bio.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_BIO_H
10 #define SQUID_SSL_BIO_H
11 
12 #if USE_OPENSSL
13 
14 #include "FadingCounter.h"
15 #include "fd.h"
16 #include "MemBuf.h"
17 #include "security/Handshake.h"
18 #include "ssl/support.h"
19 
20 #include <iosfwd>
21 #include <list>
22 #if HAVE_OPENSSL_BIO_H
23 #include <openssl/bio.h>
24 #endif
25 #include <string>
26 #include <type_traits>
27 
28 namespace Ssl
29 {
30 
32 class Bio
33 {
34 public:
35  explicit Bio(const int anFd);
36  virtual ~Bio();
37 
39  virtual int write(const char *buf, int size, BIO *table);
40 
42  virtual int read(char *buf, int size, BIO *table);
43 
46  virtual void flush(BIO *table) {}
47 
48  int fd() const { return fd_; }
49 
52  virtual void stateChanged(const SSL *ssl, int where, int ret);
53 
56  static BIO *Create(const int fd, Security::Io::Type type);
58  static void Link(SSL *ssl, BIO *bio);
59 
60  const SBuf &rBufData() {return rbuf;}
61 protected:
62  const int fd_;
63  SBuf rbuf;
64 };
65 
69 class ClientBio: public Bio
70 {
71 public:
72  explicit ClientBio(const int anFd);
73 
77  virtual void stateChanged(const SSL *ssl, int where, int ret);
79  virtual int write(const char *buf, int size, BIO *table);
83  virtual int read(char *buf, int size, BIO *table);
85  void hold(bool h) {holdRead_ = holdWrite_ = h;}
86 
90  void setReadBufData(SBuf &data) {rbuf = data;}
91 private:
93  static const time_t RenegotiationsWindow = 10;
94 
96  static const int RenegotiationsLimit = 5;
97 
98  bool holdRead_;
99  bool holdWrite_;
100  int helloSize;
101  FadingCounter renegotiations;
102 
104  const char *abortReason;
105 };
106 
122 class ServerBio: public Bio
123 {
124 public:
125  explicit ServerBio(const int anFd);
126 
128  virtual void stateChanged(const SSL *ssl, int where, int ret);
133  virtual int write(const char *buf, int size, BIO *table);
136  virtual int read(char *buf, int size, BIO *table);
139  virtual void flush(BIO *table);
141  void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello);
142 
143  bool resumingSession();
144 
146  bool holdWrite() const {return holdWrite_;}
148  void holdWrite(bool h) {holdWrite_ = h;}
150  bool holdRead() const {return holdRead_;}
152  void holdRead(bool h) {holdRead_ = h;}
154  void recordInput(bool r) {record_ = r;}
156  bool canSplice() {return allowSplice;}
158  bool canBump() {return allowBump;}
160  void mode(Ssl::BumpMode m) {bumpMode_ = m;}
161  Ssl::BumpMode bumpMode() {return bumpMode_;}
162 
164  bool gotHello() const { return (parsedHandshake && !parseError); }
165 
167  bool gotHelloFailed() const { return (parsedHandshake && parseError); }
168 
170  const Security::CertList &serverCertificatesIfAny() { return parser_.serverCertificates; }
171 
173  const Security::TlsDetails::Pointer &receivedHelloDetails() const {return parser_.details;}
174 
175 private:
176  int readAndGive(char *buf, const int size, BIO *table);
177  int readAndParse(char *buf, const int size, BIO *table);
178  int readAndBuffer(BIO *table);
179  int giveBuffered(char *buf, const int size);
180 
182  Security::TlsDetails::Pointer clientTlsDetails;
184  SBuf clientSentHello;
185  SBuf helloMsg;
186  mb_size_t helloMsgSize;
187  bool helloBuild;
188  bool allowSplice;
189  bool allowBump;
190  bool holdWrite_;
191  bool holdRead_;
192  bool record_;
193  bool parsedHandshake;
194  bool parseError;
195  Ssl::BumpMode bumpMode_;
196 
198  size_t rbufConsumePos;
199  Security::HandshakeParser parser_;
200 };
201 
202 } // namespace Ssl
203 
204 void
205 applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);
206 
207 #if !HAVE_LIBCRYPTO_BIO_GET_INIT
208 // OpenSSL v1.0 bio compatibility functions
209 inline void *BIO_get_data(BIO *table) { return table->ptr; }
210 inline void BIO_set_data(BIO *table, void *data) { table->ptr = data; }
211 inline int BIO_get_init(BIO *table) { return table->init; }
212 inline void BIO_set_init(BIO *table, int init) { table->init = init; }
213 #endif
214 
215 #endif /* USE_OPENSSL */
216 #endif /* SQUID_SSL_BIO_H */
217 
Ssl::Bio::Create
static BIO * Create(const int fd, Security::Io::Type type)
Definition: bio.cc:66
Security::HandshakeParser
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:56
Ssl::ServerBio::bumpMode_
Ssl::BumpMode bumpMode_
Definition: bio.h:195
Ssl::Bio::rBufData
const SBuf & rBufData()
The buffered input data.
Definition: bio.h:60
type
int type
Definition: errorpage.cc:78
SBuf
Definition: SBuf.h:86
Ssl::ServerBio::clientTlsDetails
Security::TlsDetails::Pointer clientTlsDetails
SSL client features extracted from ClientHello message or SSL object.
Definition: bio.h:182
Ssl::Bio::Link
static void Link(SSL *ssl, BIO *bio)
Tells ssl connection to use BIO and monitor state via stateChanged()
Definition: bio.cc:92
Ssl::Bio::flush
virtual void flush(BIO *table)
Definition: bio.h:46
Ssl::ClientBio::write
virtual int write(const char *buf, int size, BIO *table)
The ClientBio version of the Ssl::Bio::write method.
Definition: bio.cc:203
Ssl::ServerBio::canSplice
bool canSplice()
Whether we can splice or not the SSL stream.
Definition: bio.h:156
Ssl::Bio::write
virtual int write(const char *buf, int size, BIO *table)
Writes the given data to socket.
Definition: bio.cc:108
Ssl::bumpMode
const char * bumpMode(int bm)
Definition: support.h:144
Ssl::Bio::fd_
const int fd_
the SSL socket we are reading and writing
Definition: bio.h:62
Ssl::ServerBio::recordInput
void recordInput(bool r)
Enables or disables the input data recording, for internal analysis.
Definition: bio.h:154
Ssl::ServerBio::receivedHelloDetails
const Security::TlsDetails::Pointer & receivedHelloDetails() const
Definition: bio.h:173
Ssl::ServerBio::holdWrite_
bool holdWrite_
The write hold state of the bio.
Definition: bio.h:190
Ssl::ServerBio::holdRead_
bool holdRead_
The read hold state of the bio.
Definition: bio.h:191
Ssl::ClientBio::holdWrite_
bool holdWrite_
The write hold state of the bio.
Definition: bio.h:99
Ssl::ServerBio::bumpMode
Ssl::BumpMode bumpMode()
return the bumping mode
Definition: bio.h:161
Ssl::ServerBio::mode
void mode(Ssl::BumpMode m)
The bumping mode.
Definition: bio.h:160
Ssl::ServerBio::setClientFeatures
void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello)
Sets the random number to use in client SSL HELLO message.
Definition: bio.cc:268
Ssl::ServerBio::rbufConsumePos
size_t rbufConsumePos
The size of data stored in rbuf which passed to the openSSL.
Definition: bio.h:198
BIO_set_init
void BIO_set_init(BIO *table, int init)
Definition: bio.h:212
Ssl::ServerBio::helloMsg
SBuf helloMsg
Used to buffer output data.
Definition: bio.h:185
Ssl::ServerBio::helloBuild
bool helloBuild
True if the client hello message sent to the server.
Definition: bio.h:187
Ssl::Bio::~Bio
virtual ~Bio()
Definition: bio.cc:103
Security::CertList
CtoCpp1(X509_free, X509 *) typedef Security CtoCpp1(X509_CRL_free, X509_CRL *) typedef Security typedef std::list< Security::CertPointer CertList)
Definition: forward.h:95
Ssl::ServerBio::holdRead
bool holdRead() const
The read hold state.
Definition: bio.h:150
Ssl::ServerBio::write
virtual int write(const char *buf, int size, BIO *table)
Definition: bio.cc:471
data
void const char HLPCB void * data
Definition: stub_helper.cc:16
Ssl::ClientBio::RenegotiationsWindow
static const time_t RenegotiationsWindow
approximate size of a time window for computing client-initiated renegotiation rate (in seconds) ...
Definition: bio.h:93
Ssl::ClientBio::holdRead_
bool holdRead_
The read hold state of the bio.
Definition: bio.h:98
Ssl::ClientBio::helloSize
int helloSize
The SSL hello message sent by client size.
Definition: bio.h:100
Security::HandshakeParser::serverCertificates
Security::CertList serverCertificates
parsed certificates chain
Definition: Handshake.h:72
Ssl::ServerBio::parser_
Security::HandshakeParser parser_
The TLS/SSL messages parser.
Definition: bio.h:199
Ssl::ServerBio::read
virtual int read(char *buf, int size, BIO *table)
Definition: bio.cc:275
Ssl::ServerBio::giveBuffered
int giveBuffered(char *buf, const int size)
Definition: bio.cc:351
FadingCounter
Counts events, forgetting old ones. Usefull for "3 errors/minute" limits.
Definition: FadingCounter.h:15
BIO_get_init
int BIO_get_init(BIO *table)
Definition: bio.h:211
Ssl::ServerBio::holdWrite
void holdWrite(bool h)
Enables or disables the write hold state.
Definition: bio.h:148
Ssl::ServerBio::gotHello
bool gotHello() const
Definition: bio.h:164
Ssl::ServerBio::parseError
bool parseError
error while parsing server hello message
Definition: bio.h:194
Ssl::Bio
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:32
Ssl::ClientBio::RenegotiationsLimit
static const int RenegotiationsLimit
the maximum tolerated number of client-initiated renegotiations in RenegotiationsWindow ...
Definition: bio.h:96
Ssl::ClientBio::setReadBufData
void setReadBufData(SBuf &data)
Definition: bio.h:90
Ssl::Bio::read
virtual int read(char *buf, int size, BIO *table)
Reads data from socket.
Definition: bio.cc:131
Ssl::ServerBio::parsedHandshake
bool parsedHandshake
whether we are done parsing TLS Hello
Definition: bio.h:193
Ssl::ClientBio::ClientBio
ClientBio(const int anFd)
Definition: bio.cc:171
Ssl::ServerBio::holdWrite
bool holdWrite() const
The write hold state.
Definition: bio.h:146
buf
void const char * buf
Definition: stub_helper.cc:16
Ssl::ServerBio::allowSplice
bool allowSplice
True if the SSL stream can be spliced.
Definition: bio.h:188
Ssl::ServerBio::resumingSession
bool resumingSession()
Definition: bio.cc:556
BIO_set_data
void BIO_set_data(BIO *table, void *data)
Definition: bio.h:210
Ssl::ServerBio::holdRead
void holdRead(bool h)
Enables or disables the read hold state.
Definition: bio.h:152
Ssl::ServerBio::canBump
bool canBump()
Whether we can bump or not the SSL stream.
Definition: bio.h:158
Ssl::Bio::rbuf
SBuf rbuf
Used to buffer input data.
Definition: bio.h:63
Security::HandshakeParser::details
TlsDetails::Pointer details
TLS handshake meta info or nil.
Definition: Handshake.h:70
Ssl::ClientBio::renegotiations
FadingCounter renegotiations
client requested renegotiations limit control
Definition: bio.h:101
Ssl::Bio::stateChanged
virtual void stateChanged(const SSL *ssl, int where, int ret)
Definition: bio.cc:156
Ssl::ServerBio::serverCertificatesIfAny
const Security::CertList & serverCertificatesIfAny()
Definition: bio.h:170
Ssl::ClientBio::stateChanged
virtual void stateChanged(const SSL *ssl, int where, int ret)
Definition: bio.cc:182
Ssl::ServerBio::clientSentHello
SBuf clientSentHello
TLS client hello message, used to adapt our tls Hello message to the server.
Definition: bio.h:184
Ssl::ServerBio::record_
bool record_
If true the input data recorded to rbuf for internal use.
Definition: bio.h:192
Ssl::ServerBio::helloMsgSize
mb_size_t helloMsgSize
Definition: bio.h:186
Ssl::ServerBio::flush
virtual void flush(BIO *table)
Definition: bio.cc:547
applyTlsDetailsToSSL
void applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode)
Definition: bio.cc:686
Ssl::ClientBio::hold
void hold(bool h)
Prevents or allow writting on socket.
Definition: bio.h:85
Ssl::Bio::fd
int fd() const
The SSL socket descriptor.
Definition: bio.h:48
Ssl::ClientBio::read
virtual int read(char *buf, int size, BIO *table)
Definition: bio.cc:220
Ssl::Bio::Bio
Bio(const int anFd)
Definition: bio.cc:98
mb_size_t
ssize_t mb_size_t
Definition: MemBuf.h:17
Ssl::ServerBio::gotHelloFailed
bool gotHelloFailed() const
Return true if the Server Hello parsing failed.
Definition: bio.h:167
Ssl::ServerBio::ServerBio
ServerBio(const int anFd)
Definition: bio.cc:245
BIO_get_data
void * BIO_get_data(BIO *table)
Definition: bio.h:209
Ssl::BumpMode
BumpMode
Definition: support.h:130
Ssl::ServerBio::readAndBuffer
int readAndBuffer(BIO *table)
Definition: bio.cc:337
Ssl::ServerBio::readAndGive
int readAndGive(char *buf, const int size, BIO *table)
Read and give everything to OpenSSL.
Definition: bio.cc:285
Ssl::ServerBio::readAndParse
int readAndParse(char *buf, const int size, BIO *table)
Definition: bio.cc:305
Ssl::ClientBio::abortReason
const char * abortReason
why we should terminate the connection during next TLS operation (or nil)
Definition: bio.h:104
Ssl::ServerBio::stateChanged
virtual void stateChanged(const SSL *ssl, int where, int ret)
The ServerBio version of the Ssl::Bio::stateChanged method.
Definition: bio.cc:262
Ssl::ServerBio::allowBump
bool allowBump
True if the SSL stream can be bumped.
Definition: bio.h:189
size
int size
Definition: ModDevPoll.cc:77

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors