl::algSetEnd)

        return Ssl::CertAdaptAlgorithmStr[alg];


    return nullptr;

}


class CertificateProperties

{

public:

    CertificateProperties();

    Security::CertPointer mimicCert;

    Security::CertPointer signWithX509;

    Security::PrivateKeyPointer signWithPkey;

    bool setValidAfter;

    bool setValidBefore;

    bool setCommonName;

    std::string commonName;

    CertSignAlgorithm signAlgorithm;

    const EVP_MD *signHash;

private:

    CertificateProperties(CertificateProperties &);

    CertificateProperties &operator =(CertificateProperties const &);

};


std::string & OnDiskCertificateDbKey(const CertificateProperties &);


bool generateSslCertificate(Security::CertPointer & cert, Security::PrivateKeyPointer & pkey, CertificateProperties const &properties);


bool sslDateIsInTheFuture(char const * date);


bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties);


const char *CommonHostName(X509 *x509);


SBuf AsnToSBuf(const ASN1_STRING &);


std::optional<AnyP::Host> ParseCommonNameAt(X509_NAME &, int);


std::optional<AnyP::Host> ParseAsSimpleDomainNameOrIp(const SBuf &);


const char *getOrganization(X509 *x509);


bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2);


const ASN1_BIT_STRING *X509_get_signature(const Security::CertPointer &);


} // namespace Ssl


#endif // USE_OPENSSL

#endif /* SQUID_SRC_SSL_GADGETS_H */


HardFun.h

forward.h

SBuf
Definition SBuf.h:94

Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > >

Ssl::CertificateProperties
Definition gadgets.h:232

Ssl::CertificateProperties::signWithPkey
Security::PrivateKeyPointer signWithPkey
The key of the signing certificate.
Definition gadgets.h:237

Ssl::CertificateProperties::CertificateProperties
CertificateProperties()
Definition gadgets.cc:292

Ssl::CertificateProperties::signWithX509
Security::CertPointer signWithX509
Certificate to sign the generated request.
Definition gadgets.h:236

Ssl::CertificateProperties::setCommonName
bool setCommonName
Replace the CN field of the mimicking subject with the given.
Definition gadgets.h:240

Ssl::CertificateProperties::CertificateProperties
CertificateProperties(CertificateProperties &)

Ssl::CertificateProperties::setValidAfter
bool setValidAfter
Do not mimic "Not Valid After" field.
Definition gadgets.h:238

Ssl::CertificateProperties::signAlgorithm
CertSignAlgorithm signAlgorithm
The signing algorithm to use.
Definition gadgets.h:242

Ssl::CertificateProperties::operator=
CertificateProperties & operator=(CertificateProperties const &)

Ssl::CertificateProperties::setValidBefore
bool setValidBefore
Do not mimic "Not Valid Before" field.
Definition gadgets.h:239

Ssl::CertificateProperties::mimicCert
Security::CertPointer mimicCert
Certificate to mimic.
Definition gadgets.h:235

Ssl::CertificateProperties::signHash
const EVP_MD * signHash
The signing hash to use.
Definition gadgets.h:243

Ssl::CertificateProperties::commonName
std::string commonName
A CN to use for the generated certificate.
Definition gadgets.h:241

crtd_message.h

Ssl::getOrganization
const char * getOrganization(X509 *x509)
Definition gadgets.cc:1078

Ssl::CommonHostName
const char * CommonHostName(X509 *x509)
Definition gadgets.cc:1073

Ssl::CertificatesCmp
bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2)
Definition gadgets.cc:1084

Ssl::ReadPrivateKeyFromFile
void ReadPrivateKeyFromFile(char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition gadgets.cc:883

Ssl::ReadPrivateKey
bool ReadPrivateKey(BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
Definition gadgets.cc:872

Ssl::OpenCertsFileForWriting
bool OpenCertsFileForWriting(BIO_Pointer &bio, const char *filename)
Definition gadgets.cc:894

Ssl::WritePrivateKey
bool WritePrivateKey(BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
Definition gadgets.cc:915

Ssl::certSignAlgorithmId
CertSignAlgorithm certSignAlgorithmId(const char *sg)
Definition gadgets.h:194

Ssl::sslCertAdaptAlgoritm
const char * sslCertAdaptAlgoritm(int alg)
Definition gadgets.h:219

Ssl::appendCertToMemory
bool appendCertToMemory(Security::CertPointer const &cert, std::string &bufferToWrite)
Definition gadgets.cc:169

Ssl::sslDateIsInTheFuture
bool sslDateIsInTheFuture(char const *date)
Definition gadgets.cc:930

Ssl::OpenCertsFileForReading
bool OpenCertsFileForReading(BIO_Pointer &bio, const char *filename)
Definition gadgets.cc:826

Ssl::OnDiskCertificateDbKey
std::string & OnDiskCertificateDbKey(const CertificateProperties &)
Definition gadgets.cc:315

Ssl::generateSslCertificate
bool generateSslCertificate(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
Definition gadgets.cc:815

Ssl::CertAdaptAlgorithm
CertAdaptAlgorithm
Definition gadgets.h:207

Ssl::CertSignAlgorithm
CertSignAlgorithm
Definition gadgets.h:169

Ssl::writeCertAndPrivateKeyToMemory
bool writeCertAndPrivateKeyToMemory(Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
Definition gadgets.cc:145

Ssl::readCertAndPrivateKeyFromMemory
bool readCertAndPrivateKeyFromMemory(Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
Definition gadgets.cc:193

Ssl::certificateMatchesProperties
bool certificateMatchesProperties(X509 *peer_cert, CertificateProperties const &properties)
Definition gadgets.cc:982

Ssl::WriteX509Certificate
bool WriteX509Certificate(BIO_Pointer &bio, const Security::CertPointer &cert)
Definition gadgets.cc:905

Ssl::CertAdaptAlgorithmStr
const char * CertAdaptAlgorithmStr[]
Definition gadgets.cc:285

Ssl::certSignAlgorithm
const char * certSignAlgorithm(int sg)
Definition gadgets.h:182

Ssl::CertSignAlgorithmStr
const char * CertSignAlgorithmStr[]
Definition gadgets.cc:278

Ssl::algSetValidAfter
@ algSetValidAfter
Definition gadgets.h:207

Ssl::algSetCommonName
@ algSetCommonName
Definition gadgets.h:207

Ssl::algSetEnd
@ algSetEnd
Definition gadgets.h:207

Ssl::algSetValidBefore
@ algSetValidBefore
Definition gadgets.h:207

Ssl::algSignEnd
@ algSignEnd
Definition gadgets.h:169

Ssl::algSignTrusted
@ algSignTrusted
Definition gadgets.h:169

Ssl::algSignUntrusted
@ algSignUntrusted
Definition gadgets.h:169

Ssl::algSignSelf
@ algSignSelf
Definition gadgets.h:169

Ssl
Definition Xaction.cc:40

Ssl::EVP_PKEY_CTX_Pointer
std::unique_ptr< EVP_PKEY_CTX, HardFun< void, EVP_PKEY_CTX *, &EVP_PKEY_CTX_free > > EVP_PKEY_CTX_Pointer
Definition gadgets.h:67

Ssl::ParseAsSimpleDomainNameOrIp
std::optional< AnyP::Host > ParseAsSimpleDomainNameOrIp(const SBuf &)
Definition gadgets.cc:542

Ssl::GENERAL_NAME_Pointer
std::unique_ptr< GENERAL_NAME, HardFun< void, GENERAL_NAME *, &GENERAL_NAME_free > > GENERAL_NAME_Pointer
Definition gadgets.h:76

Ssl::BIO_Pointer
std::unique_ptr< BIO, HardFun< void, BIO *, &BIO_vfree > > BIO_Pointer
Definition gadgets.h:57

Ssl::BIGNUM_Pointer
std::unique_ptr< BIGNUM, HardFun< void, BIGNUM *, &BN_free > > BIGNUM_Pointer
Definition gadgets.h:55

Ssl::TXT_DB_Pointer
std::unique_ptr< TXT_DB, HardFun< void, TXT_DB *, &TXT_DB_free > > TXT_DB_Pointer
Definition gadgets.h:63

Ssl::X509_STORE_CTX_Pointer
std::unique_ptr< X509_STORE_CTX, HardFun< void, X509_STORE_CTX *, &X509_STORE_CTX_free > > X509_STORE_CTX_Pointer
Definition gadgets.h:80

Ssl::OPENSSL_free_for_c_strings
void OPENSSL_free_for_c_strings(char *const string)
Definition gadgets.h:83

Ssl::ASN1_OCTET_STRING_Pointer
std::unique_ptr< ASN1_OCTET_STRING, HardFun< void, ASN1_OCTET_STRING *, &ASN1_OCTET_STRING_free > > ASN1_OCTET_STRING_Pointer
Definition gadgets.h:61

Ssl::ReportAndForgetErrors
std::ostream & ReportAndForgetErrors(std::ostream &)
Definition gadgets.cc:82

Ssl::ParseCommonNameAt
std::optional< AnyP::Host > ParseCommonNameAt(X509_NAME &, int)
interprets X.509 Subject or Issuer name entry (at the given position) as CN
Definition gadgets.cc:550

Ssl::ReadOptionalCertificate
Security::CertPointer ReadOptionalCertificate(const BIO_Pointer &)
Definition gadgets.cc:837

Ssl::X509_get_signature
const ASN1_BIT_STRING * X509_get_signature(const Security::CertPointer &)
Definition gadgets.cc:1109

Ssl::OneLineSummary
UniqueCString OneLineSummary(X509_NAME &)
a RAII wrapper for the memory-allocating flavor of X509_NAME_oneline()
Definition gadgets.cc:925

Ssl::ReadCertificate
Security::CertPointer ReadCertificate(const BIO_Pointer &)
Definition gadgets.cc:862

Ssl::X509_REQ_Pointer
std::unique_ptr< X509_REQ, HardFun< void, X509_REQ *, &X509_REQ_free > > X509_REQ_Pointer
Definition gadgets.h:69

Ssl::GENERAL_NAME_STACK_Pointer
std::unique_ptr< STACK_OF(GENERAL_NAME), sk_GENERAL_NAME_free_wrapper > GENERAL_NAME_STACK_Pointer
Definition gadgets.h:74

Ssl::ReadOnlyBioTiedTo
BIO_Pointer ReadOnlyBioTiedTo(const char *)
Definition gadgets.cc:218

Ssl::AsnToSBuf
SBuf AsnToSBuf(const ASN1_STRING &)
converts ASN1_STRING to SBuf
Definition gadgets.cc:519

Ssl::X509_NAME_Pointer
std::unique_ptr< X509_NAME, HardFun< void, X509_NAME *, &X509_NAME_free > > X509_NAME_Pointer
Definition gadgets.h:65

Ssl::ASN1_INT_Pointer
std::unique_ptr< ASN1_INTEGER, HardFun< void, ASN1_INTEGER *, &ASN1_INTEGER_free > > ASN1_INT_Pointer
Definition gadgets.h:59

Ssl::X509_EXTENSION_Pointer
std::unique_ptr< X509_EXTENSION, HardFun< void, X509_EXTENSION *, &X509_EXTENSION_free > > X509_EXTENSION_Pointer
Definition gadgets.h:78

Ssl::UniqueCString
std::unique_ptr< char, HardFun< void, char *, &OPENSSL_free_for_c_strings > > UniqueCString
Definition gadgets.h:84

Ssl::X509_STACK_Pointer
std::unique_ptr< STACK_OF(X509), sk_X509_free_wrapper > X509_STACK_Pointer
Definition gadgets.h:53

Ssl::ForgetErrors
void ForgetErrors()
Clear any errors accumulated by OpenSSL in its global storage.
Definition gadgets.cc:65

Ssl::AUTHORITY_KEYID_Pointer
std::unique_ptr< AUTHORITY_KEYID, HardFun< void, AUTHORITY_KEYID *, &AUTHORITY_KEYID_free > > AUTHORITY_KEYID_Pointer
Definition gadgets.h:71

openssl.h

STACK_OF
STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
Definition openssl.h:237

forward.h

forward.h

sk_dtor_wrapper
#define sk_dtor_wrapper(sk_object, argument_type, freefunction)
Definition forward.h:46