1*c43e99fdSEd Maste /* 2*c43e99fdSEd Maste * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3*c43e99fdSEd Maste * 4*c43e99fdSEd Maste * Redistribution and use in source and binary forms, with or without 5*c43e99fdSEd Maste * modification, are permitted provided that the following conditions 6*c43e99fdSEd Maste * are met: 7*c43e99fdSEd Maste * 1. Redistributions of source code must retain the above copyright 8*c43e99fdSEd Maste * notice, this list of conditions and the following disclaimer. 9*c43e99fdSEd Maste * 2. Redistributions in binary form must reproduce the above copyright 10*c43e99fdSEd Maste * notice, this list of conditions and the following disclaimer in the 11*c43e99fdSEd Maste * documentation and/or other materials provided with the distribution. 12*c43e99fdSEd Maste * 3. The name of the author may not be used to endorse or promote products 13*c43e99fdSEd Maste * derived from this software without specific prior written permission. 14*c43e99fdSEd Maste * 15*c43e99fdSEd Maste * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16*c43e99fdSEd Maste * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17*c43e99fdSEd Maste * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18*c43e99fdSEd Maste * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19*c43e99fdSEd Maste * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20*c43e99fdSEd Maste * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21*c43e99fdSEd Maste * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22*c43e99fdSEd Maste * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23*c43e99fdSEd Maste * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24*c43e99fdSEd Maste * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25*c43e99fdSEd Maste */ 26*c43e99fdSEd Maste #ifndef EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ 27*c43e99fdSEd Maste #define EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ 28*c43e99fdSEd Maste 29*c43e99fdSEd Maste /** @file event2/bufferevent_ssl.h 30*c43e99fdSEd Maste 31*c43e99fdSEd Maste OpenSSL support for bufferevents. 32*c43e99fdSEd Maste */ 33*c43e99fdSEd Maste #include <event2/visibility.h> 34*c43e99fdSEd Maste #include <event2/event-config.h> 35*c43e99fdSEd Maste #include <event2/bufferevent.h> 36*c43e99fdSEd Maste #include <event2/util.h> 37*c43e99fdSEd Maste 38*c43e99fdSEd Maste #ifdef __cplusplus 39*c43e99fdSEd Maste extern "C" { 40*c43e99fdSEd Maste #endif 41*c43e99fdSEd Maste 42*c43e99fdSEd Maste /* This is what openssl's SSL objects are underneath. */ 43*c43e99fdSEd Maste struct ssl_st; 44*c43e99fdSEd Maste 45*c43e99fdSEd Maste /** 46*c43e99fdSEd Maste The state of an SSL object to be used when creating a new 47*c43e99fdSEd Maste SSL bufferevent. 48*c43e99fdSEd Maste */ 49*c43e99fdSEd Maste enum bufferevent_ssl_state { 50*c43e99fdSEd Maste BUFFEREVENT_SSL_OPEN = 0, 51*c43e99fdSEd Maste BUFFEREVENT_SSL_CONNECTING = 1, 52*c43e99fdSEd Maste BUFFEREVENT_SSL_ACCEPTING = 2 53*c43e99fdSEd Maste }; 54*c43e99fdSEd Maste 55*c43e99fdSEd Maste #if defined(EVENT__HAVE_OPENSSL) || defined(EVENT_IN_DOXYGEN_) 56*c43e99fdSEd Maste /** 57*c43e99fdSEd Maste Create a new SSL bufferevent to send its data over another bufferevent. 58*c43e99fdSEd Maste 59*c43e99fdSEd Maste @param base An event_base to use to detect reading and writing. It 60*c43e99fdSEd Maste must also be the base for the underlying bufferevent. 61*c43e99fdSEd Maste @param underlying A socket to use for this SSL 62*c43e99fdSEd Maste @param ssl A SSL* object from openssl. 63*c43e99fdSEd Maste @param state The current state of the SSL connection 64*c43e99fdSEd Maste @param options One or more bufferevent_options 65*c43e99fdSEd Maste @return A new bufferevent on success, or NULL on failure 66*c43e99fdSEd Maste */ 67*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 68*c43e99fdSEd Maste struct bufferevent * 69*c43e99fdSEd Maste bufferevent_openssl_filter_new(struct event_base *base, 70*c43e99fdSEd Maste struct bufferevent *underlying, 71*c43e99fdSEd Maste struct ssl_st *ssl, 72*c43e99fdSEd Maste enum bufferevent_ssl_state state, 73*c43e99fdSEd Maste int options); 74*c43e99fdSEd Maste 75*c43e99fdSEd Maste /** 76*c43e99fdSEd Maste Create a new SSL bufferevent to send its data over an SSL * on a socket. 77*c43e99fdSEd Maste 78*c43e99fdSEd Maste @param base An event_base to use to detect reading and writing 79*c43e99fdSEd Maste @param fd A socket to use for this SSL 80*c43e99fdSEd Maste @param ssl A SSL* object from openssl. 81*c43e99fdSEd Maste @param state The current state of the SSL connection 82*c43e99fdSEd Maste @param options One or more bufferevent_options 83*c43e99fdSEd Maste @return A new bufferevent on success, or NULL on failure. 84*c43e99fdSEd Maste */ 85*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 86*c43e99fdSEd Maste struct bufferevent * 87*c43e99fdSEd Maste bufferevent_openssl_socket_new(struct event_base *base, 88*c43e99fdSEd Maste evutil_socket_t fd, 89*c43e99fdSEd Maste struct ssl_st *ssl, 90*c43e99fdSEd Maste enum bufferevent_ssl_state state, 91*c43e99fdSEd Maste int options); 92*c43e99fdSEd Maste 93*c43e99fdSEd Maste /** Control how to report dirty SSL shutdowns. 94*c43e99fdSEd Maste 95*c43e99fdSEd Maste If the peer (or the network, or an attacker) closes the TCP 96*c43e99fdSEd Maste connection before closing the SSL channel, and the protocol is SSL >= v3, 97*c43e99fdSEd Maste this is a "dirty" shutdown. If allow_dirty_shutdown is 0 (default), 98*c43e99fdSEd Maste this is reported as BEV_EVENT_ERROR. 99*c43e99fdSEd Maste 100*c43e99fdSEd Maste If instead allow_dirty_shutdown=1, a dirty shutdown is reported as 101*c43e99fdSEd Maste BEV_EVENT_EOF. 102*c43e99fdSEd Maste 103*c43e99fdSEd Maste (Note that if the protocol is < SSLv3, you will always receive 104*c43e99fdSEd Maste BEV_EVENT_EOF, since SSL 2 and earlier cannot distinguish a secure 105*c43e99fdSEd Maste connection close from a dirty one. This is one reason (among many) 106*c43e99fdSEd Maste not to use SSL 2.) 107*c43e99fdSEd Maste */ 108*c43e99fdSEd Maste 109*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 110*c43e99fdSEd Maste int bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev); 111*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 112*c43e99fdSEd Maste void bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev, 113*c43e99fdSEd Maste int allow_dirty_shutdown); 114*c43e99fdSEd Maste 115*c43e99fdSEd Maste /** Return the underlying openssl SSL * object for an SSL bufferevent. */ 116*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 117*c43e99fdSEd Maste struct ssl_st * 118*c43e99fdSEd Maste bufferevent_openssl_get_ssl(struct bufferevent *bufev); 119*c43e99fdSEd Maste 120*c43e99fdSEd Maste /** Tells a bufferevent to begin SSL renegotiation. */ 121*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 122*c43e99fdSEd Maste int bufferevent_ssl_renegotiate(struct bufferevent *bev); 123*c43e99fdSEd Maste 124*c43e99fdSEd Maste /** Return the most recent OpenSSL error reported on an SSL bufferevent. */ 125*c43e99fdSEd Maste EVENT2_EXPORT_SYMBOL 126*c43e99fdSEd Maste unsigned long bufferevent_get_openssl_error(struct bufferevent *bev); 127*c43e99fdSEd Maste 128*c43e99fdSEd Maste #endif 129*c43e99fdSEd Maste 130*c43e99fdSEd Maste #ifdef __cplusplus 131*c43e99fdSEd Maste } 132*c43e99fdSEd Maste #endif 133*c43e99fdSEd Maste 134*c43e99fdSEd Maste #endif /* EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ */ 135