1*2b15cb3dSCy Schubert /* 2*2b15cb3dSCy Schubert * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3*2b15cb3dSCy Schubert * 4*2b15cb3dSCy Schubert * Redistribution and use in source and binary forms, with or without 5*2b15cb3dSCy Schubert * modification, are permitted provided that the following conditions 6*2b15cb3dSCy Schubert * are met: 7*2b15cb3dSCy Schubert * 1. Redistributions of source code must retain the above copyright 8*2b15cb3dSCy Schubert * notice, this list of conditions and the following disclaimer. 9*2b15cb3dSCy Schubert * 2. Redistributions in binary form must reproduce the above copyright 10*2b15cb3dSCy Schubert * notice, this list of conditions and the following disclaimer in the 11*2b15cb3dSCy Schubert * documentation and/or other materials provided with the distribution. 12*2b15cb3dSCy Schubert * 3. The name of the author may not be used to endorse or promote products 13*2b15cb3dSCy Schubert * derived from this software without specific prior written permission. 14*2b15cb3dSCy Schubert * 15*2b15cb3dSCy Schubert * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16*2b15cb3dSCy Schubert * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17*2b15cb3dSCy Schubert * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18*2b15cb3dSCy Schubert * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19*2b15cb3dSCy Schubert * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20*2b15cb3dSCy Schubert * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21*2b15cb3dSCy Schubert * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22*2b15cb3dSCy Schubert * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23*2b15cb3dSCy Schubert * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24*2b15cb3dSCy Schubert * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25*2b15cb3dSCy Schubert */ 26*2b15cb3dSCy Schubert #ifndef EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ 27*2b15cb3dSCy Schubert #define EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ 28*2b15cb3dSCy Schubert 29*2b15cb3dSCy Schubert /** @file event2/bufferevent_ssl.h 30*2b15cb3dSCy Schubert 31*2b15cb3dSCy Schubert OpenSSL support for bufferevents. 32*2b15cb3dSCy Schubert */ 33*2b15cb3dSCy Schubert #include <event2/visibility.h> 34*2b15cb3dSCy Schubert #include <event2/event-config.h> 35*2b15cb3dSCy Schubert #include <event2/bufferevent.h> 36*2b15cb3dSCy Schubert #include <event2/util.h> 37*2b15cb3dSCy Schubert 38*2b15cb3dSCy Schubert #ifdef __cplusplus 39*2b15cb3dSCy Schubert extern "C" { 40*2b15cb3dSCy Schubert #endif 41*2b15cb3dSCy Schubert 42*2b15cb3dSCy Schubert /* This is what openssl's SSL objects are underneath. */ 43*2b15cb3dSCy Schubert struct ssl_st; 44*2b15cb3dSCy Schubert 45*2b15cb3dSCy Schubert /** 46*2b15cb3dSCy Schubert The state of an SSL object to be used when creating a new 47*2b15cb3dSCy Schubert SSL bufferevent. 48*2b15cb3dSCy Schubert */ 49*2b15cb3dSCy Schubert enum bufferevent_ssl_state { 50*2b15cb3dSCy Schubert BUFFEREVENT_SSL_OPEN = 0, 51*2b15cb3dSCy Schubert BUFFEREVENT_SSL_CONNECTING = 1, 52*2b15cb3dSCy Schubert BUFFEREVENT_SSL_ACCEPTING = 2 53*2b15cb3dSCy Schubert }; 54*2b15cb3dSCy Schubert 55*2b15cb3dSCy Schubert #if defined(EVENT__HAVE_OPENSSL) || defined(EVENT_IN_DOXYGEN_) 56*2b15cb3dSCy Schubert /** 57*2b15cb3dSCy Schubert Create a new SSL bufferevent to send its data over another bufferevent. 58*2b15cb3dSCy Schubert 59*2b15cb3dSCy Schubert @param base An event_base to use to detect reading and writing. It 60*2b15cb3dSCy Schubert must also be the base for the underlying bufferevent. 61*2b15cb3dSCy Schubert @param underlying A socket to use for this SSL 62*2b15cb3dSCy Schubert @param ssl A SSL* object from openssl. 63*2b15cb3dSCy Schubert @param state The current state of the SSL connection 64*2b15cb3dSCy Schubert @param options One or more bufferevent_options 65*2b15cb3dSCy Schubert @return A new bufferevent on success, or NULL on failure 66*2b15cb3dSCy Schubert */ 67*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 68*2b15cb3dSCy Schubert struct bufferevent * 69*2b15cb3dSCy Schubert bufferevent_openssl_filter_new(struct event_base *base, 70*2b15cb3dSCy Schubert struct bufferevent *underlying, 71*2b15cb3dSCy Schubert struct ssl_st *ssl, 72*2b15cb3dSCy Schubert enum bufferevent_ssl_state state, 73*2b15cb3dSCy Schubert int options); 74*2b15cb3dSCy Schubert 75*2b15cb3dSCy Schubert /** 76*2b15cb3dSCy Schubert Create a new SSL bufferevent to send its data over an SSL * on a socket. 77*2b15cb3dSCy Schubert 78*2b15cb3dSCy Schubert @param base An event_base to use to detect reading and writing 79*2b15cb3dSCy Schubert @param fd A socket to use for this SSL 80*2b15cb3dSCy Schubert @param ssl A SSL* object from openssl. 81*2b15cb3dSCy Schubert @param state The current state of the SSL connection 82*2b15cb3dSCy Schubert @param options One or more bufferevent_options 83*2b15cb3dSCy Schubert @return A new bufferevent on success, or NULL on failure. 84*2b15cb3dSCy Schubert */ 85*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 86*2b15cb3dSCy Schubert struct bufferevent * 87*2b15cb3dSCy Schubert bufferevent_openssl_socket_new(struct event_base *base, 88*2b15cb3dSCy Schubert evutil_socket_t fd, 89*2b15cb3dSCy Schubert struct ssl_st *ssl, 90*2b15cb3dSCy Schubert enum bufferevent_ssl_state state, 91*2b15cb3dSCy Schubert int options); 92*2b15cb3dSCy Schubert 93*2b15cb3dSCy Schubert /** Control how to report dirty SSL shutdowns. 94*2b15cb3dSCy Schubert 95*2b15cb3dSCy Schubert If the peer (or the network, or an attacker) closes the TCP 96*2b15cb3dSCy Schubert connection before closing the SSL channel, and the protocol is SSL >= v3, 97*2b15cb3dSCy Schubert this is a "dirty" shutdown. If allow_dirty_shutdown is 0 (default), 98*2b15cb3dSCy Schubert this is reported as BEV_EVENT_ERROR. 99*2b15cb3dSCy Schubert 100*2b15cb3dSCy Schubert If instead allow_dirty_shutdown=1, a dirty shutdown is reported as 101*2b15cb3dSCy Schubert BEV_EVENT_EOF. 102*2b15cb3dSCy Schubert 103*2b15cb3dSCy Schubert (Note that if the protocol is < SSLv3, you will always receive 104*2b15cb3dSCy Schubert BEV_EVENT_EOF, since SSL 2 and earlier cannot distinguish a secure 105*2b15cb3dSCy Schubert connection close from a dirty one. This is one reason (among many) 106*2b15cb3dSCy Schubert not to use SSL 2.) 107*2b15cb3dSCy Schubert */ 108*2b15cb3dSCy Schubert 109*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 110*2b15cb3dSCy Schubert int bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev); 111*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 112*2b15cb3dSCy Schubert void bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev, 113*2b15cb3dSCy Schubert int allow_dirty_shutdown); 114*2b15cb3dSCy Schubert 115*2b15cb3dSCy Schubert /** Return the underlying openssl SSL * object for an SSL bufferevent. */ 116*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 117*2b15cb3dSCy Schubert struct ssl_st * 118*2b15cb3dSCy Schubert bufferevent_openssl_get_ssl(struct bufferevent *bufev); 119*2b15cb3dSCy Schubert 120*2b15cb3dSCy Schubert /** Tells a bufferevent to begin SSL renegotiation. */ 121*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 122*2b15cb3dSCy Schubert int bufferevent_ssl_renegotiate(struct bufferevent *bev); 123*2b15cb3dSCy Schubert 124*2b15cb3dSCy Schubert /** Return the most recent OpenSSL error reported on an SSL bufferevent. */ 125*2b15cb3dSCy Schubert EVENT2_EXPORT_SYMBOL 126*2b15cb3dSCy Schubert unsigned long bufferevent_get_openssl_error(struct bufferevent *bev); 127*2b15cb3dSCy Schubert 128*2b15cb3dSCy Schubert #endif 129*2b15cb3dSCy Schubert 130*2b15cb3dSCy Schubert #ifdef __cplusplus 131*2b15cb3dSCy Schubert } 132*2b15cb3dSCy Schubert #endif 133*2b15cb3dSCy Schubert 134*2b15cb3dSCy Schubert #endif /* EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ */ 135