xref: /freebsd/contrib/libevent/include/event2/bufferevent_ssl.h (revision c6879c6c14eedbd060ba588a3129a6c60ebbe783)
1*c43e99fdSEd Maste /*
2*c43e99fdSEd Maste  * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3*c43e99fdSEd Maste  *
4*c43e99fdSEd Maste  * Redistribution and use in source and binary forms, with or without
5*c43e99fdSEd Maste  * modification, are permitted provided that the following conditions
6*c43e99fdSEd Maste  * are met:
7*c43e99fdSEd Maste  * 1. Redistributions of source code must retain the above copyright
8*c43e99fdSEd Maste  *    notice, this list of conditions and the following disclaimer.
9*c43e99fdSEd Maste  * 2. Redistributions in binary form must reproduce the above copyright
10*c43e99fdSEd Maste  *    notice, this list of conditions and the following disclaimer in the
11*c43e99fdSEd Maste  *    documentation and/or other materials provided with the distribution.
12*c43e99fdSEd Maste  * 3. The name of the author may not be used to endorse or promote products
13*c43e99fdSEd Maste  *    derived from this software without specific prior written permission.
14*c43e99fdSEd Maste  *
15*c43e99fdSEd Maste  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16*c43e99fdSEd Maste  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17*c43e99fdSEd Maste  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18*c43e99fdSEd Maste  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19*c43e99fdSEd Maste  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20*c43e99fdSEd Maste  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21*c43e99fdSEd Maste  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22*c43e99fdSEd Maste  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23*c43e99fdSEd Maste  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24*c43e99fdSEd Maste  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25*c43e99fdSEd Maste  */
26*c43e99fdSEd Maste #ifndef EVENT2_BUFFEREVENT_SSL_H_INCLUDED_
27*c43e99fdSEd Maste #define EVENT2_BUFFEREVENT_SSL_H_INCLUDED_
28*c43e99fdSEd Maste 
29*c43e99fdSEd Maste /** @file event2/bufferevent_ssl.h
30*c43e99fdSEd Maste 
31*c43e99fdSEd Maste     OpenSSL support for bufferevents.
32*c43e99fdSEd Maste  */
33*c43e99fdSEd Maste #include <event2/visibility.h>
34*c43e99fdSEd Maste #include <event2/event-config.h>
35*c43e99fdSEd Maste #include <event2/bufferevent.h>
36*c43e99fdSEd Maste #include <event2/util.h>
37*c43e99fdSEd Maste 
38*c43e99fdSEd Maste #ifdef __cplusplus
39*c43e99fdSEd Maste extern "C" {
40*c43e99fdSEd Maste #endif
41*c43e99fdSEd Maste 
42*c43e99fdSEd Maste /* This is what openssl's SSL objects are underneath. */
43*c43e99fdSEd Maste struct ssl_st;
44*c43e99fdSEd Maste 
45*c43e99fdSEd Maste /**
46*c43e99fdSEd Maste    The state of an SSL object to be used when creating a new
47*c43e99fdSEd Maste    SSL bufferevent.
48*c43e99fdSEd Maste  */
49*c43e99fdSEd Maste enum bufferevent_ssl_state {
50*c43e99fdSEd Maste 	BUFFEREVENT_SSL_OPEN = 0,
51*c43e99fdSEd Maste 	BUFFEREVENT_SSL_CONNECTING = 1,
52*c43e99fdSEd Maste 	BUFFEREVENT_SSL_ACCEPTING = 2
53*c43e99fdSEd Maste };
54*c43e99fdSEd Maste 
55*c43e99fdSEd Maste #if defined(EVENT__HAVE_OPENSSL) || defined(EVENT_IN_DOXYGEN_)
56*c43e99fdSEd Maste /**
57*c43e99fdSEd Maste    Create a new SSL bufferevent to send its data over another bufferevent.
58*c43e99fdSEd Maste 
59*c43e99fdSEd Maste    @param base An event_base to use to detect reading and writing.  It
60*c43e99fdSEd Maste       must also be the base for the underlying bufferevent.
61*c43e99fdSEd Maste    @param underlying A socket to use for this SSL
62*c43e99fdSEd Maste    @param ssl A SSL* object from openssl.
63*c43e99fdSEd Maste    @param state The current state of the SSL connection
64*c43e99fdSEd Maste    @param options One or more bufferevent_options
65*c43e99fdSEd Maste    @return A new bufferevent on success, or NULL on failure
66*c43e99fdSEd Maste */
67*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
68*c43e99fdSEd Maste struct bufferevent *
69*c43e99fdSEd Maste bufferevent_openssl_filter_new(struct event_base *base,
70*c43e99fdSEd Maste     struct bufferevent *underlying,
71*c43e99fdSEd Maste     struct ssl_st *ssl,
72*c43e99fdSEd Maste     enum bufferevent_ssl_state state,
73*c43e99fdSEd Maste     int options);
74*c43e99fdSEd Maste 
75*c43e99fdSEd Maste /**
76*c43e99fdSEd Maste    Create a new SSL bufferevent to send its data over an SSL * on a socket.
77*c43e99fdSEd Maste 
78*c43e99fdSEd Maste    @param base An event_base to use to detect reading and writing
79*c43e99fdSEd Maste    @param fd A socket to use for this SSL
80*c43e99fdSEd Maste    @param ssl A SSL* object from openssl.
81*c43e99fdSEd Maste    @param state The current state of the SSL connection
82*c43e99fdSEd Maste    @param options One or more bufferevent_options
83*c43e99fdSEd Maste    @return A new bufferevent on success, or NULL on failure.
84*c43e99fdSEd Maste */
85*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
86*c43e99fdSEd Maste struct bufferevent *
87*c43e99fdSEd Maste bufferevent_openssl_socket_new(struct event_base *base,
88*c43e99fdSEd Maste     evutil_socket_t fd,
89*c43e99fdSEd Maste     struct ssl_st *ssl,
90*c43e99fdSEd Maste     enum bufferevent_ssl_state state,
91*c43e99fdSEd Maste     int options);
92*c43e99fdSEd Maste 
93*c43e99fdSEd Maste /** Control how to report dirty SSL shutdowns.
94*c43e99fdSEd Maste 
95*c43e99fdSEd Maste     If the peer (or the network, or an attacker) closes the TCP
96*c43e99fdSEd Maste     connection before closing the SSL channel, and the protocol is SSL >= v3,
97*c43e99fdSEd Maste     this is a "dirty" shutdown.  If allow_dirty_shutdown is 0 (default),
98*c43e99fdSEd Maste     this is reported as BEV_EVENT_ERROR.
99*c43e99fdSEd Maste 
100*c43e99fdSEd Maste     If instead allow_dirty_shutdown=1, a dirty shutdown is reported as
101*c43e99fdSEd Maste     BEV_EVENT_EOF.
102*c43e99fdSEd Maste 
103*c43e99fdSEd Maste     (Note that if the protocol is < SSLv3, you will always receive
104*c43e99fdSEd Maste     BEV_EVENT_EOF, since SSL 2 and earlier cannot distinguish a secure
105*c43e99fdSEd Maste     connection close from a dirty one.  This is one reason (among many)
106*c43e99fdSEd Maste     not to use SSL 2.)
107*c43e99fdSEd Maste */
108*c43e99fdSEd Maste 
109*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
110*c43e99fdSEd Maste int bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev);
111*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
112*c43e99fdSEd Maste void bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
113*c43e99fdSEd Maste     int allow_dirty_shutdown);
114*c43e99fdSEd Maste 
115*c43e99fdSEd Maste /** Return the underlying openssl SSL * object for an SSL bufferevent. */
116*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
117*c43e99fdSEd Maste struct ssl_st *
118*c43e99fdSEd Maste bufferevent_openssl_get_ssl(struct bufferevent *bufev);
119*c43e99fdSEd Maste 
120*c43e99fdSEd Maste /** Tells a bufferevent to begin SSL renegotiation. */
121*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
122*c43e99fdSEd Maste int bufferevent_ssl_renegotiate(struct bufferevent *bev);
123*c43e99fdSEd Maste 
124*c43e99fdSEd Maste /** Return the most recent OpenSSL error reported on an SSL bufferevent. */
125*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL
126*c43e99fdSEd Maste unsigned long bufferevent_get_openssl_error(struct bufferevent *bev);
127*c43e99fdSEd Maste 
128*c43e99fdSEd Maste #endif
129*c43e99fdSEd Maste 
130*c43e99fdSEd Maste #ifdef __cplusplus
131*c43e99fdSEd Maste }
132*c43e99fdSEd Maste #endif
133*c43e99fdSEd Maste 
134*c43e99fdSEd Maste #endif /* EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ */
135