bio.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_SSL_BIO_H
10#define SQUID_SSL_BIO_H
11
12#if USE_OPENSSL
13
14#include "compat/openssl.h"
15#include "FadingCounter.h"
16#include "fd.h"
17#include "MemBuf.h"
18#include "security/Handshake.h"
19#include "ssl/support.h"
20
21#include <iosfwd>
22#include <list>
23#if HAVE_OPENSSL_BIO_H
24#include <openssl/bio.h>
25#endif
26#include <string>
27#include <type_traits>
28
29namespace Ssl
30{
31
33class Bio
34{
35public:
36 explicit Bio(const int anFd);
37 virtual ~Bio();
38
40 virtual int write(const char *buf, int size, BIO *table);
41
43 virtual int read(char *buf, int size, BIO *table);
44
47 virtual void flush(BIO *) {}
48
49 int fd() const { return fd_; }
50
53 virtual void stateChanged(const SSL *ssl, int where, int ret);
54
57 static BIO *Create(const int fd, Security::Io::Type type);
59 static void Link(SSL *ssl, BIO *bio);
60
61 const SBuf &rBufData() {return rbuf;}
62protected:
63 const int fd_;
65};
66
70class ClientBio: public Bio
71{
72public:
73 explicit ClientBio(const int anFd);
74
78 virtual void stateChanged(const SSL *ssl, int where, int ret);
80 virtual int write(const char *buf, int size, BIO *table);
84 virtual int read(char *buf, int size, BIO *table);
86 void hold(bool h) {holdRead_ = holdWrite_ = h;}
87
91 void setReadBufData(SBuf &data) {rbuf = data;}
92private:
94 static const time_t RenegotiationsWindow = 10;
95
97 static const int RenegotiationsLimit = 5;
98
99 bool holdRead_;
102
104 const char *abortReason;
105};
106
122class ServerBio: public Bio
123{
124public:
125 explicit ServerBio(const int anFd);
126
128 virtual void stateChanged(const SSL *ssl, int where, int ret);
133 virtual int write(const char *buf, int size, BIO *table);
136 virtual int read(char *buf, int size, BIO *table);
139 virtual void flush(BIO *table);
141 void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello);
142
143 bool resumingSession();
144
147 bool encryptedCertificates() const;
148
150 bool holdWrite() const {return holdWrite_;}
152 void holdWrite(bool h) {holdWrite_ = h;}
154 void recordInput(bool r) {record_ = r;}
156 bool canSplice() {return allowSplice;}
158 bool canBump() {return allowBump;}
162
164 bool gotHello() const { return (parsedHandshake && !parseError); }
165
167 bool gotHelloFailed() const { return (parsedHandshake && parseError); }
168
171
172private:
173 int readAndGive(char *buf, const int size, BIO *table);
174 int readAndParse(char *buf, const int size, BIO *table);
175 int readAndBuffer(BIO *table);
176 int giveBuffered(char *buf, const int size);
177
188 bool record_;
192
196};
197
198} // namespace Ssl
199
200void
202
203#endif /* USE_OPENSSL */
204#endif /* SQUID_SSL_BIO_H */
205
ssize_t mb_size_t
Definition: MemBuf.h:17
int size
Definition: ModDevPoll.cc:75
void applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode)
Definition: bio.cc:569
Counts events, forgetting old ones. Useful for "3 errors/minute" limits.
Definition: FadingCounter.h:16
Definition: SBuf.h:94
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:61
TlsDetails::Pointer details
TLS handshake meta info. Never nil.
Definition: Handshake.h:77
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:34
int fd() const
The SSL socket descriptor.
Definition: bio.h:49
const int fd_
the SSL socket we are reading and writing
Definition: bio.h:63
SBuf rbuf
Used to buffer input data.
Definition: bio.h:64
virtual void stateChanged(const SSL *ssl, int where, int ret)
Definition: bio.cc:152
virtual int write(const char *buf, int size, BIO *table)
Writes the given data to socket.
Definition: bio.cc:104
virtual ~Bio()
Definition: bio.cc:99
static void Link(SSL *ssl, BIO *bio)
Tells ssl connection to use BIO and monitor state via stateChanged()
Definition: bio.cc:88
static BIO * Create(const int fd, Security::Io::Type type)
Definition: bio.cc:62
virtual void flush(BIO *)
Definition: bio.h:47
virtual int read(char *buf, int size, BIO *table)
Reads data from socket.
Definition: bio.cc:127
const SBuf & rBufData()
The buffered input data.
Definition: bio.h:61
Bio(const int anFd)
Definition: bio.cc:94
FadingCounter renegotiations
client requested renegotiations limit control
Definition: bio.h:101
virtual void stateChanged(const SSL *ssl, int where, int ret)
Definition: bio.cc:177
ClientBio(const int anFd)
Definition: bio.cc:167
bool holdRead_
The read hold state of the bio.
Definition: bio.h:99
void setReadBufData(SBuf &data)
Definition: bio.h:91
const char * abortReason
why we should terminate the connection during next TLS operation (or nil)
Definition: bio.h:104
void hold(bool h)
Prevents or allow writing on socket.
Definition: bio.h:86
virtual int read(char *buf, int size, BIO *table)
Definition: bio.cc:215
bool holdWrite_
The write hold state of the bio.
Definition: bio.h:100
virtual int write(const char *buf, int size, BIO *table)
The ClientBio version of the Ssl::Bio::write method.
Definition: bio.cc:198
static const int RenegotiationsLimit
the maximum tolerated number of client-initiated renegotiations in RenegotiationsWindow
Definition: bio.h:97
static const time_t RenegotiationsWindow
approximate size of a time window for computing client-initiated renegotiation rate (in seconds)
Definition: bio.h:94
bool record_
If true the input data recorded to rbuf for internal use.
Definition: bio.h:188
void mode(Ssl::BumpMode m)
The bumping mode.
Definition: bio.h:160
SBuf helloMsg
Used to buffer output data.
Definition: bio.h:182
ServerBio(const int anFd)
Definition: bio.cc:240
bool allowBump
True if the SSL stream can be bumped.
Definition: bio.h:186
Security::TlsDetails::Pointer clientTlsDetails
SSL client features extracted from ClientHello message or SSL object.
Definition: bio.h:179
virtual void stateChanged(const SSL *ssl, int where, int ret)
The ServerBio version of the Ssl::Bio::stateChanged method.
Definition: bio.cc:257
bool parsedHandshake
whether we are done parsing TLS Hello
Definition: bio.h:189
Ssl::BumpMode bumpMode_
Definition: bio.h:191
SBuf clientSentHello
TLS client hello message, used to adapt our tls Hello message to the server.
Definition: bio.h:181
size_t rbufConsumePos
The size of data stored in rbuf which passed to the openSSL.
Definition: bio.h:194
bool holdWrite() const
The write hold state.
Definition: bio.h:150
virtual void flush(BIO *table)
Definition: bio.cc:423
bool gotHello() const
Definition: bio.h:164
Security::HandshakeParser parser_
The TLS/SSL messages parser.
Definition: bio.h:195
virtual int write(const char *buf, int size, BIO *table)
Definition: bio.cc:354
void recordInput(bool r)
Enables or disables the input data recording, for internal analysis.
Definition: bio.h:154
bool canBump()
Whether we can bump or not the SSL stream.
Definition: bio.h:158
bool gotHelloFailed() const
Return true if the Server Hello parsing failed.
Definition: bio.h:167
void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello)
Sets the random number to use in client SSL HELLO message.
Definition: bio.cc:263
bool encryptedCertificates() const
Definition: bio.cc:438
Ssl::BumpMode bumpMode()
return the bumping mode
Definition: bio.h:161
bool holdWrite_
The write hold state of the bio.
Definition: bio.h:187
const Security::TlsDetails::Pointer & receivedHelloDetails() const
Definition: bio.h:170
virtual int read(char *buf, int size, BIO *table)
Definition: bio.cc:270
bool resumingSession()
Definition: bio.cc:432
mb_size_t helloMsgSize
Definition: bio.h:183
int readAndParse(char *buf, const int size, BIO *table)
Definition: bio.cc:300
bool allowSplice
True if the SSL stream can be spliced.
Definition: bio.h:185
void holdWrite(bool h)
Enables or disables the write hold state.
Definition: bio.h:152
bool canSplice()
Whether we can splice or not the SSL stream.
Definition: bio.h:156
int readAndGive(char *buf, const int size, BIO *table)
Read and give everything to OpenSSL.
Definition: bio.cc:280
int readAndBuffer(BIO *table)
Definition: bio.cc:326
bool parseError
error while parsing server hello message
Definition: bio.h:190
int giveBuffered(char *buf, const int size)
Definition: bio.cc:340
bool helloBuild
True if the client hello message sent to the server.
Definition: bio.h:184
int type
Definition: errorpage.cc:152
const char * bumpMode(int bm)
Definition: support.h:138
BumpMode
Definition: support.h:126
Definition: Xaction.cc:49

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors