doc/v632/TSSLSocket_8cxx_source.html

// @(#)root/net:$Id: TSSLSocket.cxx

// Author: Alejandro Alvarez 16/09/2011


/*************************************************************************

 * Copyright (C) 1995-2011, Rene Brun and Fons Rademakers.               *

 * All rights reserved.                                                  *

 *                                                                       *

 * For the licensing terms see $ROOTSYS/LICENSE.                         *

 * For the list of contributors see $ROOTSYS/README/CREDITS.             *

 *************************************************************************/


/**

\file TSSLSocket.cxx

\class TSSLSocket

\brief A TSocket wrapped in by SSL.

\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but

not limited to, the management of the connections to said sockets.

**/


#include <openssl/ssl.h>

#include <cstdio>

#include "strlcpy.h"

#include "TSSLSocket.h"

#include "TSystem.h"


// Static properties

char TSSLSocket::fgSSLCAFile[FILENAME_MAX] = "";

char TSSLSocket::fgSSLCAPath[FILENAME_MAX] = "";

char TSSLSocket::fgSSLUCert[FILENAME_MAX]  = "";

char TSSLSocket::fgSSLUKey[FILENAME_MAX]   = "";


////////////////////////////////////////////////////////////////////////////////

/// Wraps the socket with OpenSSL.


void TSSLSocket::WrapWithSSL(void)

{

   SSL_library_init();


   // New context

   if (!(fSSLCtx = SSL_CTX_new(SSLv23_method()))) {

      Error("WrapWithSSL", "the context could not be created");

      goto wrapFailed;

   }


   if ((fgSSLCAFile[0] || fgSSLCAPath[0]) && SSL_CTX_load_verify_locations(fSSLCtx, fgSSLCAFile, fgSSLCAPath) == 0) {

      Error("WrapWithSSL", "could not set the CA file and/or the CA path");

      goto wrapFailed;

   }


   if (fgSSLUCert[0] && SSL_CTX_use_certificate_chain_file(fSSLCtx, fgSSLUCert) == 0) {

      Error("WrapWithSSL", "could not set the client certificate");

      goto wrapFailed;

   }


   if (fgSSLUKey[0] && SSL_CTX_use_PrivateKey_file(fSSLCtx, fgSSLUKey, SSL_FILETYPE_PEM) == 0) {

      Error("WrapWithSSL", "could not set the client private key");

      goto wrapFailed;

   }


   // New SSL structure

   if (!(fSSL = SSL_new(fSSLCtx))) {

      Error("WrapWithSSL", "cannot create the ssl struct");

      goto wrapFailed;

   }


   // Bind to the socket

   if (SSL_set_fd(fSSL, fSocket) != 1) {

      Error("WrapWithSSL", "cannot bind to the socket %d", fSocket);

      goto wrapFailed;

   }


   // Open connection

   if (SSL_connect(fSSL) != 1) {

      Error("WrapWithSSL", "cannot connect");

      goto wrapFailed;

   }


   return;


wrapFailed:

   Close();

   return;

}


////////////////////////////////////////////////////////////////////////////////


ClassImp(TSSLSocket);


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(TInetAddress addr, const char *service, Int_t tcpwindowsize)

   : TSocket(addr, service, tcpwindowsize)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(TInetAddress addr, Int_t port, Int_t tcpwindowsize)

   : TSocket(addr, port, tcpwindowsize)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(const char *host, const char *service, Int_t tcpwindowsize)

   : TSocket(host, service, tcpwindowsize)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(const char *url, Int_t port, Int_t tcpwindowsize)

   : TSocket(url, port, tcpwindowsize)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(const char *sockpath) : TSocket(sockpath)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(Int_t desc) : TSocket(desc)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(Int_t desc, const char *sockpath) : TSocket(desc, sockpath)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////


TSSLSocket::TSSLSocket(const TSSLSocket &s) : TSocket(s)

{

   WrapWithSSL();

}


////////////////////////////////////////////////////////////////////////////////

/// Close gracefully the connection, and free SSL structures.


TSSLSocket::~TSSLSocket()

{

   Close();

   if (fSSL)

     SSL_free(fSSL);

   if (fSSLCtx)

     SSL_CTX_free(fSSLCtx);

}


////////////////////////////////////////////////////////////////////////////////

/// Close the SSL connection.


void TSSLSocket::Close(Option_t *option)

{

   if (fSSL)

      SSL_shutdown(fSSL);

   TSocket::Close(option);

}


////////////////////////////////////////////////////////////////////////////////

/// Set up the static configuration variables.


void TSSLSocket::SetUpSSL(const char *cafile, const char *capath,

                          const char *ucert,  const char *ukey)

{

   if (cafile)

      strlcpy(fgSSLCAFile, cafile, FILENAME_MAX);

   if (capath)

      strlcpy(fgSSLCAPath, capath, FILENAME_MAX);

   if (ucert)

      strlcpy(fgSSLUCert,  ucert,  FILENAME_MAX);

   if (ukey)

      strlcpy(fgSSLUKey,   ukey,   FILENAME_MAX);

}


////////////////////////////////////////////////////////////////////////////////


Int_t TSSLSocket::Recv(TMessage *& /*mess */)

{

   Error("Recv", "not implemented");

   return -1;

}


////////////////////////////////////////////////////////////////////////////////

/// Receive a raw buffer of specified length bytes.


Int_t TSSLSocket::RecvRaw(void *buffer, Int_t length, ESendRecvOptions opt)

{

   TSystem::ResetErrno();


   if (fSocket == -1) return -1;

   if (length == 0)   return 0;


   ResetBit(TSocket::kBrokenConn);


   Int_t n;

   Int_t offset = 0;

   Int_t remain = length;


   // SSL_read/SSL_peek may not return the total length at once

   while (remain > 0) {

     if (opt == kPeek)

        n = SSL_peek(fSSL, (char*)buffer + offset, (int)remain);

     else

        n = SSL_read(fSSL, (char*)buffer + offset, (int)remain);


     if (n <= 0) {

        if (gDebug > 0)

           Error("RecvRaw", "failed to read from the socket");


        if (SSL_get_error(fSSL, n) == SSL_ERROR_ZERO_RETURN || SSL_get_error(fSSL, n) == SSL_ERROR_SYSCALL) {

           // Connection closed, reset or broken

           SetBit(TSocket::kBrokenConn);

           SSL_set_quiet_shutdown(fSSL, 1); // Socket is gone, sending "close notify" will fail

           Close();

        }

        return n;

     }


     // When peeking, just return the available data, don't loop. Otherwise,

     // we may copy the same chunk of data multiple times into the

     // output buffer, for instance when there is no more recent data

     // in the socket's internal reception buffers.

     // Note that in this case we don't update the counters of data received

     // through this socket. They will be updated when the data is actually

     // read. This avoids double counting.

     if (opt == kPeek) return n;


     offset += n;

     remain -= n;

   }


   fBytesRecv  += length;

   fgBytesRecv += length;


   Touch();  // update usage timestamp


   return offset;

}


////////////////////////////////////////////////////////////////////////////////


Int_t TSSLSocket::Send(const TMessage & /* mess */)

{

   Error("Send", "not implemented");

   return -1;

}


////////////////////////////////////////////////////////////////////////////////

/// Send a raw buffer of specified length.


Int_t TSSLSocket::SendRaw(const void *buffer, Int_t length, ESendRecvOptions /* opt */)

{

   TSystem::ResetErrno();


   if (fSocket == -1) return -1;


   ResetBit(TSocket::kBrokenConn);


   Int_t nsent;

   if ((nsent = SSL_write(fSSL, buffer, (int)length)) <= 0) {

      if (SSL_get_error(fSSL, nsent) == SSL_ERROR_ZERO_RETURN) {

         // Connection reset or broken: close

         SetBit(TSocket::kBrokenConn);

         Close();

      }

      return nsent;

   }


   fBytesSent  += nsent;

   fgBytesSent += nsent;


   Touch(); // update usage timestamp


   return nsent;

}


Option_t
const char Option_t
Definition RtypesCore.h:66

ClassImp
#define ClassImp(name)
Definition Rtypes.h:377

TRangeDynCast
ROOT::Detail::TRangeCast< T, true > TRangeDynCast
TRangeDynCast is an adapter class that allows the typed iteration through a TCollection.
Definition TCollection.h:358

option
Option_t Option_t option
Definition TGWin32VirtualXProxy.cxx:44

offset
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t Float_t Float_t Int_t Int_t UInt_t UInt_t Rectangle_t Int_t Int_t Window_t TString Int_t GCValues_t GetPrimarySelectionOwner GetDisplay GetScreen GetColormap GetNativeEvent const char const char dpyName wid window const char font_name cursor keysym reg const char only_if_exist regb h Point_t winding char text const char depth char const char Int_t count const char ColorStruct_t color const char Pixmap_t Pixmap_t PictureAttributes_t attr const char char ret_data h unsigned char height h offset
Definition TGWin32VirtualXProxy.cxx:245

length
Option_t Option_t TPoint TPoint const char GetTextMagnitude GetFillStyle GetLineColor GetLineWidth GetMarkerStyle GetTextAlign GetTextColor GetTextSize void char Point_t Rectangle_t WindowAttributes_t Float_t Float_t Float_t Int_t Int_t UInt_t UInt_t Rectangle_t Int_t Int_t Window_t TString Int_t GCValues_t GetPrimarySelectionOwner GetDisplay GetScreen GetColormap GetNativeEvent const char const char dpyName wid window const char font_name cursor keysym reg const char only_if_exist regb h Point_t winding char text const char depth char const char Int_t count const char ColorStruct_t color const char Pixmap_t Pixmap_t PictureAttributes_t attr const char char ret_data h unsigned char height h length
Definition TGWin32VirtualXProxy.cxx:245

gDebug
Int_t gDebug
Definition TROOT.cxx:622

TSSLSocket.h

TSystem.h

ESendRecvOptions
ESendRecvOptions
Definition TSystem.h:236

kPeek
@ kPeek
Definition TSystem.h:239

ROOT::Detail::TRangeCast
Definition TCollection.h:311

TInetAddress
This class represents an Internet Protocol (IP) address.
Definition TInetAddress.h:36

TMessage
Definition TMessage.h:33

TObject::SetBit
void SetBit(UInt_t f, Bool_t set)
Set or unset the user status bits as specified in f.
Definition TObject.cxx:780

TObject::Error
virtual void Error(const char *method, const char *msgfmt,...) const
Issue error message.
Definition TObject.cxx:987

TObject::ResetBit
void ResetBit(UInt_t f)
Definition TObject.h:195

TSSLSocket
A TSocket wrapped in by SSL.
Definition TSSLSocket.h:28

TSSLSocket::SendRaw
Int_t SendRaw(const void *buffer, Int_t length, ESendRecvOptions opt=kDefault) override
Send a raw buffer of specified length.
Definition TSSLSocket.cxx:264

TSSLSocket::RecvRaw
Int_t RecvRaw(void *buffer, Int_t length, ESendRecvOptions opt=kDefault) override
Receive a raw buffer of specified length bytes.
Definition TSSLSocket.cxx:199

TSSLSocket::fSSL
SSL * fSSL
Definition TSSLSocket.h:41

TSSLSocket::fSSLCtx
SSL_CTX * fSSLCtx
Definition TSSLSocket.h:40

TSSLSocket::fgSSLUKey
static char fgSSLUKey[]
Definition TSSLSocket.h:37

TSSLSocket::Close
void Close(Option_t *option="") override
Close the SSL connection.
Definition TSSLSocket.cxx:165

TSSLSocket::fgSSLCAPath
static char fgSSLCAPath[]
Definition TSSLSocket.h:35

TSSLSocket::Recv
Int_t Recv(TMessage *&mess) override
Receive a TMessage object.
Definition TSSLSocket.cxx:190

TSSLSocket::WrapWithSSL
void WrapWithSSL()
Wraps the socket with OpenSSL.
Definition TSSLSocket.cxx:36

TSSLSocket::fgSSLCAFile
static char fgSSLCAFile[]
Definition TSSLSocket.h:34

TSSLSocket::TSSLSocket
TSSLSocket()
Definition TSSLSocket.h:30

TSSLSocket::fgSSLUCert
static char fgSSLUCert[]
Definition TSSLSocket.h:36

TSSLSocket::~TSSLSocket
virtual ~TSSLSocket()
Close gracefully the connection, and free SSL structures.
Definition TSSLSocket.cxx:153

TSSLSocket::Send
Int_t Send(const TMessage &mess) override
Send a TMessage object.
Definition TSSLSocket.cxx:255

TSSLSocket::SetUpSSL
static void SetUpSSL(const char *cafile, const char *capath, const char *ucert, const char *ukey)
Set up the static configuration variables.
Definition TSSLSocket.cxx:175

TSocket
This class implements client sockets.
Definition TSocket.h:41

TSocket::fSocket
Int_t fSocket
Definition TSocket.h:69

TSocket::fgBytesRecv
static ULong64_t fgBytesRecv
Definition TSocket.h:78

TSocket::kBrokenConn
@ kBrokenConn
Definition TSocket.h:49

TSocket::Close
virtual void Close(Option_t *opt="")
Close the socket.
Definition TSocket.cxx:391

TSocket::Touch
void Touch()
Definition TSocket.h:157

TSocket::fgBytesSent
static ULong64_t fgBytesSent
Definition TSocket.h:79

TSocket::fBytesSent
UInt_t fBytesSent
Definition TSocket.h:61

TSocket::fBytesRecv
UInt_t fBytesRecv
Definition TSocket.h:60

TSystem::ResetErrno
static void ResetErrno()
Static function resetting system error number.
Definition TSystem.cxx:284

int

n
const Int_t n
Definition legend1.C:16

SSL_ERROR_SYSCALL
#define SSL_ERROR_SYSCALL
Definition openssl_dl.inl:71

SSL_ERROR_ZERO_RETURN
#define SSL_ERROR_ZERO_RETURN
Definition openssl_dl.inl:72