[thirdparty/squid.git] / src / ssl / bio.cc

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 83    SSL accelerator support */

#include "squid.h"
#include "base/IoManip.h"
#include "ssl/support.h"

/* support.cc says this is needed */
#if USE_OPENSSL

#include "base/Raw.h"
#include "comm.h"
#include "fd.h"
#include "fde.h"
#include "globals.h"
#include "ip/Address.h"
#include "parser/BinaryTokenizer.h"
#include "ssl/bio.h"

#if _SQUID_WINDOWS_
extern int socket_read_method(int, char *, int);
extern int socket_write_method(int, const char *, int);
#endif

/* BIO callbacks */
static int squid_bio_write(BIO *h, const char *buf, int num);
static int squid_bio_read(BIO *h, char *buf, int size);
static int squid_bio_puts(BIO *h, const char *str);
//static int squid_bio_gets(BIO *h, char *str, int size);
static long squid_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int squid_bio_create(BIO *h);
static int squid_bio_destroy(BIO *data);
/* SSL callbacks */
static void squid_ssl_info(const SSL *ssl, int where, int ret);

#if HAVE_LIBCRYPTO_BIO_METH_NEW
static BIO_METHOD *SquidMethods = nullptr;
#else
/// Initialization structure for the BIO table with
/// Squid-specific methods and BIO method wrappers.
static BIO_METHOD SquidMethods = {
    BIO_TYPE_SOCKET,
    "squid",
    squid_bio_write,
    squid_bio_read,
    squid_bio_puts,
    nullptr, // squid_bio_gets not supported
    squid_bio_ctrl,
    squid_bio_create,
    squid_bio_destroy,
    NULL // squid_callback_ctrl not supported
};
#endif

BIO *
Ssl::Bio::Create(const int fd, Security::Io::Type type)
{
#if HAVE_LIBCRYPTO_BIO_METH_NEW
    if (!SquidMethods) {
        SquidMethods = BIO_meth_new(BIO_TYPE_SOCKET, "squid");
        BIO_meth_set_write(SquidMethods, squid_bio_write);
        BIO_meth_set_read(SquidMethods, squid_bio_read);
        BIO_meth_set_puts(SquidMethods, squid_bio_puts);
        BIO_meth_set_gets(SquidMethods, nullptr);
        BIO_meth_set_ctrl(SquidMethods, squid_bio_ctrl);
        BIO_meth_set_create(SquidMethods, squid_bio_create);
        BIO_meth_set_destroy(SquidMethods, squid_bio_destroy);
    }
    BIO_METHOD *useMethod = SquidMethods;
#else
    BIO_METHOD *useMethod = &SquidMethods;
#endif

    if (BIO *bio = BIO_new(useMethod)) {
        BIO_int_ctrl(bio, BIO_C_SET_FD, type, fd);
        return bio;
    }
    return nullptr;
}

void
Ssl::Bio::Link(SSL *ssl, BIO *bio)
{
    SSL_set_bio(ssl, bio, bio); // cannot fail
    SSL_set_info_callback(ssl, &squid_ssl_info); // does not provide diagnostic
}

Ssl::Bio::Bio(const int anFd): fd_(anFd)
{
    debugs(83, 7, "Bio constructed, this=" << this << " FD " << fd_);
}

Ssl::Bio::~Bio()
{
    debugs(83, 7, "Bio destructing, this=" << this << " FD " << fd_);
}

int Ssl::Bio::write(const char *buf, int size, BIO *table)
{
    errno = 0;
#if _SQUID_WINDOWS_
    const int result = socket_write_method(fd_, buf, size);
#else
    const int result = default_write_method(fd_, buf, size);
#endif
    const int xerrno = errno;
    debugs(83, 5, "FD " << fd_ << " wrote " << result << " <= " << size);

    BIO_clear_retry_flags(table);
    if (result < 0) {
        const bool ignoreError = ignoreErrno(xerrno) != 0;
        debugs(83, 5, "error: " << xerrno << " ignored: " << ignoreError);
        if (ignoreError)
            BIO_set_retry_write(table);
    }

    return result;
}

int
Ssl::Bio::read(char *buf, int size, BIO *table)
{
    errno = 0;
#if _SQUID_WINDOWS_
    const int result = socket_read_method(fd_, buf, size);
#else
    const int result = default_read_method(fd_, buf, size);
#endif
    const int xerrno = errno;
    debugs(83, 5, "FD " << fd_ << " read " << result << " <= " << size);

    BIO_clear_retry_flags(table);
    if (result < 0) {
        const bool ignoreError = ignoreErrno(xerrno) != 0;
        debugs(83, 5, "error: " << xerrno << " ignored: " << ignoreError);
        if (ignoreError)
            BIO_set_retry_read(table);
    }

    return result;
}

/// Called whenever the SSL connection state changes, an alert appears, or an
/// error occurs. See SSL_set_info_callback().
void
Ssl::Bio::stateChanged(const SSL *ssl, int where, int)
{
    // Here we can use (where & STATE) to check the current state.
    // Many STATE values are possible, including: SSL_CB_CONNECT_LOOP,
    // SSL_CB_ACCEPT_LOOP, SSL_CB_HANDSHAKE_START, and SSL_CB_HANDSHAKE_DONE.
    // For example:
    // if (where & SSL_CB_HANDSHAKE_START)
    //    debugs(83, 9, "Trying to establish the SSL connection");
    // else if (where & SSL_CB_HANDSHAKE_DONE)
    //    debugs(83, 9, "SSL connection established");

    debugs(83, 7, "FD " << fd_ << " now: 0x" << asHex(where) << ' ' <<
           SSL_state_string(ssl) << " (" << SSL_state_string_long(ssl) << ")");
}

Ssl::ClientBio::ClientBio(const int anFd):
    Bio(anFd),
    holdRead_(false),
    holdWrite_(false),
    abortReason(nullptr)
{
    renegotiations.configure(10*1000);
}

void
Ssl::ClientBio::stateChanged(const SSL *ssl, int where, int ret)
{
    Ssl::Bio::stateChanged(ssl, where, ret);
    // detect client-initiated renegotiations DoS (CVE-2011-1473)
    if (where & SSL_CB_HANDSHAKE_START) {
        const int reneg = renegotiations.count(1);

        if (abortReason)
            return; // already decided and informed the admin

        if (reneg > RenegotiationsLimit) {
            abortReason = "renegotiate requests flood";
            debugs(83, DBG_IMPORTANT, "Terminating TLS connection [from " << fd_table[fd_].ipaddr << "] due to " << abortReason << ". This connection received " <<
                   reneg << " renegotiate requests in the last " <<
                   RenegotiationsWindow << " seconds (and " <<
                   renegotiations.remembered() << " requests total).");
        }
    }
}

int
Ssl::ClientBio::write(const char *buf, int size, BIO *table)
{
    if (abortReason) {
        debugs(83, 3, "BIO on FD " << fd_ << " is aborted");
        BIO_clear_retry_flags(table);
        return -1;
    }

    if (holdWrite_) {
        BIO_set_retry_write(table);
        return 0;
    }

    return Ssl::Bio::write(buf, size, table);
}

int
Ssl::ClientBio::read(char *buf, int size, BIO *table)
{
    if (abortReason) {
        debugs(83, 3, "BIO on FD " << fd_ << " is aborted");
        BIO_clear_retry_flags(table);
        return -1;
    }

    if (holdRead_) {
        debugs(83, 7, "Hold flag is set, retry latter. (Hold " << size << "bytes)");
        BIO_set_retry_read(table);
        return -1;
    }

    if (!rbuf.isEmpty()) {
        int bytes = (size <= (int)rbuf.length() ? size : rbuf.length());
        memcpy(buf, rbuf.rawContent(), bytes);
        rbuf.consume(bytes);
        return bytes;
    } else
        return Ssl::Bio::read(buf, size, table);

    return -1;
}

Ssl::ServerBio::ServerBio(const int anFd):
    Bio(anFd),
    helloMsgSize(0),
    helloBuild(false),
    allowSplice(false),
    allowBump(false),
    holdWrite_(false),
    record_(false),
    parsedHandshake(false),
    parseError(false),
    bumpMode_(bumpNone),
    rbufConsumePos(0),
    parser_(Security::HandshakeParser::fromServer)
{
}

void
Ssl::ServerBio::stateChanged(const SSL *ssl, int where, int ret)
{
    Ssl::Bio::stateChanged(ssl, where, ret);
}

void
Ssl::ServerBio::setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &aHello)
{
    clientTlsDetails = details;
    clientSentHello = aHello;
};

int
Ssl::ServerBio::read(char *buf, int size, BIO *table)
{
    if (parsedHandshake) // done parsing TLS Hello
        return readAndGive(buf, size, table);
    else
        return readAndParse(buf, size, table);
}

/// Read and give everything to OpenSSL.
int
Ssl::ServerBio::readAndGive(char *buf, const int size, BIO *table)
{
    // If we have unused buffered bytes, give those bytes to OpenSSL now,
    // before reading more. TODO: Read if we have buffered less than size?
    if (rbufConsumePos < rbuf.length())
        return giveBuffered(buf, size);

    if (record_) {
        const int result = readAndBuffer(table);
        if (result <= 0)
            return result;
        return giveBuffered(buf, size);
    }

    return Ssl::Bio::read(buf, size, table);
}

/// Read and give everything to our parser.
/// When/if parsing is finished (successfully or not), start giving to OpenSSL.
int
Ssl::ServerBio::readAndParse(char *buf, const int size, BIO *table)
{
    const int result = readAndBuffer(table);
    if (result <= 0)
        return result;

    try {
        if (!parser_.parseHello(rbuf)) {
            // need more data to finish parsing
            BIO_set_retry_read(table);
            return -1;
        }
        parsedHandshake = true; // done parsing (successfully)
    }
    catch (const std::exception &ex) {
        debugs(83, 2, "parsing error on FD " << fd_ << ": " << ex.what());
        parsedHandshake = true; // done parsing (due to an error)
        parseError = true;
    }

    return giveBuffered(buf, size);
}

/// Reads more data into the read buffer. Returns either the number of bytes
/// read or, on errors (including "try again" errors), a negative number.
int
Ssl::ServerBio::readAndBuffer(BIO *table)
{
    char *space = rbuf.rawAppendStart(SQUID_TCP_SO_RCVBUF);
    const int result = Ssl::Bio::read(space, SQUID_TCP_SO_RCVBUF, table);
    if (result <= 0)
        return result;

    rbuf.rawAppendFinish(space, result);
    return result;
}

/// give previously buffered bytes to OpenSSL
/// returns the number of bytes given
int
Ssl::ServerBio::giveBuffered(char *buf, const int size)
{
    if (rbuf.length() <= rbufConsumePos)
        return -1; // buffered nothing yet

    const int unsent = rbuf.length() - rbufConsumePos;
    const int bytes = (size <= unsent ? size : unsent);
    memcpy(buf, rbuf.rawContent() + rbufConsumePos, bytes);
    rbufConsumePos += bytes;
    debugs(83, 7, bytes << "<=" << size << " bytes to OpenSSL");
    return bytes;
}

int
Ssl::ServerBio::write(const char *buf, int size, BIO *table)
{

    if (holdWrite_) {
        debugs(83, 7, "postpone writing " << size << " bytes to SSL FD " << fd_);
        BIO_set_retry_write(table);
        return -1;
    }

    if (!helloBuild && (bumpMode_ == Ssl::bumpPeek || bumpMode_ == Ssl::bumpStare)) {
        // We have not seen any bytes, so the buffer must start with an
        // OpenSSL-generated TLSPlaintext record containing, for example, a
        // ClientHello or an alert message. We check these assumptions before we
        // substitute that record/message with clientSentHello.
        // TODO: Move these checks to where we actually rely on them.
        debugs(83, 7, "to-server" << Raw("TLSPlaintext", buf, size).hex());
        Must(size >= 2); // enough for version and content_type checks below
        Must(buf[1] >= 3); // record's version.major; determines buf[0] meaning
        Must(20 <= buf[0] && buf[0] <= 23); // valid TLSPlaintext.content_type

        //Hello message is the first message we write to server
        assert(helloMsg.isEmpty());

        if (bumpMode_ == Ssl::bumpPeek) {
            // we should not be here if we failed to parse the client-sent ClientHello
            Must(!clientSentHello.isEmpty());
            allowSplice = true;
            // Replace OpenSSL-generated ClientHello with client-sent one.
            helloMsg.append(clientSentHello);
            debugs(83, 7,  "FD " << fd_ << ": Using client-sent ClientHello for peek mode");
        } else { /*Ssl::bumpStare*/
            allowBump = true;
        }

        // if we did not use the client-sent ClientHello, then use the OpenSSL-generated one
        if (helloMsg.isEmpty())
            helloMsg.append(buf, size);

        helloBuild = true;
        helloMsgSize = helloMsg.length();

        if (allowSplice) {
            // Do not write yet.....
            BIO_set_retry_write(table);
            return -1;
        }
    }

    if (!helloMsg.isEmpty()) {
        debugs(83, 7,  "buffered write for FD " << fd_);
        int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table);
        helloMsg.consume(ret);
        if (!helloMsg.isEmpty()) {
            // We need to retry sendind data.
            // Say to openSSL to retry sending hello message
            BIO_set_retry_write(table);
            return -1;
        }

        // Sending hello message complete. Do not send more data for now...
        holdWrite_ = true;

        // spoof openSSL that we write what it ask us to write
        return size;
    } else
        return Ssl::Bio::write(buf, size, table);
}

void
Ssl::ServerBio::flush(BIO *table)
{
    if (!helloMsg.isEmpty()) {
        int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table);
        helloMsg.consume(ret);
    }
}

bool
Ssl::ServerBio::resumingSession()
{
    return parser_.resumingSession;
}

bool
Ssl::ServerBio::encryptedCertificates() const
{
    return parser_.details->tlsSupportedVersion &&
           Security::Tls1p3orLater(parser_.details->tlsSupportedVersion);
}

/// initializes BIO table after allocation
static int
squid_bio_create(BIO *bi)
{
#if !HAVE_LIBCRYPTO_BIO_GET_INIT
    bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD)
    bi->num = 0;
    bi->flags = 0;
#else
    // No need to set more, openSSL initialize BIO memory to zero.
#endif

    BIO_set_data(bi, nullptr);
    return 1;
}

/// cleans BIO table before deallocation
static int
squid_bio_destroy(BIO *table)
{
    delete static_cast<Ssl::Bio*>(BIO_get_data(table));
    BIO_set_data(table, nullptr);
    return 1;
}

/// wrapper for Bio::write()
static int
squid_bio_write(BIO *table, const char *buf, int size)
{
    Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
    assert(bio);
    return bio->write(buf, size, table);
}

/// wrapper for Bio::read()
static int
squid_bio_read(BIO *table, char *buf, int size)
{
    Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
    assert(bio);
    return bio->read(buf, size, table);
}

/// implements puts() via write()
static int
squid_bio_puts(BIO *table, const char *str)
{
    assert(str);
    return squid_bio_write(table, str, strlen(str));
}

/// other BIO manipulations (those without dedicated callbacks in BIO table)
static long
squid_bio_ctrl(BIO *table, int cmd, long arg1, void *arg2)
{
    debugs(83, 5, table << ' ' << cmd << '(' << arg1 << ", " << arg2 << ')');

    switch (cmd) {
    case BIO_C_SET_FD: {
        assert(arg2);
        const int fd = *static_cast<int*>(arg2);
        Ssl::Bio *bio;
        if (arg1 == Security::Io::BIO_TO_SERVER)
            bio = new Ssl::ServerBio(fd);
        else
            bio = new Ssl::ClientBio(fd);
        assert(!BIO_get_data(table));
        BIO_set_data(table, bio);
        BIO_set_init(table, 1);
        return 0;
    }

    case BIO_C_GET_FD:
        if (BIO_get_init(table)) {
            Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
            assert(bio);
            if (arg2)
                *static_cast<int*>(arg2) = bio->fd();
            return bio->fd();
        }
        return -1;

    case BIO_CTRL_DUP:
        // Should implemented if the SSL_dup openSSL API function
        // used anywhere in squid.
        return 0;

    case BIO_CTRL_FLUSH:
        if (BIO_get_init(table)) {
            Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table));
            assert(bio);
            bio->flush(table);
            return 1;
        }
        return 0;

    /*  we may also need to implement these:
        case BIO_CTRL_RESET:
        case BIO_C_FILE_SEEK:
        case BIO_C_FILE_TELL:
        case BIO_CTRL_INFO:
        case BIO_CTRL_GET_CLOSE:
        case BIO_CTRL_SET_CLOSE:
        case BIO_CTRL_PENDING:
        case BIO_CTRL_WPENDING:
    */
    default:
        return 0;

    }

    return 0; /* NOTREACHED */
}

/// wrapper for Bio::stateChanged()
static void
squid_ssl_info(const SSL *ssl, int where, int ret)
{
    if (BIO *table = SSL_get_rbio(ssl)) {
        if (Ssl::Bio *bio = static_cast<Ssl::Bio*>(BIO_get_data(table)))
            bio->stateChanged(ssl, where, ret);
    }
}

void
applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode)
{
    // To increase the possibility for bumping after peek mode selection or
    // splicing after stare mode selection it is good to set the
    // SSL protocol version.
    // The SSL_set_ssl_method is wrong here because it will restrict the
    // permitted transport version to be identical to the version used in the
    // ClientHello message.
    // For example will prevent comunnicating with a tls1.0 server if the
    // client sent and tlsv1.2 Hello message.
#if defined(TLSEXT_NAMETYPE_host_name)
    if (!details->serverName.isEmpty()) {
        SSL_set_tlsext_host_name(ssl, details->serverName.c_str());
    }
#endif

    if (!details->ciphers.empty()) {
        SBuf strCiphers;
        for (auto cipherId: details->ciphers) {
            unsigned char cbytes[3];
            cbytes[0] = (cipherId >> 8) & 0xFF;
            cbytes[1] = cipherId & 0xFF;
            cbytes[2] = 0;
            if (const auto c = SSL_CIPHER_find(ssl, cbytes)) {
                if (!strCiphers.isEmpty())
                    strCiphers.append(":");
                strCiphers.append(SSL_CIPHER_get_name(c));
            }
        }
        if (!strCiphers.isEmpty())
            SSL_set_cipher_list(ssl, strCiphers.c_str());
    }

#if defined(SSL_OP_NO_COMPRESSION) /* XXX: OpenSSL 0.9.8k lacks SSL_OP_NO_COMPRESSION */
    if (!details->compressionSupported)
        SSL_set_options(ssl, SSL_OP_NO_COMPRESSION);
#endif

#if defined(SSL_OP_NO_TLSv1_3)
    // avoid "inappropriate fallback" OpenSSL error messages
    if (details->tlsSupportedVersion && Security::Tls1p2orEarlier(details->tlsSupportedVersion))
        SSL_set_options(ssl, SSL_OP_NO_TLSv1_3);
#endif

#if defined(TLSEXT_STATUSTYPE_ocsp)
    if (details->tlsStatusRequest)
        SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
#endif

#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
    if (!details->tlsAppLayerProtoNeg.isEmpty()) {
        if (bumpMode == Ssl::bumpPeek)
            SSL_set_alpn_protos(ssl, (const unsigned char*)details->tlsAppLayerProtoNeg.rawContent(), details->tlsAppLayerProtoNeg.length());
        else {
            static const unsigned char supported_protos[] = {8, 'h','t','t', 'p', '/', '1', '.', '1'};
            SSL_set_alpn_protos(ssl, supported_protos, sizeof(supported_protos));
        }
    }
#endif
}

#endif // USE_OPENSSL
Commit	Line	Data
	1	/*
	2	* Copyright (C) 1996-2025 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	/* DEBUG: section 83 SSL accelerator support */
	10
	11	#include "squid.h"
	12	#include "base/IoManip.h"
	13	#include "ssl/support.h"
	14
	15	/* support.cc says this is needed */
	16	#if USE_OPENSSL
	17
	18	#include "base/Raw.h"
	19	#include "comm.h"
	20	#include "fd.h"
	21	#include "fde.h"
	22	#include "globals.h"
	23	#include "ip/Address.h"
	24	#include "parser/BinaryTokenizer.h"
	25	#include "ssl/bio.h"
	26
	27	#if _SQUID_WINDOWS_
	28	extern int socket_read_method(int, char *, int);
	29	extern int socket_write_method(int, const char *, int);
	30	#endif
	31
	32	/* BIO callbacks */
	33	static int squid_bio_write(BIO h, const char buf, int num);
	34	static int squid_bio_read(BIO h, char buf, int size);
	35	static int squid_bio_puts(BIO h, const char str);
	36	//static int squid_bio_gets(BIO h, char str, int size);
	37	static long squid_bio_ctrl(BIO h, int cmd, long arg1, void arg2);
	38	static int squid_bio_create(BIO *h);
	39	static int squid_bio_destroy(BIO *data);
	40	/* SSL callbacks */
	41	static void squid_ssl_info(const SSL *ssl, int where, int ret);
	42
	43	#if HAVE_LIBCRYPTO_BIO_METH_NEW
	44	static BIO_METHOD *SquidMethods = nullptr;
	45	#else
	46	/// Initialization structure for the BIO table with
	47	/// Squid-specific methods and BIO method wrappers.
	48	static BIO_METHOD SquidMethods = {
	49	BIO_TYPE_SOCKET,
	50	"squid",
	51	squid_bio_write,
	52	squid_bio_read,
	53	squid_bio_puts,
	54	nullptr, // squid_bio_gets not supported
	55	squid_bio_ctrl,
	56	squid_bio_create,
	57	squid_bio_destroy,
	58	NULL // squid_callback_ctrl not supported
	59	};
	60	#endif
	61
	62	BIO *
	63	Ssl::Bio::Create(const int fd, Security::Io::Type type)
	64	{
	65	#if HAVE_LIBCRYPTO_BIO_METH_NEW
	66	if (!SquidMethods) {
	67	SquidMethods = BIO_meth_new(BIO_TYPE_SOCKET, "squid");
	68	BIO_meth_set_write(SquidMethods, squid_bio_write);
	69	BIO_meth_set_read(SquidMethods, squid_bio_read);
	70	BIO_meth_set_puts(SquidMethods, squid_bio_puts);
	71	BIO_meth_set_gets(SquidMethods, nullptr);
	72	BIO_meth_set_ctrl(SquidMethods, squid_bio_ctrl);
	73	BIO_meth_set_create(SquidMethods, squid_bio_create);
	74	BIO_meth_set_destroy(SquidMethods, squid_bio_destroy);
	75	}
	76	BIO_METHOD *useMethod = SquidMethods;
	77	#else
	78	BIO_METHOD *useMethod = &SquidMethods;
	79	#endif
	80
	81	if (BIO *bio = BIO_new(useMethod)) {
	82	BIO_int_ctrl(bio, BIO_C_SET_FD, type, fd);
	83	return bio;
	84	}
	85	return nullptr;
	86	}
	87
	88	void
	89	Ssl::Bio::Link(SSL ssl, BIO bio)
	90	{
	91	SSL_set_bio(ssl, bio, bio); // cannot fail
	92	SSL_set_info_callback(ssl, &squid_ssl_info); // does not provide diagnostic
	93	}
	94
	95	Ssl::Bio::Bio(const int anFd): fd_(anFd)
	96	{
	97	debugs(83, 7, "Bio constructed, this=" << this << " FD " << fd_);
	98	}
	99
	100	Ssl::Bio::~Bio()
	101	{
	102	debugs(83, 7, "Bio destructing, this=" << this << " FD " << fd_);
	103	}
	104
	105	int Ssl::Bio::write(const char buf, int size, BIO table)
	106	{
	107	errno = 0;
	108	#if _SQUID_WINDOWS_
	109	const int result = socket_write_method(fd_, buf, size);
	110	#else
	111	const int result = default_write_method(fd_, buf, size);
	112	#endif
	113	const int xerrno = errno;
	114	debugs(83, 5, "FD " << fd_ << " wrote " << result << " <= " << size);
	115
	116	BIO_clear_retry_flags(table);
	117	if (result < 0) {
	118	const bool ignoreError = ignoreErrno(xerrno) != 0;
	119	debugs(83, 5, "error: " << xerrno << " ignored: " << ignoreError);
	120	if (ignoreError)
	121	BIO_set_retry_write(table);
	122	}
	123
	124	return result;
	125	}
	126
	127	int
	128	Ssl::Bio::read(char buf, int size, BIO table)
	129	{
	130	errno = 0;
	131	#if _SQUID_WINDOWS_
	132	const int result = socket_read_method(fd_, buf, size);
	133	#else
	134	const int result = default_read_method(fd_, buf, size);
	135	#endif
	136	const int xerrno = errno;
	137	debugs(83, 5, "FD " << fd_ << " read " << result << " <= " << size);
	138
	139	BIO_clear_retry_flags(table);
	140	if (result < 0) {
	141	const bool ignoreError = ignoreErrno(xerrno) != 0;
	142	debugs(83, 5, "error: " << xerrno << " ignored: " << ignoreError);
	143	if (ignoreError)
	144	BIO_set_retry_read(table);
	145	}
	146
	147	return result;
	148	}
	149
	150	/// Called whenever the SSL connection state changes, an alert appears, or an
	151	/// error occurs. See SSL_set_info_callback().
	152	void
	153	Ssl::Bio::stateChanged(const SSL *ssl, int where, int)
	154	{
	155	// Here we can use (where & STATE) to check the current state.
	156	// Many STATE values are possible, including: SSL_CB_CONNECT_LOOP,
	157	// SSL_CB_ACCEPT_LOOP, SSL_CB_HANDSHAKE_START, and SSL_CB_HANDSHAKE_DONE.
	158	// For example:
	159	// if (where & SSL_CB_HANDSHAKE_START)
	160	// debugs(83, 9, "Trying to establish the SSL connection");
	161	// else if (where & SSL_CB_HANDSHAKE_DONE)
	162	// debugs(83, 9, "SSL connection established");
	163
	164	debugs(83, 7, "FD " << fd_ << " now: 0x" << asHex(where) << ' ' <<
	165	SSL_state_string(ssl) << " (" << SSL_state_string_long(ssl) << ")");
	166	}
	167
	168	Ssl::ClientBio::ClientBio(const int anFd):
	169	Bio(anFd),
	170	holdRead_(false),
	171	holdWrite_(false),
	172	abortReason(nullptr)
	173	{
	174	renegotiations.configure(10*1000);
	175	}
	176
	177	void
	178	Ssl::ClientBio::stateChanged(const SSL *ssl, int where, int ret)
	179	{
	180	Ssl::Bio::stateChanged(ssl, where, ret);
	181	// detect client-initiated renegotiations DoS (CVE-2011-1473)
	182	if (where & SSL_CB_HANDSHAKE_START) {
	183	const int reneg = renegotiations.count(1);
	184
	185	if (abortReason)
	186	return; // already decided and informed the admin
	187
	188	if (reneg > RenegotiationsLimit) {
	189	abortReason = "renegotiate requests flood";
	190	debugs(83, DBG_IMPORTANT, "Terminating TLS connection [from " << fd_table[fd_].ipaddr << "] due to " << abortReason << ". This connection received " <<
	191	reneg << " renegotiate requests in the last " <<
	192	RenegotiationsWindow << " seconds (and " <<
	193	renegotiations.remembered() << " requests total).");
	194	}
	195	}
	196	}
	197
	198	int
	199	Ssl::ClientBio::write(const char buf, int size, BIO table)
	200	{
	201	if (abortReason) {
	202	debugs(83, 3, "BIO on FD " << fd_ << " is aborted");
	203	BIO_clear_retry_flags(table);
	204	return -1;
	205	}
	206
	207	if (holdWrite_) {
	208	BIO_set_retry_write(table);
	209	return 0;
	210	}
	211
	212	return Ssl::Bio::write(buf, size, table);
	213	}
	214
	215	int
	216	Ssl::ClientBio::read(char buf, int size, BIO table)
	217	{
	218	if (abortReason) {
	219	debugs(83, 3, "BIO on FD " << fd_ << " is aborted");
	220	BIO_clear_retry_flags(table);
	221	return -1;
	222	}
	223
	224	if (holdRead_) {
	225	debugs(83, 7, "Hold flag is set, retry latter. (Hold " << size << "bytes)");
	226	BIO_set_retry_read(table);
	227	return -1;
	228	}
	229
	230	if (!rbuf.isEmpty()) {
	231	int bytes = (size <= (int)rbuf.length() ? size : rbuf.length());
	232	memcpy(buf, rbuf.rawContent(), bytes);
	233	rbuf.consume(bytes);
	234	return bytes;
	235	} else
	236	return Ssl::Bio::read(buf, size, table);
	237
	238	return -1;
	239	}
	240
	241	Ssl::ServerBio::ServerBio(const int anFd):
	242	Bio(anFd),
	243	helloMsgSize(0),
	244	helloBuild(false),
	245	allowSplice(false),
	246	allowBump(false),
	247	holdWrite_(false),
	248	record_(false),
	249	parsedHandshake(false),
	250	parseError(false),
	251	bumpMode_(bumpNone),
	252	rbufConsumePos(0),
	253	parser_(Security::HandshakeParser::fromServer)
	254	{
	255	}
	256
	257	void
	258	Ssl::ServerBio::stateChanged(const SSL *ssl, int where, int ret)
	259	{
	260	Ssl::Bio::stateChanged(ssl, where, ret);
	261	}
	262
	263	void
	264	Ssl::ServerBio::setClientFeatures(Security::TlsDetails::Pointer const &details, SBuf const &aHello)
	265	{
	266	clientTlsDetails = details;
	267	clientSentHello = aHello;
	268	};
	269
	270	int
	271	Ssl::ServerBio::read(char buf, int size, BIO table)
	272	{
	273	if (parsedHandshake) // done parsing TLS Hello
	274	return readAndGive(buf, size, table);
	275	else
	276	return readAndParse(buf, size, table);
	277	}
	278
	279	/// Read and give everything to OpenSSL.
	280	int
	281	Ssl::ServerBio::readAndGive(char buf, const int size, BIO table)
	282	{
	283	// If we have unused buffered bytes, give those bytes to OpenSSL now,
	284	// before reading more. TODO: Read if we have buffered less than size?
	285	if (rbufConsumePos < rbuf.length())
	286	return giveBuffered(buf, size);
	287
	288	if (record_) {
	289	const int result = readAndBuffer(table);
	290	if (result <= 0)
	291	return result;
	292	return giveBuffered(buf, size);
	293	}
	294
	295	return Ssl::Bio::read(buf, size, table);
	296	}
	297
	298	/// Read and give everything to our parser.
	299	/// When/if parsing is finished (successfully or not), start giving to OpenSSL.
	300	int
	301	Ssl::ServerBio::readAndParse(char buf, const int size, BIO table)
	302	{
	303	const int result = readAndBuffer(table);
	304	if (result <= 0)
	305	return result;
	306
	307	try {
	308	if (!parser_.parseHello(rbuf)) {
	309	// need more data to finish parsing
	310	BIO_set_retry_read(table);
	311	return -1;
	312	}
	313	parsedHandshake = true; // done parsing (successfully)
	314	}
	315	catch (const std::exception &ex) {
	316	debugs(83, 2, "parsing error on FD " << fd_ << ": " << ex.what());
	317	parsedHandshake = true; // done parsing (due to an error)
	318	parseError = true;
	319	}
	320
	321	return giveBuffered(buf, size);
	322	}
	323
	324	/// Reads more data into the read buffer. Returns either the number of bytes
	325	/// read or, on errors (including "try again" errors), a negative number.
	326	int
	327	Ssl::ServerBio::readAndBuffer(BIO *table)
	328	{
	329	char *space = rbuf.rawAppendStart(SQUID_TCP_SO_RCVBUF);
	330	const int result = Ssl::Bio::read(space, SQUID_TCP_SO_RCVBUF, table);
	331	if (result <= 0)
	332	return result;
	333
	334	rbuf.rawAppendFinish(space, result);
	335	return result;
	336	}
	337
	338	/// give previously buffered bytes to OpenSSL
	339	/// returns the number of bytes given
	340	int
	341	Ssl::ServerBio::giveBuffered(char *buf, const int size)
	342	{
	343	if (rbuf.length() <= rbufConsumePos)
	344	return -1; // buffered nothing yet
	345
	346	const int unsent = rbuf.length() - rbufConsumePos;
	347	const int bytes = (size <= unsent ? size : unsent);
	348	memcpy(buf, rbuf.rawContent() + rbufConsumePos, bytes);
	349	rbufConsumePos += bytes;
	350	debugs(83, 7, bytes << "<=" << size << " bytes to OpenSSL");
	351	return bytes;
	352	}
	353
	354	int
	355	Ssl::ServerBio::write(const char buf, int size, BIO table)
	356	{
	357
	358	if (holdWrite_) {
	359	debugs(83, 7, "postpone writing " << size << " bytes to SSL FD " << fd_);
	360	BIO_set_retry_write(table);
	361	return -1;
	362	}
	363
	364	if (!helloBuild && (bumpMode_ == Ssl::bumpPeek \|\| bumpMode_ == Ssl::bumpStare)) {
	365	// We have not seen any bytes, so the buffer must start with an
	366	// OpenSSL-generated TLSPlaintext record containing, for example, a
	367	// ClientHello or an alert message. We check these assumptions before we
	368	// substitute that record/message with clientSentHello.
	369	// TODO: Move these checks to where we actually rely on them.
	370	debugs(83, 7, "to-server" << Raw("TLSPlaintext", buf, size).hex());
	371	Must(size >= 2); // enough for version and content_type checks below
	372	Must(buf[1] >= 3); // record's version.major; determines buf[0] meaning
	373	Must(20 <= buf[0] && buf[0] <= 23); // valid TLSPlaintext.content_type
	374
	375	//Hello message is the first message we write to server
	376	assert(helloMsg.isEmpty());
	377
	378	if (bumpMode_ == Ssl::bumpPeek) {
	379	// we should not be here if we failed to parse the client-sent ClientHello
	380	Must(!clientSentHello.isEmpty());
	381	allowSplice = true;
	382	// Replace OpenSSL-generated ClientHello with client-sent one.
	383	helloMsg.append(clientSentHello);
	384	debugs(83, 7, "FD " << fd_ << ": Using client-sent ClientHello for peek mode");
	385	} else { /Ssl::bumpStare/
	386	allowBump = true;
	387	}
	388
	389	// if we did not use the client-sent ClientHello, then use the OpenSSL-generated one
	390	if (helloMsg.isEmpty())
	391	helloMsg.append(buf, size);
	392
	393	helloBuild = true;
	394	helloMsgSize = helloMsg.length();
	395
	396	if (allowSplice) {
	397	// Do not write yet.....
	398	BIO_set_retry_write(table);
	399	return -1;
	400	}
	401	}
	402
	403	if (!helloMsg.isEmpty()) {
	404	debugs(83, 7, "buffered write for FD " << fd_);
	405	int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table);
	406	helloMsg.consume(ret);
	407	if (!helloMsg.isEmpty()) {
	408	// We need to retry sendind data.
	409	// Say to openSSL to retry sending hello message
	410	BIO_set_retry_write(table);
	411	return -1;
	412	}
	413
	414	// Sending hello message complete. Do not send more data for now...
	415	holdWrite_ = true;
	416
	417	// spoof openSSL that we write what it ask us to write
	418	return size;
	419	} else
	420	return Ssl::Bio::write(buf, size, table);
	421	}
	422
	423	void
	424	Ssl::ServerBio::flush(BIO *table)
	425	{
	426	if (!helloMsg.isEmpty()) {
	427	int ret = Ssl::Bio::write(helloMsg.rawContent(), helloMsg.length(), table);
	428	helloMsg.consume(ret);
	429	}
	430	}
	431
	432	bool
	433	Ssl::ServerBio::resumingSession()
	434	{
	435	return parser_.resumingSession;
	436	}
	437
	438	bool
	439	Ssl::ServerBio::encryptedCertificates() const
	440	{
	441	return parser_.details->tlsSupportedVersion &&
	442	Security::Tls1p3orLater(parser_.details->tlsSupportedVersion);
	443	}
	444
	445	/// initializes BIO table after allocation
	446	static int
	447	squid_bio_create(BIO *bi)
	448	{
	449	#if !HAVE_LIBCRYPTO_BIO_GET_INIT
	450	bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD)
	451	bi->num = 0;
	452	bi->flags = 0;
	453	#else
	454	// No need to set more, openSSL initialize BIO memory to zero.
	455	#endif
	456
	457	BIO_set_data(bi, nullptr);
	458	return 1;
	459	}
	460
	461	/// cleans BIO table before deallocation
	462	static int
	463	squid_bio_destroy(BIO *table)
	464	{
	465	delete static_cast<Ssl::Bio*>(BIO_get_data(table));
	466	BIO_set_data(table, nullptr);
	467	return 1;
	468	}
	469
	470	/// wrapper for Bio::write()
	471	static int
	472	squid_bio_write(BIO table, const char buf, int size)
	473	{
	474	Ssl::Bio bio = static_cast<Ssl::Bio>(BIO_get_data(table));
	475	assert(bio);
	476	return bio->write(buf, size, table);
	477	}
	478
	479	/// wrapper for Bio::read()
	480	static int
	481	squid_bio_read(BIO table, char buf, int size)
	482	{
	483	Ssl::Bio bio = static_cast<Ssl::Bio>(BIO_get_data(table));
	484	assert(bio);
	485	return bio->read(buf, size, table);
	486	}
	487
	488	/// implements puts() via write()
	489	static int
	490	squid_bio_puts(BIO table, const char str)
	491	{
	492	assert(str);
	493	return squid_bio_write(table, str, strlen(str));
	494	}
	495
	496	/// other BIO manipulations (those without dedicated callbacks in BIO table)
	497	static long
	498	squid_bio_ctrl(BIO table, int cmd, long arg1, void arg2)
	499	{
	500	debugs(83, 5, table << ' ' << cmd << '(' << arg1 << ", " << arg2 << ')');
	501
	502	switch (cmd) {
	503	case BIO_C_SET_FD: {
	504	assert(arg2);
	505	const int fd = static_cast<int>(arg2);
	506	Ssl::Bio *bio;
	507	if (arg1 == Security::Io::BIO_TO_SERVER)
	508	bio = new Ssl::ServerBio(fd);
	509	else
	510	bio = new Ssl::ClientBio(fd);
	511	assert(!BIO_get_data(table));
	512	BIO_set_data(table, bio);
	513	BIO_set_init(table, 1);
	514	return 0;
	515	}
	516
	517	case BIO_C_GET_FD:
	518	if (BIO_get_init(table)) {
	519	Ssl::Bio bio = static_cast<Ssl::Bio>(BIO_get_data(table));
	520	assert(bio);
	521	if (arg2)
	522	static_cast<int>(arg2) = bio->fd();
	523	return bio->fd();
	524	}
	525	return -1;
	526
	527	case BIO_CTRL_DUP:
	528	// Should implemented if the SSL_dup openSSL API function
	529	// used anywhere in squid.
	530	return 0;
	531
	532	case BIO_CTRL_FLUSH:
	533	if (BIO_get_init(table)) {
	534	Ssl::Bio bio = static_cast<Ssl::Bio>(BIO_get_data(table));
	535	assert(bio);
	536	bio->flush(table);
	537	return 1;
	538	}
	539	return 0;
	540
	541	/* we may also need to implement these:
	542	case BIO_CTRL_RESET:
	543	case BIO_C_FILE_SEEK:
	544	case BIO_C_FILE_TELL:
	545	case BIO_CTRL_INFO:
	546	case BIO_CTRL_GET_CLOSE:
	547	case BIO_CTRL_SET_CLOSE:
	548	case BIO_CTRL_PENDING:
	549	case BIO_CTRL_WPENDING:
	550	*/
	551	default:
	552	return 0;
	553
	554	}
	555
	556	return 0; /* NOTREACHED */
	557	}
	558
	559	/// wrapper for Bio::stateChanged()
	560	static void
	561	squid_ssl_info(const SSL *ssl, int where, int ret)
	562	{
	563	if (BIO *table = SSL_get_rbio(ssl)) {
	564	if (Ssl::Bio bio = static_cast<Ssl::Bio>(BIO_get_data(table)))
	565	bio->stateChanged(ssl, where, ret);
	566	}
	567	}
	568
	569	void
	570	applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode)
	571	{
	572	// To increase the possibility for bumping after peek mode selection or
	573	// splicing after stare mode selection it is good to set the
	574	// SSL protocol version.
	575	// The SSL_set_ssl_method is wrong here because it will restrict the
	576	// permitted transport version to be identical to the version used in the
	577	// ClientHello message.
	578	// For example will prevent comunnicating with a tls1.0 server if the
	579	// client sent and tlsv1.2 Hello message.
	580	#if defined(TLSEXT_NAMETYPE_host_name)
	581	if (!details->serverName.isEmpty()) {
	582	SSL_set_tlsext_host_name(ssl, details->serverName.c_str());
	583	}
	584	#endif
	585
	586	if (!details->ciphers.empty()) {
	587	SBuf strCiphers;
	588	for (auto cipherId: details->ciphers) {
	589	unsigned char cbytes[3];
	590	cbytes[0] = (cipherId >> 8) & 0xFF;
	591	cbytes[1] = cipherId & 0xFF;
	592	cbytes[2] = 0;
	593	if (const auto c = SSL_CIPHER_find(ssl, cbytes)) {
	594	if (!strCiphers.isEmpty())
	595	strCiphers.append(":");
	596	strCiphers.append(SSL_CIPHER_get_name(c));
	597	}
	598	}
	599	if (!strCiphers.isEmpty())
	600	SSL_set_cipher_list(ssl, strCiphers.c_str());
	601	}
	602
	603	#if defined(SSL_OP_NO_COMPRESSION) /* XXX: OpenSSL 0.9.8k lacks SSL_OP_NO_COMPRESSION */
	604	if (!details->compressionSupported)
	605	SSL_set_options(ssl, SSL_OP_NO_COMPRESSION);
	606	#endif
	607
	608	#if defined(SSL_OP_NO_TLSv1_3)
	609	// avoid "inappropriate fallback" OpenSSL error messages
	610	if (details->tlsSupportedVersion && Security::Tls1p2orEarlier(details->tlsSupportedVersion))
	611	SSL_set_options(ssl, SSL_OP_NO_TLSv1_3);
	612	#endif
	613
	614	#if defined(TLSEXT_STATUSTYPE_ocsp)
	615	if (details->tlsStatusRequest)
	616	SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
	617	#endif
	618
	619	#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
	620	if (!details->tlsAppLayerProtoNeg.isEmpty()) {
	621	if (bumpMode == Ssl::bumpPeek)
	622	SSL_set_alpn_protos(ssl, (const unsigned char*)details->tlsAppLayerProtoNeg.rawContent(), details->tlsAppLayerProtoNeg.length());
	623	else {
	624	static const unsigned char supported_protos[] = {8, 'h','t','t', 'p', '/', '1', '.', '1'};
	625	SSL_set_alpn_protos(ssl, supported_protos, sizeof(supported_protos));
	626	}
	627	}
	628	#endif
	629	}
	630
	631	#endif // USE_OPENSSL
	632