21#ifndef G_SSL_OPENSSL_H
22#define G_SSL_OPENSSL_H
27#include <openssl/ssl.h>
28#include <openssl/err.h>
29#include <openssl/rand.h>
30#include <openssl/conf.h>
31#include <openssl/evp.h>
32#include <openssl/md5.h>
33#include <openssl/sha.h>
34#include <openssl/hmac.h>
40#if OPENSSL_VERSION_NUMBER < 0x10100000L
41#error "openssl is too old"
43#ifndef GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS
44#if OPENSSL_VERSION_NUMBER >= 0x30000000L
45#define GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS 0
47#define GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS 1
88 std::string str()
const ;
100 using Fn =
const SSL_METHOD *(*)() ;
102 Fn fn(
bool server ) ;
107 bool noverify()
const ;
111 static int map(
int ,
int ) ;
119 long m_options_reset ;
130 std::string str()
const ;
142 explicit Error(
const std::string & ) ;
143 Error(
const std::string & ,
unsigned long ) ;
144 Error(
const std::string & ,
unsigned long ,
const std::string & path ) ;
145 static void clearErrors() ;
148 static std::string text(
unsigned long ) ;
154class GSsl::OpenSSL::ProfileImp :
public Profile
159 ProfileImp(
const LibraryImp & ,
bool is_server_profile ,
const std::string & key_file ,
160 const std::string & cert_file ,
const std::string & ca_file ,
161 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
162 const std::string & profile_config ) ;
163 ~ProfileImp()
override ;
164 SSL_CTX * p()
const ;
165 const LibraryImp & lib()
const ;
166 const std::string & defaultPeerCertificateName()
const ;
167 const std::string & defaultPeerHostName()
const ;
168 void apply(
const Config & ) ;
171 std::unique_ptr<ProtocolImpBase>
newProtocol(
const std::string & ,
const std::string & )
const override ;
174 ProfileImp(
const ProfileImp & ) = delete ;
175 ProfileImp( ProfileImp && ) = delete ;
176 ProfileImp & operator=(
const ProfileImp & ) = delete ;
177 ProfileImp & operator=( ProfileImp && ) = delete ;
180 static void check(
int ,
const std::string & ,
const std::string & = {} ) ;
181 static int verifyPass(
int , X509_STORE_CTX * ) ;
182 static int verifyPeerName(
int , X509_STORE_CTX * ) ;
183 static std::string name( X509_NAME * ) ;
184 static void deleter( SSL_CTX * ) ;
187 const LibraryImp & m_library_imp ;
188 const std::string m_default_peer_certificate_name ;
189 const std::string m_default_peer_host_name ;
190 std::unique_ptr<SSL_CTX,std::function<void(SSL_CTX*)>> m_ssl_ctx ;
196class GSsl::OpenSSL::LibraryImp :
public LibraryImpBase
201 LibraryImp(
G::StringArray & library_config , Library::LogFn ,
bool verbose ) ;
202 ~LibraryImp()
override ;
203 Config config()
const ;
204 bool noverify()
const ;
206 Library::LogFn log()
const ;
207 bool verbose()
const ;
209 static std::string credit(
const std::string & prefix ,
const std::string & eol ,
const std::string & eot ) ;
210 static std::string sid() ;
213 void addProfile(
const std::string & name ,
bool is_server_profile ,
214 const std::string & key_file ,
const std::string & cert_file ,
const std::string & ca_file ,
215 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
216 const std::string & profile_config )
override ;
217 bool hasProfile(
const std::string & )
const override ;
218 const GSsl::Profile & profile(
const std::string & )
const override ;
219 std::string id()
const override ;
221 Digester digester(
const std::string & ,
const std::string & ,
bool )
const override ;
224 LibraryImp(
const LibraryImp & ) = delete ;
225 LibraryImp( LibraryImp && ) = delete ;
226 LibraryImp & operator=(
const LibraryImp & ) = delete ;
227 LibraryImp & operator=( LibraryImp && ) = delete ;
230 static void cleanup() ;
233 using Map = std::map<std::string,std::shared_ptr<ProfileImp>> ;
234 std::string m_library_config ;
235 Library::LogFn m_log_fn ;
245class GSsl::OpenSSL::ProtocolImp :
public ProtocolImpBase
248 using Result = Protocol::Result ;
249 using Error = OpenSSL::Error ;
250 using Certificate = OpenSSL::Certificate ;
251 using CertificateChain = OpenSSL::CertificateChain ;
253 ProtocolImp(
const ProfileImp & ,
const std::string & ,
const std::string & ) ;
254 ~ProtocolImp()
override ;
255 std::string requiredPeerCertificateName()
const ;
261 Result
read(
char * buffer , std::size_t buffer_size , ssize_t & read_size )
override ;
262 Result
write(
const char * buffer , std::size_t size_in , ssize_t & size_out )
override ;
265 std::string
protocol()
const override ;
266 std::string
cipher()
const override ;
270 ProtocolImp(
const ProtocolImp & ) = delete ;
271 ProtocolImp( ProtocolImp && ) = delete ;
272 ProtocolImp & operator=(
const ProtocolImp & ) = delete ;
273 ProtocolImp & operator=( ProtocolImp && ) = delete ;
276 int error(
const char * ,
int )
const ;
280 static Result convert(
int ) ;
281 static void clearErrors() ;
282 void logErrors(
const std::string & op ,
int rc ,
int e ,
const std::string & )
const ;
284 static void deleter( SSL * ) ;
287 std::unique_ptr<SSL,std::function<void(SSL*)>> m_ssl ;
288 Library::LogFn m_log_fn ;
291 std::string m_required_peer_certificate_name ;
292 std::string m_peer_certificate ;
293 std::string m_peer_certificate_chain ;
303 DigesterImp(
const std::string & ,
const std::string & ,
bool ) ;
304 ~DigesterImp()
override ;
308 std::string
value()
override ;
309 std::string
state()
override ;
310 std::size_t
blocksize() const noexcept override ;
311 std::
size_t valuesize() const noexcept override ;
312 std::
size_t statesize() const noexcept override ;
315 DigesterImp( const DigesterImp & ) = delete ;
316 DigesterImp( DigesterImp && ) = delete ;
317 DigesterImp & operator=( const DigesterImp & ) = delete ;
318 DigesterImp & operator=( DigesterImp && ) = delete ;
321 enum class Type { Md5 , Sha1 , Sha256 , Other } ;
323 #if GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS
326 SHA256_CTX m_sha256 {} ;
328 EVP_MD_CTX * m_evp_ctx ;
329 std::size_t m_block_size {0} ;
330 std::size_t m_value_size {0} ;
331 std::size_t m_state_size {0} ;
A base interface for GSsl::Digester pimple classes.
virtual std::string state()=0
Implements Digester::state().
virtual std::size_t blocksize() const noexcept=0
Implements Digester::blocksize().
virtual std::string value()=0
Implements Digester::value().
virtual void add(G::string_view)=0
Implements Digester::add().
Holds a certificate chain taken from a stack of OpenSSL X509 structures.
Holds a certificate taken from an OpenSSL X509 structure.
Holds protocol version information, etc.
An exception class for GSsl::OpenSSL classes.
A base interface for profile classes that work with concrete classes derived from GSsl::LibraryImpBas...
virtual std::unique_ptr< ProtocolImpBase > newProtocol(const std::string &, const std::string &) const =0
Factory method for a new Protocol object.
virtual bool verified() const =0
Implements Protocol::verified().
virtual std::string peerCertificate() const =0
Implements Protocol::peerCertificate().
virtual Protocol::Result connect(G::ReadWrite &)=0
Implements Protocol::connect().
virtual std::string cipher() const =0
Implements Protocol::cipher().
virtual Protocol::Result write(const char *, std::size_t, ssize_t &)=0
Implements Protocol::write().
virtual std::string protocol() const =0
Implements Protocol::protocol().
virtual Protocol::Result read(char *, std::size_t, ssize_t &)=0
Implements Protocol::read().
virtual std::string peerCertificateChain() const =0
Implements Protocol::peerCertificateChain().
virtual Protocol::Result accept(G::ReadWrite &)=0
Implements Protocol::accept().
virtual Protocol::Result shutdown()=0
Implements Protocol::shutdown().
An abstract interface for reading and writing from a non-blocking i/o channel.
A class like c++17's std::string_view.
An interface to an underlying TLS library.
TLS/SSL transport layer security classes.
std::vector< std::string > StringArray
A std::vector of std::strings.