[thirdparty/squid.git] / src / security / NegotiationHistory.cc

/*
 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#include "squid.h"
#include "MemBuf.h"
#include "security/NegotiationHistory.h"
#include "SquidConfig.h"
#if USE_OPENSSL
#include "ssl/bio.h"
#include "ssl/support.h"
#endif

Security::NegotiationHistory::NegotiationHistory()
#if USE_OPENSSL
    : cipher(NULL)
#endif
{
}

const char *
Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
{
    if (v.protocol != AnyP::PROTO_SSL && v.protocol != AnyP::PROTO_TLS)
        return nullptr;

    static char buf[512];
    snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
    return buf;
}

#if USE_OPENSSL
static AnyP::ProtocolVersion
toProtocolVersion(const int v)
{
    switch(v) {
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
    case TLS1_2_VERSION:
        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
    case TLS1_1_VERSION:
        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
#endif
    case TLS1_VERSION:
        return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
    case SSL3_VERSION:
        return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
    case SSL2_VERSION:
        return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
    default:
        return AnyP::ProtocolVersion();
    }
}
#endif

void
Security::NegotiationHistory::retrieveNegotiatedInfo(Security::SessionPtr ssl)
{
#if USE_OPENSSL
    if ((cipher = SSL_get_current_cipher(ssl)) != NULL) {
        // Set the negotiated version only if the cipher negotiated
        // else probably the negotiation is not completed and version
        // is not the final negotiated version
        version_ = toProtocolVersion(ssl->version);
    }

    if (do_debug(83, 5)) {
        BIO *b = SSL_get_rbio(ssl);
        Ssl::Bio *bio = static_cast<Ssl::Bio *>(b->ptr);
        debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
               " SSL version " << version_ <<
               " negotiated cipher " << cipherName());
    }
#endif
}

void
Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
{
    if (details) {
        helloVersion_ = details->tlsVersion;
        supportedVersion_ = details->tlsSupportedVersion;
    }
}

const char *
Security::NegotiationHistory::cipherName() const
{
#if USE_OPENSSL
    if (!cipher)
        return nullptr;

    return SSL_CIPHER_get_name(cipher);
#else
    return nullptr;
#endif
}
Commit	Line	Data
0461fde7 AJ	1	/*
	2	* Copyright (C) 1996-2016 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
2bcab852 CT	9	#include "squid.h"
	10	#include "MemBuf.h"
	11	#include "security/NegotiationHistory.h"
	12	#include "SquidConfig.h"
10f0e358	13	#if USE_OPENSSL
2bcab852 CT	14	#include "ssl/bio.h"
2bcab852 CT	15	#include "ssl/support.h"
10f0e358 CT	16	#endif
10f0e358 CT	17
67c99fc6	18	Security::NegotiationHistory::NegotiationHistory()
10f0e358	19	#if USE_OPENSSL
67c99fc6	20	: cipher(NULL)
10f0e358 CT	21	#endif
	22	{
	23	}
2bcab852 CT	24
2bcab852 CT	25	const char *
67c99fc6	26	Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion const &v) const
2bcab852	27	{
67c99fc6 CT	28	if (v.protocol != AnyP::PROTO_SSL && v.protocol != AnyP::PROTO_TLS)
	29	return nullptr;
	30
	31	static char buf[512];
	32	snprintf(buf, sizeof(buf), "%s/%d.%d", AnyP::ProtocolType_str[v.protocol], v.major, v.minor);
	33	return buf;
	34	}
	35
2bcab852	36	#if USE_OPENSSL
67c99fc6 CT	37	static AnyP::ProtocolVersion
	38	toProtocolVersion(const int v)
	39	{
2bcab852 CT	40	switch(v) {
	41	#if OPENSSL_VERSION_NUMBER >= 0x10001000L
	42	case TLS1_2_VERSION:
67c99fc6	43	return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 2);
2bcab852	44	case TLS1_1_VERSION:
67c99fc6	45	return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 1);
2bcab852 CT	46	#endif
2bcab852 CT	47	case TLS1_VERSION:
67c99fc6	48	return AnyP::ProtocolVersion(AnyP::PROTO_TLS, 1, 0);
2bcab852	49	case SSL3_VERSION:
67c99fc6	50	return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0);
2bcab852	51	case SSL2_VERSION:
67c99fc6	52	return AnyP::ProtocolVersion(AnyP::PROTO_SSL, 2, 0);
2bcab852	53	default:
67c99fc6	54	return AnyP::ProtocolVersion();
2bcab852	55	}
2bcab852	56	}
67c99fc6	57	#endif
2bcab852	58
2bcab852	59	void
8abcff99	60	Security::NegotiationHistory::retrieveNegotiatedInfo(Security::SessionPtr ssl)
2bcab852	61	{
33cc0629	62	#if USE_OPENSSL
2bcab852 CT	63	if ((cipher = SSL_get_current_cipher(ssl)) != NULL) {
	64	// Set the negotiated version only if the cipher negotiated
	65	// else probably the negotiation is not completed and version
	66	// is not the final negotiated version
67c99fc6	67	version_ = toProtocolVersion(ssl->version);
2bcab852 CT	68	}
2bcab852 CT	69
8abcff99 CT	70	if (do_debug(83, 5)) {
	71	BIO *b = SSL_get_rbio(ssl);
	72	Ssl::Bio bio = static_cast<Ssl::Bio >(b->ptr);
	73	debugs(83, 5, "SSL connection info on FD " << bio->fd() <<
	74	" SSL version " << version_ <<
	75	" negotiated cipher " << cipherName());
	76	}
2bcab852	77	#endif
33cc0629	78	}
2bcab852	79
3cae14a6	80	void
8abcff99	81	Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
3cae14a6	82	{
49a4d72f AR	83	if (details) {
	84	helloVersion_ = details->tlsVersion;
	85	supportedVersion_ = details->tlsSupportedVersion;
	86	}
3cae14a6 CT	87	}
3cae14a6 CT	88
2bcab852 CT	89	const char *
	90	Security::NegotiationHistory::cipherName() const
	91	{
	92	#if USE_OPENSSL
	93	if (!cipher)
	94	return nullptr;
	95
	96	return SSL_CIPHER_get_name(cipher);
	97	#else
	98	return nullptr;
	99	#endif
	100	}
4b307ad4	101