bio.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SSL_BIO_H
10 #define SQUID_SSL_BIO_H
11 
12 #if USE_OPENSSL
13 
14 #include "compat/openssl.h"
15 #include "FadingCounter.h"
16 #include "fd.h"
17 #include "MemBuf.h"
18 #include "security/Handshake.h"
19 #include "ssl/support.h"
20 
21 #include <iosfwd>
22 #include <list>
23 #if HAVE_OPENSSL_BIO_H
24 #include <openssl/bio.h>
25 #endif
26 #include <string>
27 #include <type_traits>
28 
29 namespace Ssl
30 {
31 
33 class Bio
34 {
35 public:
36  explicit Bio(const int anFd);
37  virtual ~Bio();
38 
40  virtual int write(const char *buf, int size, BIO *table);
41 
43  virtual int read(char *buf, int size, BIO *table);
44 
47  virtual void flush(BIO *) {}
48 
49  int fd() const { return fd_; }
50 
53  virtual void stateChanged(const SSL *ssl, int where, int ret);
54 
57  static BIO *Create(const int fd, Security::Io::Type type);
59  static void Link(SSL *ssl, BIO *bio);
60 
61  const SBuf &rBufData() {return rbuf;}
62 protected:
63  const int fd_;
65 };
66 
70 class ClientBio: public Bio
71 {
72 public:
73  explicit ClientBio(const int anFd);
74 
78  virtual void stateChanged(const SSL *ssl, int where, int ret);
80  virtual int write(const char *buf, int size, BIO *table);
84  virtual int read(char *buf, int size, BIO *table);
86  void hold(bool h) {holdRead_ = holdWrite_ = h;}
87 
91  void setReadBufData(SBuf &data) {rbuf = data;}
92 private:
94  static const time_t RenegotiationsWindow = 10;
95 
97  static const int RenegotiationsLimit = 5;
98 
99  bool holdRead_;
100  bool holdWrite_;
102 
104  const char *abortReason;
105 };
106 
122 class ServerBio: public Bio
123 {
124 public:
125  explicit ServerBio(const int anFd);
126 
128  virtual void stateChanged(const SSL *ssl, int where, int ret);
133  virtual int write(const char *buf, int size, BIO *table);
136  virtual int read(char *buf, int size, BIO *table);
139  virtual void flush(BIO *table);
141  void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello);
142 
143  bool resumingSession();
144 
147  bool encryptedCertificates() const;
148 
150  bool holdWrite() const {return holdWrite_;}
152  void holdWrite(bool h) {holdWrite_ = h;}
154  void recordInput(bool r) {record_ = r;}
156  bool canSplice() {return allowSplice;}
158  bool canBump() {return allowBump;}
160  void mode(Ssl::BumpMode m) {bumpMode_ = m;}
162 
164  bool gotHello() const { return (parsedHandshake && !parseError); }
165 
167  bool gotHelloFailed() const { return (parsedHandshake && parseError); }
168 
171 
172 private:
173  int readAndGive(char *buf, const int size, BIO *table);
174  int readAndParse(char *buf, const int size, BIO *table);
175  int readAndBuffer(BIO *table);
176  int giveBuffered(char *buf, const int size);
177 
184  bool helloBuild;
185  bool allowSplice;
186  bool allowBump;
187  bool holdWrite_;
188  bool record_;
190  bool parseError;
192 
196 };
197 
198 } // namespace Ssl
199 
200 void
202 
203 #endif /* USE_OPENSSL */
204 #endif /* SQUID_SSL_BIO_H */
205 
bool holdWrite() const
The write hold state.
Definition: bio.h:150
Security::TlsDetails::Pointer clientTlsDetails
SSL client features extracted from ClientHello message or SSL object.
Definition: bio.h:179
static void Link(SSL *ssl, BIO *bio)
Tells ssl connection to use BIO and monitor state via stateChanged()
Definition: bio.cc:88
void setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &hello)
Sets the random number to use in client SSL HELLO message.
Definition: bio.cc:263
bool parsedHandshake
whether we are done parsing TLS Hello
Definition: bio.h:189
mb_size_t helloMsgSize
Definition: bio.h:183
virtual ~Bio()
Definition: bio.cc:99
void hold(bool h)
Prevents or allow writing on socket.
Definition: bio.h:86
Definition: SBuf.h:87
BumpMode
Definition: support.h:126
virtual void stateChanged(const SSL *ssl, int where, int ret)
Definition: bio.cc:152
bool holdWrite_
The write hold state of the bio.
Definition: bio.h:100
SBuf helloMsg
Used to buffer output data.
Definition: bio.h:182
ClientBio(const int anFd)
Definition: bio.cc:167
const SBuf & rBufData()
The buffered input data.
Definition: bio.h:61
int type
Definition: errorpage.cc:153
int readAndGive(char *buf, const int size, BIO *table)
Read and give everything to OpenSSL.
Definition: bio.cc:280
virtual int write(const char *buf, int size, BIO *table)
Definition: bio.cc:354
static const time_t RenegotiationsWindow
approximate size of a time window for computing client-initiated renegotiation rate (in seconds)
Definition: bio.h:94
ServerBio(const int anFd)
Definition: bio.cc:240
const Security::TlsDetails::Pointer & receivedHelloDetails() const
Definition: bio.h:170
static BIO * Create(const int fd, Security::Io::Type type)
Definition: bio.cc:62
virtual int read(char *buf, int size, BIO *table)
Definition: bio.cc:270
size_t rbufConsumePos
The size of data stored in rbuf which passed to the openSSL.
Definition: bio.h:194
int size
Definition: ModDevPoll.cc:76
virtual int read(char *buf, int size, BIO *table)
Reads data from socket.
Definition: bio.cc:127
virtual int write(const char *buf, int size, BIO *table)
The ClientBio version of the Ssl::Bio::write method.
Definition: bio.cc:198
bool holdRead_
The read hold state of the bio.
Definition: bio.h:99
int readAndBuffer(BIO *table)
Definition: bio.cc:326
virtual int write(const char *buf, int size, BIO *table)
Writes the given data to socket.
Definition: bio.cc:104
Definition: Xaction.cc:49
bool parseError
error while parsing server hello message
Definition: bio.h:190
virtual void stateChanged(const SSL *ssl, int where, int ret)
The ServerBio version of the Ssl::Bio::stateChanged method.
Definition: bio.cc:257
Ssl::BumpMode bumpMode_
Definition: bio.h:191
SBuf clientSentHello
TLS client hello message, used to adapt our tls Hello message to the server.
Definition: bio.h:181
TlsDetails::Pointer details
TLS handshake meta info. Never nil.
Definition: Handshake.h:77
bool canSplice()
Whether we can splice or not the SSL stream.
Definition: bio.h:156
void holdWrite(bool h)
Enables or disables the write hold state.
Definition: bio.h:152
bool resumingSession()
Definition: bio.cc:432
SBuf rbuf
Used to buffer input data.
Definition: bio.h:64
Ssl::BumpMode bumpMode()
return the bumping mode
Definition: bio.h:161
Bio(const int anFd)
Definition: bio.cc:94
void recordInput(bool r)
Enables or disables the input data recording, for internal analysis.
Definition: bio.h:154
void mode(Ssl::BumpMode m)
The bumping mode.
Definition: bio.h:160
BIO source and sink node, handling socket I/O and monitoring SSL state.
Definition: bio.h:34
bool encryptedCertificates() const
Definition: bio.cc:438
const int fd_
the SSL socket we are reading and writing
Definition: bio.h:63
FadingCounter renegotiations
client requested renegotiations limit control
Definition: bio.h:101
int giveBuffered(char *buf, const int size)
Definition: bio.cc:340
bool canBump()
Whether we can bump or not the SSL stream.
Definition: bio.h:158
Counts events, forgetting old ones. Useful for "3 errors/minute" limits.
Definition: FadingCounter.h:16
virtual int read(char *buf, int size, BIO *table)
Definition: bio.cc:215
bool record_
If true the input data recorded to rbuf for internal use.
Definition: bio.h:188
virtual void stateChanged(const SSL *ssl, int where, int ret)
Definition: bio.cc:177
static const int RenegotiationsLimit
the maximum tolerated number of client-initiated renegotiations in RenegotiationsWindow
Definition: bio.h:97
ssize_t mb_size_t
Definition: MemBuf.h:17
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:61
Security::HandshakeParser parser_
The TLS/SSL messages parser.
Definition: bio.h:195
int readAndParse(char *buf, const int size, BIO *table)
Definition: bio.cc:300
bool holdWrite_
The write hold state of the bio.
Definition: bio.h:187
bool allowBump
True if the SSL stream can be bumped.
Definition: bio.h:186
bool helloBuild
True if the client hello message sent to the server.
Definition: bio.h:184
bool gotHelloFailed() const
Return true if the Server Hello parsing failed.
Definition: bio.h:167
bool gotHello() const
Definition: bio.h:164
void applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode)
Definition: bio.cc:569
void setReadBufData(SBuf &data)
Definition: bio.h:91
const char * abortReason
why we should terminate the connection during next TLS operation (or nil)
Definition: bio.h:104
const char * bumpMode(int bm)
Definition: support.h:138
virtual void flush(BIO *)
Definition: bio.h:47
int fd() const
The SSL socket descriptor.
Definition: bio.h:49
virtual void flush(BIO *table)
Definition: bio.cc:423
bool allowSplice
True if the SSL stream can be spliced.
Definition: bio.h:185

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors