bio.h

Go to the documentation of this file.

/*
 * Copyright (C) 1996-2019 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SSL_BIO_H
#define SQUID_SSL_BIO_H

#if USE_OPENSSL

#include "compat/openssl.h"
#include "FadingCounter.h"
#include "fd.h"
#include "MemBuf.h"
#include "security/Handshake.h"
#include "ssl/support.h"

#include <iosfwd>
#include <list>
#if HAVE_OPENSSL_BIO_H
#include <openssl/bio.h>
#endif
#include <string>
#include <type_traits>

namespace Ssl
{

class Bio
{
public:
    explicit Bio(const int anFd);
    virtual ~Bio();

    virtual int write(const char *buf, int size, BIO *table);

    virtual int read(char *buf, int size, BIO *table);

    virtual void flush(BIO *table) {}

    int fd() const { return fd_; } 

    virtual void stateChanged(const SSL *ssl, int where, int ret);

    static BIO *Create(const int fd, Security::Io::Type type);
    static void Link(SSL *ssl, BIO *bio);

    const SBuf &rBufData() {return rbuf;} 
protected:
    const int fd_; 
    SBuf rbuf;  
};

class ClientBio: public Bio
{
public:
    explicit ClientBio(const int anFd);

    virtual void stateChanged(const SSL *ssl, int where, int ret);
    virtual int write(const char *buf, int size, BIO *table);
    virtual int read(char *buf, int size, BIO *table);
    void hold(bool h) {holdRead_ = holdWrite_ = h;}

    void setReadBufData(SBuf &data) {rbuf = data;}
private:
    static const time_t RenegotiationsWindow = 10;

    static const int RenegotiationsLimit = 5;

    bool holdRead_; 
    bool holdWrite_;  
    int helloSize; 
    FadingCounter renegotiations; 

    const char *abortReason;
};

class ServerBio: public Bio
{
public:
    explicit ServerBio(const int anFd);

    virtual void stateChanged(const SSL *ssl, int where, int ret);
    virtual int write(const char *buf, int size, BIO *table);
    virtual int read(char *buf, int size, BIO *table);
    virtual void flush(BIO *table);
    void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello);

    bool resumingSession();

    bool holdWrite() const {return holdWrite_;}
    void holdWrite(bool h) {holdWrite_ = h;}
    bool holdRead() const {return holdRead_;}
    void holdRead(bool h) {holdRead_ = h;}
    void recordInput(bool r) {record_ = r;}
    bool canSplice() {return allowSplice;}
    bool canBump() {return allowBump;}
    void mode(Ssl::BumpMode m) {bumpMode_ = m;}
    Ssl::BumpMode bumpMode() {return bumpMode_;} 

    bool gotHello() const { return (parsedHandshake && !parseError); }

    bool gotHelloFailed() const { return (parsedHandshake && parseError); }

    const Security::CertList &serverCertificatesIfAny() { return parser_.serverCertificates; }

    const Security::TlsDetails::Pointer &receivedHelloDetails() const {return parser_.details;}

private:
    int readAndGive(char *buf, const int size, BIO *table);
    int readAndParse(char *buf, const int size, BIO *table);
    int readAndBuffer(BIO *table);
    int giveBuffered(char *buf, const int size);

    Security::TlsDetails::Pointer clientTlsDetails;
    SBuf clientSentHello;
    SBuf helloMsg; 
    mb_size_t  helloMsgSize;
    bool helloBuild; 
    bool allowSplice; 
    bool allowBump;  
    bool holdWrite_;  
    bool holdRead_;  
    bool record_; 
    bool parsedHandshake; 
    bool parseError; 
    Ssl::BumpMode bumpMode_;

    size_t rbufConsumePos;
    Security::HandshakeParser parser_; 
};

} // namespace Ssl

void
applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);

#endif /* USE_OPENSSL */
#endif /* SQUID_SSL_BIO_H */