[thirdparty/squid.git] / src / security / Session.h

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SRC_SECURITY_SESSION_H
#define SQUID_SRC_SECURITY_SESSION_H

#include "base/HardFun.h"
#include "comm/forward.h"
#include "security/LockingPointer.h"

#include <memory>

#if USE_OPENSSL
#if HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
#endif

#if USE_GNUTLS
#if HAVE_GNUTLS_GNUTLS_H
#include <gnutls/gnutls.h>
#endif
#endif

namespace Security {

/// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
/// On errors, emits DBG_IMPORTANT with details and returns false.
bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);

/// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
/// On errors, emits DBG_IMPORTANT with details and returns false.
bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);

#if USE_OPENSSL
typedef std::shared_ptr<SSL> SessionPointer;

typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer;

#elif USE_GNUTLS
typedef std::shared_ptr<struct gnutls_session_int> SessionPointer;

// wrapper function to get around gnutls_free being a typedef
inline void squid_gnutls_free(void *d) {gnutls_free(d);}
typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer;

#else
typedef std::shared_ptr<void> SessionPointer;

typedef std::unique_ptr<int> SessionStatePointer;

#endif

/// send the shutdown/bye notice for an active TLS session.
void SessionSendGoodbye(const Security::SessionPointer &);

/// whether the session is a resumed one
bool SessionIsResumed(const Security::SessionPointer &);

/**
 * When the session is not a resumed session, retrieve the details needed to
 * resume a later connection and store them in 'data'. This may result in 'data'
 * becoming a nil Pointer if no details exist or an error occurs.
 *
 * When the session is already a resumed session, do nothing and leave 'data'
 * unhanged.
 * XXX: is this latter behaviour always correct?
 */
void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data);

/// Set the data for resuming a previous session.
/// Needs to be done before using the SessionPointer for a handshake.
void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &);

#if USE_OPENSSL
/// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer
inline Security::ContextPointer
GetFrom(Security::SessionPointer &s)
{
    auto *ctx = SSL_get_SSL_CTX(s.get());
    return Security::ContextPointer(ctx, [](SSL_CTX *) {/* nothing to unlock/free */});
}

/// \deprecated use the PeerOptions/ServerOptions API methods instead.
/// Wraps SessionPointer value creation to reduce risk of
/// a nasty hack in ssl/support.cc.
Security::SessionPointer NewSessionObject(const Security::ContextPointer &);
#endif

} // namespace Security

#endif /* SQUID_SRC_SECURITY_SESSION_H */
Commit	Line	Data
3aac8c26	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3aac8c26 AJ	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	#ifndef SQUID_SRC_SECURITY_SESSION_H
	10	#define SQUID_SRC_SECURITY_SESSION_H
	11
5d9a65df	12	#include "base/HardFun.h"
86f77270	13	#include "comm/forward.h"
33cc0629 AJ	14	#include "security/LockingPointer.h"
33cc0629 AJ	15
3ec728ac AJ	16	#include <memory>
3ec728ac AJ	17
3aac8c26 AJ	18	#if USE_OPENSSL
	19	#if HAVE_OPENSSL_SSL_H
	20	#include <openssl/ssl.h>
	21	#endif
	22	#endif
	23
	24	#if USE_GNUTLS
	25	#if HAVE_GNUTLS_GNUTLS_H
	26	#include <gnutls/gnutls.h>
	27	#endif
	28	#endif
	29
	30	namespace Security {
	31
86f77270 AJ	32	/// Creates TLS Client connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
	33	/// On errors, emits DBG_IMPORTANT with details and returns false.
	34	bool CreateClientSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);
	35
	36	/// Creates TLS Server connection structure (aka 'session' state) and initializes TLS/SSL I/O (Comm and BIO).
	37	/// On errors, emits DBG_IMPORTANT with details and returns false.
	38	bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, const char *squidCtx);
	39
3aac8c26	40	#if USE_OPENSSL
9c8549cf	41	typedef std::shared_ptr<SSL> SessionPointer;
3aac8c26	42
5d9a65df AJ	43	typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer;
5d9a65df AJ	44
3aac8c26	45	#elif USE_GNUTLS
9c8549cf	46	typedef std::shared_ptr<struct gnutls_session_int> SessionPointer;
3aac8c26	47
5d9a65df AJ	48	// wrapper function to get around gnutls_free being a typedef
	49	inline void squid_gnutls_free(void *d) {gnutls_free(d);}
	50	typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer;
	51
3aac8c26	52	#else
9c8549cf	53	typedef std::shared_ptr<void> SessionPointer;
33cc0629	54
5d9a65df AJ	55	typedef std::unique_ptr<int> SessionStatePointer;
5d9a65df AJ	56
3aac8c26 AJ	57	#endif
3aac8c26 AJ	58
03e0e0e4 AJ	59	/// send the shutdown/bye notice for an active TLS session.
03e0e0e4 AJ	60	void SessionSendGoodbye(const Security::SessionPointer &);
087b94cb	61
5d9a65df AJ	62	/// whether the session is a resumed one
	63	bool SessionIsResumed(const Security::SessionPointer &);
	64
	65	/**
	66	* When the session is not a resumed session, retrieve the details needed to
	67	* resume a later connection and store them in 'data'. This may result in 'data'
	68	* becoming a nil Pointer if no details exist or an error occurs.
	69	*
	70	* When the session is already a resumed session, do nothing and leave 'data'
	71	* unhanged.
	72	* XXX: is this latter behaviour always correct?
	73	*/
	74	void MaybeGetSessionResumeData(const Security::SessionPointer &, Security::SessionStatePointer &data);
	75
	76	/// Set the data for resuming a previous session.
	77	/// Needs to be done before using the SessionPointer for a handshake.
	78	void SetSessionResumeData(const Security::SessionPointer &, const Security::SessionStatePointer &);
	79
c96b5508	80	#if USE_OPENSSL
1c1fae0f AJ	81	/// Helper function to retrieve a (non-locked) ContextPointer from a SessionPointer
	82	inline Security::ContextPointer
	83	GetFrom(Security::SessionPointer &s)
	84	{
	85	auto *ctx = SSL_get_SSL_CTX(s.get());
	86	return Security::ContextPointer(ctx, [](SSL_CTX ) {/ nothing to unlock/free */});
	87	}
	88
c96b5508 AJ	89	/// \deprecated use the PeerOptions/ServerOptions API methods instead.
	90	/// Wraps SessionPointer value creation to reduce risk of
	91	/// a nasty hack in ssl/support.cc.
	92	Security::SessionPointer NewSessionObject(const Security::ContextPointer &);
	93	#endif
	94
3aac8c26 AJ	95	} // namespace Security
	96
	97	#endif /* SQUID_SRC_SECURITY_SESSION_H */
	98