]>
Commit | Line | Data |
---|---|---|
b3a8ae1b | 1 | /* |
f70aedc4 | 2 | * Copyright (C) 1996-2021 The Squid Software Foundation and contributors |
b3a8ae1b | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
b3a8ae1b AR |
7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 83 SSL accelerator support */ |
10 | ||
b3a8ae1b | 11 | #include "squid.h" |
d620ae0e | 12 | #include "ssl/support.h" |
b3a8ae1b AR |
13 | |
14 | /* support.cc says this is needed */ | |
31855516 | 15 | #if USE_OPENSSL |
b3a8ae1b AR |
16 | |
17 | #include "comm.h" | |
2e198b84 | 18 | #include "fd.h" |
d620ae0e CT |
19 | #include "fde.h" |
20 | #include "globals.h" | |
40f1e76d | 21 | #include "ip/Address.h" |
7c8ee688 | 22 | #include "parser/BinaryTokenizer.h" |
edb876ab | 23 | #include "SquidTime.h" |
b3a8ae1b | 24 | #include "ssl/bio.h" |
8693472e | 25 | |
b3a8ae1b AR |
26 | #if _SQUID_WINDOWS_ |
27 | extern int socket_read_method(int, char *, int); | |
28 | extern int socket_write_method(int, const char *, int); | |
29 | #endif | |
30 | ||
31 | /* BIO callbacks */ | |
32 | static int squid_bio_write(BIO *h, const char *buf, int num); | |
33 | static int squid_bio_read(BIO *h, char *buf, int size); | |
34 | static int squid_bio_puts(BIO *h, const char *str); | |
35 | //static int squid_bio_gets(BIO *h, char *str, int size); | |
36 | static long squid_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); | |
37 | static int squid_bio_create(BIO *h); | |
38 | static int squid_bio_destroy(BIO *data); | |
39 | /* SSL callbacks */ | |
40 | static void squid_ssl_info(const SSL *ssl, int where, int ret); | |
41 | ||
17e98f24 AJ |
42 | #if HAVE_LIBCRYPTO_BIO_METH_NEW |
43 | static BIO_METHOD *SquidMethods = nullptr; | |
44 | #else | |
b3a8ae1b AR |
45 | /// Initialization structure for the BIO table with |
46 | /// Squid-specific methods and BIO method wrappers. | |
47 | static BIO_METHOD SquidMethods = { | |
48 | BIO_TYPE_SOCKET, | |
49 | "squid", | |
50 | squid_bio_write, | |
51 | squid_bio_read, | |
52 | squid_bio_puts, | |
53 | NULL, // squid_bio_gets not supported | |
54 | squid_bio_ctrl, | |
55 | squid_bio_create, | |
56 | squid_bio_destroy, | |
57 | NULL // squid_callback_ctrl not supported | |
58 | }; | |
093deea9 | 59 | #endif |
b3a8ae1b AR |
60 | |
61 | BIO * | |
86f77270 | 62 | Ssl::Bio::Create(const int fd, Security::Io::Type type) |
b3a8ae1b | 63 | { |
17e98f24 | 64 | #if HAVE_LIBCRYPTO_BIO_METH_NEW |
093deea9 CT |
65 | if (!SquidMethods) { |
66 | SquidMethods = BIO_meth_new(BIO_TYPE_SOCKET, "squid"); | |
67 | BIO_meth_set_write(SquidMethods, squid_bio_write); | |
68 | BIO_meth_set_read(SquidMethods, squid_bio_read); | |
69 | BIO_meth_set_puts(SquidMethods, squid_bio_puts); | |
70 | BIO_meth_set_gets(SquidMethods, NULL); | |
71 | BIO_meth_set_ctrl(SquidMethods, squid_bio_ctrl); | |
72 | BIO_meth_set_create(SquidMethods, squid_bio_create); | |
73 | BIO_meth_set_destroy(SquidMethods, squid_bio_destroy); | |
74 | } | |
24b30fdc | 75 | BIO_METHOD *useMethod = SquidMethods; |
17e98f24 AJ |
76 | #else |
77 | BIO_METHOD *useMethod = &SquidMethods; | |
093deea9 | 78 | #endif |
ac756c8c | 79 | |
2a268a06 CT |
80 | if (BIO *bio = BIO_new(useMethod)) { |
81 | BIO_int_ctrl(bio, BIO_C_SET_FD, type, fd); | |
82 | return bio; | |
83 | } | |
b3a8ae1b AR |
84 | return NULL; |
85 | } | |
86 | ||
87 | void | |
88 | Ssl::Bio::Link(SSL *ssl, BIO *bio) | |
89 | { | |
90 | SSL_set_bio(ssl, bio, bio); // cannot fail | |
91 | SSL_set_info_callback(ssl, &squid_ssl_info); // does not provide diagnostic | |
92 | } | |
93 | ||
b3a8ae1b AR |
94 | Ssl::Bio::Bio(const int anFd): fd_(anFd) |
95 | { | |
96 | debugs(83, 7, "Bio constructed, this=" << this << " FD " << fd_); | |
97 | } | |
98 | ||
99 | Ssl::Bio::~Bio() | |
100 | { | |
101 | debugs(83, 7, "Bio destructing, this=" << this << " FD " << fd_); | |
b3a8ae1b AR |
102 | } |
103 | ||
104 | int Ssl::Bio::write(const char *buf, int size, BIO *table) | |
105 | { | |
106 | errno = 0; | |
107 | #if _SQUID_WINDOWS_ | |
108 | const int result = socket_write_method(fd_, buf, size); | |
109 | #else | |
110 | const int result = default_write_method(fd_, buf, size); | |
111 | #endif | |
112 | const int xerrno = errno; | |
113 | debugs(83, 5, "FD " << fd_ << " wrote " << result << " <= " << size); | |
114 | ||
115 | BIO_clear_retry_flags(table); | |
116 | if (result < 0) { | |
117 | const bool ignoreError = ignoreErrno(xerrno) != 0; | |
118 | debugs(83, 5, "error: " << xerrno << " ignored: " << ignoreError); | |
119 | if (ignoreError) | |
120 | BIO_set_retry_write(table); | |
121 | } | |
122 | ||
123 | return result; | |
124 | } | |
125 | ||
126 | int | |
127 | Ssl::Bio::read(char *buf, int size, BIO *table) | |
128 | { | |
129 | errno = 0; | |
130 | #if _SQUID_WINDOWS_ | |
131 | const int result = socket_read_method(fd_, buf, size); | |
132 | #else | |
133 | const int result = default_read_method(fd_, buf, size); | |
134 | #endif | |
135 | const int xerrno = errno; | |
136 | debugs(83, 5, "FD " << fd_ << " read " << result << " <= " << size); | |
137 | ||
138 | BIO_clear_retry_flags(table); | |
139 | if (result < 0) { | |
140 | const bool ignoreError = ignoreErrno(xerrno) != 0; | |
141 | debugs(83, 5, "error: " << xerrno << " ignored: " << ignoreError); | |
142 | if (ignoreError) | |
143 | BIO_set_retry_read(table); | |
144 | } | |
145 | ||
146 | return result; | |
147 | } | |
148 | ||
149 | /// Called whenever the SSL connection state changes, an alert appears, or an | |
150 | /// error occurs. See SSL_set_info_callback(). | |
151 | void | |
152 | Ssl::Bio::stateChanged(const SSL *ssl, int where, int ret) | |
153 | { | |
154 | // Here we can use (where & STATE) to check the current state. | |
155 | // Many STATE values are possible, including: SSL_CB_CONNECT_LOOP, | |
156 | // SSL_CB_ACCEPT_LOOP, SSL_CB_HANDSHAKE_START, and SSL_CB_HANDSHAKE_DONE. | |
157 | // For example: | |
158 | // if (where & SSL_CB_HANDSHAKE_START) | |
159 | // debugs(83, 9, "Trying to establish the SSL connection"); | |
160 | // else if (where & SSL_CB_HANDSHAKE_DONE) | |
161 | // debugs(83, 9, "SSL connection established"); | |
162 | ||
d620ae0e | 163 | debugs(83, 7, "FD " << fd_ << " now: 0x" << std::hex << where << std::dec << ' ' << |
b3a8ae1b AR |
164 | SSL_state_string(ssl) << " (" << SSL_state_string_long(ssl) << ")"); |
165 | } | |
166 | ||
edb876ab CT |
167 | Ssl::ClientBio::ClientBio(const int anFd): |
168 | Bio(anFd), | |
169 | holdRead_(false), | |
170 | holdWrite_(false), | |
171 | helloSize(0), | |
172 | abortReason(nullptr) | |
173 | { | |
174 | renegotiations.configure(10*1000); | |
175 | } | |
176 | ||
e1f72a8b | 177 | void |
d620ae0e CT |
178 | Ssl::ClientBio::stateChanged(const SSL *ssl, int where, int ret) |
179 | { | |
180 | Ssl::Bio::stateChanged(ssl, where, ret); | |
edb876ab CT |
181 | // detect client-initiated renegotiations DoS (CVE-2011-1473) |
182 | if (where & SSL_CB_HANDSHAKE_START) { | |
183 | const int reneg = renegotiations.count(1); | |
184 | ||
185 | if (abortReason) | |
186 | return; // already decided and informed the admin | |
187 | ||
188 | if (reneg > RenegotiationsLimit) { | |
189 | abortReason = "renegotiate requests flood"; | |
190 | debugs(83, DBG_IMPORTANT, "Terminating TLS connection [from " << fd_table[fd_].ipaddr << "] due to " << abortReason << ". This connection received " << | |
191 | reneg << " renegotiate requests in the last " << | |
192 | RenegotiationsWindow << " seconds (and " << | |
193 | renegotiations.remembered() << " requests total)."); | |
194 | } | |
195 | } | |
d620ae0e CT |
196 | } |
197 | ||
198 | int | |
199 | Ssl::ClientBio::write(const char *buf, int size, BIO *table) | |
200 | { | |
edb876ab CT |
201 | if (abortReason) { |
202 | debugs(83, 3, "BIO on FD " << fd_ << " is aborted"); | |
203 | BIO_clear_retry_flags(table); | |
204 | return -1; | |
205 | } | |
206 | ||
d620ae0e CT |
207 | if (holdWrite_) { |
208 | BIO_set_retry_write(table); | |
209 | return 0; | |
210 | } | |
211 | ||
212 | return Ssl::Bio::write(buf, size, table); | |
213 | } | |
214 | ||
d620ae0e CT |
215 | int |
216 | Ssl::ClientBio::read(char *buf, int size, BIO *table) | |
217 | { | |
edb876ab CT |
218 | if (abortReason) { |
219 | debugs(83, 3, "BIO on FD " << fd_ << " is aborted"); | |
220 | BIO_clear_retry_flags(table); | |
221 | return -1; | |
222 | } | |
223 | ||
d620ae0e CT |
224 | if (holdRead_) { |
225 | debugs(83, 7, "Hold flag is set, retry latter. (Hold " << size << "bytes)"); | |
226 | BIO_set_retry_read(table); | |
227 | return -1; | |
228 | } | |
229 | ||
3cae14a6 CT |
230 | if (!rbuf.isEmpty()) { |
231 | int bytes = (size <= (int)rbuf.length() ? size : rbuf.length()); | |
232 | memcpy(buf, rbuf.rawContent(), bytes); | |
233 | rbuf.consume(bytes); | |
234 | return bytes; | |
235 | } else | |
236 | return Ssl::Bio::read(buf, size, table); | |
d620ae0e CT |
237 | |
238 | return -1; | |
239 | } | |
240 | ||
d20cf186 AR |
241 | Ssl::ServerBio::ServerBio(const int anFd): |
242 | Bio(anFd), | |
243 | helloMsgSize(0), | |
244 | helloBuild(false), | |
245 | allowSplice(false), | |
246 | allowBump(false), | |
247 | holdWrite_(false), | |
248 | record_(false), | |
249 | parsedHandshake(false), | |
0bffe3ce | 250 | parseError(false), |
d20cf186 | 251 | bumpMode_(bumpNone), |
cd29a421 CT |
252 | rbufConsumePos(0), |
253 | parser_(Security::HandshakeParser::fromServer) | |
d20cf186 AR |
254 | { |
255 | } | |
256 | ||
d620ae0e CT |
257 | void |
258 | Ssl::ServerBio::stateChanged(const SSL *ssl, int where, int ret) | |
259 | { | |
260 | Ssl::Bio::stateChanged(ssl, where, ret); | |
261 | } | |
262 | ||
263 | void | |
21530947 | 264 | Ssl::ServerBio::setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &aHello) |
d620ae0e | 265 | { |
21530947 | 266 | clientTlsDetails = details; |
6744c1a8 | 267 | clientSentHello = aHello; |
d620ae0e CT |
268 | }; |
269 | ||
55369ae6 | 270 | int |
a465cd53 | 271 | Ssl::ServerBio::read(char *buf, int size, BIO *table) |
55369ae6 | 272 | { |
d20cf186 | 273 | if (parsedHandshake) // done parsing TLS Hello |
a465cd53 | 274 | return readAndGive(buf, size, table); |
d20cf186 AR |
275 | else |
276 | return readAndParse(buf, size, table); | |
a465cd53 | 277 | } |
55369ae6 | 278 | |
a465cd53 AR |
279 | /// Read and give everything to OpenSSL. |
280 | int | |
281 | Ssl::ServerBio::readAndGive(char *buf, const int size, BIO *table) | |
6821c276 | 282 | { |
a465cd53 AR |
283 | // If we have unused buffered bytes, give those bytes to OpenSSL now, |
284 | // before reading more. TODO: Read if we have buffered less than size? | |
285 | if (rbufConsumePos < rbuf.length()) | |
286 | return giveBuffered(buf, size); | |
55369ae6 | 287 | |
a465cd53 AR |
288 | if (record_) { |
289 | const int result = readAndBuffer(table); | |
290 | if (result <= 0) | |
291 | return result; | |
292 | return giveBuffered(buf, size); | |
55369ae6 AR |
293 | } |
294 | ||
a465cd53 | 295 | return Ssl::Bio::read(buf, size, table); |
55369ae6 AR |
296 | } |
297 | ||
a465cd53 | 298 | /// Read and give everything to our parser. |
d20cf186 | 299 | /// When/if parsing is finished (successfully or not), start giving to OpenSSL. |
d620ae0e | 300 | int |
a465cd53 | 301 | Ssl::ServerBio::readAndParse(char *buf, const int size, BIO *table) |
d620ae0e | 302 | { |
a465cd53 AR |
303 | const int result = readAndBuffer(table); |
304 | if (result <= 0) | |
305 | return result; | |
6821c276 | 306 | |
d20cf186 AR |
307 | try { |
308 | if (!parser_.parseHello(rbuf)) { | |
309 | // need more data to finish parsing | |
6821c276 | 310 | BIO_set_retry_read(table); |
a465cd53 AR |
311 | return -1; |
312 | } | |
d20cf186 AR |
313 | parsedHandshake = true; // done parsing (successfully) |
314 | } | |
315 | catch (const std::exception &ex) { | |
316 | debugs(83, 2, "parsing error on FD " << fd_ << ": " << ex.what()); | |
317 | parsedHandshake = true; // done parsing (due to an error) | |
0bffe3ce | 318 | parseError = true; |
55369ae6 AR |
319 | } |
320 | ||
a465cd53 | 321 | return giveBuffered(buf, size); |
6821c276 | 322 | } |
55369ae6 | 323 | |
a465cd53 AR |
324 | /// Reads more data into the read buffer. Returns either the number of bytes |
325 | /// read or, on errors (including "try again" errors), a negative number. | |
d620ae0e | 326 | int |
a465cd53 | 327 | Ssl::ServerBio::readAndBuffer(BIO *table) |
d620ae0e | 328 | { |
672337d1 CT |
329 | char *space = rbuf.rawAppendStart(SQUID_TCP_SO_RCVBUF); |
330 | const int result = Ssl::Bio::read(space, SQUID_TCP_SO_RCVBUF, table); | |
a465cd53 AR |
331 | if (result <= 0) |
332 | return result; | |
6821c276 | 333 | |
672337d1 | 334 | rbuf.rawAppendFinish(space, result); |
a465cd53 AR |
335 | return result; |
336 | } | |
6821c276 | 337 | |
a465cd53 AR |
338 | /// give previously buffered bytes to OpenSSL |
339 | /// returns the number of bytes given | |
340 | int | |
341 | Ssl::ServerBio::giveBuffered(char *buf, const int size) | |
342 | { | |
343 | if (rbuf.length() <= rbufConsumePos) | |
344 | return -1; // buffered nothing yet | |
345 | ||
346 | const int unsent = rbuf.length() - rbufConsumePos; | |
347 | const int bytes = (size <= unsent ? size : unsent); | |
348 | memcpy(buf, rbuf.rawContent() + rbufConsumePos, bytes); | |
349 | rbufConsumePos += bytes; | |
350 | debugs(83, 7, bytes << "<=" << size << " bytes to OpenSSL"); | |
351 | return bytes; | |
d620ae0e CT |
352 | } |
353 | ||
1110989a CT |
354 | // This function makes the required checks to examine if the client hello |
355 | // message is compatible with the features provided by OpenSSL toolkit. | |
a95989ed | 356 | // If the features are compatible and can be supported it tries to rewrite SSL |
1110989a | 357 | // structure members, to replace the hello message created by openSSL, with the |
a95989ed | 358 | // web client SSL hello message. |
1110989a CT |
359 | // This is mostly possible in the cases where the web client uses openSSL |
360 | // library similar with this one used by squid. | |
a95989ed | 361 | static bool |
21530947 | 362 | adjustSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, SBuf &helloMessage) |
7f4e9b73 | 363 | { |
a95989ed | 364 | #if SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK |
6744c1a8 CT |
365 | if (!details) |
366 | return false; | |
367 | ||
a95989ed CT |
368 | if (!ssl->s3) { |
369 | debugs(83, 5, "No SSLv3 data found!"); | |
370 | return false; | |
371 | } | |
372 | ||
7f4e9b73 CT |
373 | // If the client supports compression but our context does not support |
374 | // we can not adjust. | |
b4fca8e9 | 375 | #if !defined(OPENSSL_NO_COMP) |
d9219c2b | 376 | const bool requireCompression = (details->compressionSupported && ssl->ctx->comp_methods == nullptr); |
a36e9cb2 | 377 | #else |
67c99fc6 | 378 | const bool requireCompression = details->compressionSupported; |
a36e9cb2 SH |
379 | #endif |
380 | if (requireCompression) { | |
7f4e9b73 | 381 | debugs(83, 5, "Client Hello Data supports compression, but we do not!"); |
a95989ed | 382 | return false; |
7f4e9b73 CT |
383 | } |
384 | ||
7f4e9b73 | 385 | #if !defined(SSL_TLSEXT_HB_ENABLED) |
21530947 | 386 | if (details->doHeartBeats) { |
7f4e9b73 | 387 | debugs(83, 5, "Client Hello Data supports HeartBeats but we do not support!"); |
a95989ed | 388 | return false; |
7f4e9b73 CT |
389 | } |
390 | #endif | |
391 | ||
c05c0c94 AR |
392 | if (details->unsupportedExtensions) { |
393 | debugs(83, 5, "Client Hello contains extensions that we do not support!"); | |
394 | return false; | |
395 | } | |
396 | ||
397 | SSL3_BUFFER *wb=&(ssl->s3->wbuf); | |
398 | if (wb->len < (size_t)helloMessage.length()) { | |
399 | debugs(83, 5, "Client Hello exceeds OpenSSL buffer: " << helloMessage.length() << " >= " << wb->len); | |
400 | return false; | |
401 | } | |
402 | ||
403 | /* Check whether all on-the-wire ciphers are supported by OpenSSL. */ | |
404 | ||
405 | const auto &wireCiphers = details->ciphers; | |
406 | Security::TlsDetails::Ciphers::size_type ciphersToFind = wireCiphers.size(); | |
407 | ||
408 | // RFC 5746: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV is not a true cipher suite". | |
409 | // It is commonly seen on the wire, including in from-OpenSSL traffic, but | |
410 | // SSL_get_ciphers() does not return this _pseudo_ cipher suite in my tests. | |
411 | // If OpenSSL supports scsvCipher, we count it (at most once) further below. | |
8693472e | 412 | #if defined(TLSEXT_TYPE_renegotiate) |
c05c0c94 AR |
413 | // the 0x00FFFF mask converts 3-byte OpenSSL cipher to our 2-byte cipher |
414 | const uint16_t scsvCipher = SSL3_CK_SCSV & 0x00FFFF; | |
415 | #else | |
416 | const uint16_t scsvCipher = 0; | |
7f4e9b73 | 417 | #endif |
c05c0c94 AR |
418 | |
419 | STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(ssl); | |
420 | const int supportedCipherCount = sk_SSL_CIPHER_num(cipher_stack); | |
421 | for (int idx = 0; idx < supportedCipherCount && ciphersToFind > 0; ++idx) { | |
422 | const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(cipher_stack, idx); | |
423 | const auto id = SSL_CIPHER_get_id(cipher) & 0x00FFFF; | |
424 | if (wireCiphers.find(id) != wireCiphers.end() && (!scsvCipher || id != scsvCipher)) | |
425 | --ciphersToFind; | |
7f4e9b73 CT |
426 | } |
427 | ||
c05c0c94 AR |
428 | if (ciphersToFind > 0 && scsvCipher && wireCiphers.find(scsvCipher) != wireCiphers.end()) |
429 | --ciphersToFind; | |
430 | ||
431 | if (ciphersToFind > 0) { | |
432 | // TODO: Add slowlyReportUnsupportedCiphers() to slowly find and report each of them | |
433 | debugs(83, 5, "Client Hello Data has " << ciphersToFind << " ciphers that we do not support!"); | |
5d65362c | 434 | return false; |
c05c0c94 | 435 | } |
7f4e9b73 | 436 | |
a95989ed | 437 | debugs(83, 5, "OpenSSL SSL struct will be adjusted to mimic client hello data!"); |
7f4e9b73 CT |
438 | |
439 | //Adjust ssl structure data. | |
7f4e9b73 | 440 | // We need to fix the random in SSL struct: |
21530947 CT |
441 | if (details->clientRandom.length() == SSL3_RANDOM_SIZE) |
442 | memcpy(ssl->s3->client_random, details->clientRandom.c_str(), SSL3_RANDOM_SIZE); | |
443 | memcpy(wb->buf, helloMessage.rawContent(), helloMessage.length()); | |
444 | wb->left = helloMessage.length(); | |
7f4e9b73 | 445 | |
21530947 CT |
446 | size_t mainHelloSize = helloMessage.length() - 5; |
447 | const char *mainHello = helloMessage.rawContent() + 5; | |
4cabb5e5 | 448 | assert((size_t)ssl->init_buf->max > mainHelloSize); |
7f4e9b73 CT |
449 | memcpy(ssl->init_buf->data, mainHello, mainHelloSize); |
450 | debugs(83, 5, "Hello Data init and adjustd sizes :" << ssl->init_num << " = "<< mainHelloSize); | |
451 | ssl->init_num = mainHelloSize; | |
452 | ssl->s3->wpend_ret = mainHelloSize; | |
453 | ssl->s3->wpend_tot = mainHelloSize; | |
a95989ed CT |
454 | return true; |
455 | #else | |
456 | return false; | |
457 | #endif | |
7f4e9b73 CT |
458 | } |
459 | ||
d620ae0e CT |
460 | int |
461 | Ssl::ServerBio::write(const char *buf, int size, BIO *table) | |
462 | { | |
463 | ||
464 | if (holdWrite_) { | |
a465cd53 | 465 | debugs(83, 7, "postpone writing " << size << " bytes to SSL FD " << fd_); |
d620ae0e CT |
466 | BIO_set_retry_write(table); |
467 | return -1; | |
468 | } | |
469 | ||
5d65362c | 470 | if (!helloBuild && (bumpMode_ == Ssl::bumpPeek || bumpMode_ == Ssl::bumpStare)) { |
6744c1a8 CT |
471 | // buf contains OpenSSL-generated ClientHello. We assume it has a |
472 | // complete ClientHello and nothing else, but cannot fully verify | |
473 | // that quickly. We only verify that buf starts with a v3+ record | |
474 | // containing ClientHello. | |
475 | Must(size >= 2); // enough for version and content_type checks below | |
476 | Must(buf[1] >= 3); // record's version.major; determines buf[0] meaning | |
477 | Must(buf[0] == 22); // TLSPlaintext.content_type == handshake in v3+ | |
478 | ||
479 | //Hello message is the first message we write to server | |
480 | assert(helloMsg.isEmpty()); | |
481 | ||
482 | if (auto ssl = fd_table[fd_].ssl.get()) { | |
483 | if (bumpMode_ == Ssl::bumpPeek) { | |
484 | // we should not be here if we failed to parse the client-sent ClientHello | |
485 | Must(!clientSentHello.isEmpty()); | |
486 | if (adjustSSL(ssl, clientTlsDetails, clientSentHello)) | |
5d65362c | 487 | allowBump = true; |
6744c1a8 CT |
488 | allowSplice = true; |
489 | // Replace OpenSSL-generated ClientHello with client-sent one. | |
490 | helloMsg.append(clientSentHello); | |
491 | debugs(83, 7, "FD " << fd_ << ": Using client-sent ClientHello for peek mode"); | |
492 | } else { /*Ssl::bumpStare*/ | |
493 | allowBump = true; | |
494 | if (!clientSentHello.isEmpty() && adjustSSL(ssl, clientTlsDetails, clientSentHello)) { | |
495 | allowSplice = true; | |
496 | helloMsg.append(clientSentHello); | |
497 | debugs(83, 7, "FD " << fd_ << ": Using client-sent ClientHello for stare mode"); | |
7f4e9b73 | 498 | } |
d620ae0e CT |
499 | } |
500 | } | |
6744c1a8 | 501 | // if we did not use the client-sent ClientHello, then use the OpenSSL-generated one |
8693472e | 502 | if (helloMsg.isEmpty()) |
7f4e9b73 CT |
503 | helloMsg.append(buf, size); |
504 | ||
d620ae0e | 505 | helloBuild = true; |
8693472e | 506 | helloMsgSize = helloMsg.length(); |
5d65362c | 507 | //allowBump = true; |
7f4e9b73 CT |
508 | |
509 | if (allowSplice) { | |
e1f72a8b | 510 | // Do not write yet..... |
7f4e9b73 CT |
511 | BIO_set_retry_write(table); |
512 | return -1; | |
513 | } | |
d620ae0e CT |
514 | } |
515 | ||
8693472e | 516 | if (!helloMsg.isEmpty()) { |
d620ae0e | 517 | debugs(83, 7, "buffered write for FD " << fd_); |
8693472e | 518 | int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table); |
d620ae0e | 519 | helloMsg.consume(ret); |
8693472e | 520 | if (!helloMsg.isEmpty()) { |
d620ae0e CT |
521 | // We need to retry sendind data. |
522 | // Say to openSSL to retry sending hello message | |
523 | BIO_set_retry_write(table); | |
524 | return -1; | |
525 | } | |
526 | ||
527 | // Sending hello message complete. Do not send more data for now... | |
7f4e9b73 CT |
528 | holdWrite_ = true; |
529 | ||
a95989ed CT |
530 | // spoof openSSL that we write what it ask us to write |
531 | return size; | |
d620ae0e CT |
532 | } else |
533 | return Ssl::Bio::write(buf, size, table); | |
534 | } | |
535 | ||
536 | void | |
537 | Ssl::ServerBio::flush(BIO *table) | |
538 | { | |
8693472e CT |
539 | if (!helloMsg.isEmpty()) { |
540 | int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table); | |
d620ae0e CT |
541 | helloMsg.consume(ret); |
542 | } | |
543 | } | |
544 | ||
89c5ca0f CT |
545 | bool |
546 | Ssl::ServerBio::resumingSession() | |
547 | { | |
d9219c2b | 548 | return parser_.resumingSession; |
55369ae6 | 549 | } |
89c5ca0f | 550 | |
cd29a421 CT |
551 | bool |
552 | Ssl::ServerBio::encryptedCertificates() const | |
553 | { | |
554 | return parser_.details->tlsSupportedVersion && | |
70ac5b29 | 555 | Security::Tls1p3orLater(parser_.details->tlsSupportedVersion); |
cd29a421 CT |
556 | } |
557 | ||
b3a8ae1b AR |
558 | /// initializes BIO table after allocation |
559 | static int | |
560 | squid_bio_create(BIO *bi) | |
561 | { | |
17e98f24 | 562 | #if !HAVE_LIBCRYPTO_BIO_GET_INIT |
b3a8ae1b AR |
563 | bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD) |
564 | bi->num = 0; | |
b3a8ae1b | 565 | bi->flags = 0; |
093deea9 CT |
566 | #else |
567 | // No need to set more, openSSL initialize BIO memory to zero. | |
568 | #endif | |
569 | ||
570 | BIO_set_data(bi, NULL); | |
b3a8ae1b AR |
571 | return 1; |
572 | } | |
573 | ||
574 | /// cleans BIO table before deallocation | |
575 | static int | |
576 | squid_bio_destroy(BIO *table) | |
577 | { | |
093deea9 CT |
578 | delete static_cast<Ssl::Bio*>(BIO_get_data(table)); |
579 | BIO_set_data(table, NULL); | |
b3a8ae1b AR |
580 | return 1; |
581 | } | |
582 | ||
583 | /// wrapper for Bio::write() | |
584 | static int | |
585 | squid_bio_write(BIO *table, const char *buf, int size) | |
586 | { | |
093deea9 | 587 | Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table)); |
b3a8ae1b AR |
588 | assert(bio); |
589 | return bio->write(buf, size, table); | |
590 | } | |
591 | ||
592 | /// wrapper for Bio::read() | |
593 | static int | |
594 | squid_bio_read(BIO *table, char *buf, int size) | |
595 | { | |
093deea9 | 596 | Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table)); |
b3a8ae1b AR |
597 | assert(bio); |
598 | return bio->read(buf, size, table); | |
599 | } | |
600 | ||
601 | /// implements puts() via write() | |
602 | static int | |
603 | squid_bio_puts(BIO *table, const char *str) | |
604 | { | |
605 | assert(str); | |
606 | return squid_bio_write(table, str, strlen(str)); | |
607 | } | |
608 | ||
609 | /// other BIO manipulations (those without dedicated callbacks in BIO table) | |
610 | static long | |
611 | squid_bio_ctrl(BIO *table, int cmd, long arg1, void *arg2) | |
612 | { | |
613 | debugs(83, 5, table << ' ' << cmd << '(' << arg1 << ", " << arg2 << ')'); | |
614 | ||
615 | switch (cmd) { | |
616 | case BIO_C_SET_FD: { | |
617 | assert(arg2); | |
618 | const int fd = *static_cast<int*>(arg2); | |
d620ae0e | 619 | Ssl::Bio *bio; |
86f77270 | 620 | if (arg1 == Security::Io::BIO_TO_SERVER) |
d620ae0e CT |
621 | bio = new Ssl::ServerBio(fd); |
622 | else | |
623 | bio = new Ssl::ClientBio(fd); | |
093deea9 CT |
624 | assert(!BIO_get_data(table)); |
625 | BIO_set_data(table, bio); | |
626 | BIO_set_init(table, 1); | |
b3a8ae1b AR |
627 | return 0; |
628 | } | |
629 | ||
630 | case BIO_C_GET_FD: | |
093deea9 CT |
631 | if (BIO_get_init(table)) { |
632 | Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table)); | |
b3a8ae1b AR |
633 | assert(bio); |
634 | if (arg2) | |
635 | *static_cast<int*>(arg2) = bio->fd(); | |
636 | return bio->fd(); | |
637 | } | |
638 | return -1; | |
639 | ||
54f3b032 | 640 | case BIO_CTRL_DUP: |
e1f72a8b | 641 | // Should implemented if the SSL_dup openSSL API function |
54f3b032 CT |
642 | // used anywhere in squid. |
643 | return 0; | |
644 | ||
b3a8ae1b | 645 | case BIO_CTRL_FLUSH: |
093deea9 CT |
646 | if (BIO_get_init(table)) { |
647 | Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table)); | |
b3a8ae1b | 648 | assert(bio); |
d620ae0e | 649 | bio->flush(table); |
b3a8ae1b AR |
650 | return 1; |
651 | } | |
652 | return 0; | |
653 | ||
f53969cc SM |
654 | /* we may also need to implement these: |
655 | case BIO_CTRL_RESET: | |
656 | case BIO_C_FILE_SEEK: | |
657 | case BIO_C_FILE_TELL: | |
658 | case BIO_CTRL_INFO: | |
659 | case BIO_CTRL_GET_CLOSE: | |
660 | case BIO_CTRL_SET_CLOSE: | |
661 | case BIO_CTRL_PENDING: | |
662 | case BIO_CTRL_WPENDING: | |
663 | */ | |
b3a8ae1b AR |
664 | default: |
665 | return 0; | |
666 | ||
667 | } | |
668 | ||
669 | return 0; /* NOTREACHED */ | |
670 | } | |
671 | ||
672 | /// wrapper for Bio::stateChanged() | |
673 | static void | |
674 | squid_ssl_info(const SSL *ssl, int where, int ret) | |
675 | { | |
676 | if (BIO *table = SSL_get_rbio(ssl)) { | |
093deea9 | 677 | if (Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table))) |
b3a8ae1b AR |
678 | bio->stateChanged(ssl, where, ret); |
679 | } | |
680 | } | |
681 | ||
21530947 CT |
682 | void |
683 | applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode) | |
d620ae0e | 684 | { |
21530947 CT |
685 | // To increase the possibility for bumping after peek mode selection or |
686 | // splicing after stare mode selection it is good to set the | |
687 | // SSL protocol version. | |
d9219c2b CT |
688 | // The SSL_set_ssl_method is wrong here because it will restrict the |
689 | // permitted transport version to be identical to the version used in the | |
690 | // ClientHello message. | |
21530947 CT |
691 | // For example will prevent comunnicating with a tls1.0 server if the |
692 | // client sent and tlsv1.2 Hello message. | |
e1f72a8b | 693 | #if defined(TLSEXT_NAMETYPE_host_name) |
21530947 CT |
694 | if (!details->serverName.isEmpty()) { |
695 | SSL_set_tlsext_host_name(ssl, details->serverName.c_str()); | |
458fd470 | 696 | } |
e68e8b9a | 697 | #endif |
2bcab852 | 698 | |
21530947 CT |
699 | if (!details->ciphers.empty()) { |
700 | SBuf strCiphers; | |
701 | for (auto cipherId: details->ciphers) { | |
702 | unsigned char cbytes[3]; | |
703 | cbytes[0] = (cipherId >> 8) & 0xFF; | |
704 | cbytes[1] = cipherId & 0xFF; | |
705 | cbytes[2] = 0; | |
24b30fdc | 706 | if (const auto c = SSL_CIPHER_find(ssl, cbytes)) { |
21530947 CT |
707 | if (!strCiphers.isEmpty()) |
708 | strCiphers.append(":"); | |
093deea9 | 709 | strCiphers.append(SSL_CIPHER_get_name(c)); |
d620ae0e CT |
710 | } |
711 | } | |
21530947 CT |
712 | if (!strCiphers.isEmpty()) |
713 | SSL_set_cipher_list(ssl, strCiphers.c_str()); | |
d620ae0e | 714 | } |
d620ae0e | 715 | |
8693472e | 716 | #if defined(SSL_OP_NO_COMPRESSION) /* XXX: OpenSSL 0.9.8k lacks SSL_OP_NO_COMPRESSION */ |
67c99fc6 | 717 | if (!details->compressionSupported) |
a95989ed CT |
718 | SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); |
719 | #endif | |
720 | ||
cd29a421 CT |
721 | #if defined(SSL_OP_NO_TLSv1_3) |
722 | // avoid "inappropriate fallback" OpenSSL error messages | |
723 | if (details->tlsSupportedVersion && Security::Tls1p2orEarlier(details->tlsSupportedVersion)) | |
724 | SSL_set_options(ssl, SSL_OP_NO_TLSv1_3); | |
725 | #endif | |
726 | ||
89c5ca0f | 727 | #if defined(TLSEXT_STATUSTYPE_ocsp) |
21530947 | 728 | if (details->tlsStatusRequest) |
89c5ca0f CT |
729 | SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); |
730 | #endif | |
731 | ||
732 | #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) | |
21530947 | 733 | if (!details->tlsAppLayerProtoNeg.isEmpty()) { |
89c5ca0f | 734 | if (bumpMode == Ssl::bumpPeek) |
3152460d | 735 | SSL_set_alpn_protos(ssl, (const unsigned char*)details->tlsAppLayerProtoNeg.rawContent(), details->tlsAppLayerProtoNeg.length()); |
89c5ca0f CT |
736 | else { |
737 | static const unsigned char supported_protos[] = {8, 'h','t','t', 'p', '/', '1', '.', '1'}; | |
738 | SSL_set_alpn_protos(ssl, supported_protos, sizeof(supported_protos)); | |
739 | } | |
740 | } | |
741 | #endif | |
a95989ed CT |
742 | } |
743 | ||
21530947 | 744 | #endif // USE_OPENSSL |
f53969cc | 745 |